VMware vCenter Configuration Manager Administration Guide vCenter Configuration Manager 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
vCenter Configuration Manager Administration Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com © 2006–2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents About This Book Getting Started with VCM Understanding User Access Running VCM as Administrator on the Collector Log In to VCM Getting Familiar with the Portal General Information Bar Toolbar Sliders Customizing VCM for your Environment Installing and Getting Started with VCM Tools Install the VCM Tools Only VCM Import/Export and Content Wizard Tools Run the Import/Export Tool Run the Content Wizard to Access Additional Compliance Content Run the Deployment Utility Package Studio Foundation Check
vCenter Configuration Manager Administration Guide Configure vShield Manager Collections Configure ESX Service Console OS Collections Configure the Collector as an Agent Proxy Configure Virtual Machine Hosts Copy Files to the ESX/ESXi Servers Collect ESX Logs Data Virtualization Collection Results Configure the vSphere Client VCM Plug-In Register the vSphere Client VCM Plug-In Configuring the vSphere Client VCM Plug-In Integration Settings Manage Machines from the vSphere Client Troubleshooting the vSphere
Contents Windows Custom Information Collection Results Run Windows Custom Information Reports Troubleshooting Custom PowerShell Scripts Configuring Linux and UNIX Machines Upgrade Requirements for UNIX/Linux Machines Add UNIX/Linux Machines License UNIX/Linux Machines Install the Agent on UNIX/Linux Machines Installation Options for UNIX/Linux csi.
vCenter Configuration Manager Administration Guide Getting Started with SCAP Compliance Conduct SCAP Compliance Assessments Provisioning Physical or Virtual Machine Operating Systems Operating System Provisioning Components How Operating System Provisioning Works Configure Operating System Provisioning Servers Add Operating System Provisioning Servers Set the Trust Status for Operating System Provisioning Servers Collect Operating System Distributions Discover Provisionable Machines Provision Machines wit
Contents Configuring VCM Remote Connection Types Using Certificates With VCM Remote Configure and Install the VCM Remote Client Configure the VCM Remote Settings Install the VCM Remote Client Connect VCM Remote Client Machines to the Network VCM Remote Collection Results Tracking Unmanaged Hardware and Software Asset Data Configure Asset Data Fields Review Available Asset Data Fields Add an Asset Data Field Edit an Asset Data Field Delete a VCM for Assets Data Field Change the Order of Asset Data Columns
vCenter Configuration Manager Administration Guide 8 VMware, Inc.
About This Book The VMware vCenter Configuration Manager Administration Guide describes the steps required to configure VCM to collect and manage data from your virtual and physical environment. Read this document and complete the associated procedures to prepare for a successful implementation of the components.
vCenter Configuration Manager Administration Guide Technical Support and Education Resources The following technical support resources are available to you. To access the current version of this book and other books, go to http://www.vmware.com/support/pubs. Online and Telephone Support To use online support to submit technical support requests, view your product and contract information, and register your products, go to http://www.vmware.com/support.
Getting Started with VCM 1 When you use VCM, you must understand user access and how to start VCM from any physical or virtual machine. You must also familiarize yourself with the VCM Web Console features. n "Understanding User Access" on page 11 User access determines who has access to VCM and with what roles. n "Log In to VCM" on page 12 Access VCM from any physical or virtual machine in your network.
vCenter Configuration Manager Administration Guide n Remote command execution n Change actions against target managed machines n Change rollback n Compliance enforcement n Patch deployment n Software deployment n OS provisioning n Machine reboots All VCM user accounts must have the following rights on the VCM Collector machine. n Ability to log on locally to access IIS n Read access to the System32 folder n Write access to the CMFiles$\Exported_Reports folder to export reports n If d
Getting Started with VCM Procedure 1. To connect to VCM from a physical or virtual machine on your network, open Internet Explorer and type http:///VCM. 2. Type your user network credentials. 3. (Optional) Select Automatically log on using this role to have VCM log you in. 4. Click Log On. Your VCM user account can have multiple roles.
vCenter Configuration Manager Administration Guide n Log Out: Exits the Web Console. The Web Console closes and the VCM Logon screen appears. n About: Displays information about how to contact VMware Technical Support and version information for VCM and all of its components. This information may be important when you contact VMware Technical Support. n Help: Opens the online Help for the currently-active display.
Getting Started with VCM Sliders The sliders on the left side of the Web Console include the items listed and described in the following table. The individual items that you see in VCM will vary depending on the components that you have licensed. n Active Directory and AD objects are available only when VCM for Active Directory (AD) is licensed. This slider is viewable based on your role. n Patching options are available only when VCM Patching is licensed. This slider is viewable based on your role.
vCenter Configuration Manager Administration Guide Slider Action objects. Reports Patching n View Active Directory Schema information. n Run out-of-the-box reports against your collected data. n Write your own SQL and SSRS reports using VCM’s report wizard. n Review a list of bulletins available to VCM. n Create, run, or import VCM Patching templates to display the machines that require the patches described in each bulletin. n Monitor VCM Patching jobs. n Deploy patches.
Getting Started with VCM n Roles and Rules: VCM roles and access rules work together to control user access to VCM. For example, you can create a role that allows a user to view all data, but not make changes to the environment. You can create a role to run certain reports or a role that allows unlimited access to a single machine group. The VCM Change Restricted role limits users from making certain changes in your environment. See "Understanding User Access" on page 11.
vCenter Configuration Manager Administration Guide 18 VMware, Inc.
Installing and Getting Started with VCM Tools 2 VCM Installation Manager installs several VCM components and tools on the Collector machine during the installation. Using VCM Installation Manager, you can install the following tools. n "Run the Import/Export Tool" on page 21 Use the Import/Export Tool to back up your VCM database business objects and import them into a new VCM database or into a recovered VCM database.
vCenter Configuration Manager Administration Guide Procedure 1. On the non-Collector Windows machine on which you want to install the tools, insert the installation CD. 2. In Installation Manager, click Run Installation Manager. During the installation, follow the installation requirements that Installation Manager reports when Foundation Checker runs. 3. Complete the initial installation pages, and click Next on subsequent pages to access the Select Installation Type page. a.
Installing and Getting Started with VCM Tools Run the Import/Export Tool Use the Import/Export Tool to back up your VCM database business objects and import them into a new VCM database or into a recovered VCM database. This tool also supports the migration of any VCM Management Extension for Asset data that was manually added to VCM. Prerequisites Install the Import/Export Tool. See "Installing and Getting Started with VCM Tools" on page 19. Procedure 1. On the Collector, click Start. 2.
vCenter Configuration Manager Administration Guide Procedure 1. On the Collector, navigate to C:\Program Files (x86)\VMware\VCM\Tools. 2. Copy the DeployUtility-.zip file from the Collector to your Windows machine. 3. Extract the files. 4. Double-click DeployUtil.exe to start the application. What to do next In the Deployment Utility, click Help and review the procedure for the type of machine you are configuring.
Configuring VMware Cloud Infrastructure 3 VCM collects information from your instances of vCenter Server, vCloud Director, and vShield Manager so that you can then use the information to manage and maintain your virtual environment. The collected data appears in the Console under the Virtual Environments node. The information is organized in logical groupings based on the information sources, including vCenter Server, vCloud Director, and vShield Manager.
vCenter Configuration Manager Administration Guide Figure 3–1. Virtual Environments Configuration Diagram Managing Agents The Managing Agent machines must have the 5.5 Agent or later installed. They must also be configured to manage the secure communication between the vCenter Server, vCloud Director, and vShield Manager instances and the Collector. Depending on the size of your Cloud Infrastructure environment, you can use your Collector as a Managing Agent or you can use another Windows machine.
Configuring VMware Cloud Infrastructure CAUTION Do not use the Windows machines on which your vCenter Server instances are running as Managing Agent machines. Managing vCenter Server Instances, Hosts, and Guest Virtual Machines You collect data from vCenter Server instances regarding resources managed by the vCenter Server, and to identify and manage the host and guest machines. The host and guest machines are managed based on configured vCenter Server instances.
vCenter Configuration Manager Administration Guide Collect vCloud Director data so that you can identify and manage the guest operating systems of the vApp virtual machines. 7. "Configure vShield Manager Collections" on page 45 Configure collections from your vShield Manager instances so that you can run reports on the collected data. 8.
Configuring VMware Cloud Infrastructure Collect Machines Data From the Managing Agent Machines Collect data from your Managing Agent machines to ensure that VCM identifies the Windows machines as licensed and that the 5.5 Agent or later is installed. The Managing Agent is the Agent used to collect data from your instances of vCenter Server, vCloud Director and vShield Manager.
vCenter Configuration Manager Administration Guide Procedure 1. Click Administration. 2. Select Certificates. 3. Select the Managing Agent machines and click Change Trust Status. 4. Add any additional machines to trust to the lower data grid. 5. Select Check to trust or uncheck to untrust the selected machines and click Next. 6. Review the number of machines affected and click Finish. What to do next n If your Collector is not configured to use HTTPS, set the HTTPS bypass.
Configuring VMware Cloud Infrastructure Procedure 1. Click Administration. 2. Select Administration > Machines Manager > Licensed Machines > Licensed Windows Machiens. 3. Select the Managing Agent machines and click Change Managing Agent Status. 4. Add any additional machines to the lower data grid. 5. Select Enable - allow the selected machines to be used as managing agents and click Next. 6. Review the number of machines affected and click Finish.
vCenter Configuration Manager Administration Guide Configure vCenter Server Data Collections Collect data from your vCenter Server so that you can identify and manage your virtual environments, including ESX and ESXi hosts, and guest virtual machines. Prerequistes n Configure your Managing Agent machines. See "Configure Managing Agent Machines" on page 26. n To maintain secure communication, you need the SSL certificates from your instances of vCenter Server.
Configuring VMware Cloud Infrastructure Option Description Domain Domain to which the vCenter Server belongs. Type Domain type. Machine Type Select vCenter (Windows). 6. Click Add. The machine information is added to the list. 7. (Optional) Add other vCenter Server instances as needed. 8. When all your vCenter Server are added to the list, click Next. 9. On the Information page, review the summary and click Finish. What to do next n Configure the vCenter Server settings.
vCenter Configuration Manager Administration Guide Option Description You can use the Collector as your managing agent. Port Type the port used by the VMware Infrastructure SDK on the vCenter Server instances. The default value is 443. User ID Type a vCenter Server instance user name. The user must have a vCenter Server administrative role or an unrestricted read only role. Password Type the password for the vCenter Server instance user ID. Confirm Password Type the password again.
Configuring VMware Cloud Infrastructure What to do next Review the collected virtualization data. Click Console and select Virtual Environments > vCenter. vCenter Server Collection Results The collectedvCenter Server data appears in the Console in the Virtual Environments node. The collected vCenter Server data helps you identify and manage vCenter Server, host, and guest objects. Option Description Console View the Virtual Environments dashboards.
vCenter Configuration Manager Administration Guide n Collect vCenter Guests data from you vCenter Servers and manage the virtual Windows, Linux, or UNIX machines. See "Collect vCenter Server Virtual Machines Data" on page 34. n Manually discover Windows Machines or add Linux or UNIX machines. For Windows machines, see "Discover Windows Machines" on page 73. For Linux or UNIX machines, see "Add UNIX/Linux Machines" on page 108.
Configuring VMware Cloud Infrastructure 5. On the Edit VM Guest Machine Info page, review the list and update or remove virtual machines, and click Next. 6. On the License VM Guests page, configure the options and click Next. a. Select License the selected machines. b. (Windows machines only) Select Install VCM agents for the selected Windows machines, and click Next. 7. On the Confirm Your Changes page, review the changes and click Finish.
vCenter Configuration Manager Administration Guide Prerequisites Know the names and domain information for the instances of vCloud Director in your environment. Procedure 1. Click Administration. 2. Select Machines Manager > Available Machines. 3. Click Add Machines. 4. On the Add Machines page, select Basic: Name, Domain, Type, Automatically license machines, and click Next. 5. On the Manually Add Machines - Basic page, configure these options to identify the instances of vCloud Director.
Configuring VMware Cloud Infrastructure Procedure 1. Click Administration. 2. Select Machines Manager > Licensed Machines > Licensed Virtual Environments. 3. Select the vCloud Director instances and click Configure Settings. 4. On the Virtual Environment page, verify that the vCloud Director instances appear in the lower pane and click Next. 5. On the Managing Agent and Communication Settings page, configure the settings that are applied to all selected vCloud Director instances and click Next.
vCenter Configuration Manager Administration Guide Prerequisites Configure the vCloud Director settings. See "Configure the vCloud Director Settings" on page 36. Procedure 1. Click Administration. 2. Select Machines Manager > Licensed Machines > Licensed Virtual Environments. 3. Select the vCloud Director instances and click Collect on the VCM toolbar. 4. On the Collection Type page, select Machine Data and click OK. 5.
Configuring VMware Cloud Infrastructure Option Description Administration Displays managed vCloud Director instances from which you are collecting data. Click Administration and select Machines Manager > Licensed Machines > Licensed Virtual Environments. Displays the discovered virtual machines with a machine name that is based on your configuration options in the discovery rule. For example, OrgName:vAppName:VirtualMachineName. Click Administration and select Machines Manager.
vCenter Configuration Manager Administration Guide n VCM is located in the vApp with the virtual machines that it is managing. n The vApp has a direct connection to the org network. n The vApp has a direct connection to the external network. n The vApp has a one-to-one IP address NAT connection to the organization network with direct connection to the external network.
Configuring VMware Cloud Infrastructure In a NAT mapped network environment, your best practice is to install the Agent on the vApp template machines. You must manually install the Agent with the HTTP mode enabled, but you must not collect data from these template machines. Collecting from the template machines generates machine-specific information that will cause the virtual machines created from the template to run incomplete collections.
vCenter Configuration Manager Administration Guide Option Description n Org:vDC:vApp:VCName: Name of the vCloud Director organization with the virtual datacenter name, the name of the vApp that contains the virtual machine, and the name of the virtual machine in vCenter.
Configuring VMware Cloud Infrastructure Option Description Use a proxy server Select Yes if you use a proxy server for communication between the Collector and the Agents on the virtual Windows machines. Select No if you do not use a proxy server or if you are managing UNIX/Linux machines. If the machines you add are Windows machines, you can select a proxy server for communication between the Collector and the Agents on managed machines that are located on the other side of a proxy server.
vCenter Configuration Manager Administration Guide Option Description Discovers all virtual machines in the virtual datacenter. vApp Name Filter To run the query against a vApp, type the name of the vApp. VM Name Filter To run the query to add a specific virtual machine, type the name of the machine. SQL wildcard expressions are allowed. Discovers all virtual machines in the vApp. SQL wildcard expressions are allowed. Discovers the virtual machine.
Configuring VMware Cloud Infrastructure Configure vShield Manager Collections Configure collections from your vShield Manager instances so that you can run reports on the collected data. Prerequistes n Configure your Managing Agent machines. See "Configure Managing Agent Machines" on page 26. n To maintain secure communication, you need the SSL certificates from your instances of vShield Manager. See "Obtain the SSL Certificate Thumbprint" on page 29. Procedure 1.
vCenter Configuration Manager Administration Guide Option Description Machine Name of the instance of vShield Manager. Domain Domain to which the instance of vShield Manager belongs. Type Domain type. Machine Type Select vShield. 6. Click Add. The machine information is added to the list. 7. (Optional) Add other instances of vShield Manager as needed. 8. When all your instances of vShield Manager are added to the list, click Next. 9. On the Information page, review the summary and click Finish.
Configuring VMware Cloud Infrastructure Option Description Port Type the port used by the API on the vShield Manager instances. The default value is 443. User ID Type a vShield Manager instance user name. The user must have a vShield Manager administrative role or an unrestricted read only role. Password Type the password for the vShield Manager instance user ID. Confirm Password Type the password again. Ignore untrusted SSL Certificate Select one of the following certificate options.
vCenter Configuration Manager Administration Guide What to do next Review the collected virtualization data. Click Console and select Virtual Environments > vCloud Director. Discover the vApp virtual machines created by the vCloud Director and make them available in VCM. See "Discover vCloud Director vApp Virtual Machines" on page 41. vShield Manager Collection Results The collected vShield Manager data appears in the Console and is available to generate reports.
Configuring VMware Cloud Infrastructure 4. "Collect ESX Logs Data" on page 53 An initial collection of Virtual Environments data identifies your virtual machine hosts and their guest machines. You have several options for reviewing and using ESX Logs data in VCM. The data used is only as current as the last collection, and the amount of time it takes for the data to display is based on the volume or complexity of the data requested. See "Virtualization Collection Results" on page 53.
vCenter Configuration Manager Administration Guide d. Click Select Data Types to collect from these machines and click Next. e. On the Data Types page, expand the Windows tree and select Machines. f. Select Use default filters and click Next. g. Review the Important page and click Finish. The collection job starts. You can use the Job Manager to determine when the collection is finished.
Configuring VMware Cloud Infrastructure 5. Configure the settings on the Agent Proxy and Communication Setting page. Option Description Agent Proxy The configured Agent Proxy used to manage the selected virtual machine host machines. This option is required when you are licensing host machines, but it is optional if you are modifying the settings. SSH Select the check box to configure the settings for your ESX machines.
vCenter Configuration Manager Administration Guide For ESX machines, you import target machine information from VCM and copy the SSH public key file, the csiprep.py file, and the csiprep.config file to the target ESX machines. For ESXi machines, you import machine information and copy the necessary Web Services settings to the target machines. Prerequisites n License the ESX and ESXi machines. See "Configure Virtual Machine Hosts" on page 50. n Locate the UNIX/ESX/vSphere Deployment Utility file in C:\P
Configuring VMware Cloud Infrastructure n Use the same user name for both SSH and Web Services collections (ESX 3.x only). n Use the same password for all WebServices users. n Apply the same user names and passwords to all ESX servers. 10. Click Configure. All the machines where the Configure check box is selected now have the same version of the files copied to the location specified in the Remote Path field in the table. If no path is specified, the files are copied to the /tmp directory.
vCenter Configuration Manager Administration Guide Configure the vSphere Client VCM Plug-In The vSphere Client VCM Plug-In provides contextual access to VCM change, compliance, and management functions. It also provides direct access to collected vCenter Server, virtual machine host, and virtual machine guest data. When using the vSphere Client VCM Plug-In, the virtual machine host name in vCenter must match the virtual machine host name in VCM.
Configuring VMware Cloud Infrastructure Procedure 1. On the VCM Collector, browse to [path]\VMware\VCM\Tools\vSphere Client VCM Plugin\bin and double-click VCVPInstaller.exe. 2. In the VCVP Plug-in Registration dialog box, configure the following options. Option Description Register Select the option to register the URL for the plug-in. Select Unregister only if you are discontinuing the use of the plug-in on the target vSphere Client.
vCenter Configuration Manager Administration Guide Procedure 1. Select Administration > Settings > Integrated Products > VMware > vSphere Client VCM Plug-In. 2. Select the setting that you want to configure and click Edit Settings. 3. On the Settings Wizard page for each setting, configure the options. Option Description Machine group against which the external reports will be run Type the name of the machine group.
Configuring VMware Cloud Infrastructure You can use troubleshooting options to identify and resolve any problems. Invalid Certificate on a vSphere Client The vSphere Client connects to the vCenter Server using the SSL certificate and displays the datacenters, hosts, and any clusters. Problem When logging into a vSphere Client for the first time, if the certificate is not valid, a security warning about the SSL certificate appears. Cause The certificate is not valid. Solution 1.
vCenter Configuration Manager Administration Guide 58 VMware, Inc.
Running Compliance for the VMware Cloud Infrastructure 4 Compliance templates evaluate the virtual environment object data to determine if the objects meets the criteria in the rules. If the property values on an object do not meet the criteria, and if there is no exception defined, then the object is flagged as noncompliant. When an object is non compliant, the template results provide the details of the settings or configurations that do not match the rules.
vCenter Configuration Manager Administration Guide 4. "Preview Virtual Environment Compliance Rule Groups" on page 62 Preview the rule group to ensure that your combination of rules and filters are returning the expected results. Use the rules preview action, with the filters turned off and then turned on to determine if a rule group is returning the expected results. 5.
Running Compliance for the VMware Cloud Infrastructure Procedure 1. Click Compliance. 2. Select Virtual Environment Compliance > Rule Groups > rule group name > Rules. Guest Tools Running is the rule group in this example. 3. Click Add. 4. Type the Name and Description in the text boxes and click Next. For example, Tools Running. 5. Expand Virtualization, select vCenter - Guests - Summary, and click Next.
vCenter Configuration Manager Administration Guide Procedure 1. Click Compliance. 2. Select Virtual Environment Compliance > Rule Groups > rule group name > Filters. Guest Tools Running is the rule group in this example. 3. Click Add. 4. Type the Name and Description in the text boxes and click Next. For example, Not vCenter_Dev 5. Expand Virtualization, select vCenter - Guest - Summary, and click Next. The collected guest summary data includes vCenter names. 6. Select Basic and click Next. 7.
Running Compliance for the VMware Cloud Infrastructure Procedure 1. Click Compliance. 2. Select Virtual Environment Compliance > Rule Groups. Guest Tools Running is the rule group in this example. 3. Select your new rule group and click Preview. 4. Select Do not apply machine filters to preview and click OK. When you test a rule, test first without the filter to ensure that the rule returns the expected results. 5.
vCenter Configuration Manager Administration Guide What to do next Run the template. See "Run Virtual Environment Compliance Templates" on page 64. Run Virtual Environment Compliance Templates Run templates against your collected data to determine which objects are compliant or noncompliant. When a compliance template is run, the results appear in a report format and a data grid format.
Running Compliance for the VMware Cloud Infrastructure Procedure 1. Click Compliance. 2. Select Virtual Environment Compliance > Templates > template name. 3. Select the noncompliant result on which you are basing the exception and click Add Exception. In this example, the noncompliant result is the RHEL_60_ProdDev guest machine. 4. Type the Name, Short Description, Description, and Sponsor in the text boxes and click Next. 5.
vCenter Configuration Manager Administration Guide 66 VMware, Inc.
Configuring vCenter Operations Manager Integration 5 Integration of VCM with vCenter Operations Manager reports VCM configuration changes in the vCenter Operations Manager console. You configure the data types to report to vCenter Operations Manager and the threshold reporting level used to roll up the configuration changes. VCM records configuration changes in the change log regardless of whether you reported the data to vCenter Operations Manager.
vCenter Configuration Manager Administration Guide 68 VMware, Inc.
Auditing Security Changes in Your Environment 6 The VCM Auditing capability tracks all changes in the security aspects of VCM. Security-related events are written to the Windows Event Log, which is stored on the Collector, and is independent of the VCM application. The format of the event log prohibits any modifications to the recorded entries, which makes it a secure and tamper-proof auditing record of changes in security.
vCenter Configuration Manager Administration Guide 70 VMware, Inc.
Configuring Windows Machines 7 To manage your virtual and physical Windows machines, you must verify domains and accounts, discover and license those machines, install the VCM Agent, and collect Windows data from those machines. You can also collect Windows Custom Information. Procedure 1. Verify Available Domains Allow VCM access to each domain so that the VCM Collector can interact with the Windows machines in your environment. 2.
vCenter Configuration Manager Administration Guide Continuous Windows machine management is based on the latest data you collect from target machines. You can view data and run actions, such as reports or compliance, based on the collected data. See "Windows Collection Results" on page 85. Verify Available Domains Allow VCM access to each domain so that the VCM Collector can interact with the Windows machines in your environment.
Configuring Windows Machines What to do next Assign the network authority account to the domain so that VCM can access the Windows machines in the domain. See "Assign Network Authority Accounts" on page 73. Assign Network Authority Accounts Select and assign the network authority account that you identified for VCM access to the Windows machines. You can assign a single account to all domains and machine groups, or assign a unique account or multiple accounts to each domain and machine group.
vCenter Configuration Manager Administration Guide Procedure 1. Click Administration. 2. Select Machines Manager > Discovery Rules. 3. Click Add to create a discovery rule. 4. On the Discovery Rules page, type a name and description and click Next. 5. On the Discovery Method page, select By Active Directory and click Next. 6. On the AD Domain page, specify the AD Domain, select Discover machines only from the selected domain, and click Next. 7.
Configuring Windows Machines Procedure 1. Click Administration. 2. Select Machines Manager > Available Machines. 3. Select the Windows machines to license. 4. Click License. 5. Verify that the Windows machines to license appear in the Selected list. Use the arrows to move the Windows machines. 6. Click Next to view your Product License Details. The licensed Windows machine count increases by the number of licensed machines. 7. Click Next.
vCenter Configuration Manager Administration Guide 4. In the System Configuration dialog box, click the Tools tab. 5. In the Tool Name list, select Disable UAC. 6. Click Launch. 7. When the command is finished running, click Close and click Close again. 8. Restart the Windows machine to apply the changes. What to do next Install the VCM Windows Agent on licensed Windows machines in your environment, and then enable UAC on the target machine.
Configuring Windows Machines What to do next Install the VCM Windows Agent on licensed Windows machines in your environment, and then re-enable the group policy on the domain controller. See "Install the VCM Windows Agent on Your Windows Machines" on page 77. Install the VCM Windows Agent on Your Windows Machines Install the VCM Windows Agent on each Windows machine so that you can collect data and manage the virtual or physical machines.
vCenter Configuration Manager Administration Guide Option Description HTTP Secure communication protocol for the Agent. Use HTTP, which installs the HTTP Listener on the target machine and configures it to listen on the designated port. Port Designated port for the HTTP Listener. Install using a proxy server For Windows Proxies and Windows Agents only.
Configuring Windows Machines n You use the EXE file to install the Agent in unattended, silent mode. EXE files detect an existing software version and provide the option to uninstall the existing version. n You use the MSI file to install the Agent in unattended, silent mode. MSI files are database files. The Windows msiexec.exe executable file reads the data in the MSI file, and then installs the Agent. The MSI file uninstalls any existing, non-MSI Agent without sending a request.
vCenter Configuration Manager Administration Guide Option Action /s Indicates a silent install. When you run CMAgentInstall.exe from the command line, VMware recommends that you install the Agent in silent mode. To use the silent mode, you must unlock the Agent before you can proceed with the installation. To unlock the Agent, use the UNLOCK option. The syntax is CMAgentInstall.exe /s INSTALLPATH=%Systemroot%\CMAgent PORT=26542 CERT=C:\\vcm_cert.pem.
Configuring Windows Machines Use the MSI File to Install the Agent You can use the MSI file to manually install the VCM Windows Agent on a target machine. The directories specified in this procedure are default locations. Prerequisites Locate the Enterprise Certificate before you install the VCM Agent. See "Locate the Enterprise Certificate" on page 78. Procedure 1. On your VCM Collector, open Windows Explorer and navigate to the Agent files directory at c:\Program Files (x86)\VMware\VCM\AgentFiles. 2.
vCenter Configuration Manager Administration Guide Option Action /qn Runs the command in quiet mode without user interaction. /i Runs the command as an installation. /x Runs the command as an uninstall process. PORTNUMBER Installs the Windows Agent on the port number specified, and uses HTTP instead of DCOM. For HTTP installations where you include PORTNUMBER, you must include an Enterprise Certificate by using the following syntax: CERTIFICATEFILE=":\[mypath]\[mycert].
Configuring Windows Machines The Windows Agent uninstall executable file exists on the VCM managed machine if you installed the Agent manually using CMAgentInstall.exe or CMAgentInstall.msi. Use this manual process to uninstall the Agent only if you used either of these commands to install the Agent. Procedure 1. On the VCM managed machine, run %SystemRoot%\CMAgent\Uninstall\Packages\CMAgentInstall\UnCMAgentInstall.exe. This path displays the default location.
vCenter Configuration Manager Administration Guide Procedure 1. On the Windows 2008 machine, click Start > Run. 2. In the Run dialog box, type msconfig and click OK. 3. In the User Account Control dialog box, click Continue. 4. In the System Configuration dialog box, click the Tools tab. 5. In the Tool Name list, select Enable UAC. 6. Click Launch. 7. When the command is finished running, click Close and click Close again. 8. Restart the Windows 2008 machine to apply the changes.
Configuring Windows Machines To move all visible Windows machines to the selection window, 500 at a time, use the double arrow. 4. On the Data Types page, select the Select All checkbox. 5. Select Use default filters and click Next. 6. On the Important page, resolve any conflicts and click Finish. What to do next n Verify that jobs have finished running. Click Administration and select Job Manager > History > Other Jobs > Past 24 Hours. n Review the collection results.
vCenter Configuration Manager Administration Guide Option Description n To run assessments and patch your Windows machines, see the online help. Getting Started with Windows Custom Information Windows Custom Information (WCI) is data collected from VCM managed machines that is created by PowerShell scripts. WCI supplements and extends the data collected by VCM from managed Windows machines using other VCM data types.
Configuring Windows Machines 1. "Collecting Windows Custom Information" on page 98 To collect Windows Custom Information (WCI) using script-based filters, you create and verify your custom PowerShell scripts, install PowerShell on the VCM managed machines, and use VCM to collect the WCI data. Prerequisites to Collect Windows Custom Information To collect Windows Custom Information from VCM managed machines, you must configure the prerequisites.
vCenter Configuration Manager Administration Guide The WCI data type uses extensions to the VCM Windows Agent. The extensions allow the Agent to invoke PowerShell scripts. Using the script-based collection filter, VCM passes the PowerShell scripts to a VCM managed machine, and the VCM Agent parses the resulting XML output. The default WCI filter returns the PowerShell version information from the managed machines.
Configuring Windows Machines Challenges in PowerShell Scripting for WCI When you develop custom collection scripts, understand the challenges that you might encounter while scripting in PowerShell to collect the Windows Custom Information (WCI) data type from VCM managed Windows machines. PowerShell scripts can use the split method of PowerShell strings, which separates the columns of the rows into separate values in arrays. For example, Windows provides the schtasks.
vCenter Configuration Manager Administration Guide Column Names Include Spaces Running the schtasks command without any options displays a column name of Next Run Time. Because this name includes spaces, you cannot use it as an attribute name in an XML document. Running the schtasks command verbosely generates other column names that include spaces. Although you cannot use these invalid names as attribute names, you can preserve the names by using VCM encoding standards.
Configuring Windows Machines To preserve the user-friendly name, use the task name as the element name for the task rows. When you create a collection filter that uses your script, you must select the incremental duplicate handling option so that the collection process includes an incremental entry in the list of entries where the same task name appears multiple times. For example, in a sample test environment, many Windows machines had more than one task named GoogleUpdateTaskMachineCore.
vCenter Configuration Manager Administration Guide n In-line: The default WCI filter uses an in-line script to collect basic information about the PowerShell version, .NET version, and execution policy settings. The in-line option requires a collection script that is represented as a single line of PowerShell code. Because the filter runs an in-line script on the PowerShell command line, instead of using a file, the execution policy does not apply.
Configuring Windows Machines The schtasks command returns basic information about scheduled tasks. The data returned by schtasks includes multiple rows. PowerShell structures the $schtasks variable in an array. For example, $schtasks[0] represents the first row. To view the result set, use $schtasks[n], which displays the following status: n $schtasks[0] is blank. n $schtasks[1] contains column names. n $schtasks[2] is the first row of task data.
vCenter Configuration Manager Administration Guide ############################################################################# function ToCMBase64String([string]$input_string) { return [string]("cmbase64-" + [System.Convert]::ToBase64String([System.Text.Encoding]::UNICODE.GetBytes ($input_string))).
Configuring Windows Machines if (([string]$cols[$j]).toupper() -eq "HOSTNAME") { $hostcol = $j++ } else { if (([string]$cols[$j]).toupper() -eq "TASKNAME") { $namecol = $j++ } else { $j++ } } } #save first column name, to check for repeated column rows $firstcol = $cols[0] #encode each column name for ($j=0;$j -lt $cols.
vCenter Configuration Manager Administration Guide #some operating systems will return columns multiple times in the result set if ($task[0] -ne $firstcol) { #if we did not find a TaskName column, just tag each row as Task-n if ($namecol -gt -1) { $clTasks += "<" + [string](ToCMBase64String($task[$namecol])) + ">" } else { $clTasks += ("") } for ($j=0;$j -lt $task.
Configuring Windows Machines } #end data row that is not columns repeated } #end data row } #end row loop } $clTasks += ("") write-host $clTasks 5. After you generate your PowerShell script, perform the following steps: n Build a collection filter in VCM. n Paste the content of your script into the collection filter. n Collect data using the script-based collection filter.
vCenter Configuration Manager Administration Guide When the filters return data under the top-level element name and a managed machine starts to listen on port 80, each filter initially reports the data as a newly created value, which causes overlap of the data reported. n Do not create two filters to collect data on the File Permission With Audit data type from different parts of a managed machine's file system.
Configuring Windows Machines Create Your Own WCI PowerShell Collection Script Create or modify your Windows Custom Information (WCI) scripts to collect almost any data type that is accessible from VCM managed Windows machines. To return data in a VCM compatible, element-normal XML format, you create your own PowerShell script or obtain PowerShell scripts from VMware Professional Services or another source and modify them for your own collections.
vCenter Configuration Manager Administration Guide Errors appear in red in the PowerShell window. 5. If errors occur, resolve them. A valid script returns a set of XML content without any formatting, white space, carriage returns, or line feeds at the end of elements, nodes, or attributes. What to do next Install PowerShell on your VCM managed machines. See "Install PowerShell" on page 100. Install PowerShell Verify that PowerShell 2.
Configuring Windows Machines When you use the script-based filter in a collection, the VCM Agent calls a script engine to run the script, parse the results to return the collected data to the VCM database, and display the results in the VCM Console. During the collection process, the VCM Agent starts PowerShell, which runs the script and generates the XML result file. The Agent parses the XML result into a format that VCM can use to check for changes and returns the changes to the Collector.
vCenter Configuration Manager Administration Guide Procedure 1. On your VCM Collector, click Collect. 2. On the Collection Type page, select Machine Data and click OK. 3. On the Machines page, select the managed machines from which to collect WCI data and click Next. 4. Click Select Data types to collect from these machines and click Next. VCM runs a default collection filter for the data type you select. 5. Select Do not limit collection to deltas and click Next.
Configuring Windows Machines Procedure 1. On your VCM Collector, click Administration. 2. Select Job Manager > History > Instant Collections > Past 24 Hours. 3. In the Instant Collections pane, select a collection job that includes WCI data. 4. In the Job History Machine Detail pane, select View Details. A single row appears for each WCI filter that ran in the collection job. Information about the WCI script and the script results parsing appears in the row. 5.
vCenter Configuration Manager Administration Guide Procedure 1. On your VCM Collector, click Console. 2. Select Windows > Operating System > Custom Information. 3. Select a view of the collected WCI data. Option Description Tree View Standard Tree hierarchy view based on the data structure in your PowerShell script. Tree View Consolidated Tree hierarchy that displays data across multiple elements simultaneously with the data consolidated from one level of the tree.
Configuring Windows Machines Prerequisites n Verify that your script runs in PowerShell. See "Verify that Your Custom PowerShell Script is Valid" on page 99. n Understand the PowerShell script signing policies. See "PowerShell Script Signing Policies" on page 91. Procedure 1. On your VCM Collector, save the script to a file that has the .ps1 extension. 2. Run the script file from a command line using PowerShell 2.0 or PowerShell 1.0. n For PowerShell 2.
vCenter Configuration Manager Administration Guide 106 VMware, Inc.
Configuring Linux and UNIX Machines 8 To collect UNIX/Linux data and to manage your physical or virtual UNIX/Linux machines, you must add the machines, license them for use, and install the appropriate VCM Agent. Prerequisites Review the upgrade requirements to determine if the machines on which you are installing the current Agent are supported platforms and machine type. See "Upgrade Requirements for UNIX/Linux Machines" on page 107. Procedure 1.
vCenter Configuration Manager Administration Guide Add UNIX/Linux Machines Add UNIX/Linux machines to the Available Machines list to make the machines available for licensing. If you add a large number of machines, you can use other methods to add the machines. See the online help for procedures to import machine information from a file or use IP Discovery.
Configuring Linux and UNIX Machines What to do next License the machine. See "License UNIX/Linux Machines" on page 109. License UNIX/Linux Machines License UNIX/Linux machines before you install the Agent and begin to manage them. You license the machines displayed in the Available Machines list. Prerequisites n Verify that you added the UNIX/Linux machines. See "Add UNIX/Linux Machines" on page 108.
vCenter Configuration Manager Administration Guide Prerequisites n Verify that the machine on which you intend to install the Agent has enough free disk space. For more information, see the VCM Installation Guide. n If you run an installation in silent mode, modify the appropriate csi.config file variable options. See "Installation Options for UNIX/Linux csi.config " on page 113. n If you select (x)inetd/launchd for CSI_AGENT_RUN_OPTION, verify that (x)inetd/launchd is running on the target machines.
Configuring Linux and UNIX Machines To force an overwrite of any existing files, include the -o option. For example: /CMAgent..SunOS -o. The command and output is similar to the following example, but with different file names depending on the operating system. # ./CMAgent..SunOS UnZipSFX 5.51 of 22 May 2004, by Info-ZIP (http://www.info-zip.org). creating: CSIInstall/ creating: CSIInstall/packages/ inflating: CSIInstall/packages/Agent.1.0.SunOS inflating: CSIInstall/packages/CFC.1.0.
vCenter Configuration Manager Administration Guide a. Run the chmod u+x csi.config command to add write file permissions if the file has only read permissions set. b. Modify the csi.config file options based on your local requirements and save the file. c. Copy the modified and saved csi.config file to the extracted location. For example, # cp //csi.config //CSIInstall/csi.config. 7. Run InstallCMAgent in either silent mode or interactive mode.
Configuring Linux and UNIX Machines drwxr-x--- 3 root cfgsoft 4096 Jul 2 17:34 Agent drwxr-x--- 3 root cfgsoft 4096 Jul 2 17:34 CFC -rw-rw---- 1 root cfgsoft 49993 Jul 2 17:34 CSIRegistry -rw-rw---- 1 root cfgsoft 0 Jul 2 17:34 .CSIRegistry.
vCenter Configuration Manager Administration Guide Installation Options with Default Values Description When you install in trusted mode on HP-UX v1.0 (11.11), the user must exist on the target machine. If you attempt to install and create the user, the installation of the Agent fails. CSI_USER_ID=501 Keep the default value. Integer value for the user ID of the created user. CSI_USER_NO_LOGIN_ SHELL=/bin/false Keep the default value. Indicates the no-login shell value to use when you create the user.
Configuring Linux and UNIX Machines Installation Options with Default Values Description CSI_CERTIFICATE_PATH= Specifies the path to Collector Certificates. The certificates specified at this path are copied to the Agent. If your Collector Certificates are stored in an accessible location on this machine, you use this option to put the certificates in the Agent location.
vCenter Configuration Manager Administration Guide Collect UNIX/Linux Data When the UNIX/Linux machines are licensed and the Agent is installed, you collect data from those machines. Collecting data from machines adds the collected machine information to the VCM database and makes the machine data available for reporting, running compliance, and other management options.
Configuring Linux and UNIX Machines Option Description Console Displays dashboards and summary reports based on collected data. You use the Console to view data relevant to day-to-day operations, troubleshooting, and analysis. To view the dashboards, click Console and select Dashboards > UNIX. To view the summary reports, click Console and select UNIX tab > Operating System > Machines > General. You can view the data in a summary report or data grid format.
vCenter Configuration Manager Administration Guide Discover Oracle Instances To discover Oracle instances, you run a collection on supported UNIX/Linux machines where Oracle is installed. The Oracle instance discovery process is based on data that you collect from the oratab file on managed Solaris machines on which Oracle is installed. Prerequisites Add, license, and install the Agent on the Oracle instance host Solaris machines. See "Configuring Linux and UNIX Machines" on page 107. Procedure 1.
Configuring Linux and UNIX Machines Prerequisites n Add, license, and install the Agent on Solaris machines hosting Oracle instances. See "Configuring Linux and UNIX Machines" on page 107. n Collect from the target Solaris machines using the Machines - General and Oracle - Management Views data types. The collection process discovers Oracle instances from the oratab file on Solaris machines. See "Discover Oracle Instances" on page 118.
vCenter Configuration Manager Administration Guide What to do next n If your target Oracle instance is Oracle 10g, you must set user permissions. See "Grant Permissions for the Oracle Collection User Account on Oracle 10g" on page 122. n To begin managing your Oracle instances, you must collect data from the target instances. See "Collect Oracle Data" on page 123.
Configuring Linux and UNIX Machines a. Type the configuration values. Option Description Oracle SID (Add only) Name or system ID of the Oracle instance, used to identify a particular database on a machine. Each database on a machine must have a unique SID. Oracle File path to the location of the Oracle software for the Oracle instance (user-defined). Home Oracle SW User account that owns the Oracle software for the Oracle instance (user-defined).
vCenter Configuration Manager Administration Guide Procedure 1. Click Administration. 2. Select Machines Manager > Additional Components > VCM for Oracle. 3. Click Config User. 4. On the Select Machines page, add the target Oracle instances to the selected instances list and click Next. 5. On the Schedule page, select Run Action now and click Next. 6. On the Important page, click Finish What to do next If your target Oracle instance is Oracle 10g, you must set user permissions.
Configuring Linux and UNIX Machines chmod o+r $ORACLE_HOME/ldap/mesg/* chmod o+rx $ORACLE_HOME/network chmod o+rx $ORACLE_HOME/network/admin chmod o+rx $ORACLE_HOME/sqlplus chmod o+rx $ORACLE_HOME/sqlplus/mesg chmod o+r $ORACLE_HOME/sqlplus/mesg/sp1us.msb chmod o+r $ORACLE_HOME/sqlplus/mesg/sp2us.msb chmod o+rx $ORACLE_HOME/nls chmod o+rx $ORACLE_HOME/nls/data chmod o+r $ORACLE_HOME/nls/data/lx1boot.
vCenter Configuration Manager Administration Guide Oracle Collection Results You use the collected Oracle data to manage your Oracle instances. The data is available for several management actions. The displayed data is only as current as the last time that you collected the data. Option Description Console Displays security information for users, roles, privileges, configuration settings, and database parameters for Oracle instances.
Configuring Mac OS X Machines 9 To collect Mac OS X data and to manage your physical or virtual Mac OS X machines, you must add the machines, license them for use, and install the appropriate VCM Agent. Mac OS X machines are managed in conjunction with UNIX machines. Procedure 1. "Add Mac OS X Machines" on page 125 Add Mac OS X machines to the Available Machines list to make the machines available for licensing. 2.
vCenter Configuration Manager Administration Guide Procedure 1. Click Administration. 2. Select Machines Manager > Available Machines. 3. Click Add Machines. 4. On the Add Machines page, select Basic and click Next. 5. On the Manually Add Machines - Basic page, add the machine information. a. Configure machine information. Option Action Machine Type the name of the machine. You can use NetBIOS or Fully-Qualified Domain Name (FQDN) notation for the name.
Configuring Mac OS X Machines Procedure 1. Click Administration. 2. Select Machines Manager > Available Machines. 3. Select the machines and click License. 4. On the Machines page, verify that the Selected list includes the machines to license and click Next. 5. On the Product License Details page, review the licensed machine count and click Next. 6. On the Important page, click Finish. What to do next Install the Agent on the target machines.
vCenter Configuration Manager Administration Guide Procedure 1. Copy the appropriate Agent binary installation package from the Collector to the machine on which you will install the Agent. The Agent packages are located on the Collector in \Program Files (x86)\VMware\VCM\Installer\Packages. Operating System Version Agent Binary Mac OS X (Version 10.5, 10.6, 10.7) CMAgent..Darwin 2.
Configuring Mac OS X Machines Option Action Silent mode Run the # ./CSIInstall/InstallCMAgent -s command. Install the Agent using the silent mode if you manually edited the csi.config file, if you modified the csi.config file using the interactive method, or if you are using a custom configuration file that you saved from a previous Agent installation. This mode uses the values specified in csi.config without prompting for input.
vCenter Configuration Manager Administration Guide drwxrwx--- 3 root cfgsoft 4096 Jul 2 17:34 ECMu drwxr-x--- 6 root cfgsoft 4096 Jul 2 17:34 install lrwxrwxrwx 1 root root 20 Jul 2 17:34 log -> /var/log/CMAgent/log dr-xr-x--x 3 root cfgsoft 4096 Jul 2 17:34 ThirdParty drwxr-xr-x 2 root root 4096 Jul 2 17:34 uninstall 9. Run # netstat -na | grep to verify that the Agent is installed correctly, listening on the assigned port, and ready to collect data.
Configuring Mac OS X Machines Installation Options with Default Values Description GROUP=Y primary group for the CSI_USER. CSI_USER_PRIMARY_GID=501 Keep the default value. Create user’s primary Group ID. CSI_USER_USE_NEXT_ AVAILABLE_LOCAL_GID=Y Keep the default value. Setting this option to Y allows the Group ID to be the next available local Group ID over CSI_USER_PRIMARY_ GID. CSI_USER=csi_acct Keep the default value. The user assigned to the cfgsoft group.
vCenter Configuration Manager Administration Guide Installation Options with Default Values Description CSI_PARENT_LOG_ DIRECTORY=default Specifies where agent operational log files are kept. The log directory is CSI_PARENT_LOG_DIRECTORY/CMAgent/log. The default value indicates to use these values. n CSI_KEEP_CSIINSTALL=N Mac OS X: log ->private/var/log/CMAgent/log Recommend keeping the default value. After a successful installation, the temp installation directory CSIInstall is deleted.
Configuring Mac OS X Machines 2. On the Collection Type page, select Machine Data and click OK. 3. On the Machines page, select the machines from which you are collecting data and click Next. 4. On the Data Types page, configure the collection and click Next. a. Select the Select All check box. b. Select Use default filters. 5. On the Important page, verify that there are no conflicts with previously scheduled or running jobs, and click Finish.
vCenter Configuration Manager Administration Guide Option Description Console Displays dashboards and summary reports based on collected data. You use the Console to view data relevant to day-to-day operations, troubleshooting, and analysis. The displayed data is based on the collected Mac OS X data types. See the online help for a list of currently collected data types. To view the dashboards, click Console and select Dashboards > UNIX.
Patching Managed Machines 10 VCM Patching is the VCM patch assessment, deployment, and verification capability, which ensures continuous security throughout your environment by proactive compliance of your IT infrastructure. VCM Patching ensures that your machines have the latest security patches and other software installed.
vCenter Configuration Manager Administration Guide VCM Patching for UNIX and Linux Machines VCM Patching for UNIX and Linux machines helps you deploy patches to bring UNIX and Linux machines into compliance. n Bulletins: Lists vendor bulletins available to VCM Patching. n Assessment Templates: Contains one or more patch bulletins. When you run an assessment, UNIX and Linux machines that require the patches appear. You can select bulletins or product names to create templates.
Patching Managed Machines Figure 10–1. UNIX and Linux Patch Assessment and Deployment Process To verify that VCM supports your UNIX and Linux machines for patch deployment, see the VCM Installation Guide. VCM provides patch assessment content in a new format for several Red Hat and SUSE versions. See "New UNIX Patch Assessment Content" on page 137. For the operating system versions supported, see the VCM Installation Guide.
vCenter Configuration Manager Administration Guide The .pls files use new names. Red Hat file names include Red Hat instead of RH, and SUSE file names include Novell SUSE instead of Novell Linux. Patch Assessment Content Private Repository The new patch assessment content architecture uses a private YUM repository to contain the VCM patch assessment content for Red Hat and SUSE machines. This content supports several Red Hat and SUSE versions that have the VCM 5.4.1 or later Agent installed. The VCM 5.4.
Patching Managed Machines Procedure 1. "Check for Updates to Bulletins" on page 139 Use VCM Patching to check the Web for updates to patch bulletins, which you can use in assessments of machines to enforce compliance. 2. "Collect Data from Windows Machines by Using the VCM Patching Filter Sets" on page 139 Collect data from Windows machines to obtain the current patch status. VCM Patching requires you to collect current information about the File System, Hotfixes, Registry, and Services Windows data types.
vCenter Configuration Manager Administration Guide Procedure 1. On the toolbar, click Collect. 2. Select the Windows machines from which to collect data. 3. Select Select a Collection Filter Set to apply to these machines and click Next. 4. Select the Patching - Windows Security Bulletins filter set and click Next. This filter set gathers information for all available Windows security bulletins that you can use to patch Windows machines.
Patching Managed Machines 10. On the VCM toolbar, verify that the correct Machine Group is selected. 11. Click Patching and select Windows > Assessment Templates. 12. Select the template to run and click Assess. 13. When the assessment finishes, click the Refresh button on the toolbar and view the assessment results in the data grid. Review VCM Patching Windows Assessment Results View the assessed Windows machines.
vCenter Configuration Manager Administration Guide VCM Patching Actions The following actions are available. n Agent Install: VCM Patching installs the Agent component to a machine the first time a patch is deployed to that machine. n Agents using HTTP: If VCM Patching detects that the target machine has an VCM Agent using HTTP, VCM Patching will route the deployment through VCM as a remote command job. Prerequisites n Test all patches before you deploy them. n Back up critical systems.
Patching Managed Machines Machine Group Mapping When you define an alternate patch location for a particular machine group, you must select that machine group in VCM before you deploy the patches. If you do not select this machine group, VCM Patching will not acknowledge the alternate patch location and the patches will not be deployed. The alternate patch location is defined in machine group mapping. Click Administration and select Settings > General Settings > Patching > Machine Group Mapping.
vCenter Configuration Manager Administration Guide Machine Group mappings are not inherited. For example, if under the machine group called UNIX Machines, you create a machine group called Solaris, the machine group mapping that exists for UNIX Machines will not be applied to the Solaris machine group. To Patch AIX machines Deploying some patches might fail on AIX machines if the patch prerequisites cannot be resolved by VCM using the downloaded patch bulletin content.
Patching Managed Machines Procedure 1. Click Patching. 2. Select Windows > Assessment Templates and select the template used for the assessment. 3. Make sure the data grid view is visible so that you can view the machines and bulletins. 4. Locate the rows that display the StatusNotPatched status. To identify the machines that must be patched, group the Patch Status column. 5. Highlight the row that contains the machine to be patched and select Deploy.
vCenter Configuration Manager Administration Guide Getting Started with VCM Patching for UNIX and Linux Machines Use VCM Patching for UNIX/Linux to determine the patch status of UNIX and Linux machines and deploy patches to those machines. NOTE Assessments of UNIX and Linux machines operate differently from Windows assessments. UNIX and Linux assessments require you to collect new data. Windows assessments are performed against previously collected data.
Patching Managed Machines Collect Patch Assessment Data from UNIX and Linux Machines Collect UNIX and Linux patch assessment data using bulletins, an assessment template, or the Collect wizard. n Bulletins: Collect patching data using the Patch Assessment collection filter. Because UNIX and Linux assessments are VCM collections, you can schedule these assessments. n Assessment template: Collect patching data using a template that filters the patch assessment results.
vCenter Configuration Manager Administration Guide 7. On the toolbar, click Jobs and view the progress of the collection. The assessment on UNIX and Linux machines uses the Patch Assessment collection filter to perform a collection of all machines in the current machine group, and the results are reported in the Assessment Results node. 8. Select UNIX/Linux Platform > Assessment Results > All Bulletins and view the results.
Patching Managed Machines Icon Status PatchMachine Mismatch Description The patch OS version or hardware architecture does not match the machine. Patch Not The machine is up-to-date or the intended software product is not installed on Needed the machine. Not Patched The patch is not applied to the machine. Error Occurred An unexpected condition occurred during the assessment of the machine.
vCenter Configuration Manager Administration Guide Machine Group Mapping When you define an alternate patch location for a particular machine group, you must select that machine group in VCM before you deploy the patches. If you do not select this machine group, VCM Patching will not acknowledge the alternate patch location and the patches will not be deployed. The alternate patch location is defined in machine group mapping.
Patching Managed Machines 7. (Optional) If you need to specify commands to deploy the patches, on the Command Line Options page specify the options to use. 8. (Optional) If you need to run remote commands as part of the deployment, on the Pre-Deployment and Post-Deployment Remote Commands page select any of the remote commands to apply during the patch deployment. 9. On the Patch Deployment Schedule page, set the timing for the patch deployment job. 10.
vCenter Configuration Manager Administration Guide n Manually update VCM Patching Windows content. n Run reports without Internet access. Customize Your Environment for VCM Patching Perform routine maintenance on your VCM configuration management database. With routine maintenance, you can tune the visibility of configuration information so that the policies you develop and the actions you take are appropriate for your IT infrastructure.
Running and Enforcing Compliance 11 Using the Compliance module, you define a standard configuration for all machines or multiple standards for different machine groups. Then, you compare machines against these configuration rules to see if the machines are in compliance. In some cases, you can enforce certain settings on the machines that are not in compliance.
vCenter Configuration Manager Administration Guide vulnerabilities To calculate CVSS scores that apply to your unique environment, go to the CVSS scoring Web site, fill in the form, and click the Update Scores button. http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 Conduct SCAP Compliance Assessments You import a benchmark, run an SCAP assessment on the managed machines in your environment, review the results, and have the option to export the results. Procedure 1.
Running and Enforcing Compliance Run an SCAP Assessment Run an SCAP assessment that compares your managed machine configuration against a profile in a standard SCAP benchmark. Prerequisite Import the benchmark. See "Import an SCAP Benchmark" on page 154. Procedure 1. Click Compliance. 2. Select SCAP Compliance > Benchmarks > benchmark name > profile name. 3. Click Run Assessment. 4. Highlight the machines to assess, and click the down arrow to select them. 5. Click Next and click Next again. 6.
vCenter Configuration Manager Administration Guide Upon successful export, VCM creates a file with a name based on the machine name, output format, and time stamp in the following folder on the Collector. \\{machine-name}\CMFiles$\SCAP\Export You can export the formats that are viewable from the data grid, as well as others. Prerequisite Run the assessment. See "Run an SCAP Assessment" on page 155. Procedure 1. Click Compliance. 2. Select SCAP Compliance > Benchmarks > benchmark name > profile name. 3.
Provisioning Physical or Virtual Machine Operating Systems 12 Operating system (OS) provisioning is the process of installing operating systems to physical or virtual machines. As part of the provisioning process, you can add newly provisioned machines to VCM. OS provisioning enables you to quickly deploy one or more physical or virtual machines to meet expanding business needs. Some of these machines may have limited use and lifespan, and may be reprovisioned for other purposes.
vCenter Configuration Manager Administration Guide Figure 12–1. Relationship of OS Provisioning Components Patching the Operating System Provisioning Server Exclude the OS Provisioning Server instances from your automated patching in VCM. Patching the operating system will elevate the minor version and may leave the OS Provisioning Server in an unsupported state.
Provisioning Physical or Virtual Machine Operating Systems The discovered target machines appear in the Provisionable Machines data grid by MAC address. 5. Use VCM to send the command that includes the provisioning details to the OS Provisioning Server to provision the target machines. The OS Provisioning Server creates an installation session for the target machines based on the configured OS distribution settings. 6. Reboot the target machines.
vCenter Configuration Manager Administration Guide The OS Provisioning Server identifies provisionable physical or virtual machines in your environment when the target machines are set to network boot and attempt to PXE boot. 5. "Provision Machines with Operating System Distributions" on page 162 The OS provisioning process installs one Windows or Linux operating system distribution on one or more physical or virtual machines using OS provisioning.
Provisioning Physical or Virtual Machine Operating Systems Procedure 1. Click Administration. 2. Select Certificates. 3. Select the OS Provisioning Server machines and click Change Trust Status. 4. Add any additional OS Provisioning Server instances to trust to the lower data grid. 5. Select Check to trust or uncheck to untrust the selected machines and click Next. 6. Review the number of machines affected and click Finish.
vCenter Configuration Manager Administration Guide Procedure 1. On target machines, configure the BIOS to network boot. 2. Start the machines on your provisioning network. 3. In VCM, click Administration. 4. Select Machines Manager > OS Provisioning > Provisionable Machines. 5. On the data grid toolbar, click Refresh. This action collects data from the OS Provisioning Server and the provisionable machines appear in the data grid when the collection is finished. The machines are identified by MAC address.
Provisioning Physical or Virtual Machine Operating Systems n Identify or create any postinstallation scripts that you want to run on the target machine after it is provisioned with the new operating system. The postinstallation scripts are copied to the target machine along with the OS distribution and runs after the operating system is installed. Procedure 1. Click Administration. 2. Select Machines Manager > OS Provisioning > Provisionable Machines. 3.
vCenter Configuration Manager Administration Guide 7. On the Select OS Distribution page, select the Windows operating system that you are installing on the selected machines and click Next. 8. On the Settings page, configure the options required for your selected Window OS distribution and click Next. Option Description Product License Key (Optional for Windows 2008. Required for Windows 2003 and Windows 7.) Type a license matching the operating system you are installing.
Provisioning Physical or Virtual Machine Operating Systems Option Description License these machines for License the machines for VCM management. VCM 9. On the Machine-Specific Settings page, type the HostName and click Next. The HostName is limited to 15 characters. If you did not select Use DHCP to determine IP address on the Settings page, you must configure the IP Address, Subnet, Default Gateway, and DNS. 10.
vCenter Configuration Manager Administration Guide You can install one OS distribution on one or more target machines. To install a different OS distribution, configure a new OS provisioning action. Prerequisites n Verify that the operating system you are installing is compatible with the hardware or configuration of the target physical or virtual machines. For example, the operating system must support the drivers required by the hardware. n Verify that the OS Provisioning Servers are registered.
Provisioning Physical or Virtual Machine Operating Systems 7. On the Select OS Distribution page, select the a Linux operating system that you are installing on the selected machines and click Next. 8. On the Settings page, configure the options required for your selected Linux OS distribution and click Next. Option Description Product License Key Type the license to use when installing the operating system on the target machines. The license must match the operating system you are installing.
vCenter Configuration Manager Administration Guide Option Volume Name Description n Duplicate mount points are not allowed. n For a swap partition, the mount point and the file system type should be swap. n When naming mount points, you can use letters, digits, ., -, _, and +. Spaces are not allowed. Type the name of the logical partition. For example, LogVol00. The volume names must meet specific criteria. Volume Size n When naming volumes, you can use letters, digits, ., or _.
Provisioning Physical or Virtual Machine Operating Systems Option Description File System Select the type of file system. For a swap partition, the mount point and the file system type should be swap. Supported File System options by operating system. Operating Supported System File System RHEL 6.0 swap, vfat, xfs RHEL 5.4 ext2, ext3, ext4, and 5.5 swap, vfat RHEL 5.0 ext2, ext3, and 5.2 swap, vfat SLES 10.0 and 11.
vCenter Configuration Manager Administration Guide Option Description Grow partition to Select the option to allow the logical volume to fill available space up to the use all remaining maximum size specified for the volume. space You can select the option for only one partition. If you select this option, you can specify a Volume Size of 0MB. Remove Click to delete the selected row from the custom volume plan list. 12. On the Confirmation page, click Finish.
Provisioning Physical or Virtual Machine Operating Systems Procedure 1. On the Linux machine, log in as root. 2. Run the ntpdate -u command to update the machine clock. For example, ntpdate -u ntp-time.for.mydomain. 3. Open the /etc/ntp.conf file and add the NTP servers used in your environment. You can add multiple NTP servers similar to these examples. server ntp-time.for.mydomain server otherntp.server.org server ntp.research.gov 4.
vCenter Configuration Manager Administration Guide Option Description Machines > Licensed Windows Machines. The OS Provisioning Status column indicates whether the Windows machine was create using OS provisioning. n To view the provisioned Linux machines, click Administration and select Machines Manager > Licensed Machines > Licensed UNIX Machines. The OS Provisioning Status column indicates whether the Linux machine was create using OS provisioning.
Provisioning Physical or Virtual Machine Operating Systems The OS Provisioning Server starts jobs for each of the selected machines. Each job creates a configured session for the specified machines. The configured session includes information about the target machine, the OS distribution, the user configuration information for the selected combination of machine and operating system, and the VCM Agent. 11. Reboot the target machines.
vCenter Configuration Manager Administration Guide 174 VMware, Inc.
Provisioning Software on Managed Machines 13 Software provisioning is the process you use to create software packages, publish the packages to repositories, and then install packages on one or more target machines. To support the provisioning process, the VCM Software Provisioning components consist of VMware vCenter Configuration Manager Package Studio, software package repositories, and Package Manager.
vCenter Configuration Manager Administration Guide Software Provisioning Component Relationships The following diagram displays the general relationship between Package Studio, repositories, and Package Manager in a working environment. Figure 13–1. Software Provisioning Diagram Install the Software Provisioning Components The software provisioning components are installed on the VCM Collector by default.
Provisioning Software on Managed Machines n Software Repository for Windows: Installed on at least one Windows machine in your environment, and installed on the same machine with Package Studio. Install the repository before installing Package Studio. n VMware vCenter Configuration Manager Package Studio: Installed on the same machine as your software repository. n Package Manager: Installed on all Windows machines on which you are managing software provisioning.
vCenter Configuration Manager Administration Guide Procedure 1. Double-click Repository.msi. 2. On the Welcome page, click Next. 3. Review the license agreement, select the appropriate options to continue, and click Next. 4. On the Installation Folder page, use the default path or click Change to modify the path, and click Next. 5. On the Virtual Directory page, use the default name or type a new name in the text box, and click Next. 6. On the Ready to Install page, click Install. 7.
Provisioning Software on Managed Machines Procedure 1. Double-click PackageStudio.msi. 2. On the Welcome page, click Next. 3. Review the license agreement, select the appropriate options to continue, and click Next. 4. On the Installation Folder page, use the default path or click Change to modify the path, and click Next. 5. On the Repository Root Folder page, verify the path is to your installed repository files. If the path is not accurate, click Change. When the path is correct, click Next. 6.
vCenter Configuration Manager Administration Guide The Package Studio is installed to the location specified during installation. The default location is C:\Program Files\VMware\VCM\Tools\Package Studio (on 32-bit machines) or C:\Program Files (x86)\VMware\VCM\Tools\Package Studio (on 64-bit machines). To start Package Studio, click Start and select All Programs > VMware vCenter Configuration Manager > Tools > Package Studio, or open the Package Studio folder and double-click PackageStudio.exe.
Provisioning Software on Managed Machines Prerequisites n Verify that the target machine meets the supported hardware, operating system, and software requirements. See VCM Installation Guide for currently supported platforms and requirements. Verifying the Installation of the Agent Extensions for Provisioning If you do not know whether the machines are ready to use provisioning, you can verify the version of the Agent Extensions for Provisioning.
vCenter Configuration Manager Administration Guide a. Click Properties and type a Name, Version, Description, and select the Architecture. These fields are required. You have the option to update the other fields, depending on you requirements. Configuring the package with Depends, Conflicts, Provides, and adding and configuring the installation and removal files. b. Click Files and import the installation files, add pre-command files, configure the commands and arguments, and add post-command files. c.
Provisioning Software on Managed Machines Procedure 1. On a Windows 2008 machines, select Start > All Programs > VMware vCenter Configuration Manager > Tools. 2. Right-click Package Studio and select Properties. 3. Click the Compatibility tab. 4. In the Privilege Level area, select Run this program as an administrator and click Apply. 5. Click OK. 6. Select Start > All Programs > VMware vCenter Configuration Manager > Tools > Package Studio. 7. On the User Account Control dialog box, click Yes.
vCenter Configuration Manager Administration Guide Prerequisites n Package Manager is installed on the target machines. Package Manager is installed when you install the VCM 5.3 Agent or later. See "Install Package Manager on Managed Machines" on page 180. n Verify that you created software provisioning packages using VMware vCenter Configuration Manager Package Studio and published the packages to the repositories. See "Creating Packages" on page 181. Procedure 1. Click Collect. 2.
Provisioning Software on Managed Machines 6. On the Confirmation page, review the information, resolve any conflicts, and click Finish. You can monitor the process in the Jobs Manager. See "Viewing Provisioning Jobs in the Job Manager" on page 188. What to do next n When the collection is finished, view the collected data. Click Console and select Windows tab > Operating System > Software Provisioning > Repositories. The data grid displays the packages in the repositories.
vCenter Configuration Manager Administration Guide d. Select the URI and click OK. e. Verify that the Platform name and the Section name are exactly the names used in the repository. 6. On the Schedule page, select one of the scheduling options and configure as needed. 7. On the Confirmation page, review the information and click Finish. The added source is displayed in the Package Manager - Sources data grid. What to do next Install software packages on target machines. See "Install Packages" on page 186.
Provisioning Software on Managed Machines 5. On the Select Package page, select the package to install. 6. Select one of the following version options. Option Description Install Version Installs the specified version. By default the operator equals the package selected in the list. However, you may select a different operator and type the version number in the text box.
vCenter Configuration Manager Administration Guide Related Software Provisioning Actions You can use the following management options in VCM when working with software provisioning. Option Description Console All Software Provisioning are available for auditing as part of Change Management. Click Console and select Change Management > VCM Initiated or Non VCM Initiated to view the data. Software Provisioning actions are not eligible for rollback through Change Management.
Provisioning Software on Managed Machines Create Compliance Rules Based on Software Provisioning Data A Compliance rule based on software provisioning data detects any packages or sources that are out of compliance. You can configure remediation actions to bring the machines back into compliance. In this example the Compliance rule checks whether the source, where the values are platform=Any and section=Release, was added to selected Package Managers as a source.
vCenter Configuration Manager Administration Guide What to do next Add the rule to your template. When the Compliance Template is run, it checks the target machines to determine if the repository source is added as a source. If it is not, the source is added to the machines Package Manager.
Provisioning Software on Managed Machines f. Configure the version options to use the selected version, specify a different version, or install the latest version. g. Specify the Security Options. Determine whether a package is installed or removed based on the state of the signature.
vCenter Configuration Manager Administration Guide 192 VMware, Inc.
Configuring Active Directory Environments 14 VCM for Active Directory collects Active Directory objects across domains and forests, and displays them through a single console. The information is consolidated and organized under the Active Directory slider, allowing you to view your Active Directory structure, troubleshoot issues, detect change, and ensure compliance. You can filter, sort, and group Active Directory data to pinpoint the specific area of interest.
vCenter Configuration Manager Administration Guide 5. "License Domain Controllers" on page 196 To manage domain controllers, you must license them in VCM. 6. "Install the VCM Windows Agent on Your Domain Controllers" on page 197 Install the VCM Windows Agent on each domain controller so that you can collect data and manage the virtual or physical machines. 7. Collect Domain Controller Data Start managing the domain controllers by performing an initial collection, which adds domain controller data to VCM.
Configuring Active Directory Environments Procedure 1. Click Administration. 2. Select Settings > Network Authority > Available Accounts. 3. To add a new domain account, click Add. 4. Type the domain name, user name, and password, and click Next. 5. Click Finish to add the account. What to do next Assign the network authority account to the domain so that VCM can access the domain controllers in the domain. See "Assign Network Authority Accounts" on page 195.
vCenter Configuration Manager Administration Guide NOTE You can use the Discovered Machines Import Tool (DMIT), which imports machines discovered by the Network Mapper (Nmap), to import many physical and virtual machines at one time into the VCM database. Download DMIT from the VMware Web site. Prerequisites Assign a Network Authority Account that VCM can use for access. See "Assign Network Authority Accounts" on page 195. Procedure 1. Click Administration. 2. Select Machines Manager > Discovery Rules.
Configuring Active Directory Environments Procedure 1. Click Administration. 2. Select Machines Manager > Available Machines. 3. Select the domain controllers to license. 4. Click License. 5. Verify that the domain controllers to license appear in the Selected list. Use the arrows to move the domain controllers. 6. Click Next to view your Product License Details. The licensed domain controller count increases by the number of licensed machines. 7. Click Next.
vCenter Configuration Manager Administration Guide Procedure 1. Click Administration. 2. Select Machines Manager > Licensed Machines > Licensed Windows Machines. 3. In the data grid, select one or more domain controllers on which to install the Agent and click Install. 4. On the Machines page, verify that the target machines appear in the Selected list and click Next. 5. On the Install Options page, select the default installation options and click Next. 6.
Configuring Active Directory Environments Procedure 1. On the VCM toolbar, click Collect. 2. On the Collection Type page, select Machine Data and click OK. 3. On the Machines page, select the domain controllers from which to collect data and click Next. To move all visible domain controllers to the selection window, use the double arrow. 4. Select the Do not limit collection to deltas check box. This option ensures that a full collection occurs during the initial set up of VCM for Active Directory. 5.
vCenter Configuration Manager Administration Guide Prerequisites n Discover, license, and install the VCM Windows Agent on your domain controllers. See "Configure Domain Controllers" on page 193. n Verify that jobs have finished running. Click Administration and select Job Manager > History > Other Jobs > Past 24 Hours. Procedure 1. Click Administration. 2. Select Machines Manager > Additional Components > VCM for Active Directory. 3. Click Install. 4.
Configuring Active Directory Environments Run the Domain Controller Setup Action VCM for Active Directory collects your Active Directory schema and structure as part of the domain controller setup action. During setup, you select a Forest Data Source (FDS) and Replication Data Source (RDS). Select machines that have reliable connections and availability. The same domain controller is allowed to serve as both FDS and RDS.
vCenter Configuration Manager Administration Guide Prerequisites n Install VCM for Active Directory. See "Configure VCM for Active Directory as an Additional Product" on page 199. n Verify that jobs have finished by clicking Administration and selecting Job Manager > History > Other Jobs > Past 24 Hours. Procedure 1. From the toolbar, click Collect. 2. On the Collection Type page, select Active Directory and click OK. 3.
Configuring Active Directory Environments Option Description From the data grid view, you can enable or disable the summary to view the details immediately. Reports Provides Active Directory information by running preconfigured or custom reports against the latest collected data. The time needed for a report to generate depends on the volume or complexity of the data requested. n Compliance VMware, Inc. To use the reporting options, click Reports and expand Active Directory Reports.
vCenter Configuration Manager Administration Guide 204 VMware, Inc.
Configuring Remote Machines 15 The VCM Remote client is the communication and management mechanism that you use to manage mobile Windows machines as they connect to and disconnect from the network. For Windows machines that are not continuously connected to the network, the VCM Remote client listens for network events indicating it has access to the VCM Remote-related components on the VCM Internet Information Services (IIS) server.
vCenter Configuration Manager Administration Guide Using Certificates With VCM Remote The use of certificates with VCM Remote ensures secure communication between VCM and the VCM Remote client when they are communicating outside your internal network. The communication between the Collector and the VCM Remote client is secured using Transport Layer Security (TLS) certificates. You can use the VCM certificate or you can use an existing Enterprise certificate.
Configuring Remote Machines Procedure 1. "Create Custom Collection Filter Sets" on page 207 You create custom collection filter sets for Dial-up, Broadband, or LAN connections to efficiently manage mobile machines using the VCM Remote client. To optimize results, create a different filter set for each connection type. 2. "Specify Custom Filter Sets in the VCM Remote Settings" on page 208 VCM Remote supports three connection types: broadband, dial-up, and LAN.
vCenter Configuration Manager Administration Guide What to do next n Repeat the procedure for all the connection types for which you configure filter sets. n Assign the filter sets to the appropriate VCM Remote settings. See "Specify Custom Filter Sets in the VCM Remote Settings" on page 208. Specify Custom Filter Sets in the VCM Remote Settings VCM Remote supports three connection types: broadband, dial-up, and LAN.
Configuring Remote Machines Procedure 1. Click Administration. 2. Select Settings > General Settings > VCM Remote. 3. On the VCM Remote Settings data grid, select each setting separately and click Edit Settings. Option Configuration Should Remote automatically install an Agent to the client (if required)? Click Yes. Allows VCM to install the Agent when contacted by the VCM Remote client the first time. Should Remote automatically upgrade an Agent to the Click Yes.
vCenter Configuration Manager Administration Guide n "Install the VCM Remote Client Manually" on page 210 The manual installation of the VCM Remote client is a wizard-based process that you use when you have direct access to the target machines. This process is a useful way to install the client if you are creating an image to install on other machines.
Configuring Remote Machines 5. On the VCM Remote Client Information page, configure the options and click Next. Option Description Collector Machine Name Name of the Windows machine on which the VCM Collector and Microsoft IIS are installed. Path to ASP Page Path for the IIS default VCM Remote Web site. The must match the virtual directory name as it appears in the Collector's IIS. The default value is VCMRemote. 6.
vCenter Configuration Manager Administration Guide Procedure 1. On the target machine, create a folder and copy the files from the Collector to the target folder. File Description CM Remote Client.msi Located on the Collector at [install path]\VMware\VCM\AgentFiles. CM_Enterprise_Certificate_ xxx.pem (Optional) Located on the Collector at [install path]\VMware\VCM\CollectorData.
Configuring Remote Machines Option Description the msiexec.exe was run. What to do next Connect the remote machine to the network to ensure that VCM completes the installation process. See "Connect VCM Remote Client Machines to the Network" on page 216 Install the VCM Remote Client Using Windows Remote Commands You use the Windows remote commands to deploy the VCM Remote client to multiple machines in your environment. The VCM Agent must be installed on the target machines.
vCenter Configuration Manager Administration Guide Sub DoWork() Set WshShell = CreateObject("WScript.Shell") sCollName = "YourCollectorName" 'Name of your VCM Collector machine in quotes bInstallCert = 1 'If the value is 1, the Enterprise Certificate is installed. If the value is set to 0, the installation of the certificate is skipped and it is assumed that the certificate is already present.
Configuring Remote Machines End If EcmScriptRuntime.CmdExecute Chr(34) & AppToRun & Chr(34), 10000 End Sub Sub CheckVars() If sCollName = "" Then WScript.Quit Else sCollName = Trim(sCollName) End If If sVirDir = "" Then sVirDir = "vcmremote/ecmremotehttp.asp" Else sVirDir = Trim(sVirDir) End If If sInstallDir = "" Then sInstallDir = "c:\vcm remote client" Else sInstallDir = Trim(sInstallDir) End If If sAddRemove <> 0 And sAddRemove <> 1 Then sAddRemove = 1 'Set whether or not VCM Remote appears in the
vCenter Configuration Manager Administration Guide sAddRemove = Trim(sAddRemove) End Sub c. Select the Certain file(s) are required to be on the target machine for this remote command check box. d. Click Next. 7. On the Files page, move the CM Remote Client.msi file and the .pem file to the list on the right, and click Next. 8. On the Important page, review and summary and click Finish. VCM saves and adds the command to Windows Remote Commands list. 9.
Configuring Remote Machines VCM Remote Collection Results The VCM Remote client-specific data is limited to administrative details. All other data collected from the remote machine appears in VCM as Windows machine data. See "Windows Collection Results" on page 85. The displayed data is only as current as the last time you collected from the remote machines. Option Description Administration View administrative details about the VCM Remote client. VMware, Inc.
vCenter Configuration Manager Administration Guide 218 VMware, Inc.
Tracking Unmanaged Hardware and Software Asset Data 16 VCM management extensions for assets integrates and manages hardware and software asset data that is not gathered through the automated managed machine collection processes of VCM. n Hardware: VCM for assets stores supplemental information (data that is not automatically collected) about physical and virtual machines that are managed by VCM.
vCenter Configuration Manager Administration Guide Review Available Asset Data Fields VCM for assets is populated with a short list of data fields to get you started. Examples include hardware data such as location or contact person, and software data such as license expiration date or number of copies. VCM for assets is configurable, so review the data fields and the order in which they appear. You have the opportunity to add, modify, remove, and rearrange fields.
Tracking Unmanaged Hardware and Software Asset Data a. Select the way to populate the data. Manually: type free-form text Lookup: select from a fixed or query-based list of values Dynamically: query from other data b. Select the data type. For string data, also enter the maximum number of characters to allow. 7. Click Next. 8. Configure the way to populate the data based on your earlier selection. n Manually: No configuration steps are needed. The user types the data at runtime.
vCenter Configuration Manager Administration Guide You cannot change the data properties. 8. Click Next. 9. Select the roles that are allowed to edit the data. Only users assigned to these roles can edit the data using the VCM Console. 10. Review the settings and click Finish. What to do next Remove unwanted fields. See "Delete a VCM for Assets Data Field" on page 222. Delete a VCM for Assets Data Field Remove asset data fields that do not serve a purpose in your environment.
Tracking Unmanaged Hardware and Software Asset Data Procedure 1. Click Administration. 2. Select Settings > Asset Extensions Settings. 3. Select one of the following nodes. Hardware Configuration Items > Other Devices Hardware Configuration Items > VCM Devices Software Configuration Items In the data grid, each row, in order, becomes a column in the asset data display in the VCM Console. 4. Click Column Order. 5. Select entries, use the arrow buttons to move rows up or down, and click Next. 6.
vCenter Configuration Manager Administration Guide Procedure 1. Click Console. 2. Select Asset Extensions > Hardware Configuration Items > VCM Devices. 3. In the data grid, select the VCM machine. 4. Click Edit Values. 5. Verify that the machine you want is in the Selected list and click Next. Use the arrow buttons to move entries to or from the Selected list. 6. Move the data fields that you want to edit into the Selected list and click Next.
Tracking Unmanaged Hardware and Software Asset Data Prerequisites n Have an administrator configure the asset data fields that you need. See "Configure Asset Data Fields" on page 219. n Log in to VCM with a role that has edit permission for asset configuration data. Procedure 1. Click Console. 2. Select Asset Extensions > Hardware Configuration Items > Other Devices. 3. Click Add. 4. Select or type the details that identify the device, such as its name and model, and click Next. 5.
vCenter Configuration Manager Administration Guide Procedure 1. Click Console. 2. Select Asset Extensions > Hardware Configuration Items > Other Devices. 3. In the data grid, select the asset. 4. Click Edit. 5. Change the details that identify the device, such as its name and model, and click Next. 6. Change the values for the asset data associated with the device and click Next. The fields can vary depending on how the administrator configured your data for other hardware devices. 7. Click Finish.
Tracking Unmanaged Hardware and Software Asset Data Configure Asset Data for Software A user with a role that has permission to edit asset data can use VCM for assets to gather information about the software on machines that are discovered and managed by VCM. Procedure n "Add Software Assets" on page 227 Manage your software assets by having VCM for assets detect what is installed on the physical and virtual machines in your environment.
vCenter Configuration Manager Administration Guide n Software Inventory (Windows): Select a product from the software inventory (SI) list. n Registry (Windows): Type or select a Windows Registry path, key, and value. n File System - Known Files (Windows): Type or select a filename and version. n Software Inventory - Packages (UNIX): Select a product from the SI list. n Software Inventory - Utilities (UNIX): Select a product from the SI list.
Tracking Unmanaged Hardware and Software Asset Data Edit Asset Data for Software Use VCM for assets to change your software asset records as your enterprise changes. Prerequisites Log in to VCM with a role that has edit permission for asset configuration data. Procedure 1. Click Console. 2. Select Asset Extensions > Software Configuration Items. 3. In the data grid, select the software asset. 4. Click Edit. 5. Change the name or description and click Next. 6.
vCenter Configuration Manager Administration Guide Procedure 1. Click Console. 2. Select Asset Extensions > Software Configuration Items. 3. In the data grid, select the software asset. 4. Click Edit Values. 5. Move the data fields that you want to edit into the Selected list and click Next. Use the arrow buttons to move entries to or from the Selected list. 6. Select or type the new values and click Next. 7. Review the new values and click Finish.
Managing Changes with Service Desk Integration 17 VCM Service Desk Integration tracks planned and unplanned changes to managed machines in your organization, and integrates change requests with your change management process. Service Desk Integration works by temporarily holding requested changes to managed machines while VCM integrates with your service desk application in order to pass the requests through your change management process or workflow.
vCenter Configuration Manager Administration Guide Procedure 1. Click Console. 2. Select Service Desk. 3. Under the Service Desk node, select any subnode. For example, click By RFC to view the data according to request for change (RFC). Under the By RFC sub-node, select an RFC to view the data for that item. Your subnodes and data views might differ from the defaults or from other organizations based on your requirements and specific implementation. What to do next Look at the status of change jobs.
Index % %Systemroot% environment variable 79, 81 A About Patching 135 about this book 9 access by user 11 accessing compliance content 21 active directory (AD) 193 collection results 202 configuration 199 data collection 201 getting started 193 installing VCM for active directory 199 run determine forest action 200 run domain controller setup action 201 AD (active directory) 193 add vCenter Server 30 vCloud Director 35 vShield Manager 45 add servers provisoning, operating system 160 adding asset data fie
vCenter Configuration Manager Administration Guide collect domain controllers 198 ESX logs 48, 53 ESX service console operating system 48 hosts, virtual machine 50 package managers 183 repositories 184 vCenter Server 32 vCenter Server virtual machines 33 vCloud Director 35, 37 vCloud Director vApp 39 virtual machine hosts 50 vShield Manager 45, 47 collect distributions provisioning, operating system 161 collecting WCI data 98 collection filter for WCI 101 collection results active directory 202 Oracle 124
Index discovery provisioning, operating system domain controllers add network authority assign network authority available domains collect collecting discover discover, license, install discovering domain discovery license licensing run setup action domain discovery domain controllers Windows machines domains active directory download settings patch assessment content 161 194 195 194 198 198 195 193 195 194 196 196 201 194 72 193 138 E editing asset data field 221 hardware asset data 225 hardware asset d
vCenter Configuration Manager Administration Guide software provisioning VCM for active directory integration service desk invalid certificate in vSphere Client troubleshooting 176 199 231 57 network authority account assigning checking network authority, add domain controllers network authority, assign domain controllers 73 72, 194 194 195 J job manager service desk integration job status reporting WCI jobs history provisioning 19 232 102 188 L launch an assessment license domain controllers licensi
Index PowerShell example script executing for WCI installation references script signing policies scripts, troubleshooting signing scripts for WCI WCI getting started Windows Custom Info PowerShell script verifying prerequisites patching deployement preview compliance rule groups Product Overview provision machines operating systems provisioning compliance compliance rule jobs History provisioning, operating system add servers agent communication collect distributions components discovery provision machine
vCenter Configuration Manager Administration Guide script signing policies references scripts PowerShell service desk integration adding console job manager set server trust status provisoning, operating system settings remote vCloud Director vShield Manager setup action running for active directory signing policies, PowerShell scripts PowerShell scripts sliders in portal software provisioning create packages install package manager install package studio install repository installation sources repository
Index VCM Summary and VCM Action troubleshooting VCM summary tab troubleshooting verify PowerShell script virtual environments managing agent virtual environnments managing agent managing agent collection managing agent enabled managing agent HTTPS bypass managing agent trust status virtual machine manage operating system virtual machines vCloud Director vApp virtual objects compliance exceptions compliance filters compliance rule groups compliance rules compliance templates run compliance virtualization c
vCenter Configuration Manager Administration Guide 240 VMware, Inc.
