In this article, VMware ESX Video author, I will provide a step by step configuration checklist for the proper planning, installation, configuration, and security of a new ESXi Server. While installing ESXi is not difficult, installing it properly is.
Let us begin
One of the best things about VMware ESXi (besides being free) is that it is quick and easy to install. However, there is more to properly configuring it than just getting it installed. Not only do you want it installed but you also want it configured to function for all your future needs and to do so securely. Let us see how to do just that.
VMware ESXi New Server Checklist
I will break this new VMware ESXi Server Installation Checklist into 3 phases:
VI Client Configuration
Let us get started with the Installation phase…
Installing VMware ESXi Server
Verify that your hardware is compatible with VMware ESXi. Use the VMware HCL (hardware compatibility list).
If you do not have it already, you will need to download an evaluation copy (or purchase a copy) of VMware ESXi. Fortunately it is free and not too terribly large to download. You can download it at the VMware ESXi Server free download site.
Prior to the ESXi Installation, you should review your server BIOS settings. You will want to enable VT if you want to have 64 bit guests and disable BIOS controller power management. As with the installation of any operating system, you want to make sure that the boot order is going to allow you to boot from the ESXi installation media.
Insert your installation media and boot up ESXi. In my case, I performed the Installation inside VMware Workstation using my video instructions on Installing VMware ESXi inside VMware Workstation which allowed me to get these installation snapshots.
Typically, you will take all the defaults in the installation. Here are some sample screen shots with comments of what to do at each port, below them in the comments:
Figure 1: ESXi Installation
Figure 2: Press Enter to begin Installation
Figure 3: Press Enter to Accept the default hard drive for install
Figure 4: Press F11 to Install ESXi
Figure 5: Press Enter to reboot
VMware ESXi Console Configuration
Once ESXi has successfully installed and rebooted, we have a list of tasks to perform at the console level to properly configure it. This “ESXi Console” as I call it is technically called the Direct console user interface (DCUI) but for the purposes of this article, let us just call it the “ESXi Console”.
Press F2 to customize the ESXi Server using the console (below).
Figure 6: Once booted, press F2 to Customize
Going down the list from the top to bottom of the console interface, here is our list of what we need to configure at the console level:
Configure the root password
Figure 7: Configuring the root password on a VMware ESXi Server
Configure Management Network – the networking for the ESXi Server is called the “management network” so in this step, you need to configure the IP address, subnet mask, and default gateway. While your server will likely start out with an IP address obtained from DHCP, as this is a server, you need to configure a static IP address.
Figure 8: configuring the static IP Management in ESXi
Configure DNS Servers on this ESXi Server – Just as you tell your PC what DNS Servers to use and what the domain is that it should use, you also need to tell your ESXi Server. Go into DNS Settings inside DNS Configuration to give this server the DNS Server IP’s and its hostname.
Figure 9: Assigning DNS Server Installation for ESXi Server
Next, you need to add a Custom DNS Suffixes to assign the DNS Suffix for this ESXi server.
Figure 10: Assigning a Custom DNS Suffix
Now, Exit the Management Network Configuration by pressing ESC. You will be prompted to confirm that you want to save this new configuration. Make sure that you accept the new configuration with a Y for YES.
Figure 11: Accepting Changes to the Management Network
- To ensure that this server is properly configured, you should use the Test Management Network function in the console, like this:
Figure 12: Testing the Management Network
What is this? Our Management Network Test failed? This points out that we need to make sure that this ESX host is able to resolve DNS and above to resolve its own DNS hostname. Now, let us add it.
To resolve the fact that this ESX host is not in DNS, go to your DNS Server and make a host entry for the new ESX host, like this:
Figure 13: Adding a Windows DNS Server host entry for the new ESXi host
From here, we are done with the console configuration so let us move onto administering the new server using VMware’s VI Client.
VI Client Configuration
Connect to your vCenter Server and add the new ESXi server to vCenter. Authorize as the root user and I recommend enabling lock down mode at this time.
Figure 14: Adding the new ESXi Host
Configure Licensing – if you have the vCenter Server licensing configured to “change host license server settings to match these VirtualCenter Server settings whenever a host is added to the inventory” then the new ESXi Server licensing should be automatically configured. Still, you should check your licensing for the new server and verify that it is properly licensed (not an evaluation) and that any optional features you need (like VCB or VMotion) are enabled.
Figure 15: Checking Licensing for an ESX host
Connect ESXi Server to SAN – iSCSI or FC. For more information on ESX Server and iSCSI, see my articles How to create an inexpensive iSCSI SAN for VMware ESX and Connect VMware ESX Server to a free iSCSI SAN using Openfiler.
Configure NTP Server & Start NTP – it is important to have the proper time configured on your ESXi Servers for a variety of reasons (logging, security, iSCSI authentication) and NTP is the correct way to do this. To enable NTP, go to the Configuration for your server, click on Time Configuration, and then click Properties.
Add a new NTP Server such as pool.ntp.org
Then set NTP to Start Automatically and then Start NTP.
Consider Security - while ESXi is a very secure OS already (even more secure than the regular ESX Server), I encourage you to consider the security implications of it. Here are a couple of things you can do-
a. Read the VMware VI Security Hardening Guide and consider what it recommends. This guide was recently updated to cover ESXi (ESX 3i 3.5).
b. Get on the update list to be notified when the new version of TripWire ConfigCheck will be released which will support ESXi (3i). This is a very powerful tool and I highly recommend it but, so far, it only supports ESX Server (not ESXi). They have an email notification list you can joint to be notified when the new ESXi version is released.
Consider Documentation & Communication – these are two areas that are too often forgotten. When adding any new server, you need to update your documentation, hardware inventory, network management, and more. You also need to notified other administrators that the new server is available and how to administer it.
If you will be wantig to gain access to the command line on your ESXi server, read my article How to Access the VMware ESXi Hidden Console
Configure options features, such as vMotion, VCB, and/or other backup solutions.
In conclusion, adding a new VMware ESXi Server should be quick and easy. However, there are often many parts of adding that new server that are forgotten until later. By having a quick checklist for installation and configuration, adding that new server can be easier and you will save time in the long run.