VMware ESXi Comprehensive Cheatsheet

1. Installation and Initial Setup

Pre-Installation Requirements

• Supported hardware: 64-bit x86 processors with virtualization support (Intel VT-x or AMD-V required)
• ESXi 8.0 U3 minimum requirements:
  • 2 CPU cores (CPUs released in 2006 or earlier are not supported; see VMware Compatibility Guide)
  • 8GB RAM minimum (16GB+ recommended for production)
  • 32GB persistent boot device; 128GB+ recommended for ESX-OSData partition
  • Boot device should be SSD/NVMe or local HDD (USB/SD-card-only boot is deprecated as of ESXi 7.0 U3 and not recommended)
  • Network adapter on the VMware Compatibility Guide (HCL)
• TPM 2.0 recommended for host attestation and key persistence
• UEFI Secure Boot recommended

Installation Steps

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# Boot from ESXi 8.x installation media (ISO or vSphere Lifecycle Manager image)
# Follow wizard for:
# - Language and keyboard layout
# - EULA acceptance
# - Installation destination (boot device)
# - Root password (must meet complexity requirements: 8+ chars, mixed classes)

# Post-installation initial configuration via ESXi Shell / DCUI
esxcli system hostname set --host=esxi-01
esxcli network ip interface ipv4 set -i vmk0 -t static -I 192.168.1.100 -N 255.255.255.0 -g 192.168.1.1
esxcli network ip dns server add --server=192.168.1.10

# Configure NTP (chrony/ntpd) — required before joining vCenter
esxcli system ntp set --enabled=true --server=pool.ntp.org

Note: The standalone Windows vSphere Client and Adobe Flash–based Web Client were removed in vSphere 6.7. All management is via the HTML5 vSphere Client or the ESXi Host Client.

2. ESXi Web Interface Navigation

Access Methods

• Direct ESXi Host Client (HTML5): https://[ESXi-IP]/ui
• vCenter HTML5 vSphere Client: https://[vCenter-FQDN]/ui
• vCenter Server Appliance Management Interface (VAMI): https://[vCenter-FQDN]:5480
• Developer Center / API Explorer: https://[vCenter-FQDN]/ui/app/devcenter

Key Dashboard Sections

• Host: Overview of host resources, hardware, and licensing
• Virtual Machines: VM inventory and lifecycle management
• Storage: Datastores, adapters, and devices
• Networking: vSwitches, port groups, and physical NICs
• Monitor: Performance charts, tasks, events, and hardware health

3. Virtual Machine Management

Supported Virtual Hardware

• ESXi 8.0 U3 supports up to virtual hardware version 21
• Hardware version 21 features: up to 960 vCPUs, 24 TB vRAM, NVMe 1.3 controllers, vTPM 2.0, virtual Watchdog Timer
• Use the latest compatible hardware version supported by your vCenter/ESXi mix

VM Creation

1
2
3
4
5
6
# CLI: create a thin-provisioned VMDK
vmkfstools -c 40G -d thin /vmfs/volumes/datastore1/vm01/vm01.vmdk

# Register an existing VMX
vim-cmd solo/registervm /vmfs/volumes/datastore1/vm01/vm01.vmx

Host Client Steps:

1. Virtual Machines > Create / Register VM
2. Select creation type (new, from OVF/OVA, or register existing)
3. Name VM and select compatibility (hardware version)
4. Select guest OS family and version
5. Select storage (datastore)
6. Customize hardware (CPU, memory, disk, NIC, TPM, etc.)
7. Review and finish

VM Configuration Commands

1
2
3
4
5
6
# PowerCLI 13.x (cross-platform; install via: Install-Module VMware.PowerCLI)
Set-VM -VM "VMName" -NumCpu 4 -MemoryGB 16 -Confirm:$false

# Upgrade VM hardware compatibility
Set-VM -VM "VMName" -HardwareVersion vmx-21 -Confirm:$false

VM Cloning

1
2
3
# CLI clone of a VMDK
vmkfstools -i /vmfs/volumes/ds1/template/template.vmdk /vmfs/volumes/ds1/new-vm/new-vm.vmdk -d thin

1
2
3
# PowerCLI full clone (requires vCenter)
New-VM -Name "vm02" -VM "vm01-template" -Datastore "ds1" -VMHost "esxi-01"

4. Storage Management

Datastore Operations

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# List datastores and filesystems
esxcli storage filesystem list

# Mount NFS v3 datastore
esxcli storage nfs add -H 192.168.1.50 -s /volume1/data -v nfs-datastore

# Mount NFS v4.1 datastore (supports Kerberos and multipathing)
esxcli storage nfs41 add -H 192.168.1.50 -s /volume1/data -v nfs41-datastore

# Create a VMFS6 datastore (VMFS5 is deprecated; new datastores must be VMFS6)
vmkfstools -C vmfs6 -b 1m -S new-datastore /vmfs/devices/disks/naa.xxxxx:1

# Rescan storage adapters
esxcli storage core adapter rescan --all

vSAN and vVols

• vSAN ESA (Express Storage Architecture) is the recommended deployment on all-NVMe hardware in vSAN 8
• vSAN OSA (Original Storage Architecture) remains supported for hybrid/legacy hardware
• vSphere Virtual Volumes (vVols) with VASA 4.0 supports stretched clusters and NVMe-oF arrays

5. Networking Configuration

vSwitch Creation

1
2
3
4
5
6
7
8
9
# Create standard vSwitch
esxcli network vswitch standard add -v vSwitch1

# Add physical uplink
esxcli network vswitch standard uplink add -v vSwitch1 -u vmnic1

# Create port group
esxcli network vswitch standard portgroup add -v vSwitch1 -p "Management Network"

VLAN Configuration

1
2
3
# Set VLAN ID on a port group
esxcli network vswitch standard portgroup set -p "VLAN10" --vlan-id 10

Distributed Switches & NSX

• vSphere Distributed Switch (VDS) is required for NSX, vSAN stretched clusters at scale, and centralized policy management
• Current VDS version in ESXi 8.0 U3 is 8.0.0; managed exclusively from vCenter
• NSX-T has been renamed VMware NSX (4.x) and replaces NSX-V (end-of-general-support)

6. Resource Management

CPU and Memory Allocation

1
2
3
4
5
6
7
8
# PowerCLI: set per-VM reservations/limits/shares
Get-VM "VMName" | Get-VMResourceConfiguration |
  Set-VMResourceConfiguration -CpuReservationMhz 2000 -MemReservationGB 4 -CpuSharesLevel High

# Resource pool example
New-ResourcePool -Name "Prod-Tier1" -Location (Get-Cluster "Cluster01") `
  -CpuReservationMhz 8000 -MemReservationGB 32

DRS and HA

• vSphere DRS uses a workload-centric scoring model (VM DRS Score) — review scores rather than legacy migration thresholds alone
• vSphere HA supports VM Component Protection (VMCP), Proactive HA, and orchestrated restart dependencies

7. Host Management and Monitoring

System Logs

1
2
3
4
5
6
7
8
9
10
# Key log files
cat /var/log/vmkernel.log     # VMkernel events
cat /var/log/hostd.log        # Host agent
cat /var/log/vpxa.log         # vCenter agent
cat /var/log/vobd.log         # VMkernel observation events

# Configure remote syslog (recommended for persistent retention)
esxcli system syslog config set --loghost='tcp://syslog.example.com:514'
esxcli system syslog reload

Performance Monitoring

1
2
3
4
5
6
7
# Real-time performance
esxtop            # interactive
esxtop -b -n 5 > perf.csv   # batch capture

# vm-support bundle for VMware GSS
vm-support

8. Backup and Snapshot Operations

Snapshot Management

1
2
3
4
5
6
7
8
9
10
# List VMs and IDs
vim-cmd vmsvc/getallvms

# Create snapshot (name, description, includeMemory, quiesce)
vim-cmd vmsvc/snapshot.create <VMID> "SnapshotName" "Description" 1 0

# Revert / remove
vim-cmd vmsvc/snapshot.revert <VMID> <SnapshotID>
vim-cmd vmsvc/snapshot.removeall <VMID>

Caution: Snapshots are not backups. Keep snapshot chains short (≤72 hours, ≤2–3 levels) and use a proper backup product (Veeam, Vinchin, NAKIVO, VMware Live Recovery, etc.) for data protection.

9. vCenter Integration

Adding Host to vCenter

1. vSphere Client > Hosts and Clusters
2. Right-click datacenter/cluster > Add Host
3. Enter FQDN and root credentials; accept thumbprint
4. Assign license (vSphere Standard, vSphere Foundation, or VMware Cloud Foundation subscription)
5. Choose lockdown mode and VM location

Licensing note: Following the Broadcom acquisition, perpetual ESXi/vSphere licenses are no longer sold. VMware now offers subscription bundles — primarily VMware vSphere Foundation (VVF) and VMware Cloud Foundation (VCF) — plus vSphere Standard and vSphere Essentials Plus SKUs for smaller deployments. The standalone "free ESXi" hypervisor was discontinued in early 2024 and reintroduced for non-production use in 2025 — confirm current entitlements in the Broadcom Support Portal.

vCenter Server Appliance (VCSA)

• vCenter is delivered exclusively as the Photon OS-based VCSA; the Windows installer was removed in vSphere 7.0
• Lifecycle managed via vSphere Lifecycle Manager (vLCM) using cluster images (replaces legacy VUM baselines)

10. Security Configuration

Firewall Management

1
2
3
4
5
6
7
8
9
10
# List rulesets
esxcli network firewall ruleset list

# Enable / disable a ruleset
esxcli network firewall ruleset set --ruleset-id=sshServer --enabled=true

# Restrict allowed IPs for a ruleset
esxcli network firewall ruleset allowedip add --ruleset-id=sshServer --ip-address=192.168.1.0/24
esxcli network firewall ruleset set --ruleset-id=sshServer --allowed-all=false

SSH and Shell Access

1
2
3
4
5
6
# SSH and ESXi Shell should remain disabled except for active troubleshooting
esxcli system services ssh set --enabled=true
/etc/init.d/SSH start

# Configure lockdown mode (Normal or Strict) — managed via vCenter

Hardening Highlights

• Enable UEFI Secure Boot and TPM 2.0 attestation
• Use vSphere Native Key Provider (NKP) or external KMS for VM encryption and vTPM
• Enforce Execute Disable (Execute Disable/NX) and patch promptly (VMSA advisories)
• Replace self-signed certificates via VMware Certificate Authority (VMCA) or an enterprise CA
• TLS 1.2 is the minimum; TLS 1.0/1.1 are disabled by default

11. Performance Optimization

Best Practices

• Stay on the latest ESXi 8.0 Update and patch level
• Enable Hyper-Threading; review side-channel mitigations (e.g., HTAware) for sensitive workloads
• Ensure NUMA alignment — size vCPUs/vRAM within a single NUMA node when possible
• Use NVMe/SSD tiers for vSAN ESA and high-I/O workloads
• Configure proper power policy (High Performance in BIOS and ESXi for latency-sensitive VMs)
• Use Paravirtual SCSI (PVSCSI) or NVMe controllers and VMXNET3 adapters

12. Troubleshooting

Common Diagnostic Commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Hardware health
esxcli hardware health summary get   # availability varies by vendor CIM provider
esxcli hardware platform get

# Network connectivity
vmkping -I vmk0 192.168.1.1
vmkping -I vmk1 -d -s 8972 10.10.10.1   # MTU 9000 jumbo-frame test

# Storage paths
esxcli storage nmp device list
esxcli storage core path list

# Time synchronization (ESXi uses chrony by default in 7.0+ / 8.0)
chronyc tracking
chronyc sources

13. PowerCLI and Automation

PowerCLI (current: 13.x, cross-platform on PowerShell 7)

1
2
3
4
5
6
7
8
9
10
11
12
13
# Install / update
Install-Module VMware.PowerCLI -Scope CurrentUser
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

# Connect
Connect-VIServer vcenter.example.com

# Inventory snapshots older than 7 days
Get-VM | Get-Snapshot | Where-Object { $_.Created -lt (Get-Date).AddDays(-7) }

# Bulk restart
Get-Cluster "Production" | Get-VM | Restart-VMGuest -Confirm:$false

Other Automation Options

• govc — Go-based CLI for vSphere REST/SOAP APIs
• Terraform vSphere provider — declarative infrastructure as code
• Ansible community.vmware collection — playbook-driven configuration
• vSphere Automation SDKs for Python, Java, .NET, Go, REST
• Image Builder and vSphere Lifecycle Manager (vLCM) for cluster image management

14. Production Environment Best Practices

1. Standardize host configuration via vLCM cluster images and Host Profiles
2. Implement change management and maintenance windows (use DRS + vMotion for zero-downtime)
3. Patch on a monthly cadence; monitor VMware Security Advisories (VMSA)
4. Capture baselines with vRealize/Aria Operations or third-party monitoring
5. Implement an independent backup strategy (3-2-1) and test restores quarterly
6. Use vCenter Enhanced Linked Mode and HA for management-plane resilience
7. Forward logs and audit events to a SIEM
8. Conduct regular security audits aligned with the vSphere Security Configuration Guide

15. Lifecycle, EOL, and Migration Notes

• vSphere/ESXi 7.0 reached End of General Support on 2 April 2025; plan upgrades to 8.0 U3 or later
• vSphere/ESXi 6.5/6.7 are End of Technical Guidance — no patches, including for security
• VMFS5 datastores are deprecated; migrate workloads to VMFS6 (no in-place upgrade — Storage vMotion to a new VMFS6 datastore)
• NSX-V is end-of-support — migrate to NSX 4.x
• vRealize Suite has been rebranded as VMware Aria (Aria Operations, Aria Automation, Aria Operations for Logs, etc.)
• Following Broadcom's acquisition of VMware, product packaging is consolidated under VMware Cloud Foundation (VCF) and VMware vSphere Foundation (VVF) subscription bundles — verify entitlements before upgrading

Disclaimer: Always validate commands and procedures in a non-production environment first, and consult the official VMware/Broadcom documentation for your exact build.