6.0.1
Table Of Contents
- vSphere Storage
- Contents
- About vSphere Storage
- Updated Information
- Introduction to Storage
- Overview of Using ESXi with a SAN
- Using ESXi with Fibre Channel SAN
- Configuring Fibre Channel Storage
- Configuring Fibre Channel over Ethernet
- Booting ESXi from Fibre Channel SAN
- Booting ESXi with Software FCoE
- Best Practices for Fibre Channel Storage
- Using ESXi with iSCSI SAN
- Configuring iSCSI Adapters and Storage
- ESXi iSCSI SAN Requirements
- ESXi iSCSI SAN Restrictions
- Setting LUN Allocations for iSCSI
- Network Configuration and Authentication
- Set Up Independent Hardware iSCSI Adapters
- About Dependent Hardware iSCSI Adapters
- Dependent Hardware iSCSI Considerations
- Configure Dependent Hardware iSCSI Adapters
- About the Software iSCSI Adapter
- Modify General Properties for iSCSI Adapters
- Setting Up iSCSI Network
- Using Jumbo Frames with iSCSI
- Configuring Discovery Addresses for iSCSI Adapters
- Configuring CHAP Parameters for iSCSI Adapters
- Configuring Advanced Parameters for iSCSI
- iSCSI Session Management
- Booting from iSCSI SAN
- Best Practices for iSCSI Storage
- Managing Storage Devices
- Storage Device Characteristics
- Understanding Storage Device Naming
- Storage Refresh and Rescan Operations
- Identifying Device Connectivity Problems
- Edit Configuration File Parameters
- Enable or Disable the Locator LED on Storage Devices
- Working with Flash Devices
- About VMware vSphere Flash Read Cache
- Working with Datastores
- Understanding VMFS Datastores
- Understanding Network File System Datastores
- Creating Datastores
- Managing Duplicate VMFS Datastores
- Upgrading VMFS Datastores
- Increasing VMFS Datastore Capacity
- Administrative Operations for Datastores
- Set Up Dynamic Disk Mirroring
- Collecting Diagnostic Information for ESXi Hosts on a Storage Device
- Checking Metadata Consistency with VOMA
- Configuring VMFS Pointer Block Cache
- Understanding Multipathing and Failover
- Raw Device Mapping
- Working with Virtual Volumes
- Virtual Machine Storage Policies
- Upgrading Legacy Storage Profiles
- Understanding Virtual Machine Storage Policies
- Working with Virtual Machine Storage Policies
- Creating and Managing VM Storage Policies
- Storage Policies and Virtual Machines
- Default Storage Policies
- Assign Storage Policies to Virtual Machines
- Change Storage Policy Assignment for Virtual Machine Files and Disks
- Monitor Storage Compliance for Virtual Machines
- Check Compliance for a VM Storage Policy
- Find Compatible Storage Resource for Noncompliant Virtual Machine
- Reapply Virtual Machine Storage Policy
- Filtering Virtual Machine I/O
- VMkernel and Storage
- Storage Hardware Acceleration
- Hardware Acceleration Benefits
- Hardware Acceleration Requirements
- Hardware Acceleration Support Status
- Hardware Acceleration for Block Storage Devices
- Hardware Acceleration on NAS Devices
- Hardware Acceleration Considerations
- Storage Thick and Thin Provisioning
- Using Storage Providers
- Using vmkfstools
- vmkfstools Command Syntax
- vmkfstools Options
- -v Suboption
- File System Options
- Virtual Disk Options
- Supported Disk Formats
- Creating a Virtual Disk
- Example for Creating a Virtual Disk
- Initializing a Virtual Disk
- Inflating a Thin Virtual Disk
- Removing Zeroed Blocks
- Converting a Zeroedthick Virtual Disk to an Eagerzeroedthick Disk
- Deleting a Virtual Disk
- Renaming a Virtual Disk
- Cloning or Converting a Virtual Disk or RDM
- Example for Cloning or Converting a Virtual Disk
- Migrate Virtual Machines Between DifferentVMware Products
- Extending a Virtual Disk
- Upgrading Virtual Disks
- Creating a Virtual Compatibility Mode Raw Device Mapping
- Example for Creating a Virtual Compatibility Mode RDM
- Creating a Physical Compatibility Mode Raw Device Mapping
- Listing Attributes of an RDM
- Displaying Virtual Disk Geometry
- Checking and Repairing Virtual Disks
- Checking Disk Chain for Consistency
- Storage Device Options
- Index
3 If you plan to use Kerberos authentication with the NFS 4.1 datastore, congure the ESXi hosts for
Kerberos authentication.
Make sure that each host that mounts this datastore is a part of an Active Directory domain and its NFS
authentication credentials are set.
What to do next
You can now create an NFS datastore on the ESXi hosts.
Using Kerberos Credentials for NFS 4.1
With NFS version 4.1, ESXi supports Kerberos authentication mechanism.
Kerberos is an authentication service that allows an NFS 4.1 client installed on ESXi to prove its identity to
an NFS server before mounting an NFS share. Kerberos uses cryptography to work across an insecure
network connection. The vSphere implementation of Kerberos for NFS 4.1 supports only identity
verication for the client and server, but does not provide data integrity or condentiality services.
When you use Kerberos authentication, the following considerations apply:
n
ESXi uses Kerberos version 5 with Active Directory domain and Key Distribution Center (KDC).
n
As a vSphere administrator, you specify Active Directory credentials to provide an access to NFS 4.1
Kerberos datastores to an NFS user. A single set of credentials is used to access all Kerberos datastores
mounted on that host.
n
When multiple ESXi hosts share the same NFS 4.1 datastore, you must use the same Active Directory
credentials for all hosts that access the shared datastore. You can automate this by seing the user in
host proles and applying the prole to all ESXi hosts.
n
NFS 4.1 does not support simultaneous AUTH_SYS and Kerberos mounts.
n
NFS 4.1 with Kerberos does not support IPv6. Only IPv4 is supported.
Configure ESXi Hosts for Kerberos Authentication
If you use NFS 4.1 with Kerberos, you must perform several tasks to set up your hosts for Kerberos
authentication.
When multiple ESXi hosts share the same NFS 4.1 datastore, you must use the same Active Directory
credentials for all hosts that access the shared datastore. You can automate this by seing the user in host
proles and applying the prole to all ESXi hosts.
Prerequisites
n
Make sure that Microsoft Active Directory (AD) and NFS servers are congured to use Kerberos.
n
Enable DES-CBC-MD5 encryption mode on AD. The NFS 4.1 client supports only this encryption mode.
n
Make sure that the NFS server exports are congured to grant full access to the Kerberos user.
Procedure
1 Congure DNS for NFS 4.1 with Kerberos on page 159
When you use NFS 4.1 with Kerberos, you must change the DNS seings on ESXi hosts to point to the
DNS server that is congured to hand out DNS records for the Kerberos Key Distribution Center
(KDC). For example, use the Active Directory server address, if AD is used as a DNS server.
2 Congure Network Time Protocol for NFS 4.1 with Kerberos on page 159
If you use NFS 4.1 with Kerberos, congure Network Time Protocol (NTP) to make sure all ESXi hosts
on the vSphere network are synchronized.
vSphere Storage
158 VMware, Inc.