The ESXi design includes design decisions for boot options, user access, and the virtual machine swap configuration.

You can find the ESXi hardware requirements in Physical Design Fundamentals. The following design outlines the design of the ESXi configuration.

You can install or boot ESXi 6.5 from the following storage systems:

SATA disk drives

SATA disk drives connected behind supported SAS controllers or supported on-board SATA controllers.

Serial-attached SCSI (SAS) disk drives

Supported for installing ESXi.

SAN

Dedicated SAN disk on Fibre Channel or iSCSI.

USB devices

Supported for installing ESXi. 16 GB or larger SD card is recommended.

FCoE

(Software Fibre Channel over Ethernet)

ESXi can boot from a disk larger than 2 TB if the system firmware and the firmware on any add-in card support it. See the vendor documentation.

For new installations of ESXi, the installer creates a 4 GB VFAT scratch partition. ESXi uses this scratch partition to store log files persistently. By default, vm-support output, which is used by VMware to troubleshoot issues on the ESXi host, is also stored on the scratch partition.

An ESXi installation on USB media does not configure a default scratch partition. VMware recommends that you specify a scratch partition on a shared datastore and configure remote syslog logging for the host.

ESXi Boot Disk Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-VI-ESXi-001

Install and configure all ESXi hosts to boot using a SD device of 16 GB or greater.

SD cards are an inexpensive and easy to configure option for installing ESXi.

Using SD cards allows allocation of all local HDDs to a VMware vSAN storage system.

When you use SD cards ESXi logs are not retained locally.

After installation, ESXi hosts are added to a VMware vCenter Server system and managed through that vCenter Server system.

Direct access to the host console is still available and most commonly used for troubleshooting purposes. You can access ESXi hosts directly using one of these three methods:

Direct Console User Interface (DCUI)

Graphical interface on the console. Allows basic administrative controls and troubleshooting options.

ESXi Shell

A Linux-style bash login on the ESXi console itself.

Secure Shell (SSH) Access

Remote command-line console access.

You can enable or disable each method. By default the ESXi Shell and SSH are disabled to secure the ESXi host. The DCUI is disabled only if Strict Lockdown Mode is enabled.

By default, root is the only user who can log in to an ESXi host directly, however, you can add ESXi hosts to an Active Directory domain. After the host has been added to an Active Directory domain, access can be granted through Active Directory groups. Auditing who has logged into the host also becomes easier.

ESXi User Access Design Decisions

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-VI-ESXi-002

Add each host to the Active Directory domain for the region in which it will reside.

Using Active Directory membership allows greater flexibility in granting access to ESXi hosts.

Ensuring that users log in with a unique user account allows greater visibility for auditing.

Adding hosts to the domain can add some administrative overhead.

SDDC-VI-ESXi-003

Change the default ESX Admins group to the SDDC-Admins Active Directory group. Add ESXi administrators to the SDDC-Admins group following standard access procedures.

Having an SDDC-Admins group is more secure because it removes a known administrative access point. In addition different groups allow for separation of management tasks.

Additional changes to the host's advanced settings are required.

When a virtual machine is powered on, the system creates a VMkernel swap file to serve as a backing store for the virtual machine's RAM contents. The default swap file is stored in the same location as the virtual machine's configuration file. This simplifies the configuration, however it can cause an excess of replication traffic that is not needed.

You can reduce the amount of traffic that is replicated by changing the swap file location to a user-configured location on the host. However, it can take longer to perform VMware vSphere vMotion® operations when the swap file has to be recreated.

Other ESXi Host Design Decisions

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-VI-ESXi-004

Configure all ESXi hosts to synchronize time with the central NTP servers.

Required because deployment of vCenter Server Appliance on an ESXi host might fail if the host is not using NTP.

All firewalls located between the ESXi host and the NTP servers have to allow NTP traffic on the required network ports.