Good night good night my little angel
Good night good night my little one
Spread your wings and fly away to your dreams
When you’re sleep I’m on your side
When you’re awake I’ll be there still
Close your eyes, put a smile on your face
Lyric by #SupermanIsDead
Berikut ini ada beberapa konfigurasi best practice yang perlu dicek untuk mengetahui apakah environment VMware yang anda miliki saat ini sudah appropriate atau tidak untuk production level. Ini adalah guidance secara high level saja. Untuk detailnya perlu dijelaskan lebih lanjut, mudah2an dapat saya teruskan untuk beberapa komponen dibawah ini.
| Component | Recommended Action Item |
| Compute | Configure firewall rules and ports according to best practices. |
| Compute | VMware vSphere ESXi Shell and SSH access should be configured per the customer security and manageability requirements. |
| Datacenter | Use vCenter Server roles, groups, and permissions to provide appropriate access and authorization to the VMware virtual infrastructure. Avoid using Windows built-in groups (Administrators). |
| Datacenter | Tasks and Events Retention Policy set in the environment. |
| Datacenter | Size with HA host failure considerations. |
| Datacenter | Set up redundancy for the management port (either using a separate vmnic or a separate uplink) and an alternate isolation response gateway address (if appropriate) for more reliability in HA isolation detection. |
| Datacenter | Maintain compatible and homogeneous (CPU and memory) hosts within a cluster to support the required functionality for vMotion, vSphere DRS, VMware vSphere Distributed Power Management (DPM), VMware vSphere HA, and vSphere FT. |
| Network | Verify that there is redundancy in networking paths and components to avoid single points of failure. For example, provide at least two paths to each network. |
| Network | Configure networking consistently across all hosts in a cluster. |
| Network | If jumbo frames are enabled, verify that jumbo frame support is enabled on all intermediate devices and that there is no MTU mismatch. |
| Network | Minimize differences in the number of active NICs across hosts within a cluster. |
| Network | Configure networks so that there is separation of traffic (physical or logical using VLANs). |
| Network | Use DV Port Groups to apply policies to traffic flow types and to provide Rx bandwidth controls through the use of Traffic Shaping. |
| Network | Use Load-Based Teaming (LBT) to balance virtual machine network traffic across multiple uplinks. |
| Network | Use Network I/O Control (NetIOC) to prioritize traffic on 10GbE network uplinks. |
| Network | Adjust load balancing settings from the default virtual port ID only if necessary. |
| Storage | Minimize differences in datastores visible across hosts within the same cluster or vMotion scope. |
| Storage | NFS and iSCSI storage traffic should be separated physically (for performance) and logically (for security). |
| Virtual Machines | Limit use of snapshots, and when using snapshots limit them to short-term use. |
| Virtual Machines | Verify that VMware Tools is installed, running, and up to date for running virtual machines. |
| Virtual Machines | Verify that virtual machines meet the requirements for vSphere vMotion. |
| Compute | Avoid unnecessary changes to advanced parameter settings. |
| Datacenter | Enable bidirectional CHAP authentication for iSCSI traffic so that CHAP authentication secrets are unique. |
| Datacenter | Disconnect vSphere Clients from the vCenter Server when they are no longer needed. |
| Datacenter | Maintain compatible virtual hardware versions for virtual machines to support vMotion. |
| Licensing | Verify that adequate licenses are available for vCenter Server instances. |
| Licensing | Verify that adequate CPU licenses are available for ESXi hosts. |
| Network | Distribute vmnics for a port group across different PCI buses for greater redundancy. |
| Network | Change port group security default settings for Forged Transmits, Promiscuous Mode, and MAC Address Changes to Reject unless the application requires the defaults. |
| Storage | Use shared storage for virtual machines instead of local storage. |
| Storage | Size datastores appropriately. |
| Storage | Allocate space on shared datastores for templates and media/ISOs separately from datastores for virtual machines. |
| Storage | Use Storage I/O Control (SIOC) to prioritize high importance virtual machine traffic. |
| Virtual Machines | As a security enhancement initiative, disable certain unexposed features. |
| Virtual Machines | Limit sharing console connections if there are security concerns. |
| Virtual Machines | Allocate only as much virtual hardware as required for each virtual machine. Disable any unused or unnecessary or unauthorized virtual hardware devices. |
| Virtual Machines | Consider using the latest virtual hardware version to take advantage of additional capabilities. |
| Virtual Machines | Use the latest version of VMXNET that is supported by the guest operating system. |
| Virtual Machines | Use reservations and limits selectively on virtual machines that need it. Don’t set reservations too high or limits too low. |
| Virtual Machines | Select the correct guest operating system type in the virtual machine configuration to match the guest operating system. |
Kind Regards,
Doddi Priyambodo
Jika ingin belajar megenai product VMware, berikut ini adalah link public yang bisa dibuka dan dapat menjadi reference :
1. Official Website VMware (http://www.vmware.com), ada banyak public material yang di-share disana.
2. VMwareTV di youtube channel (https://www.youtube.com/user/vmwaretv), referensi video-nya bagus dan silahkan lanjut browsing ke beberapa channels disana
3. Website kumpulan video (http://www.vmwarelearning.com), kumpulan video-video yang sangat bagus
4. VMware Feature walk through (http://featurewalkthrough.vmware.com), tutorial step by step untuk VMware for newbie
5. Laboratorium Virtual di Cloud! (http://labs.hol.vmware.com/), one word from me: “WOW!”
6. Subscribe blog ini regularly 🙂
7. Join VMware Class di authorized training yang tersebar di Indonesia
8. Ada beberapa resources internal (ex:vault portal) yang aksesnya hanya dimiliki oleh VMware Employee dan VMware Partner. Coba berkenalan dan tanyakan ke mereka, mungkin ada beberapa public material yang bisa di-share oleh mereka.
Kind Regards,
Doddi Priyambodo
