Installation Guide
Selecting hypervisor security level for CloudSystem installation
You can select one of three security options when you run the csstart setup assistant.
• Enable full security checks. When csstart runs, it validates certificates to ensure that it is
accessing the correct hypervisor. In an ESX environment, csstart searches for the stored
vCenter Server certificate and matches it to the vCenter Server defined in the installation setup.
The stored certificate file must have the hypervisor’s certificate along with the complete signing
authority chain, unless it is a valid, self-signed certificate. The name of the stored certificate
file is specified using the --os-cacert <filename> command from the csstart CLI. If
csstart cannot open the file or validate the certificate, then it will fail.
The Foundation base appliance also verifies certificates before starting up each additional
virtual appliance.
See csstart commands (page 63).
• Disable security checks for csstart, but enable security when creating the remaining virtual
appliances. When csstart runs, it injects the certificate into the Foundation base appliance,
but does not try to verify vCenter Server. When the additional virtual appliances are created
by the Foundation base appliance, the certificate is used to verify that the correct hypervisor
is used. This is selected by running --auto-accept-cert from the command line, or by
running the csstartgui-auto-accept.bat file to start the installation setup assistant on Windows.
See csstart commands (page 63).
• Disable security checks. When csstart runs, it does not verify the SSL certificate from the
hypervisor. The Foundation base appliance does not perform security checks when starting
up the other virtual appliances. This is selected by running --insecure from the command
line, or by running the csstartgui-insecure.bat file to start the installation setup assistant on
Windows.
See csstart commands (page 63).
See also
• Using the csstart CLI to install the Foundation base appliance (page 64)
• Troubleshoot installation issues (page 52)
Configuring the Foundation base appliance on ESX
Read the following important notes before configuring the Foundation base appliance.
Table 13 Important CloudSystem configuration information
Why it mattersImportant to know
Data records can get out of sync between appliances when
time is not set to automatically sync with the NTP server. If
HP recommends that you sync the management hypervisor
with a good set of external NTP servers. If CloudSystem is
the Foundation and Enterprise appliance date/time is outdeployed on ESX, configure the Foundation and Enterprise
of sync, then you will not be able to create designs in HP
CSA.
appliances to sync with the same NTP servers configured
for the ESX hosts.
The FQDN is necessary when attaching block storage
volumes using the 3PAR storage system.
The management hypervisor must be configured with a
FQDN (not an IP address).
csstart looks for appliance image names at random
and could select the wrong image. Using different
You cannot have multiple copies of an appliance image
stored in vCenter Server.
datastores or different folders does not resolve the issue.
If you need two copies of an appliance image on a single
instance of vCenter, then you must have unique names for
each image. Edit the deployer.conf file with a text
editor to point to the correct image.
Configuring the ESX management environment 29