VMware Interview Questions & Answers in

2016/2017
What is a VMkernel?
VMkernel is an interface between VMs and the VMware ESX host. Its main function is to
allocate memory, to schedule the CPUs and is necessary to run many of the services like
vMotion, Fault tolerance, NFS, traffic management and iSCSI. VMkernel port can be
configured on ESX server using a standard vSwitch .

What is the mode of communication between VMs on one server

with other servers?
In networking, VMs can communicate with other VMs on a different server with the help of
VMware port groups. The port group is associated with an uplink which a physical LAN port
on a physical switch. The port group then acts as an interface for communication between
vSwitch and physical switch to connect to another server in a network. The port group can be
created by logging into the vSphere client.

What are VLAN and VLAN tagging and what types of tagging are
available in vSphere?
VLAN. Despite the physical distribution of servers and other devices in a single or multiple
LANs, the devices are able to communicate with each other as they are in a single LAN is
called virtual LAN. Some of the benefits of VLAN include flexibility to relocate servers and
workstations, sharing single broadcast and easy management of the network.

VLAN Tagging. The Ethernet frames have to travel through trunk links and to identify these
frames navigating through trunk lines, VLAN tags are added to these frames. When it reaches
the concluding end of the trunk line, the tag is removed and the Ethernet frame reaches the
pre-defined access link so that the VLAN information remains unknown to the target link.

Types of ESX tagging. VMware vSphere is used for VLAN tagging in ESX. The three types
of VLAN tagging possible in ESX are

· Virtual Switch Tagging

· Virtual Guest Tagging

· External Switch tagging

What is the impact on HA,DRS, and FT if vCentre is down?

HA. High availability is managed by HA agent which is installed on vCenter server while
configuring hosts. So even if vCenter Server is not working, HA will keep on working since
HA is controlled by FDM agents.

DRS. In case vCenter is down, DRS will stop working since the distribution of VMs is a
function of vCenter Server.
FT. Although you will not be able to create VMs, the already configured VMs will not be
affected in case of vCenter outage.

What is 64-bit architecture and which version of ESX supports it?

The latest hardware and operating systems run on powerful and faster 64-bit architecture as
compared to conventional 32-bit architecture. The ESX Server below 4.0 version were all
built on 32-bit architecture. But the new ESX server 4.0 work on 64-bit platform and
scalability is increased since it can support the VMs with up to 255Gb of RAM.

Explain the difference between type1 and Type 2 hypervisors.

The type 1 hypervisor is installed directly on the server host and does not require any pre-
installed OS. It is also called Bare Metal hypervisor. The hypervisor1 is small software which
is easy to install and does not consume any system resources. The main objective of type1
hypervisor is to manage different resources between operating systems installed on it. All the
VMs and OS are independent of each other and problem in any one VM does not affect the
other VMs.

Type 2, on the other hand, can be installed only on the operating system installed on the host
server and dependent on host OS for all its functionality. If OS gets corrupted, the hypervisor
and all the VMs get affected.

How is the clone different from the template in VMware?

· Template is the master copy of a Virtual machine and is used to create copies of other
Virtual machines whereas a clone is just the copy of Virtual machine.

· A template can get converted back to VM to update the master VM copy with latest patches
or updates but a clone, once created cannot be converted back to VM.

· A clone can be created while VM is in ON condition whereas the creation of template from
a VM is not possible in ON condition.

· Cloning is of 2 types’ viz. Full clone and Linked clone. A full clone is entirely isolated
clone and does not depend on its parent VM in all its operations whereas Linked clone shares
virtual disk space with its parent VM. The template, on the other hand, is entirely an
independent entity.

How can you use 3rd party backup tools in VMware?

There is an inbuilt backup framework called VCB (VMware consolidate backup) that allows
you to use third party backup software to backup ESX virtual servers. VCB allows you to
take both full and incremental backups.

Apart from having centralized backups of all virtual servers you can take file level as well as
image-backups of ESX servers. During file level backup, VCB creates a snapshot of ESX
server, mounts it and the mounted drive is then backup-ed through 3rd party software.

During the image level backup, the snapshot is done which is copied on the backup server,
un-snapping of copy is done and finally, you can back the image with any 3rd party software.
1) Mention what is VMware and what are their benefits?

VMware provides different applications and software for virtualization. VMware products
are categorized in two levels, desktop applications, and Server applications. It is useful
for

 Running multiple operating systems and applications on a single computer

 Consolidate hardware to get vastly higher productivity form fewer servers
 Save more than 50% of total cost spend on IT
 It simplifies IT management and speed up the deployment of new applications
2) Mention what are the different types of virtualization available?

Different types of virtualization available are

 Application virtualization
 Presentation virtualization
 Network virtualization
 Storage virtualization
3) Mention what are the different types of server software does VMware provides?

VMware provides three different types of server software

 VMware ESX Server

 VMware ESXi Server
 VMware Server
4) Explain what is hypervisor?

Hypervisor is a program that enables multiple operating systems to share a single

hardware host. Each operating system has the host’s processor, memory and other
resources all to itself. Hypervisor controls the resources and host processor, allocating
what is required for each operating system in turn and make sure that the guest
operating system cannot disrupt each other.

5) Explain what is VMware DRS?

VMware DRS stands for Distributed Resource Scheduler; it dynamically balances

resources across various host under cluster or resource pool. It enables users to
determine the rules and policies which decide how virtual machines deploy resources,
and these resources should be prioritized to multiple virtual machines.

6) Explain VMware Fault Tolerance?

VMware fault tolerance is an important component of VMware vSphere, and it offers
continuous accessibility to applications by preventing data loss and down time of virtual
machines in the event of ESX server failure.

7) Mention what is FT logging traffic?

FT logging is one of the options in VMKernel port setting which is more or less same as
enabling vmotion option in the vmkernel port.

8) Mention what are the different components used in VMware infrastructure?

Different components used in VMware infrastructure includes

 It consists of the lowest layer which acts as an ESX server host

 It also uses the virtual center server which keep tracks of all the VM associated images
and manage it from one point
 VMWare infrastructure client, it enables the client to communicate with user’s
applications that are running on VMware
 Web-browser is used to access the virtual machines
 License server is used to prepare a server which provides licensing to the applications
 Database servers are availed to maintain a database
9) Explain what is vCloud Suite?

vCloud Suite combines with multiple VMware components to give a complete set of
cloud infrastructure capabilities in a single package, including virtualization, software-
defined datacenter services, disaster recovery, application management, etc.

10) Mention what are the storage and availability in vCloud Suite?

The storage and availability in vCloud Suite includes

 Storage DRS: It place and load balance virtual machines based on storage capacity and
I/O latency
 Storage vMotion: It employs proactive, non-disruptive storage migration to reduce
virtual machine storage I/O bottlenecks and free up valuable storage capacity
 Application HA: It gains high availability that is bound to specific applications
 Data Protection: Based on EMC avamar, it deploys a back-up and recovery tool
11) Explain what is Host Isolation in VMware HA (High Availability)?

In VMware HA, it has a mechanism to detect a host isolated from the rest of hosts in the
cluster. In simple words, it uses a heart-beat to communicate other host in the cluster.
When the ESX host loses its ability to connect with other hosts in a cluster through
heart-beat, then ESX host will be considered as a Host Isolation.

12) Mention what is the difference between VMware HA and Vmware FT?
 VMware FT is enabled per VM basis while VMware is enabled per cluster
 In the case of ESX host failure, virtual machines are the failed host and are re-started and
powered-on the other active hosts in HA cluster. But FT enabled virtual machines; there is no
down time. In the case of host failure, secondary VM will be activated, and it becomes
primary and continue to run from the exact point where the primary VM is failed or left off.
13) Explain the new features available in vSphere 5?

In the latest version of vSphere 5.5 it includes

 ESXi Hypervisor enhancement

 Virtual Machine Enhancement
 VMware vCenter Server Enhancement
  vSphere storage Enhancement
 vSphere Networking Enhancements
14) What are the new features included in ESXi Hypervisor enhancement?

In ESXi Hypervisor enhancement includes

 Hot-pluggable PCIe SSD Devices: It supports SSDs (Solid State Disks) devices, and
with a new enhancement, SSD device can be removed or added while a vSphere host is
running.
 Support for Reliable Memory Technology: vSphere ESXi hypervisor can take an
advantage of new hardware; vendor enabled Reliable Memory Technology, through which a
region of memory is reported from the hardware to vSphere ESXi hypervisor. It is used to
enhance the placement of VMKernel and other components like initial thread and hostd. It
helps to protect against memory error
 Enhancements to CPU C-states: A power process (C-state) is used to provide additional
power savings
15) Mention what is the difference between template and clone in VMware?

—————

Clone Template

 A template is a master copy of a virtual

machine; it can be used to make many clones
 Clone is a copy of the virtual machine  Template can be converted back to the
 You cannot convert back the cloned virtual machine to update the base template
Virtual Machine  Template cannot be edited or powered on,
 A clone of a virtual machine can be made and are more difficult to change than ordinary
when the virtual machine is powered on virtual machine
 A full clone is independent from parent  When you clone a virtual machine from
virtual machines and does not share anything the template, the resulting cloned virtual
with virtual machines. machine is free of the original virtual machine

 A linked clone shares virtual disks with

the parent virtual machine. It enables multiple
virtual machines to use the same software
installation —————

 When virtual machine is powered on, it

cannot convert virtual machine to template, but
————— can convert clone to template

Hello and welcome to VMinstall. In this post I’ll share a list of 25

VMware interview questions that I have crafted to screen for the
best talent to manage and support VMware vSphere.

Why is my list any different from the hundreds of others on the

web?
Well, first of all, it’s not a VCP test brain-dump…

Secondly, these interview questions are carefully crafted to narrow

the talent pool to the most qualified, not the most memorized.

These interview questions require hands on experience to answer!

VMware Technical Interview Questions
The list of questions below is intentionally broken up into 5 groups:

1. System Requirements for ESXi 5.5

2. ESXi 5.5 Installation
3. System Requirements for vCenter
4. vCenter Installation
5. Managing vSphere Resources

These 5 groups will test for technical proficiency that an

experienced VMware administrator will [or should have].

The list is also what I use when interviewing someone at an

administrator level who will manage the day-to-day support, build,
and provisioning of:

 vCenter
 ESXi hosts
 virtual servers
 virtual networks
 virtual storage

Note: This list of questions may also be used for screening vSphere
Engineers or Architects.

System Requirements for ESXi

1. Your company has a bunch of unused server hardware and
you have been asked to build a vSphere environment. But
before you start you want to make sure it is supported by the
ESXi version you plan to install. Where would you find a list of
hardware that is supported?

Answer: You would check the VMware Compatibility

Guidehttp://www.vmware.com/resources/compatibility/
2. Your hardware is on the compatibility list and now you need to
know what the minimum CPU and memory requirement of an ESXi
host when building a 64bit OS that will take full advantage of ESXi
features ?

Answer: 2 CPU Cores and 8 GB memory (bare minimum)

3. Before you start installing software what must be enabled in

the server BIOS in order to run ESXi?

Answer: The NX/XD bit needs to be enabled.

4. You also have an old pile of network adapters to choose from.

Where would you find a list of network adapters (NIC) that are
supported by the version of ESXi you are installing?

Answer: You would check the VMware Compatibility Guide

(same link as above)

5. One of the servers you found wasn’t on the list and now you
have a problem that is causing ESXi to purple screen so you call
VMware for support. What would happen if they found out your
hardware was not supported?

Answer: When hardware is not supported there are known

issues that will happen and VMware cannot help to resolve
problems due to unsupported hardware.

Unpacking the ESXi hardware interview questions.

Why are these questions about server hardware important?

Since 2006 I have had the awful job of having to clean up behind
admins that would build vCenter and ESX/ESXi on any hardware
they found. I’m guilty of it myself!

This is not only a bad practice but it also leads to unplanned

maintenance and costly outages that impact users and customers.

ESXi will run on just about any hardware but that doesn’t mean it
should.
An experienced vSphere admin will know better than to waste time
(and a costly license) trying to run a 64bit OS on a server that
doesn’t support it.
ESXi Installation Qs
6. You’ve done this a hundred times. What are 3 methods that
can be used when doing an Interactive ESXi installation?

Answer: Boot from a CD/DVD, boot from a USB, and PXE boot
from a deployment server on the network.

7. After so many ESXi builds you have figured out a faster way to
do the install using a script. What’s the main difference between an
interactive ESXi installation and a scripted installation?

Answer: The interactive install will require you to follow along

and fill in the configuration information whereas, in a scripted
install, the configuration information will be queried from an
unattended text file (boot.cfg). Note: ESXi uses a Kickstart
installer similar to Linux.

8. You can install ESXi in your sleep. What is the command to

access the installer window on ESXi 5.5?

Answer: Shift+O will get you to the runweasel command

prompt.

9. Darn, one of your servers is not loading. What’s the first thing
to double-check when having a problem installing ESXi?

Answer: Make sure the hardware clock is set to UTC and

the NX/XD bit is enabled in the BIOS.

10. You’ve typed this stuff in a million times. Name 5 of the 10 bits
of information required when installing ESXi?

Answer: Keyboard Layout, VLAN ID, IP Address, Subnet Mask,

Gateway, Pri DNS, Sec DNS, Host Name, Installation Location,
Root Password.

Now let’s unpack VMware interview questions about ESXi

Installations.
ESXi is actually easy to install and setup; however, problems do
arise when there are different admins or teams building out
environments that share the same network, storage, and server
resources. It is very important to have a standard build process so
all hosts are built the same way every time.
Finding a good vSphere admin who can follow your standard,
someone who can answer these basic questions, is a good start.

System Requirements for vCenter

11. You decided not to run the vCenter appliance. What’s the
minimum hardware requirements for a vCenter 5.x server?

Answer: It depends on whether other vSphere services such

as single sign-on, inventory service, and the database will be
running on the same hardware with vCenter.

12. You’re going to upgrade vCenter and the old vCenter is

running on Windows Server 2003. What Windows Operating
System is required for vCenter 5.x?

Answer: Windows 2008 SP2

13. You’re creating a list of ports you need the network admin to
open on the firewall. What is port 902 used for on vCenter?

Answer: Port 902 is the default port vCenter uses to send data
to hosts managed by vCenter.

14. The old vCenter was running MS SQL Express but you are
building 10 ESXi hosts. What’s the difference between using MS
SQL Server Express and MS SQL Server for vCenter?

Answer: MS SQL Server Express is for vSphere installations

with up to 5 ESXi hosts and 50 virtual servers.

15. Your new boss doesn’t like MS SQL and asked you to use
Oracle. Does vCenter support Oracle 11c or 12c?

Answer: Yes, but the JDBC driver must be installed manually.

Let’s review vCenter Interview Questions.

vCenter is at the heart of vSphere and when it’s not properly setup
there will be problems!

These problems may be as small as a frustrated admins who can’t

access and support virtual servers from a central management
console. Or as large as a full-blown outage and corruption of the
vCenter database.

For example, if a vSphere clouds grows too fast the additional load
on hardware and system resources can cause performance
problems that in worst cases can require a complete rebuild of
vCenter on bigger hardware. Fortunately, each ESXi host can be
managed separately if central management via vCenter is lost.
An experience vSphere admin who can answer these questions will
likely know this work-around.

Managing vCenter Resources

Before we dive into the final 10 questions I want to stress how
important finding a team player that will work closely with storage
and network admins really is.

Tip! Pay close attention for any sign that the person you are
interviewing does not think he/she owns your vSphere Cloud!
Storage is everything!

16. You’ve learned over the years there’s more to vSphere than
server hardware. What other 2 resources are just as important as
servers and need to be properly planned out when designing and
building a vSphere Cloud?

Answer: Storage and network resources are crucial for all

vSphere Clouds.

17. VMware vSphere give you options. What are the 4 typical
ways storage can be added to a vSphere?

Answer: Storage can be added via iSCSI, FC, NFS and local
disk (including DAS).

18. When setting up a new datastore how many VMFS file

systems should be created per LUN?

Answer: The best practice is to only create 1 VMFS file system

per LUN.

19. What is the best plan for a storage failure that impacts multiple
datastores?
Answer: Always have a backup of the VMs on a separate
storage environment that can be used to restore the lost virtual
servers.

20. Your host is a beast, dual socket with 8 core CPUs and 192
GB of memory. How many virtual servers can be added to a 1TB
datastore?

Answer: It depends on the size of the VMs and the

performance of the storage. Higher performing storage can be
filled to capacity but space should be left for data growth and
snapshots. A datastore should never be allowed to fill up
100%.

Unpacking these VMware Storage Qs.

Managing storage in a vSphere is an important job that can get a
junior vSphere admins in big trouble!

Regardless of the protocol (iSCSI, NFS, FC) it requires a certain

skill set which only comes with time and experience. Every new
ESXi hosts which is added to vSphere requires someone to know
how to balance the workloads across various storage tiers: local
disk, SATA, SAS and SSD (depending on the needs of the
environments and applications).

Far too many new VMware admins have learned the hard way
that “Not all storage is the same” and very quickly a junior admin
can cause an outage on a business critical database server simply
by vMotioning a VM to a datastore that looks empty.
Networking is everything, too!

21. This is a tough VMware interview question created just for

you. Name 4 things that happen on the VMkernel networking layer?

Answer: vMotion, IP storage (iSCSI/NFS), Fault Tolerance and

Virtual SAN.

22. You have a VCP so this should be an easy interview question.

What are 2 ways a vSphere admin can separate traffic from distinct
environments (ex. Production and test) on the same hosts.
Answer: Either by creating separate vSwitches using
dedicated NICs or if NICs are not available by creating separate
port groups using different VLAN IDs on the same vSwitch.

23. True or false. A Distributed Virtual Switch is very much like a

physical switch that detects which VMs are logically connects to
each port and uses that information to forward network traffic. Hint:
It is not used for monitoring and administration across a datacenter.

Answer: False. A Distributed Virtual Switch acts as a single

switch across all hosts in a datacenter to provide centralized
provisioning, administration, and monitoring of virtual
networks.

24. Another True or false. NIC teams are “normally” put in

active/active mode to allow fail-over in the event of a hardware
failure.

Answer: False again. NIC teams are normally put in

active/standby mode to allow fail-over in the event of a
hardware failure. You can use active/active but this would not
be standard and would require port channeling at the physical
switch.

25. This is a trick question so think about it! How many physical
NICs are needed in an ESXi hosts for hosting 25 virtual servers on
iSCSI storage split between 2 diverse environments (web/app).

Answer: The answer is purely subjective. It depends on how

much separation is needed for performance and the level of
redundancy built into the design for hardware failure. At
minimum, maybe 2 (1 for data and 1 for VMkernel) but more
should be used.

And finally, let’s review the Network Questions.

Since 2007, I estimate 80% of all the VMware problems I have dealt
with were network or storage related. That’s not to say it was the
network or storage admins fault. No, in most cases it was the
VMware admins fault for not communicating and properly
calculating the requirements before he/she asked for IP addresses
or storage LUNs.
Like I said in the beginning. These questions are not for practicing
to take a VCP test. They are designed to gauge the level of
experience someone who is applying for your VMware admin or
engineer job has before you give them the keys to start managing
your company’s jewels.

Platform service controller

 Platform Services Controller – This provides infrastructure services for the datacenter. The
Platform Services Controller contains these services:
o vCenter Single Sign-On
o License Service
o Lookup Service
o VMware Directory Service
o VMware Certificate Authority
 vCenter Services – The vCenter Server group of services provides the remainder of the
vCenter Server functionality, which includes:
o vCenter Server
o vSphere Web Client
o vCenter Inventory Service
o vSphere Auto Deploy
o vSphere ESXi Dump Collector
o vSphere Syslog Collector (Microsoft Windows)/VMware Syslog Service (Appliance)

So, when deploying vSphere 6.0 you need to understand the implications of these changes to
properly architect the environment, whether it is a fresh installation, or an upgrade. This is a
dramatic change from previous releases, and one that is going to be a source of many
discussions.

To help prevent confusion, my colleagues in VMware Global Support, VMware Engineering,

and I have developed guidance on supported architectures and deployment modes. This two-
part blog series will discuss how to properly architect and deploy vCenter 6.0.

vCenter Deployment Modes

There are two basic architectures that can be used when deploying vSphere 6.0:

 vCenter Server with an Embedded Platform Services Controller – This mode installs all
services on the same virtual machine or physical server as vCenter Server. The configuration
looks like this:
This is ideal for small environments, or if simplicity and reduced resource utilization are key
factors for the environment.

 vCenter Server with an External Platform Services Controller – This mode installs the
platform services on a system that is separate from where vCenter services are installed.
Installing the platform services is a prerequisite for installing vCenter. The configuration
looks as follows:

This is ideal for larger environments, where there are multiple vCenter servers, but you want
a single pane-of-glass for the site.

Choosing your architecture is critical, because once the model is chosen, it is difficult to
change, and configuration limits could inhibit the scalability of the environment.

Enhanced Linked Mode

As a result of these architectural changes, Platform Services Controllers can be linked
together. This enables a single pane-of-glass view of any vCenter server that has been
configured to use the Platform Services Controller domain. This feature is called Enhanced
Linked Mode and is a replacement for Linked Mode, which was a construct that could only
be used with vCenter for Windows. The recommended configuration when using Enhanced
Linked Mode is to use an external platform services controller.

Note: Although using embedded Platform Services Controllers and enabling Enhanced
Linked Mode can technically be done, it is not a recommended configuration. See List of
Recommended topologies for vSphere 6.0 (2108548) for further details.

The following are some recommend options on how—and how not to—configure Enhanced
Linked Mode.

 Enhanced Linked Mode with an External Platform Services Controller with No High
Availability (Recommended)

In this case the Platform Services Controller is configured on a separate virtual machine, and
then the vCenter servers are joined to that domain, providing the Enhanced Linked Mode
functionality. The configuration would look this way:

There are benefits and drawbacks to this approach. The benefits include:

 Fewer resources consumed by the combined services

 More vCenter instances are allowed
 Single pane-of-glass management of the environment

The drawbacks include:

 Network connectivity loss between vCenter and the Platform Service Controller can cause
outages of services
 More Windows licenses are required (if on a Windows Server)
 More virtual machines to manage
 Outage on the Platform Services Controller will cause an outage for all vCenter servers
connected to it. High availability is not included in this design.
 Enhanced Linked Mode with an External Platform Services Controller with High Availability
(Recommended)

In this case the Platform Services Controllers are configured on separate virtual machines and
configured behind a load balancer; this provides high availability to the configuration. The
vCenter servers are then joined to that domain using the shared Load Balancer IP address,
which provides the Enhanced Linked Mode functionality, but is resilient to failures. This
configuration looks like the following:

There are benefits and drawbacks to this approach. The benefits include:

 Fewer resources are consumed by the combined services

 More vCenter instances are allowed
 The Platform Services Controller configuration is highly available

The drawbacks include:

 More Windows licenses are required (if on a Windows Server)

 More virtual machines to manage
 Enhanced Linked Mode with Embedded Platform Services Controllers (Not Recommended)

In this case vCenter is installed as an embedded configuration on the first server. Subsequent
installations are configured in embedded mode, but joined to an existing Single Sign-On
domain.

Linking embedded Platform Services Controllers is possible, but is not a recommended

configuration. It is preferred to have an external configuration for the Platform Services
Controller.

The configuration looks like this:

 Combination Deployments (Not Recommended)

In this case there is a combination of embedded and external Platform Services Controller
architectures.

Linking an embedded Platform Services Controller and an external Platform Services

Controller is possible, but again, this is not a recommended configuration. It is preferred to
have an external configuration for the Platform Services Controller.

Here is as an example of one such scenario:

 Enhanced Linked Mode Using Only an Embedded Platform Services Controller (Not
Recommended)

In this case there is an embedded Platform Services Controller with vCenter Server linked to
an external standalone vCenter Server.

Linking a second vCenter Server to an existing embedded vCenter Server and Platform
Services Controller is possible, but this is not a recommended configuration. It is preferred to
have an external configuration for the Platform Services Controller.

Here is an example of this scenario:

Stay tuned for Part 2 of this blog post where we will discuss the different platforms for
vCenter, high availability and different deployment recommendations.
 Vmware Standard Vs Distributed Switch

Features Standard Switch Distributed Switch

Provides centralized management
and
monitoring of the network
Standard switch needs to configuration
managed at each individual of all the ESXi hosts that are
Management host level associated with the dvswitch.
Distributed switch is only available
Standard Switch is available for all for
Licensing Licensing Edition enterprise edition of licensing
Standard switch can be created Distributed switch can be created
Creation & and and configured
configuration configured at ESX/ESXi host level at the vCenter server level
Layer 2 Switch Yes, can forward Layer 2 frames Yes, can forward Layer 2 frames
VLAN segmentation Yes Yes
Can use and understand 802.1q Can use and understand 802.1q
802.1Q tagging VLAN tagging VLAN tagging
Yes, can utilize multiple uplink to
Yes, can utilize multiple uplink to form
NIC teaming form NIC teaming NIC teaming
Outbound Traffic Can be achieved using standard Can be achieved using distributed
Shaping switch switch
Inbound Traffic Not available as part of standard
Shaping switches Only possible at distributed switch
Not available as part of standard
VM port blocking switches Only possible at distributed switch
PVLAN can be created as part of
dvswitch. 3 types of
PVLAN(Promiscuous,
Private VLAN Not available Community and Isolated)
Can be achieved using distributed
switch
Load based Teaming Not available
Can be achieved using distributed
Network vMotion Not available switch
Policy can be applied at switch Policy can be applied at switch, port
Per Port policy setting and port group group and even per port level
NetFlow Not available Yes
Port Mirroring Not available Yes
 Vmware Version Comparison

`VMWARE PVLANS

VMware vSphere and Private VLANs

By Vladan SEGET | Last Updated: November 1, 2014

0
12Shares
12

As the title shows, this post is about private VLANs (PVLAN). This topic shows on VCAP
exams, but also on VCP based exams. So if you’re studying for VCAP or VCP, this article
might be your interest. VMware vSphere and Private VLANs are great topic, but not easy.

Usually you can separate traffic and secure your environment by using VLANS, but private
VLANs allows further segmentation and creation of private groups inside each of the
VLAN. By using private VLANs (PVLANs) you splitting the broadcast domain into
multiple isolated broadcast “subdomains”.

Private VLANs needs to be configured at the physical switch level (the switch must support
PVLANs) and also on the VMware vSphere distributed switch. (Ent. Plus is required). I’ts
more expensive and takes a bit more work to setup. Is that why it’s not widely used?

There are different types of PVLANs:

Primary:

Promiscuous Primary VLAN – Imagine this VLAN as a kind of a router. All packets from
the secondary VLANS go through this VLAN. Packets which also goes downstream and so
this type of VLAN is used to forward packets downstream to all Secondary VLANs.

Secondary:

Isolated (Secondary) – VMs can communicate with other devices on the Promiscuous
VLAN but not with other VMs on the Isolated VLAN.

Community (Secondary) – VMs can communicate with other VMs on Promiscuous and also
w those on the same community VLAN.

The graphics shows it all…

So where we configure PVLANs in vSphere?

VDS is a vSphere Enterprise Plus feature as we need vSphere Distributed Switch (vDS) to
configure PVLANs. Then it’s quite straightforward:

Create a vDS if you don’t already have

one in your environment by going to Home > Networking > click the icon to add new vDS.

The VCAP exam is based on vSphere 5.0 or 5.1, so you’ll probably won’t have an access to
create vDS version 5.5 and have an access to the latest features, which brought the 5.5
version. So you’ll have the possibility to create vDS version 4.0 … up to 5.5.

The next step is to create some PVLANs. You’ll be doing it at the vDS level, so select and
right click the vDS > Edit Settings > Private VLAN tab. Once there you can add some
PVLANs. Notice the Secondary Promiscuous was created automatically when you created
the Primary private VLAN.
So in my example above I created Primary Private VLAN 500 which automatically created
secondary PVLAN 500. Then I only could create an Isolated Secondary VLAN 501 and
Community VLAN 502.

Now we have those PVLANs created and this gives us the possibility to use them for new or
existing port groups. Example below I’m creating new port group with some name and after
selecting the PVLAN, a new drop-down menu appears which gives the option to choose an
entry between the Isolated, or Community.

Private VLANS definitions:

 Promiscuous – A promiscuous port can communicate with all interfaces, including

the isolated and community ports within a PVLAN.
 Isolated – An isolated port has complete Layer 2 separation from the other ports
within the same PVLAN, but not from the promiscuous ports. PVLANs block all
traffic to isolated ports except traffic from promiscuous ports. Traffic from isolated
port is forwarded only to promiscuous ports.
 Community– Community ports communicate among themselves and with their
promiscuous ports. These interfaces are separated at Layer 2 from all other interfaces
in other communities or isolated ports within their PVLAN.

On the VCAP5-DCA Blueprint it’s the Objective 2.2 – Configure and Maintain VLANs,
PVLANs and VLAN Settings and you are required to have VLANs and PVLANs knowledge
with also:

 to be able to determine use cases for and configure VLAN trunking

 to be able to determine use cases for and configure PVLANs
 Use command line tools to troubleshoot and identify VLAN configurations

Command Line Tools

There are commands which can be run via VMA, others via vCLI or directly SSh to the ESXi
via Putty:

esxcli network vswitch standard list – shows the standard vswitch settings

Etc… if you put -h for help you can get the options showed at different levels

esxcli network -h shows options for fence, firewall, ip, vswitch, nic…. etc.