DOCSLIB.ORG

DMZ Virtualization with Vmware Infrastructure Vmware BEST PRACTICES

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

BEST PRACTICES DMZ Virtualization with VMware Infrastructure VMWARE BEST PRACTICES Table of Contents Virtualized DMZ Networks ..................................................................................... 3 Three Typical Virtualized DMZ Configurations ...................................................... 4 Partially Collapsed DMZ with Separate Physical Trust Zones ........................... 4 Partially Collapsed DMZ with Virtual Separation of Trust Zones ...................... 5 Fully Collapsed DMZ ........................................................................................... 6 Best Practices for Achieving a Secure Virtualized DMZ Deployment.................... 7 Harden and Isolate the Service Console ............................................................ 7 Clearly Label Networks for each Zone within the DMZ ..................................... 7 Set Layer 2 Security Options on Virtual Switches .............................................. 7 Enforce Separation of Duties .............................................................................. 8 Use ESX Resource Management Capabilities ..................................................... 8 Regularly Audit Virtualized DMZ Configuration ................................................ 8 Conclusion .............................................................................................................. 8 References .............................................................................................................. 8 2 VMWARE BEST PRACTICES DMZ Virtualization with VMware Infrastructure Virtualized DMZ Networks configuration of a DMZ using virtual network infrastructure. Enforcement policies on a virtual network are the same as those As virtualization of network DMZs becomes more common, on a physical network. Gartner research supports this view by demand is increasing for information to help network security suggesting that security risks primarily emanate from adminis- professionals understand and mitigate the risks associated with trative misconfiguration and not from the virtual infrastructure. this practice. This paper provides detailed descriptions of three (See the References section for information on this Gartner different virtualized DMZ configurations and identifies best report.) practice approaches that enable secure deployment. This paper provides information that will enable you to config- VMware customer experience and independent analyst ure a virtualized DMZ correctly and deploy it seamlessly. research demonstrate that it is possible to set up a DMZ in a virtualized environment that is as secure as a DMZ in a physical The biggest risk to a DMZ in a virtual environment is miscon- environment. However, some network security professionals are figuration, not the technology. Thus you need strong audit concerned that DMZ virtualization might decrease security. This controls to ensure that you avoid misconfiguration, either acci- is understandable, because virtualization involves new terminol- dental or malicious. ogy and technology. As shown in figures 1 and 2, the introduction of virtual technol- Fortunately, as a network security professional, you already ogy into a DMZ does not have to change the DMZ topology have the critical knowledge necessary to ensure the proper significantly. As with other parts of the network, virtual technol- Internet Production LAN IDS/IPS Web zone Application zone Database zone Figure 1 — A typical DMZ in a physical environment VMware VirtualCenter server Internet Production Management LAN LAN Service Service Service console console console interface interface interface VM VM VM VM VM VM VM VM VM VMkernel VMkernel VMkernel Service Service Service IDS/IPS vSwitch vSwitch console vSwitch vSwitch console vSwitch vSwitch console NIC NIC NIC VMware ESX team VMware ESX team VMware ESX team Web zone Application zone Database zone Figure 2 — A typical DMZ in a virtual environment 3 VMWARE BEST PRACTICES ogy merely enables you to consolidate servers by replacing physical network, this configuration removes many risks. For physical servers with virtual servers that function exactly the instance, it minimizes the impact of the potential loss of separa- same way — and need to be configured in much the same way tion of duties. This, in turn, greatly reduces the chance that an — as their physical equivalents. You can consolidate servers in unqualified individual might be in a position to introduce a a DMZ using virtual technology and continue to rely on your vulnerability through misconfiguration. existing security infrastructure. In this configuration, you do not need to configure dedicated virtual switches or use 802.1q VLANs within the virtual infra- Three Typical Virtualized DMZ Configurations structure. You perform all networking isolation on the physical A virtualized DMZ network can fully support and enforce a network, not within the virtual infrastructure. wide range of configurations to separate trust zones. The three Advantages options described in this section are typical. • Simpler, less complex configuration Partially Collapsed DMZ with Separate Physical Trust • Less change to physical environment Zones • Less change to separation of duties; less change in staff Organizations that want to keep DMZ zones physically sepa- knowledge requirements rated tend to choose this method, shown in Figure 3. In this configuration, each zone uses separate ESX Server clusters. • Less chance for misconfiguration because of lower complex- Zone isolation is achieved with physical security devices. The ity physical network does not require any change. The only differ- Disadvantages ence between this configuration and a purely physical DMZ is • Lower consolidation and utilization of resources that the servers within the trust zone are virtualized. • Higher costs because of need for more ESX hosts and addi- This configuration limits the benefits you can achieve from tional cooling and power virtualization because it does not maximize consolidation ratios, • Incomplete utilization of the advantages of virtualization but this approach is a good way to introduce virtual technology into a network. Because it has minimal impact on an existing VMware VirtualCenter server Internet Production Management LAN LAN Service Service Service console console console interface interface interface VM VM VM VM VM VM VM VM VM VMkernel VMkernel VMkernel Service Service Service IDS/IPS vSwitch vSwitch console vSwitch vSwitch console vSwitch vSwitch console NIC NIC NIC VMware ESX team VMware ESX team VMware ESX team Web zone Application zone Database zone Figure 3 — Partially collapsed DMZ with separate physical trust zones 4 VMWARE BEST PRACTICES Partially Collapsed DMZ with Virtual Separation of Because the trust zones in this configuration are enforced in the Trust Zones virtual infrastructure, you should audit virtual switches regularly In this configuration, shown in Figure 4, you use virtual technol- for consistent policy and settings to mitigate the potential for a ogy to enforce DMZ trust zone separation. As a result, you can virtual machine to be placed on the wrong network. locate virtual servers with different trust levels on the same Although Figure 4 shows separate virtual switches for each VMware® ESX host. Although physical security devices are part zone, you can accomplish the same goal by using 802.1q of the configuration, this approach consolidates all DMZ servers VLANs. The most important factor in determining which con- into virtual machines on one ESX host cluster. As a result, you figuration option to choose is typically the number of physical need substantially fewer physical servers. By leveraging the full NICs present in the hardware. You should always dedicate at functionality of the virtual infrastructure, you generate signifi- least one physical NIC to the ESX service console. If possible, cant cost savings for your IT organization. use two physical NICs for the service console to provide redun- Enforcement of the DMZ security zones takes place in both dancy. virtual and physical realms. You use virtual switches to enforce Advantages which virtual servers are connected to which DMZ zone, but • Full utilization of resources you use physical hardware to enforce the network security between the zones. For this reason, virtual servers must use the • Full utilization of the advantages of virtualization physical network and pass through physical security devices to • Lower cost communicate between DMZ trust zones. Disadvantages The impact of the potential loss of separation of duties between • More complexity network switch administrator and server administrator — and the associated risk that an unqualified individual will be in a • Greater chance of misconfiguration requires explicit configu- position to introduce vulnerabilities through misconfiguration ration of separation of duties to help mitigate risk of miscon- — is greater in this case than when you have separate physical figuration; also requires regular audits of configurations trust zones, but the potential impact is minimized by the fact that network security is still physically enforced. VMware VirtualCenter server Internet Production Management LAN LAN Web servers Application servers Database servers Service console interface VM VM VM VMVM VMVM VMVM VMkernel Web zone Application Database zone Service IDS/IPS vSwitch zone vSwitch vSwitch console NIC NIC NIC team team team VMware ESX Web zone Application zone Database zone Figure 4 — Partially
Recommended publications
  • Understanding Full Virtualization, Paravirtualization, and Hardware Assist

    Understanding Full Virtualization, Paravirtualization, and Hardware Assist

    VMware Understanding Full Virtualization, Paravirtualization, and Hardware Assist Contents Introduction .................................................................................................................1 Overview of x86 Virtualization..................................................................................2 CPU Virtualization .......................................................................................................3 The Challenges of x86 Hardware Virtualization ...........................................................................................................3 Technique 1 - Full Virtualization using Binary Translation......................................................................................4 Technique 2 - OS Assisted Virtualization or Paravirtualization.............................................................................5 Technique 3 - Hardware Assisted Virtualization ..........................................................................................................6 Memory Virtualization................................................................................................6 Device and I/O Virtualization.....................................................................................7 Summarizing the Current State of x86 Virtualization Techniques......................8 Full Virtualization with Binary Translation is the Most Established Technology Today..........................8 Hardware Assist is the Future of Virtualization, but the Real Gains Have
  • Deliverable No. 5.3 Techniques to Build the Cloud Infrastructure Available to the Community

    Deliverable No. 5.3 Techniques to Build the Cloud Infrastructure Available to the Community

    Deliverable No. 5.3 Techniques to build the cloud infrastructure available to the community Grant Agreement No.: 600841 Deliverable No.: D5.3 Deliverable Name: Techniques to build the cloud infrastructure available to the community Contractual Submission Date: 31/03/2015 Actual Submission Date: 31/03/2015 Dissemination Level PU Public X PP Restricted to other programme participants (including the Commission Services) RE Restricted to a group specified by the consortium (including the Commission Services) CO Confidential, only for members of the consortium (including the Commission Services) Grant Agreement no. 600841 D5.3 – Techniques to build the cloud infrastructure available to the community COVER AND CONTROL PAGE OF DOCUMENT Project Acronym: CHIC Project Full Name: Computational Horizons In Cancer (CHIC): Developing Meta- and Hyper-Multiscale Models and Repositories for In Silico Oncology Deliverable No.: D5.3 Document name: Techniques to build the cloud infrastructure available to the community Nature (R, P, D, O)1 R Dissemination Level (PU, PP, PU RE, CO)2 Version: 1.0 Actual Submission Date: 31/03/2015 Editor: Manolis Tsiknakis Institution: FORTH E-Mail: [email protected] ABSTRACT: This deliverable reports on the technologies, techniques and configuration needed to install, configure, maintain and run a private cloud infrastructure for productive usage. KEYWORD LIST: Cloud infrastructure, OpenStack, Eucalyptus, CloudStack, VMware vSphere, virtualization, computation, storage, security, architecture. The research leading to these results has received funding from the European Community's Seventh Framework Programme (FP7/2007-2013) under grant agreement no 600841. The author is solely responsible for its content, it does not represent the opinion of the European Community and the Community is not responsible for any use that might be made of data appearing therein.
  • VIRTUAL DESKTOP INFRASTRUCTURE an Rcpsolution Spotlight on a Joint Effort by Microsoft and Citrix to Bring a VDI Solution to the Market

    VIRTUAL DESKTOP INFRASTRUCTURE an Rcpsolution Spotlight on a Joint Effort by Microsoft and Citrix to Bring a VDI Solution to the Market

    0309rcp_Supp.v5 2/10/09 4:53 PM Page C1 SPECIAL PULLOUT SECTION Partner’s Guide to VIRTUAL DESKTOP INFRASTRUCTURE An RCPSolution Spotlight on a joint effort by Microsoft and Citrix to bring a VDI solution to the market. By Scott Bekker ChannelRedmond Partner Project15 2/4/09 3:07 PM Page 1 Project15 2/4/09 3:08 PM Page 1 0309rcp_Supp.v5 2/10/09 4:53 PM Page 2 VIRTUAL DESKTOP INFRASTRUCTURE icrosoft and Citrix Systems Inc. are working together on a joint go-to-market strategy for partners to take Virtual MDesktop Infrastructure (VDI) solutions to the market. VDI is a special subset of desktop virtualization, itself a subset of virtualization in general. While virtualization separates hardware from workers, for users who need access to their work software, Microsoft’s overall virtualization environment from anywhere, including from a non- approaches fit into four broad buckets—server virtu- company-owned PC, as well as enterprise customers alization, desktop virtualization, presentation virtu- with a centralized desktop strategy for office work- alization and application virtualization. ers,” the Microsoft materials explain. That’s not to The biggest part of the virtualization market to date say everyone is appropriate for VDI, even when a fat has been consolidating multiple software servers client isn’t the answer for some reason. onto comparatively fewer hardware servers. “Terminal Services, which has been widely Such server consolidation is still a growth adopted for virtualizing the presentation of entire industry, especially in a down economy, in which desktops or individual applications, is an alternative there are savings to be gained by reducing hardware centralized desktop delivery solution from and power expenses.
  • Vmware Security Briefing

    Vmware Security Briefing

    VMware Security Briefing Steven Boesel, CISSP Senior Systems Engineer Hosted Virtualization vs. Bare Metal Virtualization Hosted Virtualization Bare-Metal Virtualization VMware Workstation VMware ESX Server VMware Server VMware Player Host OS Changes Security Profile Greatly VMware Confidential/Proprietary Copyright © 2006 VMware, Inc. All rights reserved. 2 VMware Architecture: Isolation and Containment VMM VMM Security Design Highlights Production Use Proof Points • Privileged instructions within a VM are • CC EAL 4+ certification “de-privileged” and run within an isolated virtual memory space • ESX 3.0.2 and VC 2.0.2 • VMs have no direct access to • Passed security audit and put into hardware, only have visibility to virtual production by the largest devices Financial Institutions • VMs can only communicate with each • Passed Defense and Security other through Virtual Switches Agencies scrutiny and audit (NetTop and HAP) • Resource reservations and limits guarantees performance isolation • Large number of customers run mission critical and transaction • OS and applications within a VM run as processing applications is with no modification (hence no recertification required) 3 Are there any Hypervisor Attack Vectors? There are currently no known hypervisor attack vectors to date that have lead to “VM Escape” • Architectural Vulnerability • Designed specifically with Isolation in Mind • Software Vulnerability • Possible like with any code written by humans • Small Code Footprint of Hypervisor (~32MB) Makes it Easier to Audit • Depends
  • Opennebula 5.7 Deployment Guide Release 5.7.80

    Opennebula 5.7 Deployment Guide Release 5.7.80

    OpenNebula 5.7 Deployment guide Release 5.7.80 OpenNebula Systems Jan 16, 2019 This document is being provided by OpenNebula Systems under the Creative Commons Attribution-NonCommercial- Share Alike License. THE DOCUMENT IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IM- PLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE DOCUMENT. i CONTENTS 1 Cloud Design 1 1.1 Overview.................................................1 1.2 Open Cloud Architecture.........................................2 1.3 VMware Cloud Architecture.......................................7 1.4 OpenNebula Provisioning Model.................................... 13 2 OpenNebula Installation 19 2.1 Overview................................................. 19 2.2 Front-end Installation.......................................... 19 2.3 MySQL Setup.............................................. 25 3 Node Installation 27 3.1 Overview................................................. 27 3.2 KVM Node Installation......................................... 28 3.3 LXD Node Installation.......................................... 35 3.4 vCenter Node Installation........................................ 37 3.5 Verify your Installation.......................................... 45 4 Authentication Setup 52
  • Dell EMC Host Connectivity Guide for Vmware Esxi Server

    Dell EMC Host Connectivity Guide for Vmware Esxi Server

    Dell EMC Host Connectivity Guide for VMware ESXi Server P/N 300-002-304 REV 52 May 2020 Copyright © 2016-2020 Dell Inc. or its subsidiaries. All rights reserved. Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.” DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners. Published in the USA. Dell EMC Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.DellEMC.com 2 Dell EMC Host Connectivity Guide for VMware ESXi Server CONTENTS PREFACE 7 Chapter 1 Introduction to VMware Infrastructure 9 VMware vSphere...............................................................................................10 vSphere 6.0..........................................................................................10 vSphere 6.5..........................................................................................10 vSphere 6.7.......................................................................................... 10 VMware ESXi
  • Vmware Infrastructure

    Vmware Infrastructure

    Sales Reference Card VMware Infrastructure 3.5 http://www.vmware.com/ October 2008 Vendor and Solution Overview VMware Infrastructure 3.5 is a server virtualization suite that includes the ESX hypervisor and associated management tools. Quick Facts VMware has the largest market share in server virtualization, and enjoys strong brand Corporate Profile: awareness as a virtualization provider. Founded 1998 VMware offers free versions of some of its software (e.g. VMware Server, ESXi) to broaden adoption Ownership Public (VMW) VMware was first to create bare-metal x86 virtualization solutions, and has built up its 2007 Revenue $1.33B leading market share while facing limited competition. Given that its solution was built prior to the availability of virtualization-aware processors Employees 6,000+ and operating systems, VMware’s solution features a first-generation architecture that Office Headquarters Palo Alto, CA USA employs a “binary translation” approach to virtualization that tricks an OS into thinking it is running on physical hardware. Regional Offices Worldwide Recent innovations such as hardware virtualization assist (Intel VT and AMD-V) and Market Share 86% (2007) paravirtualization have cut into VMware’s technology lead. Paravirtualization enables full cooperation between the OS and the hypervisor to deliver the best performance. Hardware-virtualization assist refers to virtualization-aware processors which eliminate Related Products VMware Server the need to perform binary instruction translation in the hypervisor’s software stack. VMware Workstation These developments are more and more disruptive to VMware given its reliance on an VMware VDI older architecture, similar to the “Innovator’s Dilemma” effect chronicled in the book by Harvard professor Clayton Christensen.
  • Server Virtualization with Vmware Vsphere 4

    Server Virtualization with Vmware Vsphere 4

    Server Virtualization with VMware vSphere 4 Masaaki Nishikiori The server virtualization market is expanding rapidly as customers seek savings in both space and energy through efficient use of hardware resources, an increase in business agility through prompt addition and removal of servers, and a reduction in the total cost of ownership (TCO) by separating hardware and business-system life cycles. The virtualization solution offered by Fujitsu and used by a large number of its customers in Japan combines Fujitsu’s high-reliability servers and middleware products, which optimize data center operations, with vSphere 4, VMware’s virtual infrastructure. This paper describes the transition of VMware’s server virtualization products over the years, the functions and features of the vSphere 4 virtual infrastructure, its relation to cloud environments, and examples of using Fujitsu middleware with vSphere 4. 1. Introduction of data center operations. These solutions are The server virtualization market is deployed by more than 1200 customers (as of expanding rapidly as customers seek space and November 2010). Fujitsu has abundant customer energy saving through more efficient usage of experience with these virtualization solutions hardware resources, greater business agility and has released three case studies regarding through prompt addition and removal of servers, cloud systems, which are currently attracting and lower total cost of ownership (TCO) through considerable attention. separation of hardware and business-system life • In-house Case Study 1: “Deployment of cycles. VMware vSphere 4 and Enhancement of VMware, Inc.,1) headquartered in Palo Alto, On-Demand Virtual Environment Hosting California, is a virtualization software vendor for SaaS Providers”2) with approximately 190 000 customers worldwide • In-house Case Study 2: “Putting the and about 6000 customers in Japan (as of Cloud Into Practice: Numazu Software October 2010).
  • Vmware Virtual Infrastructure Solutions for the Responsive Enterprise

    Vmware Virtual Infrastructure Solutions for the Responsive Enterprise

    PRODUCT INFORMATION SHEET VMware Virtual Infrastructure Solutions for the Responsive Enterprise Fast. Flexible. Connected. Changing the Way Your Data Center Conducts Business What if you could snap your fingers and get the IT services you need right away? And pay only for what you use? VMware® VirtualCenter management software is designed to optimize your data center and APPLICATIONS pave the way for utility computing on x86–based servers. By provid- OPERATING SYSTEM ing the ability to view, manage, and quickly deploy enterprise-wide VIRTUAL LAYER data center resources, VMware VirtualCenter enables IT administra- tors to respond to immediate business needs. VMware VirtualCenter software helps administrators manage the many diverse components that make up a virtual infrastructure. VMware’s virtual infrastructure approach to IT management creates virtual services out of the physical IT infrastructure, enabling admin- istrators to allocate these virtual resources quickly to the business STORAGE units that need them most. Administrators can use VMware NETWORK VirtualCenter software to deploy or reallocate resources without all of the configuration changes normally needed in a physical SERVERS environment. Having the right IT assets readily at hand can improve business performance and increase competitive advantage. NETWORK VMware VirtualCenter management software is the vehicle for deliv- SERVERS ering the business benefits of a virtual infrastructure, including: NETWORK • Instant provisioning. Reduce server provisioning time from weeks to minutes, allowing administrators to respond immediately STORAGE to requests for IT services. • Zero-downtime maintenance. Safeguard business continuity 24/7, VMware VirtualCenter manages a virtual infrastructure, including virtual machines running without service interruptions for system maintenance, deployment, on VMware ESX Server™, VMware GSX Server™, virtual storage, and networking.
  • Download Vmware P2v Converter

    Download Vmware P2v Converter

    download vmware p2v converter Welcome the to VMware Converter 3.0 Beta Program! We have received an overwhelming response towards participation in the VMware Converter Beta program. We thank you all for the interest shown and appreciate your patience in waiting for the beta program to be widely available. We are looking forward to your feedback, inputs and suggestions with regards to VMware Converter, as you move forward with testing the next generation migration tool during this beta process. In order to proceed with participation in this beta program, please follow the guided directions for downloading the VMware Converter Beta. Regards, VMware Converter Product Team. Please follow the steps below to get started: Read the supporting documentation. Download product binaries. Install VMware Converter. Launch the VMware Converter application and enjoy the new migration features! Quicklinks. Note: For a faster response and resolution towards the bugs/issues you are reporting, please make sure that you upload the log and core file(s) when applicable. It will usually take us longer to resolve your issue if you do not attach a VMware Converter log file. Zip all your attached files and make sure the total file size is less than 10MB. To export a copy of the log file(s), choose the following from the main menu: File > Export Logs. Recommended logs on Windows 2000 and above: %TEMP%\vmware-p2v-*.log and vmware-p2v-index C:\Windows\Temp\vmware-ufad-*.log and vmware-ufad-index. Recommended logs on Windows NT: %TEMP%\vmware-p2v-*.log and vmware-p2v-index C:\Windows\vmware-ufad-*.log and vmware-ufad-index (note the absence of Temp) Download vmware p2v converter.
  • Vmware Infrastructure Architecture Overview Vmware White Paper

    Vmware Infrastructure Architecture Overview Vmware White Paper

    WHITE PAPER VMware Infrastructure Architecture Overview VMWARE WHITE PAPER Table of Contents Physical Topology of the VMware Infrastructure Data Center .............................. .4 Virtual Data Center Architecture . .5 Hosts, Clusters and Resource Pools ..................................................... .6 VMware VMotion, VMware DRS and VMware HA .......................................... .7 Networking Architecture. .8 Storage Architecture .................................................................. .9 VMware Consolidated Backup ......................................................... 10 ESX Server External Interfacing Components ........................................... 10 VirtualCenter Management Server Architecture ......................................... 11 Conclusion .......................................................................... 13 VMWARE WHITE PAPER VMware Infrastructure Architecture Overview VMware® Infrastructure is the industry’s first full infrastruc- ture virtualization suite that allows enterprises and small busi- What is Virtualization and What are Virtual nesses alike to transform, manage and optimize their IT systems Machines? infrastructure through virtualization. VMware Infrastructure delivers comprehensive virtualization, management, resource Virtualization is an abstraction layer that decouples optimization, application availability and operational automa- the physical hardware from the operating system to tion capabilities in an integrated offering. deliver greater IT resource utilization
  • Dell EMC SC Series Best Practices with Vmware Vsphere 5.X–6.X

    Dell EMC SC Series Best Practices with Vmware Vsphere 5.X–6.X

    Best Practices Dell EMC SC Series: Best Practices with VMware vSphere Abstract This document provides best practices for integrating VMware® vSphere® 5.x- 7.x hosts with Dell EMC™ SC Series storage. May 2021 2060-M-BP-V Revisions Revisions Date Description July 2016 Initial release: Combined vSphere 5.x and 6.x best practice documents, added SCOS 7.1 updates September 2016 Minor revisions and corrections October 2016 Changed Disk.AutoremoveOnPDL to reflect current VMware guidance January 2017 Updated for vSphere 6.5 changes; added appendix D summarizing all host settings February 2017 Updated Linux guest disk timeout recommendations in section 4.7.2 April 2017 Updated iSCSI login timeout recommendation July 2017 Updated SAS driver info in 4.2.3, Added auto UNMAP requirements in 16.3.5 April 2018 Updated to provide vSphere 6.7 guidance October 2018 Minor revisions and corrections December 2018 Added SAS front-end lsi_msgpt3 module parameter recommendation in 4.2.3 March 2019 Modified SATP claim rules in section 6.9.1 and appendix D July 2019 Minor revisions and corrections (VMFS3.EnableBlockDelete=1) September 2019 Claim rule syntax corrections April 2020 vSphere 7.0 additions December 2020 Minor clarifications January 2021 Esxcli command syntax change for DelayedAck in appendix D.1 May 2021 Updated section 4.2.3 with additional KB articles for SAS FE connectivity Acknowledgments Author: Darin Schmitz The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose.