6.7
Table Of Contents
- vSphere Virtual Machine Administration
- Contents
- About vSphere Virtual Machine Administration
- Introduction to VMware vSphere Virtual Machines
- Deploying Virtual Machines
- Create a Virtual Machine with the New Virtual Machine Wizard
- Clone a Virtual Machine to a Template
- Clone a Virtual Machine to a Template in the vSphere Web Client
- Deploy a Virtual Machine from a Template
- Deploy a Virtual Machine from a Template in the vSphere Web Client
- Clone an Existing Virtual Machine
- Clone an Existing Virtual Machine in the vSphere Web Client
- Cloning a Virtual Machine with Instant Clone
- Clone a Template to a Template
- Clone a Template to a Template in the vSphere Web Client
- Convert a Template to a Virtual Machine
- Deploying OVF and OVA Templates
- Using Content Libraries
- Create a Library
- Synchronize a Subscribed Content Library
- Edit a Content Library
- Hierarchical Inheritance of Permissions for Content Libraries
- Content Library Administrator Role
- Populating Libraries with Content
- Creating Virtual Machines and vApps from Templates in a Content Library
- Working with Items in a Library
- Configuring Virtual Machine Hardware
- Virtual Machine Compatibility
- Virtual CPU Configuration
- Virtual CPU Limitations
- Configuring Multicore Virtual CPUs
- Change CPU Hot Plug Settings
- Change the Number of Virtual CPUs
- Allocate CPU Resources
- Change CPU Identification Mask Settings
- Expose VMware Hardware Assisted Virtualization
- Enable Virtual CPU Performance Counters
- Configure Processor Scheduling Affinity
- Change CPU/MMU Virtualization Settings
- Virtual Memory Configuration
- Virtual Disk Configuration
- About Virtual Disk Provisioning Policies
- Large Capacity Virtual Disk Conditions and Limitations
- Change the Virtual Disk Configuration
- Use Disk Shares to Prioritize Virtual Machines
- Configure Flash Read Cache for a Virtual Machine
- Determine the Virtual Disk Format and Convert a Virtual Disk from the Thin Provision Format to a Thick Provision Format
- Add a Hard Disk to a Virtual Machine
- SCSI and SATA Storage Controller Conditions, Limitations, and Compatibility
- Virtual Machine Network Configuration
- Network Adapter Basics
- Network Adapters and Legacy Virtual Machines
- Change the Virtual Machine Network Adapter Configuration
- Add a Network Adapter to a Virtual Machine
- Parallel and Serial Port Configuration
- Using Serial Ports with vSphere Virtual Machines
- Adding a Firewall Rule Set for Serial Port Network Connections
- Configure Virtual Machine Communication Interface Firewall
- Change the Serial Port Configuration in the vSphere Web Client
- Authentication Parameters for Virtual Serial Port Network Connections
- Add a Serial Port to a Virtual Machine in the vSphere Web Client
- Change the Parallel Port Configuration
- Add a Parallel Port to a Virtual Machine vSphere Web Client
- Other Virtual Machine Device Configuration
- Change the CD/DVD Drive Configuration in the vSphere Web Client
- Add or Modify a Virtual Machine CD or DVD Drive
- Change the Floppy Drive Configuration in the vSphere Web Client
- Add a Floppy Drive to a Virtual Machine in the vSphere Web Client
- Add and Configure a SCSI Device
- Add a PCI Device
- Configuring 3D Graphics
- Add an NVIDIA GRID vGPU to a Virtual Machine
- USB Configuration from an ESXi Host to a Virtual Machine
- USB Autoconnect Feature
- vSphere Features Available with USB Passthrough
- Configuring USB Devices for vMotion
- Avoiding Data Loss with USB Devices
- Connecting USB Devices to an ESXi Host
- Add USB Devices to an ESXi Host
- Add a USB Controller to a Virtual Machine
- Add USB Devices from an ESXi Host to a Virtual Machine
- Remove USB Devices That Are Connected Through an ESXi Host
- Remove USB Devices from an ESXi Host
- USB Configuration from a Client Computer to a Virtual Machine
- Add a Shared Smart Card Reader to Virtual Machines
- Securing Virtual Machines with Virtual Trusted Platform Module
- Configuring Virtual Machine Options
- Virtual Machine Options Overview
- General Virtual Machine Options
- Configuring User Mappings on Guest Operating Systems
- VMware Remote Console Options
- Virtual Machine Encryption
- Virtual Machine Power Management Options
- Configuring VMware Tools Options
- Virtualization Based Security
- Configuring Virtual Machine Boot Options
- Configuring Virtual Machine Advanced Options
- Configure Fibre Channel NPIV Settings
- Managing Multi-Tiered Applications with vSphere vApp
- Create a vApp
- Create or Add an Object to a vApp
- Edit vApp Settings
- Clone a vApp
- Perform vApp Power Operations
- Edit vApp Notes
- Add a Network Protocol Profile in the vSphere Web Client
- Virtual Machine vApp Options
- Monitoring Solutions with the vCenter Solutions Manager
- Managing Virtual Machines
- Installing a Guest Operating System
- Customizing Guest Operating Systems
- Guest Operating System Customization Requirements
- Create a vCenter Server Application to Generate Computer Names and IP Addresses
- Customize Windows During Cloning or Deployment in the vSphere Web Client
- Customize Linux During Cloning or Deployment in the vSphere Web Client
- Apply a Customization Specification to a Virtual Machine
- Creating and Managing Customization Specifications
- Edit Virtual Machine Startup and Shutdown Settings in the vSphere Web Client
- Edit Virtual Machine Startup and Shutdown Settings
- Install the VMware Enhanced Authentication Plug-in
- Using a Virtual Machine Console
- Answer Virtual Machine Questions
- Removing and Reregistering VMs and VM Templates
- Managing Virtual Machine Templates
- Using Snapshots To Manage Virtual Machines
- Enhanced vMotion Compatibility as a Virtual Machine Attribute
- Migrating Virtual Machines
- Migrate a Powered Off or Suspended Virtual Machine
- Migrate a Powered-Off or Suspended Virtual Machine in the vSphere Web Client
- Migrate a Virtual Machine to a New Compute Resource
- Migrate a Virtual Machine to New Storage
- Migrate a Virtual Machine to New Storage in the vSphere Web Client
- Migrate a Virtual Machine to a New Compute Resource and Storage
- Migrate a Virtual Machine to a New Compute Resource and Storage in the vSphere Web Client
- Upgrading Virtual Machines
- Required Privileges for Common Tasks
- Troubleshooting Overview
- Troubleshooting Virtual Machines
Securing Virtual Machines with Virtual Trusted Platform
Module
The Virtual Trusted Platform Module (vTPM) feature lets you add a TPM 2.0 virtual cryptoprocessor to a
virtual machine.
Virtual Trusted Platform Module Overview
vTPMs perform cryptographic coprocessor capabilities in software. When added to a virtual machine, a
vTPM enables the guest operating system to create and store keys that are private. These keys are not
exposed to the guest operating system itself. Therefore, the virtual machine attack surface is reduced.
Usually, compromising the guest operating system compromises its secrets, but enabling a vTPM greatly
reduces this risk. These keys can be used only by the guest operating system for encryption or signing.
With an attached vTPM, a third party can remotely attest to (validate) the identity of the firmware and the
guest operating system.
You can add a vTPM to either a new virtual machine or an existing virtual machine. A vTPM depends on
virtual machine encryption to secure vital TPM data. When you configure a vTPM, VM encryption
automatically encrypts the virtual machine files but not the disks. You can choose to add encryption
explicitly for the virtual machine and its disks.
You can also back up a virtual machine enabled with a vTPM. The backup must include all virtual
machine data, including the *.nvram file. If your backup does not include the *.nvram file, you cannot
restore a virtual machine with a vTPM. Also, because the VM home files of a vTPM-enabled virtual
machine are encrypted, ensure that the encryption keys are available at the time of a restore.
A vTPM does not require a physical Trusted Platform Module (TPM) 2.0 chip to be present on the ESXi
host. However, if you want to perform host attestation, an external entity, such as a TPM 2.0 physical
chip, is required. For more details, see the vSphere Security documentation.
Note By default, no storage policy is associated with a virtual machine that has been enabled with a
vTPM. Only the virtual machine files (VM Home) are encrypted. If you prefer, you can choose to add
encryption explicitly for the virtual machine and its disks, but the virtual machine files would have already
been encrypted.
Requirements for vTPM
To use a vTPM, your vSphere environment must meet these requirements:
n
Virtual machine requirements:
n
EFI firmware
n
Hardware version 14
n
Component requirements:
n
vCenter Server 6.7.
vSphere Virtual Machine Administration
VMware, Inc. 164