Prerequisites #
DNS Records #
For the VCSA installation it is necessary to a have a DNS server that resolvs the domain name of the ESXi deployment node and VCSA.
192.168.70.70 vcsa.vsphere.local
192.168.70.71 esxi1.jklug.local
Important Notes #
Don’t use a .local domain in a production environment. Some Linux distributions, including Ubuntu, resolve .local domains using mDNS (Multicast DNS).
Also make sure to add the storage network / vlan (if existing) as a VMkernel adapter / Management Network, otherwise the traffic is routed through the router.
ESXi #
Installation #
- Press “Enter” to continue setup
- Press “F11” to Accept the License Agreement
- Select a disk for the ESXi installation
- Select the keyboard layout
- Define the root password
- Press “F11” to start the installation
-
Remove the installation media
-
Press “Enter” to reboot after the installation has finished
- Note the IP address
Configuration #
Define Hostname #
- Go to
Networking>TCP/IP stacks>Default TCP/IP stack
- Click
Edit settings
- Select
Manually configure the settings for this TCP/IP stackand define a new hostname
Define IPv4 Address #
Define a static IPv4 address for the VMkernel interface:
- Go to
Networking>VMkernel NICs>vmk0
- Click
Edit settings
- Select
Staticand define an IPv4 address
# Open the interface via the new IP
https://192.168.70.71
Management Network VLAN #
In case the VLAN for the management network is tagged, define the VLAN ID as follows:
- Go to
Networking>Port groups>Management Network
- Click
Edit settings
- Define VLAN ID
Virtual Machine VLANs #
Define VLAN port groups for the virtual machines:
- Go to
Networking>Port groups>Add port group
- Define a “Name” and the “VLAN ID” for the VM network
New user #
- Go to
Host>Manage>Security & users>Users>Add user
-
RightClick on
Host>Permissions -
Click
Add user
Enable SSH #
-
Go to
Host>Manage>Services -
Start the
TSM-SSHservice
Add NFS Storage #
- Go to
Storage>Datastores>New datastore
- Select
Mount NFS datastore
- Define server IP and path to NFS export
ESXi Shell #
Define Hostname #
# List hostname
esxcli system hostname get
# Shell output
Domain Name: jklug.local
Fully Qualified Domain Name: esxi1.jklug.local
Host Name: esxi1
# Define hostname
esxcli system hostname set --host=new-hostname
VMkernel Interfaces #
VMkernel Interfaces & Details #
# List VMkernel interfaces
esxcli network ip interface list
# Shell output
vmk0
Name: vmk0
MAC Address: 00:0c:29:36:42:d6
Enabled: true
Portset: vSwitch0
Portgroup: Management Network
Netstack Instance: defaultTcpipStack
VDS Name: N/A
VDS UUID: N/A
VDS Port: N/A
VDS Connection: -1
Opaque Network ID: N/A
Opaque Network Type: N/A
External ID: N/A
MTU: 1500
TSO MSS: 65535
RXDispQueue Size: 2
Port ID: 67108870
# List current settings for VMkernel interface vmk0
esxcli network ip interface ipv4 get -i vmk0
# Shell output:
Name IPv4 Address IPv4 Netmask IPv4 Broadcast Address Type Gateway DHCP DNS
---- ------------- ------------- -------------- ------------ ------------ --------
vmk0 192.168.70.71 255.255.255.0 192.168.70.255 STATIC 192.168.70.1 false
Define static IPv4 address #
# Define static IPv4 address: Syntax
esxcli network ip interface ipv4 set -i vmk0 -t static -I [IP_Address] -N [Netmask] -g [Gateway]
# Define static IPv4 address: Example
esxcli network ip interface ipv4 set -i vmk0 -t static -I 192.168.70.72 -N 255.255.255.0 -g 192.168.70.1
Define DHCP address #
# Set IP configuration to DHCP
esxcli network ip interface ipv4 set -i vmk0 -t dhcp
Port Groups #
List available Port Groups #
# List all standard switch port groups
esxcli network vswitch standard portgroup list
# Shell output:
Name Virtual Switch Active Clients VLAN ID
------------------ -------------- -------------- -------
Management Network vSwitch0 1 0
VM Network vSwitch0 0 0
Create new Port Group #
# Create new port group: Syntax
esxcli network vswitch standard portgroup add -p [PortGroupName] -v [VirtualSwitchName]
# Create new port group: Example
esxcli network vswitch standard portgroup add -p "Linux VMs" -v vSwitch0
# Define VLAN for new port group: Syntax
esxcli network vswitch standard portgroup set -p [PortGroupName] -v [VLAN_ID]
# Define VLAN for new port group: Example
esxcli network vswitch standard portgroup set -p "Linux VMs" -v 102
Storage #
List Storage Pools #
# List storage pools
esxcli storage filesystem list
# Shell output:
Mount Point Volume Name UUID Mounted Type Size Free
------------------------------------------------- ------------------------------------------ ----------------------------------- ------- ------ ------------ ------------
/vmfs/volumes/3b338b0c-eb913a9e ESXi1_NFS-Share-1 3b338b0c-eb913a9e true NFS 63086309376 63084187648
/vmfs/volumes/65a6ee17-10d8c5cc-069f-000c293642d6 ESXi1_Datastore-1 65a6ee17-10d8c5cc-069f-000c293642d6 true VMFS-6 375541202944 374027059200
# Path to Storage Pools
/vmfs/volumes/
List NFS Storage Pools #
# List NFS Storage
esxcli storage nfs list
# Shell output:
Volume Name Host Share Accessible Mounted Read-Only isPE Hardware Acceleration
----------------- ------------- ------------------------- ---------- ------- --------- ----- ---------------------
ESXi1_NFS-Share-1 192.168.70.21 /srv/nfs/nfs_esxi1-share1 true true false false Not Supported
# Path to NFS shares
/vmfs/volumes/
Add NFS Storage Pool #
# Add new NFS storage pool: Syntax
esxcli storage nfs add -H [NFS-Server-IP] -s [NFS-Share-Path] -v [Datastore-Name]
# Add new NFS storage pool: Example
esxcli storage nfs add -H 192.168.70.21 -s /srv/nfs/nfs_esxi1-share1 -v ESXi1_NFS-Share-1
Remove NFS Storage Pool #
# Remove NFS storage pool: Syntax
esxcli storage nfs remove -v [Datastore-Name]
# Remove NFS storage pool: Example
esxcli storage nfs remove -v ESXi1_NFS-Share-1
ESXtop Commands #
# Start esxtop
esxtop
# Quit ESXtop
q
# Change refresh time: 1,2, 3 seconds
s 1
s 2
s 3
# Switch to CPU
c
# Switch between: CPU VMs only / View all
shift + v
# Switch to memory
m
# Switch to network
n
# Switch to interrupts
i
# Switch to VM
v
# Switch to Power management
p
VCSA Installation #
Setup Stage 1 #
-
Mount the VCSA ISO
-
Run
...\vcsa-ui-installer\win32\installer.exe -
Select the “Install” wizard
- Accept the license agreement
- Define the domain name of the ESXi target node
- Define the VM name of VCSA and set a root password
- Select a deployment size
- Optional: Enable Thin Provisioning
- Wait for the setup to finish
- Continue the setup, this can also be done from the webinterface later on
https://192.168.70.70:5480/
Setup Stage 2 #
VCSA Configuration #
vCenter Server Management #
Login #
# Webinterface
https://vcsa.vsphere.local:5480/
- Login with the root credentials
NFS Backup #
- Go the
Backupand clickCONFIGUREto add a backup location
- Define a NFS share as Backup location
# NFS Share
nfs://192.168.70.21:2049/srv/nfs/nfs_vcsa-backups
- Create an on-demand backup
- Use the previously defined backup location
- Wait till the backup is completed
Install Updates #
- Select the most recent update and click
STAGE AND INSTALL
Shutdown & Reboot #
Enable SSH Access #
vSphere Client #
Download Root Certificate #
# Webinterface
https://vcsa.vsphere.local
# Download CA certificates
https://vcsa.vsphere.local/certs/download.zip
- Click
Download trusted root CA certificates
Install Root Certificate #
Install the downloaded certificate with Certificate Manager
- Open the Certificate Manager MMC for local computer
# Run
certlm.msc
- Install the certificate
- Refresh the browser, the connection is now secure
Login #
# Webinterface
https://vcsa.vsphere.local
# Default login user
Administrator@vsphere.local
- Login with the vSphere SSO domain user
Session Timeout #
Go to vSphere Client menu > Administration > Deployment > Client Configuration
Create Datacenter #
Add ESXi Node #
- Define ESXi domaine name of IP
- Enter ESXi credentials
- Disable lockdown mode
- Define VM location
Add ESXi Node Troubleshooting #
If a second ESXi node is added, for example esxi2.jklug.local make sure the time & date on the ESXi node are correct,
otherwise the addition fails with the following error:
A general system error occurred: Unable to pus to push signed certificate to host esxi2.jklug.local
Set time & date:
-
Go to: (Host) > “Manage”
-
Select “System” > “Time & date”
-
Click “Edit NTP Settings”
Remove ESXi Node #
Right-click on the ESXi host in the vSphere Client
-
Select “Maintenance Mode” > “Enter Maintenance Mode”
-
Select “Connection” > “Disconnect”
-
Select “Remove from Inventory”
TPM & Key Provider #
To run Windows 11 VMs on vSphere it’s necessary to create a key provider.
- Select
Use key provider only with TPM protected ESXi hosts
- Select the new key provider and click
BACK-UP
- Select
I have saved the password in a secure place.
Note: It worked fine to backup the key provider with vSphere version 8, but with version 7 I got the following error “Back up of Native Key Provider has failed.”
So I used PowerCLI to backup the key provider on vSphere version 7. To be sure, I have also deleted the key provider and restored it successfully.
Also, for some weird reason it is only possible to add a TPM module to a VM, when the ESXi node where the VM is deployed on is in a cluster. Even if there is only one ESXi node in the cluster.
- Create a new cluster for the ESXi node
- Define a name for the cluster
- Move the ESXi node into the cluster
PowerCLI Setup #
Install PS Module #
# Install PS module
Install-Module -Name VMware.PowerCLI
Install-Module -Name VMware.PowerCLI -Scope AllUsers
# Import PS module: PS should automatically import the module when module commands are used
Import-Module VMware.PowerCLI
# Test / check version
Get-PowerCLIVersion
Optional: Ignore Certificates #
# Ignore certificate: Permanent
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
# Ignore certificate: Reset to default
Set-PowerCLIConfiguration -InvalidCertificateAction Prompt -Confirm:$false
PowerCLI ESXi #
ESXi Connection #
Connect: Define PW #
# Connect to the ESXi node: Define PW
Connect-VIServer -Server 192.168.70.71 -User root -Password your_password
# Shell output:
Name Port User
---- ---- ----
192.168.70.71 443 root
Connect: Ask for Credentials #
# Connect to the ESXi node: Ask for Credentials
$cred = Get-Credential
Connect-VIServer -Server 192.168.70.71 -Credential $cred
# Connect to the ESXi Host: Save credentials to credential store
Connect-VIServer "Server" -User user -Password pass -SaveCredentials
Disconnect #
# Disconnect from the ESXi node
Disconnect-VIServer -Server 192.168.70.71
PowerCLI vCenter #
vCenter Connection #
Connect: Define PW #
# Connect to vCenter node: Define PW
Connect-VIServer -Server 192.168.70.70 -User Administrator@vsphere.local -Password mypassword
# Shell output:
Name Port User
---- ---- ----
192.168.70.70 443 VSPHERE.LOCAL\Administrator
Connect: Ask for Credentials #
# Connect to the ESXi node: Ask for Credentials
$cred = Get-Credential
Connect-VIServer -Server 192.168.70.70 -Credential $cred
Disconnect #
# Disconnect from the ESXi node
Disconnect-VIServer -Server 192.168.70.70
Create Datacenter #
# Create new Datacenter
New-Datacenter -Location (Get-Folder -NoRecursion) -Name 'Datacenter-1'
# Shell output:
Name
----
Datacenter-1
Create Cluster #
# Create a new Cluster in the Datacenter
New-Cluster -Name 'Cluster-1' -Location 'Datacenter-1' -HAEnabled:$false -DRSEnabled:$false
# Shell output:
Name HAEnabled HAFailover DrsEnabled DrsAutomationLevel
Level
---- --------- ---------- ---------- ------------------
Cluster-1 False 1 False FullyAutomated
Add ESXi node to Cluster #
# Add ESXI node to cluster
$esxHost = 'esxi1.jklug.local' # Define ESXi node
$esxUser = 'root' # Define ESXi user
$esxPassword = 'my-password' # Define ESXi password
$cluster = Get-Cluster -Name 'Cluster-1' # Define vCenter cluster
Add-VMHost -Name $esxHost -User $esxUser -Password $esxPassword -Location $cluster -Force:$true
# Shell output:
Name ConnectionState PowerState NumCpu CpuUsageMhz CpuTotalMhz MemoryUsageGB MemoryTotal
GB
---- --------------- ---------- ------ ----------- ----------- ------------- -----------
esxi1.jklug.local Connected PoweredOn 8 0 27200 0,000 35,999
List ESXi nodes #
# List ESXi nodes managed by vCenter
Get-VMHost
# Shell output:
Name ConnectionState PowerState NumCpu CpuUsageMhz CpuTotalMhz MemoryUsageGB MemoryTotal
GB
---- --------------- ---------- ------ ----------- ----------- ------------- -----------
esxi1.jklug.local Connected PoweredOn 8 1144 27200 18,278 35,999
Backup Key-Provider #
# Backup Key-Provider: Without password
Export-KeyProvider -KeyProvider Win-TPM -FilePath c:\tpm\Win-TPM -Force
# Backup Key-Provider: With password protection
$SecurePassword = ConvertTo-SecureString -String "mytpmpw" -AsPlainText -Force
Export-KeyProvider -KeyProvider Win-TPM -FilePath c:\tpm\Win-TPM -Password $SecurePassword -Force
# Shell output:
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 21.01.2024 22:03 1113 Win-TPM
WARNING: KeyProvider 'Win-TPM' exported to file 'c:\tpm2\Win-TPM' has been protected by the given password.
Remember to store the password safely.
PowerCLI VMs #
The following commands can be run from vCenter and ESXi nodes.
List VMs #
# List all VMs
Get-VM
# Shell output
Name PowerState Num CPUs MemoryGB
---- ---------- -------- --------
Ubuntu-01 PoweredOn 1 2,000
VMware vCenter Se... PoweredOn 6 24,000
vCLS-2c4db3ac-82f... PoweredOn 1 0,125
# List running VMs
Get-VM | Where-Object { $_.PowerState -eq "PoweredOn" }
# List stopped VMs
Get-VM | Where-Object { $_.PowerState -eq "PoweredOff" }
Start, Stop & Restart #
# Start VM
Start-VM -VM Ubuntu-01
# Stop VM: Gracefully
Shutdown-VMGuest -VM Ubuntu-01 -Confirm:$false
# Stop VM: Power off
Stop-VM -VM Ubuntu-01 -Confirm:$false
# Restart VM: Gracefully
Restart-VMGuest -VM Ubuntu-01
# Restart VM: Hard Reset
Restart-VM -VM Ubuntu-01 -Confirm:$false
# Suspend VM
Suspend-VM -VM Ubuntu-01 -Confirm:$false
VIM-CMD #
VIM-CMD commands can be used on ESXi nodes.
List Commands #
# List command categories
vim-cmd
# shell output:
Commands available under /:
hbrsvc/ internalsvc/ solo/ vmsvc/
hostsvc/ proxysvc/ vimsvc/ help
# List commands from command categories: For example vimsvc
vim-cmd vmsvc
Start, Stop, Reboot #
# List all VMs and ther IDs
vim-cmd vmsvc/getallvms
# Start VM: Define VM ID
vim-cmd vmsvc/power.on 3
# Stop VM: Define VM ID
vim-cmd vmsvc/power.off 3
# Reboot VM: Define VM ID
vim-cmd vmsvc/power.reboot 3
# Reset VM: Define VM ID
vim-cmd vmsvc/power.reset 3
Links #
# ESXi 7.0 ESXCLI Command Reference
https://developer.vmware.com/docs/11743/namespace/esxcli_system.html