Installation guide
Table Of Contents
- VMware vCenter Configuration Manager Administration Guide
- Contents
- About This Book
- Getting Started with VCM
- Installing and Getting Started with VCM Tools
- Configuring VMware Cloud Infrastructure
- Virtual Environments Configuration
- Configure Virtual Environments Collections
- Configure Managing Agent Machines for Virtual Environment Management
- Obtain the SSL Certificate Thumbprint
- Configure vCenter Server Data Collections
- Configure vCenter Server Virtual Machine Collections
- Configure vCloud Director Collections
- Configure vCloud Director vApp Virtual Machines Collections
- Configure vShield Manager Collections
- Configure ESX Service Console OS Collections
- Configure the vSphere Client VCM Plug-In
- Running Compliance for the VMware Cloud Infrastructure
- Create and Run Virtual Environment Compliance Templates
- Create Virtual Environment Compliance Rule Groups
- Create and Test Virtual Environment Compliance Rules
- Create and Test Virtual Environment Compliance Filters
- Preview Virtual Environment Compliance Rule Groups
- Create Virtual Environment Compliance Templates
- Run Virtual Environment Compliance Templates
- Create Virtual Environment Compliance Exceptions
- Resolve Noncompliant Virtual Environments Template Results
- Configure Alerts and Schedule Virtual Environment Compliance Runs
- Configuring vCenter Operations Manager Integration
- Auditing Security Changes in Your Environment
- Configuring Windows Machines
- Configure Windows Machines
- Windows Collection Results
- Getting Started with Windows Custom Information
- Prerequisites to Collect Windows Custom Information
- Using PowerShell Scripts for WCI Collections
- Windows Custom Information Change Management
- Collecting Windows Custom Information
- Create Your Own WCI PowerShell Collection Script
- Verify that Your Custom PowerShell Script is Valid
- Install PowerShell
- Collect Windows Custom Information Data
- Run the Script-Based Collection Filter
- View Windows Custom Information Job Status Details
- Windows Custom Information Collection Results
- Run Windows Custom Information Reports
- Troubleshooting Custom PowerShell Scripts
- Configuring Linux, UNIX, and Mac OS X Machines
- Linux, UNIX, and Mac OS X Machine Management
- Linux, UNIX, or Mac OS X Installation Credentials
- Configure Collections from Linux, UNIX, and Mac OS X Machines
- Configure Installation Delegate Machines to Install Linux, UNIX, and Mac OS X...
- Configure the HTTPS Bypass Setting for Linux Agent Installations
- Enable Linux, UNIX, and Mac OS X Agent Installation
- Add and License Linux, UNIX, and Mac OS X Machines for Agent Installation
- Install the VCM Agent on Linux, UNIX, and Mac OS X Operating Systems
- Collect Linux, UNIX, and Mac OS X Data
- Linux, UNIX, and Mac OS X Collection Results
- Configure Scheduled Linux, UNIX, and Mac OS X Collections
- Patching Managed Machines
- Patch Assessment and Deployment
- Prerequisite Tasks and Requirements
- Manually Patching Managed Machines
- Getting Started with VCM Manual Patching
- Configuring An Automated Patch Deployment Environment
- Deploying Patches with Automated Patch Assessment and Deployment
- Configure VCM for Automatic Event-Driven Patch Assessment and Deployment
- Generate a Patch Assessment Template
- Run a Patch Assessment on Managed Machines
- Add Exceptions for Patching Managed Machines
- Configure the VCM Administration Settings
- Generate a Patch Deployment Mapping
- Configure VCM for Automatic Scheduled Patch Assessment and Deployment
- How the Linux and UNIX Patch Staging Works
- How the Linux and UNIX Patching Job Chain Works
- How the Deploy Action Works
- Patch Deployment Wizards
- Running Patching Reports
- Running and Enforcing Compliance
- Provisioning Physical or Virtual Machine Operating Systems
- Provisioning Software on Managed Machines
- Using Package Studio to Create Software Packages and Publish to Repositories
- Software Repository for Windows
- Package Manager for Windows
- Software Provisioning Component Relationships
- Install the Software Provisioning Components
- Using Package Studio to Create Software Packages and Publish to Repositories
- Using VCM Software Provisioning for Windows
- Related Software Provisioning Actions
- Configuring Active Directory Environments
- Configuring Remote Machines
- Tracking Unmanaged Hardware and Software Asset Data
- Managing Changes with Service Desk Integration
- Index
What to do next
n
Evaluate the results and resolve any issues on the noncompliant objects. "Resolve Noncompliant
Compliance Template Results" on page 189.
n
If you find results that you want to temporarily make compliant or noncompliant, create an exception.
See "Create Machine Group Compliance Exceptions" on page 191.
Resolve Noncompliant Compliance Template Results
The results for the compliance templates indicate whether the rules was compliant or noncompliant. To
resolve noncompliant results, you might be able to enforce noncompliant results manually, by using
VCM, or you can add an exception for expected noncompliant results.
These procedures provide a variety of examples that apply to machine group compliance, Active Directory
compliance, and virtual environments compliance.
Procedure
1. "Enforce Compliance Template Results Using Enforceable Compliance" on page 189
You can use enforceable compliance to resolve noncompliant results. Enforceable compliance is a VCM
action that changes settings on physical machines, virtual machines, or virtual objects during or after a
compliance template is run on the machine or object.
2. "Enforce Compliance Template Results by Using VCM Actions" on page 190
You can resolve noncompliant results using VCM actions on the data grids to change settings when
the action is not available for enforceable compliance.
3. "Manually Enforce Compliance Template Results" on page 191
You can resolve noncompliant results by directly accessing the virtual or physical machine, or by
accessing the object in vCenter Server, to change the noncompliant configuration setting.
4. "Create Machine Group Compliance Exceptions" on page 191
Compliance exceptions are the method you use to temporarily or permanently override specific
template results rather than resolve noncompliant results,
Enforce Compliance Template Results Using Enforceable Compliance
You can use enforceable compliance to resolve noncompliant results. Enforceable compliance is a VCM
action that changes settings on physical machines, virtual machines, or virtual objects during or after a
compliance template is run on the machine or object.
The enforceable compliance action is available for some, but not all, settings. You configure the action in
the rule to allow automatic enforcement during the compliance run or to initiate enforcement after
compliance.
If the rule is configured for automatic enforcement, VCM changes the noncompliant setting to the
compliant value on the affected machine or object after the compliance assessment runs. If the rule is not
configured for automatic enforcement, you select a noncompliant rule and enforce it. VCM then changes
the value on the affected machine or object to the required compliant value.
For this example, you are working with a Windows or Linux machine, either a physical machine or a
virtual machine.
This example assumes that you are not auto-enforcing the noncompliant results during the compliance
run.
Running and Enforcing Compliance
VMware, Inc.
189