Appendix A – ESX Technical Support Commands
Command Purpose
esxcfg-advcfg advanced options
esxcfg-auth Configures authentication
esxcfg-boot bootstrap settings
220 702

esxcfg-dumppart Configures a diagnostic partition
esxcfg-firewall service console firewall ports
esxcfg-info Information about the state of the service console, VMkernel, various subsystems in the virtual network, and
storage resource hardware.
esxcfg-init Internal initialization routines. Used for the bootstrap process you should not use it under any circumstances.
esxcfg-module Sets driver parameters and modifies which drivers are loaded during startup.
esxcfg-mpath multipath settings for your Fibre Channel or iSCSI disks.
esxcfg-nas Manages NFS mounts
esxcfg-nics physical network adapters
esxcfg-resgrp resource group settings
esxcfg-route default VMkernel gateway route
esxcfg-swiscsi software iSCSI software adapter.
esxcfg-upgrade Upgrades from ESX Server 2.x to ESX.
esxcfg- scsidevs Prints a map of VMkernel storage devices to service console devices.
esxcfg-vmknic VMkernel TCP/IP settings for VMotion, NAS, and iSCSI.
esxcfg-vswif service console network settings.
esxcfg-vswitch virtual machine network settings.
Appendix B – Linux Commands Used with ESX
Appendix C – Using vmkfstools
o vmkfstools utility is used to create and manipulate virtual disks, file systems, logical volumes, and physical storage devices.
Fibre Channel SAN Configuration Guide
o Zones define which HBAs can connect to which SPs.
o Zoning is similar to LUN masking, which is commonly used for permission management. Usually, LUN masking is performed at the SP or server
level.
o WWPN (World Wide Port Name) is a globally unique identifier for a port.
o Port ID (or port address) enables routing. FC switches assign the port ID when the device logs in to the fabric.
o When N-Port ID Virtualization (NPIV) is used, a single FC HBA port (N-port) can register with the fabric by using several WWPNs.
o active-active - access to the LUNs simultaneously through all the storage ports that are available, without significant performance degradation.
o active-passive - one port is actively providing access to a given LUN. The other ports act as backup
o Disk shares are relevant only within a given ESX/ESXi host.
o Virtual machine I/O might be delayed for up to sixty seconds while path failover takes place. I/O delays might be longer on active-passive
arrays.
o On virtual machines running Microsoft Windows, increase the value of the SCSI TimeoutValue parameter to 60.
o Only one VMFS volume per LUN.
o Unless you are using diskless servers, do not set up the diagnostic partition on a SAN LUN.
o ESX/ESXi does not support FC connected tape devices.
o You cannot use virtual machine logical-volume manager softw

9L0-403 are to mirror virtual disks. Dynamic disks on a Microsoft Windows virtual
machine are an exception, but require special configuration.
o You should not mix FC HBAs from different vendors in a single server.
o Use a dedicated SCSI adapter for any tape drives that you are connecting to an ESX/ESXi system.
o You should not use boot from SAN in the following situations:
o If you are using Microsoft Cluster Service.
o If I/O contention might occur between the service console and VMkernel.
o Proper LUN masking is critical in boot from SAN mode.
o Runtime Name - the name of the first path to the device. Created by the host. Is not a reliable identifier for the device, and is not persistent.
o vmhba#:C#:T#:L#, where:
o vmhba# is the name of the storage adapter

9L0-510
o C# is the storage channel number.
o T# is the target number.
o L# is the LUN number
o If a target has only one LUN, the LUN number is always zero (0).

The iSCSI initiator relies on being able to get MAC address changes from certain types of storage. If you are using ESX iSCSI and have iSCSI
storage, set the MAC Address Changes option to Accept.
o A legitimate need for more than one adapter to have the same MAC address, is if you are using Microsoft Network Load Balancing in unicast
mode. When NLB is used in the standard multicast mode, adapters do not share MAC addresses.
o ESX uses the Pluggable Authentication Modules (PAM) str
220 701 ucture for authentication. The PAM configuration in /etc/pam.d/vmware-authd, ESX
uses /etc/passwd authentication, but you can configure ESX to use another distributed authentication mechanism.
o CIM transactions also use ticket-based authentication in connecting with the vmware-hostd process.
o Management functions with username/password > vmware-hostd > Service Console
o VM console with ticket > vmkauthd > vm in VMkernel
o vicfg commands do not perform an access check.
o The vpxuser is used for vCenter Server permissions.
o The root user and vpxuser permissions are the only users not assigned the No Access role by default.
o ESX supports SSL v3 and TLS v1.
o All network traffic is encrypted as long as:
o Did not change the Web proxy service to allow unencrypted traffic for the port.
o Service console firewall is configured for medium or high security.
o The default location for your certificate is /etc/vmware/ssl/ on the ESX host. The certificate consists of two files: the certificate itself (rui.crt)
and the private-key file (rui.key).
o The ESX host generates certificates the first time the system is started.
o Each time you restart the vmware-hostd process, the mgmt-vmware script searches for existing certificate files (rui.crt and rui.key). If it cannot
find them, it generates new certificate files.
o SSL timeout settings are set in /etc/vmware/hostd/config.xml.
o Do not set up certificates using passphrases.
o For certificates in a location other than the default location, set the location in /etc/vmware/hostd/proxy.xml.
o If you are performing activities that require root privileges, log in to the service console as a recognized user and acquire root privileges
through the sudo command, which provides enhanced security compared to the su command.
o The service console firewall is configured to block all incoming and outgoing traffic, except for ports 22, 123, 427, 443, 902, 5989, 5988, pings
(ICMP) and communication with DHCP and DNS (UDP only) clients.
o Medium security - All incoming traffic is blocked, except on the default ports and any ports you specifically open. Outgoing traffic is not
blocked.
220 702

o Low security - There are no blocks on either incoming or outgoing traffic. This setting is equivalent to removing the firewall.
o Password aging restrictions are enabled for user logins by default.
o Maximum days - By default, passwords are set to never expire.
o Minimum days - The default is 0, meaning that the users can change their passwords any time.
o Warning time - The default is seven days.
o To change this for hosts use esxcfg-auth. Change for users use the command chage.
o By default, ESX uses the pam_cracklib.so plug-in. There is no restrictions on the root password, but the defaults for non-root users is:
o minimum password length is nine
o password length algorithm allows shorter passwords if the user enters a mix of character classes. M – CC = E where the Character Classes
are upper, lower, digits and other.
o retries is set to three
o The pam_passwdqc.so provides a greater number of options for fine-tuning password strength and performs password strength tests for all
users, including the root user.
o setuid allows an application to temporarily change the permissions of the user running the application.
o setgid changes the permissions of the group running the application.
o Default setuid applications: crontab, pam_timestamp_check, passwd, ping, pwdb_chkpwd, ssh-keysign, su, sudo, unix_chkpwd, vmkload_app,
vmware-authd, vmware-vmx. Default setgid Applications: wall, lockfile.
o Virtual Machine Recommendations:
o Install Antivirus Software
o Disable Copy and Paste Operations Between the Guest Operating System and Remote Console
o Removing Unnecessary Hardware Devices
o Limiting Guest Operating System Writes to Host Memory
o Configuring Logging Levels for the Guest

220 701 Operating System
o Host profiles eliminates per-host, configuration and maintain configuration consistency and correctness across the datacenter.
o Only supported for VMware vSphere 4.0 hosts.
o Host Profiles are only available when the appropriate licensing is in place.
o You can export a profile to a file that is in the VMware profile format (.

Key contents of the metadata in the mapping file include the location of the mapped device (name resolution), the locking state of the
mapped device, permissions, and so on.
o You cannot perform vMotion or Storage vMotion between datastores when NPIV is enabled.
o VMware protects the service console with a firewall. It also mitigates risks using other methods:
o Only services essential to managing its functions.
o By default, installed with a high-security setting. All outbound

640 802 Dumps
ports are closed.
o By default, all ports not specifically required for management access to the service console are closed.
o By default, weak ciphers are disabled and all communications from clients are secured by SSL. Default certificates created on ESX use
SHA-1 with RSA encryption as the signature algorithm.
o The Tomcat Web service, has been modified to run only those functions required.
o VMware monitors all security alerts (for the RHEL5 distribution and 3rd party software).
o Insecure services such as FTP and Telnet are not installed.
o The number of applications that use a setuid or setgid flag is minimized.
o ESX can automate whether services start based on the status of firewall ports, but this only applies to service settings configured through the
vSphere Client or applications created with the vSphere Web services SDK. Doesn’t apply to changes made with the esxcfg-firewall utility or
configuration files in /etc/init.d/.
Port Purpose Interface Traffic type
22 SSH Server Service Console Incoming TCP
80 HTTP access and WS-Management Service Console Incoming TCP
123 NTP Client Service Console Outgoing UDP
427 The CIM client SLPv2 to find CIM servers. Service Console Incoming and
outgoing UDP
443 HTTPS access - vmware-hostd
vCenter Server access to ESX hosts
Client access to vCenter Server and ESX hosts
WS-Management
Client access to vSphere Update Manager
Converter access to vCenter Server
Web Access to vCenter Server and ESX hosts
Service Console Incoming TCP
902 Host access to other hosts for migration and provisioning
Authentication traffic for ESX (xinetd/vmware-authd)
Client access to virtual machine consoles (UDP) Status update (heartbeat)
connection from ESX to vCenter Server
640-802

Service Console Incoming TCP,
outgoing UDP
903 Remote console traffic from VI client & Web Access (xinetd/vmware-authd-mks) Service Console Incoming TCP
2049 Transactions from NFS storage devices VMkernel Incoming and
outgoing TCP
2050-2250 Between ESX hosts for HA and EMC Autostart Manager Service Console Outgoing TCP,
incoming and
outgoing UDP
3260 Transactions to iSCSI storage devices VMkernel &
Service Console
Outgoing UDP
5900-5964 RFB protocol, which is used by management tools such as VNC Service Console Incoming and
outgoing TCP
5989 CIM XML transactions over HTTPS Service Console Incoming and
outgoing TCP
8000 VMotion requests VMkernel Incoming and
outgoing TCP
8042-8045 Between ESX hosts for HA and EMC Autostart Manager Service Console Outgoing TCP,
incoming and
outgoing UDP
8100, 8200 Between ESX hosts for Fault Tolerance Service Console Outgoing TCP,
incoming and
outgoing UDP
PLUS installed management agents and suppo
640 802 braindumps rted services such as NFS.
o Create a separate VLAN for communication with the service console.
o Configure network access for connections with the service console through a single virtual switch and one or more uplink ports.

Use local SATA storage, internal and external, in unshared mode only.
o Some SAS storage systems can offer shared access
o You can have up to 256 VMFS datastores per system, with a minimum volume size of 1.2GB.
o Grow the existing datastore extent if th
vcp 4
e storage device where your datastore resides has free space. You can grow the extent up to 2 TB.
o You can connect up to 32 hosts to a single VMFS volume. (EDIT: Maximums document says 64)
o Perform a rescan each time you:
o Create new LUNs on a SAN.
o Change the path masking on a host.
o Reconnect a cable.
o Make a change to a host in a cluster.
o Do not rescan when a path is unavailable.
o To rescan adapters on all hosts managed by vCenter by right-clicking a datacenter, cluster, or folder and selecting Rescan for Datastores.
o ESX does not support the delegate user functionality that enables access to NFS volumes using non-root credentials
o Disk format on a NAS device is dictated by the NFS server, typically a thin format that requires on-demand space allocation.
o When your host accesses a virtual machine disk file on an NFS-based datastore, a .lck-XXX lock file is generated to prevent other hosts from
accessing this file.
o If the underlying NFS volume, is read-only, make sure that the volume is exported as a read-only share by the NFS server, or configure it as a
read-only on the ESX host.
o A diagnostic partition cannot be located on an iSCSI LUN accessed through a software iSCSI initiator.
o You can query and scan the host’s diagnostic partition using the vicfg-dumppart -l command
o You can group datastores into folders.
o You can unmount:
o NFS datastores
o VMFS datastore copies mounted without resignaturing
o You can have up to 32 extents.
o You can grow an extent in an existing VMFS datastore. Only extents with free space immediately after them are expandable.
o If a shared datastore has powered on virtual machines and becomes 100% full, you can increase the datastore’s capacity only from the host,
with which the powered on virtual machines are registered.
o You can mount a VMFS datastore only if it does not collide with an already mounted VMFS datastore that has the same UUID (signature).
o When resignaturing a VMFS copy, ESX assigns a new UUID and a new label to the copy, and mounts the copy as a datastore distinct from the
original.
o The default format of the new label assigned to the datastore is snap-<snapID>-<oldLabel>, where <snapID> is an integer and <oldLabel> is the
label of the original datastore.
o Datastore resignaturing is irreversible.
o A spanned datastore can be resignatured only if all its extents are online.
o Pluggable Storage Architecture (PSA) is an open modular framework that coordinates the simultaneous operation of multiple multipathing
plugins (MPPs). The VMkernel multipathing plugin that ESX provides by default is the VMware Native Multipathing Plugin (NMP). Two types of
NMP subplugins, Storage Array Type Plugins (SATPs), and Path Selection Plugins (PSPs).
o The VMware NMP supports all storage arrays listed on the VMware storage HCL and provides a default path selection algorithm based on the

vmware vcp 4

array type.
o ESX offers an SATP for every type of array that VMware supports.
o By default, the VMware NMP supports the following PSPs:
o Most Recently Used (MRU)
o Fixed - with active-passive arrays that have a Fixed path policy, path thrashing might be a problem.
o Round Robin (RR) - Uses a path selection algorithm that rotates through all available paths enabling load balancing across the paths.
o Claim rules defined in the /etc/vmware/esx.conf file, the host determines which multipathing plugin (MPP) should claim the paths.
o By default, the host performs a periodic path evaluation every 5 minutes.
o Active multiple working paths currently used for transferring data are marked as Active (I/O). In ESX 3.5 or earlier, the term active means the
only path that the host is using to issue I/O to a LUN.
o Standby path is operational and can be used for I/O if active paths fail.
o If you created a virtual disk in the thin format, you can later inflate it to its full size.
o RDM offers several benefits. User-Friendly Persistent Names, Dynamic Name Resolution, Distributed File Locking, File Permissions, File System
640 802
Operations, Snapshots, vMotion, SAN Management Agents and N-Port ID Virtualization(NPIV).
o Certain limitations exist when you use RDMs:
o Not available for block devices or certain RAID devices.
o Available with VMFS-2 and VMFS-3 volumes only.
o No snapshots in physical compatibility mode.
o No partition mapping. It requires a whole LUN.

MAC Address Changes - the guest OS changes the MAC address of the adapter to anything other than what is in the .vmx
o Forged Transmits - Outbound frames with a source MAC address that is different from the one set on the adapter are dropped.
o Traffic shaping
o Traffic shaping policy is defined by three characteristics: average bandwidth, peak bandwidth, and burst size.
o ESX shapes outbound network traffic o

vcp-410 n vSwitches and both inbound and outbound traffic on a vNetwork Distributed Switch.
o Peak bandwidth cannot be less than the specified average bandwidth.
o NIC Teaming (Load balancing and failover)
o Load Balancing
1. Route based on the originating port ID — Choose an uplink based on the virtual port where the traffic entered the virtual
switch.
2. Route based on ip hash — Choose an uplink based on a hash of the source and destination IP addresses of each packet.
3. Route based on source MAC hash — Choose an uplink based on a hash of the source Ethernet.
4. Use explicit failover order — Always use the highest order uplink from the list of Active adapters which passes failover
detection criteria.
o IP-based teaming requires that the physical switch be configured with etherchannel. For all other options, etherchannel should
be disabled.
o Incoming traffic is controlled by the load balancing policy on the physical switch
o Network failover detection
o Link Status only
o Beacon probing - Do not use beacon probing with IP-hash load balancing.
o Notify Switches - a notification is sent out over the network to update the lookup tables on physical switches. In almost all cases, this
process is desirable for the lowest latency of failover occurrences and migrations with VMotion. Do not use this option when the
virtual machines using the port group are using Microsoft Network Load Balancing in unicast mode.
o Failback - determines how a physical adapter is returned to active duty after recovering from a failure. If failback is set to Yes
(default), the adapter is returned to active duty immediately upon recovery.
o Failover Order
1. Active Uplinks
2. Standby Uplinks
3. Unused Uplinks
o When using IP-hash load balancing, do not configure standby uplinks.
o VLAN - The VLAN policy allows virtual networks to join physical

vmware vcp 410 VLANs - vNetwork Distributed Switch only (dvPorts).
o Port blocking policies - vNetwork Distributed Switch only (dvPorts).
o VMware uses the Organizationally Unique Identifier (OUI) 00:50:56 for manually generated addresses. You must set them in a virtual
machine’s configuration file: ethernet<number>.addressType=”static”
o Jumbo frames must be enabled at the host level using the command-line interface to configure the MTU size for each vSwitch.
o TCP Segmentation Offload (TSO) is enabled on the VMkernel interface by default, but must be enabled at the virtual machine level.
o To enable TSO at the virtual machine level, you must replace the existing vmxnet or flexible virtual network adapters with enhanced vmxnet
virtual network adapters. This might result in a change in the MAC address of the virtual network adapter.
o To check whether TSO is enabled on a particular VMkernel networking interface use the esxcfg-vmknic -l command. The list shows
each TSO-enabled VMkernel interface with TSO MSS set to 65535.
o If TSO is not enabled for a particular VMkernel interface, the only way to enable it is to delete the VMkernel interface and recreate the
interface.
o Jumbo frames up to 9kB (9000 bytes) are supported.
o Use the vicfg-vswitch -m <MTU> <vSwitch> command to set the MTU size for the vSwitch.
o Enabling jumbo frame support on a virtual machine requires an enhanced vmxnet adapter for that virtual machine.
o NetQueue in ESX takes advantage of the capability of some network adapters to deliver network traffic to the system in multiple receive
queues that can be processed separately. This allows processing to be scaled to multiple CPUs, improving receive-side networking
performance.
o NetQueue is enabled by default.
o ESX supports a direct PCI device connection for virtual machines running on Intel Nehalem platforms. Each virtual machine can connect to up
to 2 passthrough devices.
o The following features are unavailable for virtual machines configured with VMDirectPath:
o VMotion
o Hot adding and removing of virtual devices
vmware vcp 410
o Suspend and resume
o Record and replay
o Fault tolerance
o High availability
o DRS (limited availability; the virtual machine can be part of a cluster, but cannot migrate across hosts)
o Software-initiated iSCSI is not available over 10GigE network adapters in ESX

Assign each physical NIC to a port group and a vSwitch.
5. Use separate physical NICs to handle the different traffic streams, such as network packets generated by VMs, iSCSI protocols, VMotionPassed VCP410
tasks, and service console activities.
6. Ensure that the physical NIC capacity is large enough to handle the network traffic on that vSwitch. If the capacity is not enough, consider
using a high-bandwidth physical NIC (10Gbps) or moving some VMs to a vSwitch with a lighter load or to a new vSwitch.
7. If packets are being dropped at the vSwitch port, increase the virtual network driver ring buffers where applicable.
8. Verify that the reported speed and duplex settings for the physical NIC match the hardware expectations and that the hardware is
configured to run at its maximum capability. For example, verify that NICs with 1Gbps are not reset to 100Mbps because they are
connected to an older switch.
9. Verify that all NICs are running in full duplex mode. Hardware connectivity issues might result in a NIC resetting itself to a lower speed or
half duplex mode.
10. Use vNICs that are TSO-capable, and verify that TSO-Jumbo Frames are enabled where possible.
o Tasks represent system activities that do not complete immediately, such as migrating a VM.
o If you are logged in to a vCenter Server system that is part of a Connected Group, a column in the task list displays the name of the vCenter
Server system on which the task was performed.
Appendix A – Defined privileges
Appendix B – Installing the MS sysprep tools
Appendix C – Performance metrics
ESX Configuration Guide
o A vNetwork Distributed Switch acts as a single vSwitch across all associated hosts on a datacenter. This allows virtual machines to maintain
consistent network configuration as they migrate across multiple hosts. A dvPort is a port on a vNetwork Distributed Switch.
o The VMkernel TCP/IP networking stack supports iSCSI, NFS, and VMotion. Virtual machines run their own systems’ TCP/IP stacks and connect
to the VMkernel at the Ethernet level through virtual switches.
o TCP Segmentation Offload (TSO), allows a TCP/IP stack to emit very large frames (up to 64KB) even though the maximum transmission unit
(MTU) of the interface is smaller. The network adapter then separates the large frame into MTU-sized frames and prepends an adjusted copy
of the initial TCP/IP headers.
o The default number of logical ports for a vSwitch is 56.
o Each uplink adapter associated with a vSwitch uses one port.
o You can create a maximum of 127 vSwitches on a single host. (EDIT the current Maximums PDF says 248)
o Maximum of 512 port groups on a single host.
o For a port group to reach port groups located on other VLANs, the VLAN ID must be set to 4095. If you enter 4095, the port group can see
traffic on any VLAN while leaving the VLAN tags intact.
o VLAN ID is a number between 1 and 4094.
o ESX supports only NFS version 3 over TCP/IP.
o You can create a maximum of 16 service console ports in ESX.
o CDP advertisements typically occur once a minute.
o dvPort group properties include:
o Port Binding - when ports are assigned to virtual machines connectePassed VCP 4 d to this dvPort group.
o Static binding - to assign a port to a virtual machine when the virtual machine is connected to the dvPort group.
o Dynamic binding - to assign a port to a virtual machine the first time the virtual machine powers on after it is connected to the
dvPort group.
o Ephemeral - for no port binding.
o Whether to allow live port moving.
o Config reset at disconnect to discard per-port configurations when a dvPort is disconnected from a virtual machine.
o Binding on host allowed to specify that when vCenter Server is down, ESX can assign a dvPort to a virtual machine.
o Port name format to provide a template for assigning names to the dvPorts in this group.
o Private VLANs are used to solve VLAN ID limitations.
o A private VLAN is identified by its primary VLAN ID. A primary VLAN ID can have multiple secondary VLAN IDs associated with it. Primary
VLANs are Promiscuous, so that ports on a private VLAN can communicate with ports configured as the primary VLAN. Ports on a secondary
VLAN can be either:
o Isolated - communicating only with promiscuous ports
o Community - communicating with both promiscuous ports and other ports on the same secondary VLAN.
o Only one VMotion and IP storage port group for each ESX host.
o You can enable or disable IPv6 support on the host.
o The following networking policies can be applied:
vcp 410
o Security
o Promiscuous Mode - In non-promiscuous mode, a guest adapter listens only to traffic forwarded to own MAC address. In
promiscuous mode, it can listen to all the frames. By default, guest adapters are set to non-promiscuous mode

This topic introduces the components of VMware vSphere.
VMware vSphere includes the following components:
VMware® ESX and VMware® ESXi

A virtualization layer run on physical servers that abstracts processor, memory, storage, and resources into multiple virtual machines.

VCP-410 questions
Two versions of ESX are available:
■

VMware ESX 4.0 contains a built-in service console. It is available as an installable CD-ROM boot image.
■

VMware ESXi 4.0 does not contain a service console. It is available in two forms: VMware ESXi 4.0 Embedded and VMware ESXi 4.0 Installable. ESXi 4.0 Embedded is firmware that is built into a server’s physical hardware. ESXi 4.0 Installable is software that is available as an installable CD-ROM boot image. You install the ESXi 4.0 Installable software onto a server’s hard drive.
VMware® vCenter Server

The central point for configuring, provisioning, and managing virtualized IT environments.
VMware® vSphere Client

An interface that allows users to connect remotely to vCenter Server or ESX/ESXi from any Windows PC.
VMware® vSphere Web Access

A Web interface that allows virtual machine management and access to remote consoles.
VMware® Virtual Machine File System (VMFS)

A high performance cluster file system for ESX/ESXi virtual machines.
VMware® Virtual SMP

Feature that enables a single virtual machine to use multiple physical processors simultaneously.
VMware® VMotion and Storage VMotion

VMware VMotion enables the live migration of running virtual machines from one physical server to another with zero down time, continuous service availability, and complete transaction integrity. Storage VMotion enables the migration of virtual machine files from one datastore to another without service interruption. You can choose to place the virtual machine and all its disks in a single location, or select separate locations for the virtual machine configuration file and each virtual disk. The virtual machine remains on the same host during Storage VMotion.
Migration with VMotion - Moving a powered-on virtual machine to a new host. Migration with VMotion allows you to move a virtual machine to a new host without any interruption in the availability of the virtual machine. Migration with VMotion cannot be used to move virtual machines from one datacenter to another.
Migration with Storage VMotion - Moving the virtual disks or configuration file of a powered-on virtual machine to a new datastore. Migration with Storage VMotion allows you to move a virtual machine’s storage without any interruption in the availability of the virtual machine.
VMware® High Availability (HA)

Feature that provides high availability for applications running in virtual machines. If a server fails, affected virtual machines are restarted on other production servers that have spare capacity.
VMware® Distributed Resource Scheduler (DRS)

VCP-410 dumps
Feature that allocates and balances computing capacity dynamically across collections of hardware resources for virtual machines. This feature includes distributed power management (DPM) capabilities that enable a datacenter to significantly reduce its power consumption.
VMware® Consolidated Backup (Consolidated Backup)

Feature that provides a centralized facility for agent-free backup of virtual machines. It simplifies backup administration and reduces the impact of backups on ESX/ESXi performance.
VMware® vSphere SDK

Feature that provides a standard interface for VMware and third-party solutions to access the VMware vSphere.
VMware® Fault Tolerance

When Fault Tolerance is enabled for a virtual machine, a secondary copy of the original (or primary) virtual machine is created. All actions completed on the primary virtual machine are also applied to the secondary virtual machine. If the primary virtual machine becomes unavailable, the secondary machine becomes active, providing continual availability.
vNetwork Distributed Switch (DVS)

Feature that includes a distributed virtual switch (DVS), which spans many ESX/ESXi hosts enabling significant reduction of on-going network maintenance activities and increasing network capacity. This allows virtual machines to maintain consistent network configuration as they migrate across multiple hosts.
Host Profiles

Feature that simplifies host configuration management through user-defined configuration policies. The host profile policies capture the blueprint of a known, validated host configuration and use this to configure networking, storage, security, and other settings across multiple hosts. The host profile policies also monitor compliance to standard host configuration settings across the datacenter. Host profiles reduce manual steps involved in configuring a host and can help maintain consistency and correctness across the datacenter.Passed VCP-410

Pluggable Storage Array (PSA)

A storage partner plug-in framework that enables greater array certification flexibility and improved array-optimized performance. PSA is a multipath I/O framework allowing storage partners to enable their array asynchronously to ESX release schedules. VMware partners can deliver performance-enhancing multipath load-balancing behaviors that are optimized for each array.

By default, statistics are stored in the vCenter Server database for one year. You can increase this to three years.
o You cannot view datastore metrics in the advanced charts. They are only available in the overview charts.
o CPU Performance Enhancement Advice
1. Verify that VMware Tools is installed on every VM on the host.
2. Compare the CPU usage value of a VM with t

VCP-410 exam he CPU usage of other VMs on the host or in the resource pool. The stacked bar chart on the
host’s Virtual Machine view shows the CPU usage for all VMs on the host.
3. Determine whether the high ready time for the VM resulted from its CPU usage time reaching the CPU limit setting. If so, increase the
CPU limit on the VM.
4. Increase the CPU shares to give the VM more opportunities to run. The total ready time on the host might remain at the same level if the
host system is constrained by CPU. If the host ready time doesn’t decrease, set the CPU reservations for high-priority VMs to guarantee
that they receive the required CPU cycles.
5. Increase the amount of memory allocated to the VM. This decreases disk and or network activity for applications that cache. This might
lower disk I/O and reduce the need for the ESX/ESXi host to virtualize the hardware. Virtual machines with smaller resource allocations
generally accumulate more CPU ready time.
6. Reduce the number of virtual CPUs on a VM to only the number required to execute the workload. For example, a single-threaded
application on a four-way VM only benefits from a single vCPU. But the hypervisor’s maintenance of the three idle vCPUs takes CPU cycles
that could be used for other work.
7. If the host is not already in a DRS cluster, add it to one. If the host is in a DRS cluster, increase the number of hosts and migrate one or
more VMs onto the new host.
8. Upgrade the physical CPUs or cores on the host if necessary.
9. Use the newest version of ESX/ESXi, and enable CPU-saving features such as TCP Segmentation Offload, large memory pages, and jumbo
frames.
o Memory Performance Enhancement Advice
1. Verify that VMware Tools is installed on each VM. The balloon driver is installed with VMware Tools and is critical to performance.
2. Verify that the balloon driver is enabled. The VMkernel regularly reclaims unused VM memory by ballooning and swapping. Generally,
this does not impact VM performance.
3. Reduce the memory space on the VM, and correct the cache size if it is too large. This frees up memory for other VMs.
4. If the memory reservation of the VM is set to a value much higher than its active memory, decrease the reservation setting so that the
VMkernel can reclaim the idle memory for other VMs on the host.
5. Migrate one or more VMs to a host in a DRS cluster.
6. Add physical memory to the host.
o Disk I/O Performance Enhancement Advice
1. Increase the VM memory. This should allow for more operating system caching, which can reduce I/O activity. Note that this may require
you to also increase the host memory. Increasing memory might
VCP-410 exam questions reduce the need to store data because databases can utilize system
memory to cache data and avoid disk access. To verify that VMs have adequate memory, check swap statistics in the guest operating
system. Increase the guest memory, but not to an extent that leads to excessive host memory swapping. Install VMware Tools so that
memory ballooning can occur.
2. Defragment the file systems on all guests.
3. Disable antivirus on-demand scans on the VMDK and VMEM (backup of the VM’s paging file) files.
4. Use the vendor’s array tools to determine the array performance statistics. When too many servers simultaneously access common
elements on an array, the disks might have trouble keeping up. Consider array-side improvements to increase throughput.
5. Use Storage VMotion to migrate I/O-intensive VMs across multiple ESX/ESXi hosts.
6. Balance the disk load across all physical resources available. Spread heavily used storage across LUNs that are accessed by different
adapters. Use separate queues for each adapter to improve disk efficiency.
7. Configure the HBAs and RAID controllers for optimal use. Verify that the queue depths and cache settings on the RAID controllers are
adequate. If not, increase the number of outstanding disk requests for the VM by adjusting the Disk.SchedNumReqOutstanding
parameter. For more information, see the Fibre Channel SAN Configuration Guide.
8. For resource-intensive VMs, separate the VM’s physical disk drive from the drive with the system page file. This alleviates disk spindle
contention during periods of high use.
9. On systems with sizable RAM, disable memory trimming by adding the line MemTrimRate=0 to the VM’s .VMX file.
10. If the combined disk I/O is higher than a single HBA capacity, use multipathing or multiple links.
11. For ESXi hosts, create virtual disks as preallocated. When you create a virtual disk for a guest operating system, select Allocate all disk
space now. The performance degradation associated with reassigning additional disk space does not occur, and the disk is less likely to
become fragmented.
12. Use the most current ESX/ESXi host hardware.
o Networking Performance Enhancement Advice
VCP-410 study guide

1. Verify that VMware Tools is installed on each VM.
2. If possible, use vmxnet3 NIC drivers, which are available with VMware Tools. They are optimized for high performance.
3. If VMs running on the same ESX/ESXi host communicate with each other, connect them to the same vSwitch to avoid the cost of
transferring packets over the physical network.

If you create or edit a role on a vCenter Server system that is part of a connected group in Linked Mode, the changes you make are propagated
to all other vCenter Server systems in the group. Assignments of roles to specific users and objects are not shared across linked vCenter Server

VCP-410 dumps
systems.
o Permissions grant users the right to perform the activities specified by the role on the object to which the role is assigned
o By default, all users who are members of the Windows Administrators group on the vCenter Server system have the same access rights as any
user assigned to the Administrator role on all objects.
o Propagation is set per permission, not universally applied. Permissions defined for a child object always override those propagated from
parent objects.
o You cannot set permissions directly on a vNetwork Distributed Switches. To set permissions for a vNetwork Distributed Switch and its
associated dvPort Groups, set permissions on a parent object, such a folder or datacenter, and select the option to propagate these
permissions to child objects.
o If no permission is defined for the user on that object, the user is assigned the union of privileges assigned to the groups for that object.
o If a permission is defined for the user on that object, the user’s permission takes precedence over all group permissions
o Reports are updated every 30 minutes.
o Map views are updated every 30 minutes
o Alarms are notifications that occur in response to selected events, conditions, and states that occur with objects in the inventory.
o Alarms are composed of a trigger and an action.
o Alarms have two types of triggers: condition/state triggers, and event triggers.
o Condition or State Triggers Monitor the current condition or state of VMs, hosts, and datastores.
o Event Triggers Monitors events that occur in response to operations occuring with any managed object in the inventory, the vCenter Server
system, or the license server.
o Condition and state triggers use one of the following operator sets to monitor an object:
o Is equal to and Is not equal to
o Is above and Is below
o Event triggers use arguments, operators, and values to monitor operations that occur in the vServer System.
o Alarm actions are operations that occur in response to triggered alarms.
o The default VMware alarms do not have actions associated with them. You must manually associate actions with the default alarms.
o You can disable an alarm action from occurring without disabling the alarm itself.
o You disable alarm actions for a selected inventory object.
o When you disable the alarm actions for an object, they continue to occur on child objects.
o When you disable alarm actions, all actions on all alarms for the object are disabled. You cannot disable a subset of alarm actions.
o The SNMP agent included with vCenter Server can be used to send traps when alarms are triggered on a vCenter Server.
o Alarm reporting can further restrict when a condition or state alarm trigger occurs by adding a tolerance range and a trigger frequency to the
trigger configuration.
VCP-410

o The tolerance range specifies a percentage above or below the configured threshold point, after which the alarm triggers or clears.
o Condition threshold + Tolerance Range = Trigger alarm
o The trigger frequency is the time period during which a triggered alarm action is not reported again. By default, the trigger frequency for the
default VMware alarms is set to 5 minutes.
o Statistical data consists of CPU, memory, disk, network, system, and VM operations metrics.
o Collection intervals determine the time period during which statistics are aggregated and rolled up, and the length of time the statistics are
archived in the vCenter database. By default, vCenter Server has four collection intervals: Day, Week, Month, and Year.
o Real-time statistics are not stored in the database. They are stored in a flat file on ESX/ESXi hosts and in memory on the vCenter Server
systems
o Real-time statistics are collected directly on an ESX/ESXi host every 20 seconds (60 seconds for ESX Server 2.x hosts).
o On ESX hosts, the statistics are kept for one hour, after which 180 data points (15 -20 second samples) will have been collected.
o On ESXi hosts, the statistics are kept for 30 minutes, after which 90 data points will have been collected.
o Collection Intervals:
Collected frequency Retention
5 Minutes 1 Day
30 Minutes 1 Week
2 Hours 1 Month
1 Day 1 Year
o You can change the frequency at which statistic queries occur, the length of time statistical data is stored in the vCenter Server database, and
the amount of statistical data collected.
o Not all attributes are configurable for each collection i
VCP-410 braindump nterval.
o You can assign a collection level of 1- 4 to each collection interval, with level 4 having the largest number of counters.
o By default, all collection intervals use collection level 1.
o Generally, you need to use only collection levels 1 and 2 for performance monitoring and analysis.

vSphere supports a maximum of eight simultaneous VMotion, cloning, deployment, or Storage VMotion accesses to a single VMFS3
datastore, and a maximum of four simultaneous VMotion, cloning, deployment, or Storage VMotion accesses to a single NFS or VMFS2
datastore. A migration with VMotion involves one access to the datastore. A migration with Storage VMotion involves one access to the
source datastore and one access to the destination datastore
o Disks are converted from thin to
VCP-410 exam questions
thick format or thick to thin format only when they are copied from one datastore to another. If you choose
to leave a disk in its original location, the disk format is not converted.
o Thin or thick provisioned – not available for RDMs in physical compatibility mode. If you select this option for a virtual compatibility mode
RDM, the RDM is converted to a virtual disk. RDMs converted to virtual disks cannot be converted back to RDMs.
o You can run the storage vmotion command in either interactive or noninteractive mode.
o Interactive mode, type svmotion –interactive.
o Noninteractive mode: svmotion [Standard CLI options] –datacenter=<datacenter name> –vm ‘<VM config datastore path>:<new
datastore>’ [–disks ‘<virtual disk datastore path>:<new datastore>, <virtual disk datastore path>:<new datastore>]’
o A snapshot captures the entire state of the VM at the time you take the snapshot. This includes:
o Memory state – The contents of the VM’s memory.
o Settings state – The VM settings.
o Disk state – The state of all the VM’s virtual disks.
o Snapshots of raw disks, RDM physical mode disks, and independent disks are not supported.
o Change Disk Mode to independent to Exclude Virtual Disks from Snapshots
o Persistent – Disks in persistent mode behave like conventional disks on your physical computer. All data written to a disk in persistent mode
are written permanently to the disk.
o Nonpersistent – Changes are discarded when you power off or reset the VM. Nonpersistent mode enables you to restart the VM with a virtual
disk in the same state every time. Changes to the disk are actually written to and read from a redo log file that is deleted when you power off
or reset.
o Snapshots:
o Delete – commits the snapshot data to the parent and removes the selected snapshot.
o Delete All – commits all the immediate snapshots before the You are here current state to the base disk and removesall existing
snapshots for that VM.
o Revert to Snapshot – a shortcut to the parent snapshot of “You are here”.
o If you use Active Directory groups for permissions, make sure that they are security groups and not distribution groups.
o Users who are currently logged in and are removed from the domain retain their vSphere permissions only until the next validation period (the
default is every 24 hours).
o A role is a predefined set of privileges. Privileges define basic individual rights required to perform actions and read properties. When you
assign a user or group permissions, you pair the user or group with a role and associate that pairing with an inventory object.
o Default roles:
o System roles – System roles are permanent. You cannot edit the privil
VCP-410 study guide eges associated with these roles.
o Sample roles – VMware provides sample roles for convenience as guidelines and suggestions. You can modify or remove these roles.
o You can also create completely new roles.
o All roles permit the user to schedule tasks by default. Users can schedule only tasks they have permission to perform at the time the tasks are
created.
o Default roles:
Role Role Type Description of User Capabilities
No Access system Cannot view or change the assigned object. available in ESX/ESXi and vCenter Server.
Read Only system View the state and details about the object. available on ESX/ESXi and vCenter
Server.
Administrator system All privileges for all objects. available in ESX/ESXi and vCenter Server.
Virtual Machine
Power User
sample allow the user to interact with and make hardware changes to VMs, as well as
perform snapshot operations. available only on vCenter Server.
Virtual Machine User sample allow the user to interact with a VM’s console, insert media, and perform power
operations. available only on vCenter Server.
Resource Pool
Administrator
sample allow the user to create child resource pools and modify the configuration of the
children, but not to modify the resource configuration of the pool or cluster on which
the role was granted. Also allows the user to grant permissions to child resource
pools, and assign VMs to the parent or child resource pools. available only on
vCenter Server.
VMware Consolidated
Backup User
VCP-410 questions

sample used by the VMware Consolidated Backup product and should not be modified.
available only on vCenter Server.
Datastore Consumer sample allow the user to consume space on the datastores on which this role is granted.
available only on vCenter Server.
Network Consumer sample allow the user to assign VMs or hosts to networks available only on vCenter Server.