A couple weeks ago I sat and passed the VCAP 6.5 Datacenter Design Exam. It was a good but tough exam. The VCAP 6.5 Design exam is a bit different from past VCAP Design Exams – there are no Visio type design questions (I did not take the VCAP6, but based on the blueprint it looks like it was mostly Visio). The VCAP6.5 Design exam is made up of multiple choice and “drag and drop” questions.
Couple of tips for the exam:
- Read the Exam Prep Guide!!! Everything you need to be successful is there (except experience).
- When taking the exam MAKE SURE YOU READ THE QUESTION or DESIGN SCENARIO completely, then read it again before selecting your answers or completing the question activity.
- You are able to flag questions for review – but use this wisely. If you are prepared – trust your gut – don’t second guess yourself.
- Take your time. Since there are no Visio style questions you are given plenty of time (IMHO) to complete the exam. Relax, read the question, answer, move on.
- Technical tip: Have a deep understand of dependencies required for, and limitations of, vSphere features and services and how these dependencies may impact the ability to meet a design requirement or may introduce risks into a design.
Here are the VMware certification official exam details:
VMware Certified Advanced Professional 6.5 – Data Center Virtualization Design Exam
Certification Page: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=102518&ui=www_cert
3V0-624 Exam Page: https://mylearn.vmware.com/mgrReg/plan.cfm?plan=102526&ui=www_cert
I did not give myself very long to prepare. I focused a majority of my prep on the new features available in vSphere 6.5 and around the upgrade/migration to vSphere 6.5 and the VCSA. Here are some notes I jotted while studying with links to resources (all of which can be found in the Prep-Guide):
VMware Validated Design
Gathering, identifying, and analyzing design requirements (business and application)
Conceptual – “Owner View”
Availability, Performance, Recovery, Management, Security
- Functional – What the design must do/accomplish/provide.
- Non-Functional – How the design must do something (speeds and feeds)
- How the design meets the requirements – specific hardware, topology, etc.
- Constraints can introduce risks
- Assumptions – made by the architect. Will likely become risks if they are not validated
- Prohibit the design from being successfully implemented or from meeting the requirements.
Logical – “Designer View”
Selecting physical storage, compute, and network hardware to support the logical design.
Determine virtual machine configurations to meet business and application requirements.
Physical – “Builder View”
vSphere Upgrade to 6.5 – ESXi, vCenter, Migration
vCenter High Availability
- Network latency between Active, Passive, and Witness nodes must be less than 10 milliseconds.
- Snapshots, cloning, and FT are not supported on VCHA nodes.
- Image level backups of a VCHA node is supported
- vCenter HA provides a RTO of about 5 Minutes
- Synchronous replication of the vCenter DB
- Asynchronous replication of vCenter Files
- Active, Passive, and Witness nodes communicate over a private network.
- Does not support enhance linked mode
- Does not support PSC replication
Platform Service Controller (PSC)
PSC Deployment Decision Tree – https://blogs.vmware.com/vsphere/files/2016/04/vSphere_Topology_Decision_Tree_Poster-v5_0804016.pdf
- Recommended that a PSC be deployed locally to each vCenter Server
- 100 ms RTT- Recommended maximum latency between PSCs
- Centralized management of vSphere licenses
- Certificate Authority and Certificate Store
vSphere High Availability (HA) – restarts VMs after a hardware failure
- Host failures to tolerate – automatic calculation of percentage of CPU and Memory resources to reserve
- Orchestrated Restart – create dependency chains between VMs. Restart rules enforce start order for VMs within the dependency chain.
- vCenter Server required to configure HA, but not for HA to function
- Detect degraded components (hardware failures) within a host and evacuate VMs from the affected host before host failure.
- Affected host placed in Quarantine Mode.
vSphere Fault Tolerance (FT) – continuous availability (does not protect against application or OS failure)
- Supports VMs with up to 4 vCPUs and 64 GB of memory
- Predictive DRS – works with vROps – migrate to accomodate future workload/avoid host over-commitment.
- Predictive DRS – Default look ahead interval is 60 minutes
- Network-Aware DRS – decides VM placement based on compute and network utilizations – does not trigger vMotion based on network load imbalance.
- Network-Aware DRS – default 80% utilization threshold – Unless utilization is above 80% DRS considers host to be a good candidate in terms of network resources availability
- VM Distribution – distribute a more even number of VMs across hosts – spread VMs evenly across hosts (if possible – best effort) – load balancing takes priority
- Memory Metric for Load Balancing – choose to load balanace based on consumed memory instead of active memory.
- CPU Over-commitment – 0-500% over-commitment – specify CPU over commit as a percentage of total cluster CPU capacity
Secure Encrypted vMotion
- Set per-VM
- Can be Disabled, Opportunistic, Required
- Generates a 256-bit random key and a 64-bit nonce – each used only once for a vMotion
- VM Encryption is used to secure data in VMDKs
- Using a processor which supports AES-NI instruction set improves performance.
- External key management server(KMS) (third party)
- Key Management Interoperability Protocol (KMIP) v1.1 supported.
- vCenter Server obtains keys from KMS and pushes them down to ESXi hosts – Key encryption keys (KEK)
- ESXi hosts generate data encryption keys (DEK) – KEKs encrypt DEKs – DEKs are stored in configuration files
- KEK for a virtual machine must be in ESXi memory for a VM to be powered on.
- KEKs are stored in the KMS and are not persisted in the vSphere environment.
- KMS should be highly available with key replicated between multiple KMS instances.
Block – FC, iSCSI, SAS
File – NFS (v3 and v4.1)
Object – VVOL and VSAN
0 – Stripe – No protection
1 – Mirror – Write Penalty 2
5 – 1 Parity – supports single drive failure – Write Penalty 4
6 – 2 Parity – support 2 drive failures – Write Penalty 6
- Virtual Distributed Switch – supports LLDP and CDP, NetFlow, LAGs, load based teaming, PVLANs, ingress/egress traffic shaping, per port blocking,
- Virtual Standard Switch – CDP only, egress traffic shaping only
Single-root I/O Virtualization (SR-IOV) – enables one PCIe adapter to be presented as multiple logical devices.
VM DirectPath I/O – VM direct access to an IO device – cannot be shared by multiple VMs.
vMotion, NIOC, FT are not supported when using SR-IOV of DirectPath I/O.
Like I said I did not give myself a lot of time to prepare and I really focused on the features of 6.5. I know the notes seem a little sparse but hopefully you will find them helpful.
There are a few books out there which are definitely useful resources for VCAP Design exam preparation. Here are some of my favorites:
IT Architect: Foundation in the Art of Infrastructure Design
Fantastic resource if you are preparing for the VCAP exam or to defend VCDX.
VMware vSphere 6.x Datacenter Design Cookbook
Full disclosure: I wrote this book, I have been told it is pretty good. The outline of this book aligns with the VCAP 6.0 Design Exam objectives.
VMware vSphere Design
Another really great book focusing on vSphere design methodology.
If you are preparing for the exam or just looking to learn more about VMware Design Methodology these books are EXCELLENT resources.