Information Technology Reference
In-Depth Information
Configuring the Isolation Response Address
In some highly secure virtual environments, management access is limited to a single, non-routed
management network. In these cases, the security plan calls for the elimination of the default
gateway on the ESXi management network. h e idea is to lock the ESX i management network onto
the local subnet, thus preventing any type of remote network access to the management inter-
faces. h e disadvantage, as you might have guessed, is that without a default gateway IP address
confi gured for the management network, there is no isolation address to ping as a determination
of network isolation status.
It is possible, however, to customize the isolation response address for scenarios just like this. h e
IP address can be any IP address but should be an IP address that is not going to be unavailable or
taken from the network at any time.
Perform the following steps to defi ne a custom isolation response address:
1.
Use the vSphere Web Client to connect to a vCenter Server instance.
2.
Open the Hosts And Clusters View, right-click an existing cluster, and select the Settings option.
3.
Ensure that vSphere HA is selected in the left column and click the Edit button.
4.
Expand the Advanced Options section and click the Add button.
5.
Enter
das.isolationaddress
in the Option column in the Advanced Options (HA) dialog box.
6.
Enter the IP address to be used as the isolation response address for ESXi hosts that cannot com-
municate with the FDM master host.
7.
Click the OK button.
h is interface can also be confi gured with the following options:
das.isolationaddress1: to specify the fi rst address to try
◆
das.isolationaddress2: to specify the second address to try
◆
das.AllowNetwork: to specify a diff erent port group to use for HA heartbeat
◆
So far, you've only seen how vSphere HA handles ESXi host failures. In the next section, we'll
show you how you can use vSphere HA to help protect against guest OS and application fail-
ures as well.
Configuring vSphere High Availability VM Monitoring
In addition to monitoring for ESXi host failures and reacting accordingly, vSphere HA has the
ability to look for guest OS and application failures. When a failure is detected, vSphere HA can
restart the VM. Figure 7.23 shows the area of the Edit Cluster Settings dialog box where you con-
i gure this behavior.
The foundation for this functionality is built into VMware Tools, which we'll describe in
greater detail in Chapter 9. VMware Tools provides a series of heartbeats from the guest OS
up to the ESXi host on which that VM is running. By monitoring these heartbeats in conjunc-
tion with disk and network I/O activity, vSphere HA can attempt to determine if the guest
OS has failed. If there are no VMware Tools heartbeats, no disk I/O, and no network I/O for
a period of time, then vSphere HA—if VM Monitoring is enabled—will restart the VM under
