I’ve recently provided a lot of information on how to migrate to ESXi, so today I thought it would be good to go over some post-migration concerns. Here's my "top 5" list of important ESXi post-migration considerations.
1. Enable Lockdown Mode
Lockdown mode enables you to secure you ESXi host by preventing direct access to the console. Once lockdown mode is enabled, users are required to use the vSphere client (or vCLI/PowerCLI) to access the host, which ensures the proper role based access and control (RBAC) is enforced and all actions are properly logged. It’s a good idea to enable lockdown mode for all your ESXi hosts.
For more information on ESXi Lockdown Mode check out this blog from Yellow-Bricks.
2. Ensure your scratch partition is on disk
Each ESXi host has a temporary work area referred to as the scratch partition that it uses to store log files and other temporary files like the log bundles needed for VMware support. In most cases, when you install ESXi a 4GB scratch partition will be created on a suitable disk. However, if the installer cannot find a suitable disk (i.e. USB/SD boot) it will instead use a 4GB ramdisk. As it’s typically not recommended to have your scratch partition in memory it’s always a good idea to verify that each ESXi hosts has a scratch partition on a persistent disk device.
For more information on the ESXi scratch partition check out this blog.
3. Ensure your log files are going to disk
By default the ESXi log files are stored on the ESXi scratch partition. However, this may not be where you want them, especially if the scratch disk is running on a ramdisk. If the scratch partition is in ramdisk, and you are logging to the scratch partition, anytime the host reboots you will lose all your log files. Not good. As such, it’s a good practice to always verify your ESXi log settings. You may choose to keep the logs on the scratch partition, or you may choose to move them to another device, just make sure they’re going to a persistent disk device so you don't lose them when the host reboots.
For more information on configuring log files with ESXi check out this blog.
4. Learn how to troubleshoot ESXi
There is no service console with ESXi. This means old methods of troubleshooting, which typically involved logging onto the service console and running commands, won’t work with ESXi. It’s important that you spend some time to learn how to troubleshoot ESXi. The troubleshooting tools are available in ESXi; it’s just a matter of taking the time to learn how to use them.
For more information on ESXi troubleshooting check out this blog.
5. Last but not least, backup our host configuration
Once you have your host configured it’s a good idea to backup the configuration. There are a couple of options for backing up the host configuration.
- Host Profiles can be used to backup the host configuration. Simply right-click the host in the vSphere client and select the options to create a host profile. The host profile will capture all the host settings and can be used to restore the configuration by simply attach the host profile and apply the settings.
- If host profiles aren’t licensed you can also backup the host configuration using the vicfg-cfgbackup command. The vicfg-backupcfg command will save the host configuration into a single file called state.tgz, which can then be used to restore your host configuration should you ever need to reinstall ESXi.
For more information on using the vicfg-cfgbackup command refer to the online vSphere Command-Line Interface Reference.