VMware Backup Best Practices – Reliable VM Protection & Recovery Guide

Why VMware Backup Best Practices Matter

VMware environments host critical workloads, making data protection and disaster recovery essential. Following VMware backup best practices ensures data integrity, fast recovery, and minimal downtime during system failures, hardware crashes, or ransomware attacks.

Let's take a look at several different best practice considerations when backing up and restoring VMware vSphere virtual machines. We will discuss the following:

• Understanding RPO and RTO and how they relate to backup and recovery
• Understanding what constitutes a backup and what does not
• Using Changed Block Tracking to back up VMs
• Following the 3-2-1 backup best practice methodology
• Not forgetting about backup security
• Evaluating VM housekeeping
• Staying current with the latest vSphere releases
• Leveraging the cloud as an off-site storage location
• Protecting against ransomware

1. Understanding RPO and RTO and how they relate to backup and recovery

Often, organizations configure backups without considering RPO and RTO. Simply put, RPO, or Recovery Point Objective, determines the amount of data loss a business can tolerate. In other words, if backups for a specific VM are set to run daily, the worst-case scenario is potentially losing 24 hours of data. The business must determine if this level of data loss is acceptable. Scheduling backups every 6 hours could result in 6 hours of data loss, and so on.

Setting a VM backup schedule should not be arbitrary. This should be carefully considered from a business perspective to determine what an acceptable loss would be.

RTO is the Recovery Time Objective. This determines the time required to restore a virtual machine. If backups are configured to run hourly, you might only lose one hour of data. However, due to the large amount of data, restoring that VM might take three hours. The Recovery Time Objective defines the acceptable amount of time your business can operate without the data specified in the RPO.

When considering best practices for backing up VMware vSphere VMs, understanding the value of these two metrics as they relate to your specific business is absolutely critical. There is no right or wrong answer for every business, and the answer will likely differ for each organization.

2. Understanding what constitutes a backup and what does not

Often, IT administrators believe they have what they consider to be a "backup," when in reality it is not a true backup. One of the most common scenarios is viewing VMware vSphere VM snapshots as backups. However, snapshots are not backups. Why?

Let's think about what a true backup actually is. A backup should be a completely independent copy of the virtual machine, allowing that VM to be restored without relying on the production infrastructure. This is not the case with VMware vSphere snapshots. VMware vSphere snapshots consist of a chain of delta disks that are interdependent to create a complete copy of the data. If anything happens to one of the disks in the chain, both the VM and the snapshot are lost. In this case, you cannot rely on a snapshot as a backup because it is not a complete copy of the data. Furthermore, it is not an independent copy separate from the production infrastructure. If there is an issue with the physical infrastructure hosting the VM, it means the VM (including its snapshots) is gone. Again, a backup should not depend on the production infrastructure.

3. Using CBT to Back Up Virtual Machines

In the old days of backup, every time a backup ran, it was likely configured to take a full copy of the data. This was very inefficient both in terms of the backup time required and the backup storage space needed to store multiple full copies of the data. A much more efficient way to back up data is to only copy the changes that have occurred since the last backup. By doing this, backups become highly efficient. The actual changed or new data is likely trivial compared to the entire data volume.

One feature of the vSphere Storage APIs for Data Protection is Changed Block Tracking (CBT). Changed Block Tracking (CBT) is a VMkernel feature that tracks which storage blocks of a virtual machine have changed over time. The VMkernel tracks block changes on the VM, enhancing the backup process for applications developed to leverage VMware's vStorage API. VMware vSphere tracks the changed blocks that occur on a virtual machine. Backup solutions can then leverage this information to copy only the changed blocks each time a VM backup is run.

This offers many benefits, significantly reducing not only the backup window but also the backup storage space required for the VM backups. One crucial point to note when targeting a VM for backup with a backup solution is that CBT cannot be enabled on a VM that has an existing snapshot or is powered off.

4. Following the 3-2-1 Backup Best Practice Methodology

The backup industry best practice methodology, the 3-2-1 backup rule, ensures multiple copies of data are stored in a protected manner.

The 3-2-1 backup rule recommends storing (3) copies of your data on at least (2) different types of media, with at least (1) copy stored offsite. As seen from this description, these principles enforce storage diversity. First, you have multiple copies of the data. You store these multiple copies on different media types. This could include storing backups on hard disks and tape media. Finally, you have at least one backup copy stored offsite. This ensures that if all other data copies are lost locally, you have another data copy available for recovery.

Today, many businesses leverage the cloud for this aspect of the 3-2-1 backup strategy. Cloud storage is a cheap, efficient storage location that allows for keeping a copy of data off-site. This helps protect against ransomware attacks, as ransomware can infect all online storage locations locally. It can even encrypt all copies of backups. Choosing the cloud as an off-site storage location helps ensure a copy of the data is safe from these types of risks.

5. Don't Forget About Backup Security

When creating and building backups, don't forget about security. Protecting backups is crucial.

Encrypting backups is already an industry-standard practice during the backup process. If you are not doing this, or if your backup solution cannot do this, you need to look elsewhere. Not only should the backup data itself be encrypted, but the transmission process should also be encrypted.

When storing tape media, pay attention to the physical security of the storage location. Tapes should be under effective supervision, and storage facilities should not allow unauthorized access.

6. Evaluating VM Housekeeping

As your VMware vSphere environment continuously evolves, you will certainly experience VM sprawl within your environment. This sprawl also affects your backups. Keeping your vSphere assets lean helps ensure you are not backing up irrelevant content or retaining worthless backup data.

Furthermore, when talking about VM housekeeping, ensure your VMware vSphere virtual machines do not have lingering snapshots. Keeping virtual disks tidy helps reduce corruption and other adverse side effects. Modern backup solutions leverage snapshots to redirect I/O from the base disk so data can be copied to the backup. If a VM already has a snapshot present when targeted for backup, the backup solution will create another snapshot on top of the existing one. This can further degrade performance and increase the risk that snapshots won't commit properly under high load and other conditions.

7. Staying Current with the Latest vSphere Updates

Keeping your vSphere environment up to date is a general best practice. It helps ensure things run smoothly. It also helps ensure users benefit from the latest improvements in performance and other tweaks. Having the latest version of vSphere ensures you benefit from these improvements with your data protection solution. However, it's important to note that users need to ensure their implemented data protection solution is compatible with the latest version of vSphere.

8. Leveraging the Cloud as an Offsite Storage Location

When implementing the 3-2-1 backup rule, most organizations are using cloud storage for off-site storage. This makes perfect sense for backup storage, as it is relatively inexpensive, nearly limitless, scalable, and resilient. Businesses don't need to provision, maintain, and continuously allocate physical infrastructure to meet backup storage needs. This helps ensure physical backup storage does not become a barrier to effective backups.

Cloud storage from various providers also includes powerful built-in features, such as immutable backups. This helps protect against ransomware.

9. Protecting Against Ransomware

Ransomware has become a major problem for businesses today. Ransomware attacks can shut down and impact critical services, which can take days or even weeks to recover from. Devastating ransomware attacks can have severe consequences for businesses and the areas they impact.

Ensure your backup environment is set up with an air gap: whether through credentials or by restricting low-level file access from the primary production network environment. If malicious processes cannot connect to or lack permission to access the backups, such a setup can protect these backups from being encrypted.

Advanced VMware Backup Strategies

• VM Replication for near-instant disaster recovery.

• Cloud-based VMware backup for hybrid environments.

• Backup encryption to meet compliance and security standards.

• Deduplication and compression to optimize storage usage.

Next blog will demo how to back up VMware step by step practices

Fix Oracle 19c Database Creation Stuck at 15% 36% 46% – Troubleshooting Guide

Fix Oracle 19c Database Creation Stuck at 15% 36% 46%

 I encountered a small case yesterday and wanted to write it down for reference.

I was creating a new database on a test server today. This test machine already had three instances running, and I planned to add three more. However, the DBCA (Database Configuration Assistant) kept getting stuck at 36% (in CDB mode). If it were a non-CDB setup, it would get stuck at 46%.

Why Does Oracle 19c Database Creation Get Stuck at 15%, 36%, 46%?

When running DBCA (Database Configuration Assistant) in Oracle 19c, many administrators report the setup freezing at 15% progress. This is usually caused by:

• Missing or misconfigured environment variables (ORACLE_HOME, ORACLE_SID)

• Insufficient memory or disk space on the host system

• Listener configuration issues are preventing service registration

• Incorrect database character set or parameters

• Permission problems on Oracle directories

Checking the trace logs, I found that the process halted during the execution of datapatch. 

 
executing datapatch /orabin/product/19.3.0/OPatch/datapatch

The alert log and other logs didn't provide any useful information. After checking MOS (My Oracle Support), I realized the issue was caused by my previous modification to the glogin.sql file—I had altered it to display the current database name and other information upon local login. I had essentially dug my own grave. 

 
vi $ORACLE_HOME/sqlplus/admin/glogin.sql
Add the following parameters
-- Display current database name at login
SELECT 'Connected to database: ' || GLOBAL_NAME AS "Database Name"
FROM GLOBAL_NAME
WHERE ROWNUM = 1
/
-- set prompt to username@SID
SET SQLPROMPT "_USER'@'&_CONNECT_IDENTIFIER> "
-- line break
SET TERMOUT ON

Step-by-Step Fix for Oracle 19c DBCA Stuck

1. The solution was to revert glogin.sql to its original state by deleting or commenting out all manually added content.

2. After making that change, I reran DBCA, and it worked fine.

Note: Modifying glogin.sql can affect patching operations, and it doesn't throw an error—it just gets stuck. So remember this, otherwise you might spend a long time troubleshooting without finding the root cause.

Best Practices for Oracle 19c Installation

• Always run pre-install checks before DB creation.

• Ensure swap memory is properly configured.

• Use AL32UTF8 character set for broader compatibility.

• Keep Oracle patches updated to avoid known bugs.

How to Enable SSH and Shell Services on VMware ESXi – Step-by-Step Guide

Why Enable SSH and ESXi Shell?

By default, VMware ESXi has SSH and Shell services disabled for security reasons. However, enabling them is essential for:

• Advanced troubleshooting (logs, storage, networking)

• Running esxcli and vim-cmd commands

• Performing manual datastore management

• Automating tasks using remote scripts

Three methods to enable SSH and Shell services of VMware ESXi and demonstrate how to log in to ESXi using SSH client software.

Remote access to the ESXi host is a necessary condition for maintaining and managing the VMware environment. You can access the ESXi shell through an SSH (Secure Shell ) client (such as Putty). The service corresponding to SXi's Shell is the Technical Support Mode (TSM) service, and SSH corresponds to the TSM-SSH service. In a production environment, keep SSH (TSM-SSH) and ESXi Shell (TSM) services disabled (Disable) status. Enable these services only when you must access the command line to troubleshoot problems. After troubleshooting, disable these services.

Firstly. Through the ESXi host client (VMware Host Client)

Method 1:

Step 1, Access the management IP address or domain name of the ESXi host, and log in to the host client (VMware Host Client) according to the prompts to enter the ESXi account password.

Step 2, in the ESX host client interface, select "Navigator"->"Host"-> "Manage"-> "Services", scroll down to view the service list, and find TSM(ESXi Shell) and TSM-SSH (SSH)services

Step 3, select "TSM(ESXi Shell)", and then click "Start"

Step 4, Confirm that the status of the TSM service is "Running", ESXi Shell successfully started

Step 5, select "TSM-SSH(SSH)", then click "Start"

Step 6, Confirm that the status of the TSM-SSH service is "Running", and SSH is successfully enabled.

Note: When the ESXi host restarts, SSH/Shell will be automatically disabled. This is the default policy. You can modify the policy to start and stop with the host, as shown in the figure below.

Method 2:

Step 1, Access the management IP address or domain name of the ESXi host, and enter the account password to log in to the host client (VMware Host Client) as prompted.

Step 2, In the host client interface, select "Navigator"->"Host"->"Operation"->"Service"->"Enable Secure Shell (SSH)"

Step 3, Confirm that SSH is enabled

Step 4, in the host client interface, select "Navigator"->"Host"->"Actions"->"Services"->"Enable Console Shell"

Step 5, Confirm that Shell is enabled

Second, through the ESXi host's terminal console (DCUI) interface

Step 1, in the ESXi host Direct Console User Interface (DCUI), press the F2 key to enter the "System Customization" (System Customization) menu

Step 2, Enter the root account password as prompted, and press the Enter key to log in

Step 3, in the "System Customization" (System Customization) interface, select the "Troubleshooting Options" (Troubleshooting) option, and then press the "Enter"  key

Step 4, in the "Troubleshooting Options" (Troubleshooting) option, select "" (Enable ESXi Shell), and on the right side you can see "Enable ESXi Shell"(Enable ESXi Shell), on the right side you can see "ESXi Shell is Disabled" to confirm that the current Shell is disabled. Press "Enter" (Enter) to enable Shell

Step 5, on the right, it shows "ESXi Shell is Enabled", confirming that Shell has been enabled.

Step 6, select "Enable SSH" (Enable SSH), and press "Enter" (Enter) to enable SSH.

Step 7, on the right, it shows "SSH is Enabled", confirming that SSH has been enabled

Third. Through vCenter's vSphere Client

Step 1, Access the vCenter Server's management IP address (vSphere Client) and log in with your account and password as prompted.

Step 2, in the vSphere Client interface, select Host->Configuration->System->Services, find SSH and ESXi Shell, confirm the current status is stopped, then click Start 

Step 3, Confirm the status of ESXi Shell and SSH services is Running, and  confirm successful startup

 Log in to ESXi using SSH client software

Step 1, Open SSH client software (e.g., Putty), enter the ESXi host's domain name or IP address, then click "Open"

Note: The first login will pop up a certificate trust warning interface. Click Accept to trust the certificate.

Step 2, Enter the ESXi host's account and password to log in

Step 3, You can enter commands, for example: vmware -vl to view the current ESXi version

 
vmware -vl

More about VMware ESXi resources can be found here:

Security Best Practices

• Disable SSH when not in use.

• Use firewall rules to restrict access.

• Prefer vSphere CLI or PowerCLI for routine tasks.

• Regularly monitor /var/log/auth.log for suspicious login attempts.

How to Download Dell OEM ESXi from VMware – Step-by-Step Guide

Why Use Dell OEM ESXi?

When installing VMware ESXi on Dell PowerEdge servers, the standard ESXi ISO may not include all required drivers and firmware support. Dell OEM ESXi images are customized builds that include:

• Dell RAID/storage controller drivers

• Network interface drivers

• Dell iDRAC monitoring tools

• Hardware health monitoring integrations

Using the Dell-customized ESXi ISO ensures better compatibility, stability, and performance on Dell servers.

Steps to download Dell OEM VMware ESXI

1. Visit the Broadcom support homepage and log in: https://support.broadcom.com/

2. Click Products —> Software —> VMware Cloud Foundation —> My Downloads

3. On the My Downloads page, enter the keyword "vSphere" in the top right corner, then find VMware vSphere

4. On the VMware vSphere product page, select the vSphere version type, click the arrow on the right, then click the corresponding version

5. On the vSphere version download page, select Custom ISOs, then find the column starting with the OEM manufacturer's name (e.g., "Dell"), and click the arrow on the right

6. On the DELL OEM ESXi page, find the ESXi version you need

Note: The ISO version supports fresh boot installation, while the ZIP format is only for upgrades and does not support boot installation

Best Practices

• Always choose the latest Dell OEM ISO for security and driver updates.

• Check VMware’s Hardware Compatibility Guide (HCL) before installation.

• Keep iDRAC firmware updated for smooth integration.

• After installation, configure Dell OpenManage Integration for VMware vCenter (OMIVV) for advanced monitoring.

Fix VMware ESXi Cannot Recognize Local Storage – Causes & Solutions

Basic Information: A Dell PowerEdge R640 server equipped with a PERC H330 RAID controller. It has two 240GB SSDs and one 1TB HDD connected. All three drives are set to Non-RAID mode on the RAID controller (meaning they are not configured in a RAID array). In the ESXi system, the customer created three independent datastores using these three drives, with the ESXi system itself installed on the 1TB HDD.

Problem Description: A customer recently powered down the server to add memory modules. After the memory upgrade was complete, the host booted up normally, and they logged into the ESXi client, but encountered a serious issue: all the virtual machines on this ESXi host had "disappeared." It could not recognize any datastores, and couldn't even see the disk devices.

Why ESXi Cannot Recognize Local Storage

Sometimes during VMware ESXi installation or upgrade, the host may fail to detect local disks (SATA, NVMe, RAID). This prevents admins from creating a local datastore for VMs.

Common causes:

• Unsupported storage controller (RAID/SATA/NVMe not on HCL).

• Driver missing in ESXi installation ISO.

• BIOS/UEFI settings misconfigured (AHCI/RAID mode).

• Disk partitions left from old OS installations.

• Corrupted or hidden datastore signatures.

Troubleshooting Analysis:

(1) Accessed iDRAC to check hardware status; there were no hardware error logs, and all drive statuses were normal.

(2) Checked the RAID controller driver installation status; the driver was already installed.

(3) Used the esxcli command line to check, but it also failed to recognize the RAID controller and disk devices.

 
[root@vmnote:~] esxcli storage core adapter list
HBA Name  Driver    Link State  UID                                   Capabilities         Description
--------  --------  ----------  ------------------------------------  -------------------  -----------
vmhba0    qedf      link-down   fc.2000f4e9d4ea7b34:2001f4e9d4ea7b34  Second Level Lun ID  (0000:19:00.4) QLogic Corp. QLogic FastLinQ QL41xxx Series 10/25 GbE Controller (FCoE)
vmhba2    vmw_ahci  link-n/a    sata.vmhba2                                                (0000:00:11.5) Intel Corporation Lewisburg SATA AHCI Controller
vmhba3    vmw_ahci  link-n/a    sata.vmhba3                                                (0000:00:17.0) Intel Corporation Lewisburg SATA AHCI Controller
[root@vmnote:~]
[root@vmnote:~] esxcli storage core device list
[root@vmnote:~]

(4) Checked the PCIe hardware recognized by ESXi and found the H330's passthrough status was "Active."

Solution:

Changed the H330's status from "Active" to "Disabled," and after rebooting the ESXi host, the problem was resolved.

Best Practices to Avoid ESXi Storage Issues

• Always use VMware-certified hardware for local disks.

• Keep firmware & drivers updated.

• Backup & wipe old partitions before ESXi install.

• For production, prefer shared storage (SAN/NAS) over local disks.

How to Solve ESXi 7.0 System Storage Full Issue – Free Up & Manage Space

The system storage partitioning of ESXi 7.0, among which the ESX-OSData partition occupies 120GB of storage space, which mainly serves as a unified location for storing other modules, not for booting and virtual machines. The /scratch partition, VMware Tools locker partition, and core dump target partition of old versions (versions before 7.0) are all integrated into the ESX-OS Data partition. The ESX-OSData partition reserves such a large space for future versions to add features.

Why Does ESXi 7.0 System Storage Fill Up?

When running VMware ESXi 7.0, administrators may face an error where the system storage or datastore becomes fully occupied. This issue can prevent new VMs from running, prevent snapshots from being created, or even affect host stability.

Common causes include:

• Old snapshots were not deleted properly.

• Large log files are consuming space in /var/log/.

• Core dump files are generated after host issues.

• ISO images left unused in the datastore.

• Misconfigured scratch partitions or temp files.

Use the df -h command to see that the current 7.0 version of ESX-OSData partition actually only uses 2.8 GB of storage space

After installing ESXi on my 150 GB test disk, the actual space available for virtual machines is only 22 GB. If your ESXi installation disk is less than 128 GB or does not have a VMFS partition, you will need an additional storage volume to create and run virtual machines.

If you have 10 TB of storage, you might think that 120 GB is nothing, just let it be. But if your Home Lab resources are already limited, and your 300 GB storage is directly occupied by half of the system's storage space, what resources do you have left for experiments? Is there any way to reduce the system footprint of ESXi?

The answer is certainly yes, there are two solutions, one officially supported and the other unofficially supported.

Officially supported solutions

In ESXi 7.0 Update 1c, the boot option systemMediaSize was added. This option allows you to customize the space used by the system storage during ESXi installation and better match the server's purpose and size. If this option is not used, the default system occupied space is 128GB. You can use the command systemMediaSize=min/small/max to set the ESXi system storage usage space. The detailed parameters are as follows:

• min (32 GB, for single disk or embedded server)

• small (64 GB, for servers with at least 512 GB RAM)

• default (128 GB)

• max (for multi-TB servers, using all available space)

In my test environment, I used 150 GB of storage without enabling the systemMediaSize option, and ESXi 7.0 was installed by default. The system occupied 128 GB, and the VMFS Datastore occupied 22 GB. The storage partition is shown in the figure below:

The detailed steps are as follows:

1. Mount the installation image to boot the host. When the ESXi installer window appears, press Shift+O (it's the English letter O, not the Arabic numeral 0) on the keyboard within 5 seconds to edit the boot options.

2. After pressing Shift+O, you don't need to worry about the default content that appears. Just press the spacebar, then enter systemMediaSize=min/small/max, for example,systemMediaSize=min. 

 
systemMediaSize=min

This will set the ESXi system storage usage to 32 GB. After setting, press Enter on the keyboard. The subsequent installation steps are the same as a normal ESXi installation.

3. After the installation is complete, check the ESXi storage partitions, as shown in the figure below:

Use the esxcli storage filesystem list command to view system storage partitions

 
esxcli storage filesystem list

Use df -h to view storage usage

Summary: When installing ESXi with a 150 GB storage disk, using the systemMediaSize=min command set the system occupancy to 32 GB, of which ESX-OSData only occupied 23.8 GB, freeing up about 100 GB of storage space compared to the previous 120 GB, and VMFS also reached 118 GB, significantly reducing the system's storage footprint.

 Unofficial Solutions

 The officially supported solution above can set the minimum system storage occupancy to 32 GB, but for some users, 32 GB is still too large. There is also an unofficial solution that can use the autoPartitionOSDataSize parameter to set the ESX-OSData partition size.

Disclaimer: This parameter may not be officially supported by VMware, as it deviates from official settings and may lead to other unexpected behaviors. Use at your own risk!!!

The detailed steps are as follows:

1. Mount the installation image to boot the host. When the ESXi installer window appears, press the Shift+O (that's the letter O, not the number 0) key combination within 5 seconds to edit the boot options.

2. After pressing Shift+O, ignore the default content that appears. Just press the spacebar, then enter autoPartitionOSDataSize=xxxx, for example, autoPartitionOSDataSize=8199 (unit is MB), which can set the storage usage of the ESX-OSData partition to 8GB. After setting, press Enter on the keyboard. The subsequent installation steps are the same as a normal ESXi installation.

3. After installation, check the ESXi storage partitions, as shown in the figure below:

Use the esxcli storage filesystem list command to view system storage partitions.

Use df -h to view storage usage.

Summary: Using a 150GB storage disk to install ESXi, the command "autoPartitionOSDataSize=8192" was used to set the ESX-OSData partition storage usage to 8GB. The entire ESXi system only occupies 16GB of storage space, leaving 134GB for VMFS storage, significantly reducing system storage consumption. Although this command doesn't specify a minimum value, by default, with no features enabled, the ESX-OSData partition actually occupies 2.8GB. Therefore, it's recommended not to set this value below 4096.

This article is only recommended for small Home Lab users. The default parameters have been modified, which may create some unknown risks. If used in a production environment, it may cause ESXi to malfunction. Please use with caution!

Best Practices to Prevent ESXi Storage Issues

• Regularly monitor datastore usage via vCenter alarms.

• Implement log rotation to prevent oversized logs.

• Avoid keeping long-term snapshots on production VMs.

• Periodically clean unused ISOs and temp files.

• Use dedicated storage monitoring scripts with PowerCLI.

The official documentation also provides some installation parameters. Here is the official link (https://knowledge.broadcom.com/external/article?legacyId=77009)

 Top VMware Websites & Resources – Official Docs, Downloads, Communities & Tools

This blog provides some commonly used official VMware by Broadcom websites. Since VMware was acquired by Broadcom, some original VMware websites have undergone changes. This article provides the latest URLs. 

Why VMware Websites Matter for IT Admins

VMware administrators often rely on official VMware resources, communities, and online tools for troubleshooting, updates, and learning. Knowing the right websites helps save time and ensures access to accurate technical information.

Commonly Used Official VMware Websites

1. VMware Product Compatibility Guide

https://compatibilityguide.broadcom.com/

This website can be used to query the compatibility of VMware products (e.g., vSphere ESXi) with server hardware, I/O cards, storage arrays, and other devices. It is important information that must be referenced before deploying a new environment or upgrading.

2. VMware Product Upgrade Path

https://interopmatrix.broadcom.com/Upgrade

Before upgrading VMware products, users need to check the upgrade path to see if they can directly upgrade in one go or if they need to upgrade in stages. The figure shows how to query the upgrade path for ESXi. Other VMware products can be switched on the left.

3. VMware Product Interoperability Query

https://interopmatrix.broadcom.com/Interoperability

Before installing some VMware products, you need to check whether the version of the product is compatible with the version of the product to be linked or integrated, such as the compatibility between ESXi and vCenter

4. VMware Product Lifecycle

https://support.broadcom.com/group/ecx/productlifecycle

Used to query the support cycle of VMware products (GA date, General Support expiration date, Technical Guidance expiration date), facilitating enterprises to plan system upgrades and maintenance.

5. VMware Ports and Protocols

https://ports.broadcom.com/home/vSphere

This website is used to query the ports and protocols that need to be opened for VMware solutions, making it convenient for users to configure firewall policies or other network policies.

6. VMware Hands-On LABs

https://labs.hol.vmware.com/hol/catalog

Many VMware beginners, or newcomers to a certain product, want to understand the page layout and operation process of a certain product, but cannot find hardware resources, or have no test authorization, and cannot experience it. At this time, they can go to the Hands-on Lab. Without installing any software, they can experience the practical scenarios of various VMware products online through a browser, which is suitable for learning solutions such as NSX, vSAN, Aria, and Workspace ONE. It is more demanding on network conditions, and using magic can significantly improve fluency.

7. VMware Security Blog

https://blogs.vmware.com/security/

VMware will push some vulnerabilities or security-related announcements. Users need to check the security articles to see if they affect the products they use and determine whether an upgrade is needed.

8. VMware Product Documentation

https://techdocs.broadcom.com/

VMware's official product documentation site. Supports search, version selection, and PDF download, and the content is authoritative and detailed.

9. Omnissa Product Documentation

https://docs.omnissa.com

VMware's original UEM product line (including Horizon, Workspace ONE UEM, etc.) was acquired by Omnissa, and the official website also migrated from VMware to Omnissa.

10. Omnissa Product Download

https://customerconnect.omnissa.com/downloads/#all_products

Omnissa's full product line download website, where you can download solutions, including but not limited to Horizon, WSO UEM, etc.

Some websites for free access to VMware-related resources

1. https://vmpatch.com/

2. http://37.46.117.90:22376/data/ISOs/VMware/

Login with account password required:

 
username：not-he-knows 
password：he-knows-not

Other sites: [BG] 37.46.117.90 

[ES] 194.99.104.35

[NL] 213.152.162.84

[SG] 185.200.116.211

[UA] 62.182.80.97

3. https://nas.hzvcloud.com:5001/sharing/DEdHclZgr

Best Practices for VMware Admins

• Bookmark these official resources for quick reference.

• Use VMware KB before troubleshooting issues.

• Join VMware Communities to stay updated on real-world fixes.

• Regularly check patches & updates via Customer Connect.

The resource websites provided in this article are publicly available resources. If there is any infringement, please contact us to delete them.

If you have any other resource acquisition websites or useful VMware-related websites, you can share them in the comment section for everyone to learn together.

 Use PowerCLI with ESXi-Customizer-PS – Build Custom VMware ESXi ISO Step-by-Step

Why Use ESXi-Customizer-PS with PowerCLI?

VMware ESXi doesn’t always include drivers for new hardware (network cards, storage adapters, etc.). With ESXi-Customizer-PS, you can easily inject drivers, VIBs, or offline bundles into a standard ESXi ISO, creating a custom installer that works on unsupported hardware.

Pairing it with PowerCLI allows administrators to script and automate ISO creation, saving time and ensuring consistency across deployments.

Many users do not check the compatibility of server network cards before purchasing hardware, or encounter errors when installing ESXi on old servers, with No Network Adapters, preventing ESXi from being installed normally

Some users also find that the RAID card is not recognized during installation, which makes it unable to select storage for the ESXi installation.

At this point, you need to manually try the network card, RAID card driver, or the driver offline package or VIB file that needs to be packaged, and use PowerCLI with the ESXi-Customizer-PS script to package the driver into the ESXi offline installation package. The following describes how to use PowerCLI with ESXi-Customizer-PS to inject VIB packages into ESXi offline bundles.

A: Install PowerCLI

For detailed installation methods of VMware PowerCLI, please refer to my previous article:

VMware PowerCLI Super Detailed Tutorial

B: Package the driver into the ESXi installation package

After installing PowerCLI, an error occurred when trying to package the device driver VIB into the ESXi file. The log shows that the VMware.ImageBuilder module in PowerCLI 13 depends on Python versions 3.7.1-3.12, so the Python environment needs to be installed first.

First: Install Python environment

1. Visit the Python official website to download the Python installation package (versions 3.7.1-3.12). Here, Python 3.9 is taken as an example. Click Install Now, then remember the installation path and check the bottom option "Add Python 3.7 to PATH", automatically configure the environment variables, no manual configuration required

https://www.python.org/downloads/release/python-379/

2. Wait for the installation to complete, and click Close to finish

3. Switch to the Python installation path (replace [python3.7-directory] with the Python installation path), use the following command to upgrade pip online, or download pip offline for installation, which is not demonstrated here

 
[python3.7-directory]\python.exe -m pip install --upgrade pip

4. Install necessary components using the command pip install six psutil lxml pyopenssl

 
[python3.7-directory]\Scripts\pip3.7.exe install six psutil lxml pyopenssl

Wait for the installation to complete

5. Configure the Python 3.7 path in PowerShell using the command Set-PowerCLIConfiguration -PythonPath C:\Users\admin\AppData\Local\Programs\Python\Python37\python.exe -Scope User (where C:\Users\admin\AppData\Local\Programs\Python\Python37\ is replaced with your actual Python installation path)

Second, start encapsulating ESXi

1. Get the latest version of ESXi-Customizer-PS

https://github.com/VFrontDe-Org/ESXi-Customizer-PS

2. Transfer ESXi-Customizer-PSscripts, device drivers, VIB or ZIP files, and ESXi ZIP packages into the same folder (VIB files can be placed in a separate subfolder)

3. Open PowerShell, switch to the folder where the script and driver are placed

4. Run the following command to package the vib file into the ESXi offline package

 
.\ESXi-Customizer-PS-2.9.ps1 -izip .\VMware-ESXi-7.0U3w-24784741-depot.zip -pkgDir .\vib -nsc

Because the vib file of a driver is randomly selected in this experimental environment, there may be some warnings along the way. This article aims to introduce the operating steps. Please download the driver file according to the actual situation.

(If the requirements are different, you can refer to this website https://www.v-front.de/p/esxi-customizer-ps.html#download, query other different usages of ESXi-Customizer-PS)

5. After the program finishes running, a packaged ISO file is generated in the same directory.

6. Validate the Custom ISO

Test deployment in a VMware Workstation VM or lab server before production use.

Best Practices

• Always use official VMware VIBs and drivers to avoid compatibility issues.

• Keep a copy of the original ISO for fallback.

• Document your customization steps for future builds.

• Regularly update ESXi-Customizer-PS and PowerCLI for compatibility.

Before purchasing or upgrading a server, highly recommended to visit the official VMware by Broadcom website (https://compatibilityguide.broadcom.com/) to check hardware compatibility before proceeding, to avoid creating problems for the future production environment.

 VMware PowerCLI Super Detailed Tutorial – Complete Guide with Commands & Examples

What is VMware PowerCLI?

VMware PowerCLI is a command-line and scripting toolset provided by VMware, based on Windows PowerShell, specifically designed for managing and automating VMware virtualization environments (such as vSphere, vCloud, vSAN, etc.). It achieves comprehensive control over ESXi hosts and vCenter Server by calling the vSphere Web Services API, making it a core tool for IT administrators to improve operational efficiency.

VMware PowerCLI is a powerful command-line tool built on Microsoft PowerShell that allows administrators to automate VMware vSphere environments. With PowerCLI, you can manage ESXi hosts, vCenter, virtual machines, storage, and networking through scripts instead of manual tasks.

Core Functions and Application Scenarios of VMware PowerCLI:

1. Infrastructure Automated Deployment

• Batch creation of data centers, clusters, and resource pools:

  
New-Datacenter -Name "NYC_DataCenter" #Create data center
New-Cluster -Name "Cluster" -HAEnabled -DRSEnabled #Cluster with HA and DRS enabled

• Automatically add ESXi hosts to clusters, supporting rapid SSL certificate integration (**Force** parameter)

2. Virtual Machine Full Lifecycle Management

• Virtual machine creation/cloning/deletion, hardware configuration (CPU/memory/disk expansion)

• Snapshot management (creation, restoration, deletion) and VMware Tools updates

3. Resource Optimization and Monitoring

• Fine-grained allocation of CPU, memory resource pools (e.g., **New-ResourcePool**)

• Collect performance data and generate HTML reports to achieve capacity planning and fault early warning

4. High Availability and Disaster Recovery

• Configure cluster high availability (HA) policies (e.g., fault tolerance level **HAFailoverLevel 2**)

• Integration with Site Recovery Manager (SRM), scripted custom disaster recovery plans

5. Network and Storage Management

• Distributed Switch (vDS) configuration, port group policy management (**VMware.VimAutomation.Vds** module)

• Storage policy automation, datastore monitoring (**VMware.VimAutomation.Storage** module)

 Offline Installation of PowerCLI

Offline installation of PowerCLI requires administrators to manually download the installation package and install it using the provided commands. This is suitable for environments without network access or with poor network conditions.

1. Before installing PowerCLI, check the Broadcom product interoperability matrix to see which version of PowerCLI is compatible with your actual VMware products.

https://interopmatrix.broadcom.com/Interoperability

2. After determining the PowerCLI version to install, go to the Broadcom official website to download PowerCLI (requires logging in with a Broadcom account to download). For this experimental environment, the latest version PowerCLI 13.3  is selected.

https://developer.broadcom.com/tools/vmware-powercli/latest

If you want to download other versions, you can select them as needed in the upper-right corner of the page.

3. After the download is complete, unzip the ZIP package.

4. Open PowerShell as an administrator and use the following command to check the PowerShell module path:$env: PSModulePath

 
$env: PSModulePath

5. This command will output all PowerShell module paths (each path separated by a;sign). Select one of them and open the path in File Explorer.

6. Copy and paste all files unzipped from the ZIP file into one of PowerShell's module paths.

7. First, use the cd command to switch to the path where the PowerCLI module is located, i.e., where the unzipped files were pasted, such as C:\Program\WindowsPowerShell\Modules. Then use Get-ChildItem * -Recurse | Unblock-File to unblock these files to prevent PowerShell from distrusting these PowerCLI modules.

 
cd C:\Program\WindowsPowerShell\Modules
Get-ChildItem * -Recurse | Unblock-File

8. You can use the Get-Module -Name VMware.PowerCLI* -ListAvailable command to verify if the PowerCLI module is available.

 
Get-Module -Name VMware.PowerCLI* -ListAvailable

Online installation of PowerCLI

To install VMware PowerCLI online, only one command is needed, but it heavily relies on the network environment.

1. Open PowerShell as an administrator, then run the PowerCLI online installation command.

 
Install-Module VMware.PowerCLI

2. During the installation, some authorization operations will be prompted. Allow all of them and wait for the installation to complete.

At this point, VMware PowerCLI is installed! If you have any questions, feel free to ask in the comments below.

Advanced PowerCLI Use Cases

• Automating VM provisioning

• Generating inventory reports (CPU, memory, storage usage)

• Managing datastores and snapshots

• Performing bulk configuration changes

• Automating disaster recovery tasks

Best Practices for PowerCLI

• Use descriptive script names for easy maintenance.

• Run scripts in a test environment before production.

• Store credentials securely instead of plain text.

• Keep PowerCLI updated to match vSphere versions.

Using VMware Snapshots as Backups – Risks, Best Practices & Alternatives

A bloody lesson! Using VMware snapshots as backup, the business collapsed for 12 hours...

At 3 AM, a piercing alarm suddenly blared in the server room. Operations engineer Xiao Chen sprang up from in front of the monitor screen — the database server of the core business system was completely offline, and the cashier systems of hundreds of stores instantly crashed. No one expected that the source of this 12-hour business disaster was a VMware snapshot, which was treated as an "all-purpose backup."

The story goes back a week. To test new features, the technical team created 3 snapshots on the database server, intending to delete them immediately after testing. But in the rush to meet project deadlines, everyone completely forgot about it. As the snapshot chain grew longer and longer, the performance of the virtual disk quietly began to decline, until one morning, the disk space was completely occupied by snapshot files, and the system directly crashed with a blue screen.

What's worse, the team had always treated snapshots as formal backups. When they found the main system down, they were dumbfounded when they tried to restore the snapshot. The longest snapshot had existed for 7 days, and the accumulated business data from that period had not been synchronized at all. Restoring it meant losing 30% of the transaction records. Even more frustrating, during the snapshot restoration process, file fragmentation errors occurred on the virtual disk, and it took 5 hours just to fix them.

Are VMware Snapshots Backups?

A VMware snapshot captures the state of a virtual machine at a given point in time. While snapshots are useful for testing, patching, and short-term recovery, they are not designed as a long-term backup solution.

Many admins mistakenly rely on snapshots as backups, which can lead to storage issues, data corruption, and performance degradation.

In fact, this is not an isolated case. VMware snapshots are essentially "state freezing tools. "They are like taking an instant photo of a virtual machine, but they cannot replace professional backup:

• Performance Killer

More than 2 snapshot chains can cause IO performance to plummet by 50%. If they exist for more than 3 days, they may trigger a disk fragmentation storm. Even deleting snapshots may lead to the risk of virtual machine consolidation snapshots becoming unusable.

• Data Trap

Snapshot files are tightly bound to the source disk. Once the source disk is damaged, the snapshot will also be rendered useless.

• Capacity Bomb

Dynamically growing snapshot files can consume an entire storage pool within hours, especially in high-frequency read/write scenarios like databases.

The correct approach should be: Snapshots are only for short-term testing (recommended not to exceed 24 hours), combined with scheduled backup tools for complete data protection. After each snapshot creation, set up automatic deletion reminders and check snapshot cleanup weekly.

The direct loss caused by that downtime ultimately exceeded one million, and the team immediately formulated a "Snapshot Lifecycle Management Specification."

Remember: Snapshots are emergency bandages, not long-term safes. Relying on snapshots for backup will sooner or later cost you for that.

Risks of Using VMware Snapshots as Backups

• Storage Bloat: Snapshots grow over time and consume large amounts of disk space.

• Performance Issues: Multiple snapshots can slow down VM performance.

• Data Loss Risk: If the base disk becomes corrupted, restoring from snapshots may fail.

• Unsupported for Long-Term Retention: VMware explicitly advises against using snapshots as backups.

Best Practices for Using VMware Snapshots

• Use snapshots only for short-term testing and before risky changes.

• Delete snapshots after verification to avoid storage problems.

• Limit to 1–2 snapshots per VM whenever possible.

• Monitor datastore usage to avoid unexpected out-of-space errors.

Interactive at the end of the blog: What virtualization backup pitfalls have you encountered? Share your solutions in the comments below. 

 Fix VMware vCenter 503 Service Unavailable Error – Step-by-Step Troubleshooting Guide

Whether in a production or test environment, everyone often overlooks the vCenter certificate expiration date, leading to situations where vCenter suddenly reports an error when managing hosts or VMs, preventing normal access to the vCenter web console.503 error, unable to enter the vCenter web console normally

When accessing vCenter via a web browser, an error is reported: 503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x0000563fa6eb6ac0] _serverNamespace = / action = Allow _pipeName =/var/run/vmware/vpxd-webserver-pipe), no matter how many times vCenter is restarted, it doesn't help. Restarting all vCenter services also doesn't bring them up.

Problem Analysis:

A vCenter 503 error typically indicates that critical vCenter Server services, such as vpxd, have not been started. At this point, you can prioritize checking if the vCenter certificate has expired. Since the vCenter web console is inaccessible, you can only check and fix it via the shell.

What Causes the vCenter 503 Service Unavailable Error?

The 503 Service Unavailable error in VMware vCenter typically occurs when the vSphere Web Client cannot connect to backend services. Common causes include:

• vCenter Server services stopped or failed to start.

• Database connectivity issues.

• Resource exhaustion (CPU, RAM, or disk).

• SSL/TLS certificate misconfigurations.

• Damaged or outdated vCenter installation.

Solution:

Before you start: It is recommended to take a snapshot of the virtual machine before making any changes to it!

1. Access vCenter's FQDN or IP address plus port 5480 in your browser (e.g., https://vc.lab.local:5480 or https://192.168.1.1:5480). In the left navigation bar, click "Access", and enable the "SSH Login" function in the "Edit" section on the right.

2. Use WinSCP or other SCP tools to upload the checksts.py certificate detection tool (available at the end of this article) to the /tmp directory of vCenter. If WinSCP reports an error during upload, such as "Received too large (1433299822 B) SFTP packet. Max supported packet size is 1024000 B", first SSH into vCenter and run the following command, then try uploading again:

  
chsh -s /bin/bash root

3. Run the script to check the certificate status

  
cd /tmp
python checksts.py

As shown in the figure above, there are two expired certificates in "EXPIRED CERTS", which prevent vCenter from starting normally.

4. If expired certificates are found, you need to upload the fixsts.sh certificate repair tool (this tool can be obtained at the end of the article) to the /tmp directory via WinSCP to repair the certificates.

  
cd /tmp
chmod 777 fixsts.sh
./fixsts.sh
service-control --stop --all && service-control --start --all

5. After waiting for some time, re-access the vCenter URL in the browser, and you can log in normally.

6. If vCenter has not recovered after the above operations, you can try to use the VMCA tool to update all certificates. First, log in to the vCenter shell and run the following command:

  
/usr/lib/vmware-vmca/bin/certificate-manager

Type the number 8, press Enter, and enter the following information as appropriate to update all certificates:

  
Please configure certool.cfg file with proper values before proceeding to next step.
Press Enter key to skip optional parameters or use Default value.
Enter proper value for 'Country' [Default value : US] : Press Enter for default
Enter proper value for 'Name' [Default value : CA] : Press Enter for default
Enter proper value for 'Organization' [Default value : VMware] : Default enter to confirm
Enter proper value for 'OrgUnit' [Default value : VMware Engineering] : Default enter to confirm
Enter proper value for 'State' [Default value : California] : Default enter to confirm
Enter proper value for 'Locality' [Default value : Palo Alto] : Press Enter for default
Enter proper value for 'IPAddress' [optional] : Enter vCenter IP address
Enter proper value for 'Email' [Default value : email@acme.com] : Press Enter for default
Enter proper value for 'Hostname' [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.example.com] : If vCenter has an FQDN, enter the FQDN; if it's an IP installation, enter the IP
Enter proper value for VMCA 'Name': (Note: This information will be requested from vCenter Server 6.0 U3, 6.5 and later builds, you may use the FQDN/PNID of vCenter Server for this field. It will be used as a Common Name for the VMCA Root Certificate) input vCenter IP

Best Practices to Avoid Future 503 Errors

• Regularly update vCenter Server to the latest stable build.

• Monitor resource usage with vSphere monitoring tools.

• Schedule service restarts during maintenance windows.

• Back up the vCenter database and configuration before upgrades.

Official reference links:

https://knowledge.broadcom.com/external/article?articleNumber=337535

https://knowledge.broadcom.com/external/article/318968

https://knowledge.broadcom.com/external/article?articleId=318767

https://knowledge.broadcom.com/external/article?legacyId=76719

The mentioned checksts.py and fixsts.sh tools. Follow the official account and reply with [503] to get them.