5.7
Table Of Contents
- VMware vCenter Configuration Manager Advanced Installation Guide
- Contents
- About This Book
- Achieving a Successful VCM Installation
- Hardware Requirements for Collector Machines
- Software and Operating System Requirements for Collector Machines
- Preparing for Installation
- System Prerequisites to Install VCM
- Configure Resources to Install VCM on a Virtual Machine
- Secure Communications Certificates
- Single-Tier Server Installation
- Configure a Single-Tier Installation Environment
- Verify that the Installing User is an Administrator
- Install and Configure Windows Server 2008 R2
- Install the .NET Framework
- Configuring the Database Components of the VCM Collector
- Install SQL Server on the VCM Collector
- Verify and Configure the SQL Server Properties
- Verify Matching SQL Server and Computer Names
- Verify the SQL Server Agent Service Account is a sysadmin
- Verify that the SQL Server Agent Service Starts Automatically
- Select the SQL Server Agent Service Account
- Establish SQL Server Administration Rights
- Configure the Web Components
- Configure SSRS on the VCM Collector
- Configure the VCM Collector Components
- Two-Tier Split Installation
- Configuring a Two-Tier Split Installation Environment
- Verify that the Installing User is an Administrator
- Install and Configure a Windows Server 2008 R2 Operating System
- Configuring the VCM Database Server
- Disable the Firewall or Add an Exception for SQL Server Port 1433
- Install SQL Server on the Database Server
- Verify and Configure the SQL Server Properties
- Verify Matching SQL Server and Computer Names
- Verify the SQL Server Agent Service Account is a sysadmin
- Verify that the SQL Server Agent Service Starts Automatically
- Select the SQL Server Agent Service Account
- Establish SQL Server Administration Rights
- Configure the Combined VCM Collector and Web Server
- Three-Tier Split Installation
- Configuring a Three-Tier Split Installation Environment
- Verify that the Installing User is an Administrator
- Install and Configure a Windows Server 2008 R2 Operating System
- Configure the VCM Database Server
- Install SQL Server on the Database Server
- Verify and Configure the SQL Server Properties
- Verify Matching SQL Server and Computer Names
- Verify the SQL Server Agent Service Account is a sysadmin
- Verify that the SQL Server Agent Service Starts Automatically
- Select the SQL Server Agent Service Account
- Establish SQL Server Administration Rights
- Configure the Web Server
- Configure the VCM Collector
- Installing VCM
- Configuring SQL Server for VCM
- Upgrading or Migrating VCM
- Upgrading VCM and Components
- Upgrading Virtual Environments Collections
- Migrating VCM
- Prerequisites to Migrate VCM
- Migrate Only Your Database
- Replace Your Existing 32-Bit Environment with a Supported 64-bit Environment
- Migrate a 32-bit Environment Running VCM 5.3 or Earlier to VCM 5.7
- Migrate a 64-bit Environment Running VCM 5.3 or Earlier toVCM 5.7
- Migrate a Split Installation of VCM 5.3 or Earlier to a Single-Tier, Two-Tier...
- How to Recover Your Collector Machine if the Migration is not Successful
- Maintaining VCM After Installation
- Hardware and Operating System Requirements for VCM Managed Machines
- VCM Agent Support on Non-English Windows Platforms
- VCM Managed Machine Requirements
- Linux, UNIX, and Mac OS Agent Files
- Windows Custom Information Supports PowerShell 2.0
- Supported OS Provisioning Target Systems
- Software Provisioning Requirements
- Linux and UNIX Patch Assessment and Deployment Requirements
- Support for VMware Cloud Infrastructure
- vCenter Operations Manager Integration Features
- FIPS Requirements
- Agent Sizing Information
- Hardware and Software Requirements for the Operating System Provisioning Server
- Installing, Configuring, and Upgrading the OS Provisioning Server and Components
- Index
Secure Communications Certificates
7
Secure Communications Certificates
During VCM installation, specify the Collector and Enterprise certificates. VCM uses Transport Layer
Security (TLS) to secure all UNIX Agents and all Windows Agents using HTTP, and TLS uses certificates to
authenticate the Collector and Agents to each other.
If you use your own certificates, you must familiarize yourself with the certificate names in advance so
that you can select them during installation.
A valid Collector certificate must have the following attributes.
n
Located in the local machine personal certificate store.
n
Valid for Server Authentication. If any Enhanced Key Usage extension or property is present, it must
include the Server Authentication OID 1.3.6.1.5.5.7.3.1. If the Key Usage extension is present, it
must include DIGITAL_SIGNATURE.
n
Active, and not expired.
If you do not want to use your own certificates, you can have Installation Manager generate the Collector
and Enterprise certificates for you, select the Generate option during the installation.
If you install more than one Collector that will communicate with the same Agents, or if you plan to
replace or renew your certificates, follow the special considerations to generate and select certificates in
VCM Installation Manager. See the VCM Security Guide.
Authenticating the Server to the Client
VCM supports Server Authentication to authenticate the server to the client. In VCM environments where
TLS is used, VCM Agents verify the identity of the Collectors by verifying the certificates. If you use your
own certificates, you must familiarize yourself with the certificate names in advance so that you can select
them during installation.
The server typically authenticates a client or user by requiring information such as a user name and
password. When Server Authentication is used, the client or user verifies that the server is valid. To
accomplish this verification, the server provides a certificate issued by a trusted authority, such as Verisign.
If your client Web browser has the Verisign Certified Authority certificate in its trusted store, the Web
browser can trust that the server is actually the Web site you access.
To guarantee the identity of servers and clients, TLS uses certificates that are managed by a public key
infrastructure (PKI). A certificate is a package that contains a public key, information that identifies the
owner and source of that key, and one or more certifications (signatures) to verify that the package is
authentic. To sign a certificate, an issuer adds information about itself to the information that is already
contained in the certificate request. The public key and identifying information are hashed and signed
using the private key of the issuer’s certificate.
VMware, Inc.
31