vSphere 6.5 Host Resources Deep Dive – First thoughts

Today I was fortunate to receive my copy of VMware vSphere 6.5 Host resources. I was quite excited to be ordering this book once it became available. I had been reading all the snippets that were popping up on twitter from @hostdeepdive and the information and whiteboard photos were really building up the excitement. This book is a collaboration between @FrankDenneman and @NHagoort – the combined intelligence and knowledge that these two have is far beyond where any book will take you, but in this particular book, they cram so much detail in that you will not want to put it down.  If you want to get the best out of your infrastructure, and become a great architect and get the best for your customers/users, then this is the book you need to read.

Not the only excited it has arrived!

I decided that I would read from the very first page and go through the book, just in the foreword by @KitColbert, VP & CTO of Cloud Platform Business Unit @ VMware, my mind was going places I hadn’t placed it before. Kit talks about how something as simple as typing a linux command and what occurs before the result can be a discussion that can last for hours. In the 4 and a half pages for the foreword, Kit breaks this down and for me, that got me thinking in a whole new light of detail that I would not usually have gone to. This has set me up to accept the challenge of the level of detail that has gone into this book.

I am only a few pages in, but I know for sure that this is going to be a ride worth taking and opening up for the level of detail that will be exposed.

I look forward to reading the rest of this great book and hope you may get the chance too!

You can purchase the book here.
https://www.amazon.com/VMware-vSphere-Host-Resources-Deep/dp/1540873064/ref=sr_1_1?ie=UTF8&qid=1499174386&sr=8-1&keywords=host+deep+dive

Guest Introspection Service – NSX

Continuing on from my last post, I thought I would get in and talk about the Guest Introspection service before I roll back and redeploy my NSX lab.

In prior versions to vSphere 6.x, part of the VMware vCloud Networking and Security (vCNS) was vShield Endpoint that was installed onto each host to allow for agentless security products to interact with virtual machines through VMTools. This was a two component setup, you would first have the vShield Manager that was connected to your vCenter which then added an installation option on each host for vShield Endpoint. Once vShield Endpoint was installed and vShield Driver (Part of VMTools install), your antivirus/anti-malware software could then protect inside your virtual machines that have been set up.

Fast forward to vSphere 6.x and the release of NSX taking over the networking and security side of things for vSphere environments. vShield was partially removed in vSphere 6.0, but completely removed by vSphere 6.5. Replacing vShield is now the NSX Guest Introspection Service (GIS) that still gets deployed to each host, but the difference is instead of having a separate vShield manager, it is included with the NSX Manager.
The GIS is free (Depending on vCloud licensing you may need to double check with your reseller) with the default licensing that comes with NSX Manager. There is a default key that is automatically deployed with NSX Manager giving you this access.

To set up your Guest Introspection Services, follow the below steps:

Pre-requisites:
IP Pool (If you do not have one configured, then you can set up during GIS deployment)

  1. Open up your Network and Security Tab –> Click on Installation –> Select Service Deployments.
  2. Click on the + sign –> Select Guest Introspection –> Choose when you want to deploy Now or Schedule –> click next.
  3. Select your Datacenter and cluster you want to install your Guest Introspection to –>  click next
  4. Choose your storage device and network you want to –> Decide to use DHCP or IP Pool, click Change –> Select IP Pool and Click the + sign to create the Pool.


  5. Confirm and click Finish.

The process will run through and migrate VMs between hosts if required. Once installed, your security software should detect the hosts and their current state and either require install a filter driver to the hosts and then the appliance (Third party components may vary between vendors).

This is a very straight forward service setup, but very powerful for the service it provides to your environment.

Thank you for reading. Please let a comment if you would like to.