Vsphere 7 Administration Guide
Kristin Banyas
In recent years, new technical content has primarily focused on the latest technologies such as Kubernetes, Terraform, serverless, and the latest public cloud services. Yet millions of VMware installations are here to stay, supporting the hybrid cloud strategy adopted by large enterprises.
Verified Market Research forecasts that the global hybrid cloud market will grow 22.8% annually to reach $283B by 2027. Many have chosen a hybrid cloud strategy due to security and compliance reasons, while some are migrating infrastructure back to data centers to save money.
Meanwhile, every month hundreds of thousands of searches are typed in Google by VMware administrators seeking answers to configuration challenges ranging from network settings and upgrades to automation, load balancing, and high availability.
We have devoted this VMware administration guide to the most commonly asked questions and commissioned senior practitioners to share their practical knowledge gained over the years to help new administrators solve everyday configuration challenges.
The NVIDIA License System is used to provide software licenses to licensed NVIDIA software products. The licenses that the NVIDIA License System provides are obtained from the NVIDIA Licensing Portal.
NVIDIA vGPU software releases earlier than 13.0 do not support NVIDIA License System. For full details of NVIDIA vGPU software releases that support NVIDIA License System, refer to NVIDIA License System Release Notes.
To provide isolation for performance, security, and ease of administration, you can deploy multiple service instances as needed. For example, you can deploy service instances in distinct physical locations by deploying a DLS instance in each of your data centers. You can also use a mixture of CLS and DLS instances to serve your licenses to licensed clients.
Hosting a CLS instance on a cloud service provides robustness and dynamic scalability for the CLS instance. Because a CLS instance is maintained by NVIDIA and the cloud service provider, feature and maintenance updates are generally transparent to users.
To be able to download NVIDIA vGPU software licenses, you must create at least one license server on the NVIDIA Licensing Portal and allocate licenses in your entitlements to the server. You can also distribute your licenses across multiple license servers as necessary, add new licensed products to an existing server, and delete license servers that you no longer require.
To help you manage your entitlements and licenses on the NVIDIA Licensing Portal, you can add other users as registered contacts in the organization associated with your NVIDIA Enterprise Account. To secure your entitlements and licenses, NVIDIA Licensing Portal provides role-based access for all registered contacts. For more information, see Managing Contacts on the NVIDIA Licensing Portal.
By default, all entitlements are associated with a top-level organization and are accessible to all contacts in the organization. If you need to allow only specific groups of contacts within your organization to access specific entitlements, you can partition your entitlements into isolated segments. However, if a single collection of entitlements that spans your entire organization meets your business needs, you can leave all your entitlements in the top-level organization.
To partition your entitlements into isolated segments, NVIDIA Licensing Portal provides the ability to create virtual groups and assign entitlements and contacts to them. For more information, see Managing Virtual Groups.
Configuring multiple DLS instances in a failover configuration increases availability because simultaneous failure of multiple instances is rare. The primary and secondary DLS instances work together to ensure that licenses in the enterprise remain continually available to licensed clients.
If the primary DLS instance fails, failover occurs. One of the secondary DLS instances becomes the primary instance and begins to serve licenses. In a cluster of more than two instances, the secondary instance that has the longest uptime becomes the primary instance. The DLS instance that failed becomes a secondary instance when it is returned to service. The next time that failover occurs, the primary DLS instance becomes a secondary DLS instance again.
To ensure that licenses in the enterprise remain continually available after failure of the primary DLS instance, return the failed DLS instance to service as quickly as possible to restore high availability support. After failure of a DLS instance in a cluster of two instances, the remaining instance becomes a single point of failure.
In a High Availability (HA) cluster, the Heartbeat service, running on every node, monitors the health of DLS appliances and triggers a failover when an unhealthy node is detected based on one of the following criteria. In the event of a failover, one of the secondary nodes assumes the role of the primary node to serve the requests, and the previous primary node takes on the role of the secondary node.
To simplify the installation and administration of the DLS, the DLS is distributed as a software image to be installed or deployed on a supported platform. The DLS is a secure, hardened environment in which access to the application software is strictly controlled.
The following types of DLS software image are available:
Each DLS software image is configured with a single standard user account for accessing the DLS appliance and an account with sudo user privileges for installing updates to the DLS appliance software. Modifications to these accounts are strictly controlled. You cannot add other user accounts to the software image. However, you can use a lightweight directory access protocol (LDAP) directory instead of the configured accounts for managing user access to a DLS appliance.
In each VM-based virtual appliance image, the DLS application software is containerized to allow limited access to the OS so that non-root users can install security compliance and scanning tools in the VM. However, a container orchestration platform cannot control or restrict access to the OS on which the platform is running.
In the package for installation on a supported OS, the DLS application software is containerized to ensure that all software dependencies are met and to isolate the DLS application software from the underlying OS.
As far as possible, the DLS appliances based on all types of software image are functionally equivalent. Therefore, whether to use a container-based DLS appliance, a VM-based DLS appliance, or a DLS appliance from a package for installation on a supported OS depends on the requirements of your IT infrastructure or the policies of your IT department. For additional guidelines, refer to the following resources from the vendors of platforms that support NVIDIA License System:
The platform that hosts a DLS virtual appliance must be identified by its IP address or its fully qualified domain name. It can also be identified by its CNAME. If you want to identify the platform by its fully qualified domain name, ensure that the required DNS entries are set before installing the DLS virtual appliance. If you want to identify the platform by its default host name, you must set a DNS entry that maps the default host name to the fully qualified domain name.
The process for setting these DNS entries is separate from the process for installing the DLS virtual appliance. Use the standard interfaces of the name resolution service that you are using to set the required DNS entries.
Whenever possible, set DNS entries for the platform that hosts a DLS virtual appliance. If the DNS entries are set, the DLS appliance can be accessed through both its IP address and its fully qualified domain name.
For each mapping between a domain name and an IP address, ensure that you set both the forward pointer and reverse pointer DNS entries. A DLS virtual appliance requires the reverse pointer entry to determine the domain name of the DLS virtual appliance when creating a client configuration token.
To determine whether the forward pointer and reverse pointer DNS entries have been set correctly, type the following commands in a shell on any UNIX or Linux host on the same network as the DLS virtual appliance:
Containerized DLS Software Image: The fully qualified domain name is set through an environment variable. When the container within which the DLS software image is deployed is started, the DLS instance checks whether this environment variable is set.
Licensed clients outside the container must be able to resolve the fully qualified domain name. The environment variable must not specify a name that can be resolved only by the container orchestrator.
To enable communication between a licensed client and a CLS or DLS instance, specific ports must be open in your firewall or proxy server. If you are using an HA cluster of DLS instances with a firewall or proxy server between the DLS instances, additional ports must be open in your firewall or proxy server.
Use the measured performance numbers to determine the optimum configuration for your container-based or VM-based DLS appliances based on the expected number and frequency of requests from licensed clients.
Scalability measures the maximum number of licensed clients that a VM-based or container-based DLS appliance can serve in a specific interval. A DLS appliance serves a licensed client by performing a licensing operation for the client, namely the borrowing, return, or renewal of a license. Registration of a licensed client is not considered a licensing operation because it occurs only once for any client.
These measurements capture the maximum number of licensed clients that DLS appliances with varying numbers of vCPUs and amounts of RAM can serve when licenses are borrowed for 12 hours. The maximum number of clients is directly proportional to the length of time for which licenses are borrowed. If the length of time increases, the maximum number of clients also increases.
c80f0f1006