5.7
Table Of Contents
- VMware vCenter Configuration Manager Advanced Installation Guide
- Contents
- About This Book
- Achieving a Successful VCM Installation
- Hardware Requirements for Collector Machines
- Software and Operating System Requirements for Collector Machines
- Preparing for Installation
- System Prerequisites to Install VCM
- Configure Resources to Install VCM on a Virtual Machine
- Secure Communications Certificates
- Single-Tier Server Installation
- Configure a Single-Tier Installation Environment
- Verify that the Installing User is an Administrator
- Install and Configure Windows Server 2008 R2
- Install the .NET Framework
- Configuring the Database Components of the VCM Collector
- Install SQL Server on the VCM Collector
- Verify and Configure the SQL Server Properties
- Verify Matching SQL Server and Computer Names
- Verify the SQL Server Agent Service Account is a sysadmin
- Verify that the SQL Server Agent Service Starts Automatically
- Select the SQL Server Agent Service Account
- Establish SQL Server Administration Rights
- Configure the Web Components
- Configure SSRS on the VCM Collector
- Configure the VCM Collector Components
- Two-Tier Split Installation
- Configuring a Two-Tier Split Installation Environment
- Verify that the Installing User is an Administrator
- Install and Configure a Windows Server 2008 R2 Operating System
- Configuring the VCM Database Server
- Disable the Firewall or Add an Exception for SQL Server Port 1433
- Install SQL Server on the Database Server
- Verify and Configure the SQL Server Properties
- Verify Matching SQL Server and Computer Names
- Verify the SQL Server Agent Service Account is a sysadmin
- Verify that the SQL Server Agent Service Starts Automatically
- Select the SQL Server Agent Service Account
- Establish SQL Server Administration Rights
- Configure the Combined VCM Collector and Web Server
- Three-Tier Split Installation
- Configuring a Three-Tier Split Installation Environment
- Verify that the Installing User is an Administrator
- Install and Configure a Windows Server 2008 R2 Operating System
- Configure the VCM Database Server
- Install SQL Server on the Database Server
- Verify and Configure the SQL Server Properties
- Verify Matching SQL Server and Computer Names
- Verify the SQL Server Agent Service Account is a sysadmin
- Verify that the SQL Server Agent Service Starts Automatically
- Select the SQL Server Agent Service Account
- Establish SQL Server Administration Rights
- Configure the Web Server
- Configure the VCM Collector
- Installing VCM
- Configuring SQL Server for VCM
- Upgrading or Migrating VCM
- Upgrading VCM and Components
- Upgrading Virtual Environments Collections
- Migrating VCM
- Prerequisites to Migrate VCM
- Migrate Only Your Database
- Replace Your Existing 32-Bit Environment with a Supported 64-bit Environment
- Migrate a 32-bit Environment Running VCM 5.3 or Earlier to VCM 5.7
- Migrate a 64-bit Environment Running VCM 5.3 or Earlier toVCM 5.7
- Migrate a Split Installation of VCM 5.3 or Earlier to a Single-Tier, Two-Tier...
- How to Recover Your Collector Machine if the Migration is not Successful
- Maintaining VCM After Installation
- Hardware and Operating System Requirements for VCM Managed Machines
- VCM Agent Support on Non-English Windows Platforms
- VCM Managed Machine Requirements
- Linux, UNIX, and Mac OS Agent Files
- Windows Custom Information Supports PowerShell 2.0
- Supported OS Provisioning Target Systems
- Software Provisioning Requirements
- Linux and UNIX Patch Assessment and Deployment Requirements
- Support for VMware Cloud Infrastructure
- vCenter Operations Manager Integration Features
- FIPS Requirements
- Agent Sizing Information
- Hardware and Software Requirements for the Operating System Provisioning Server
- Installing, Configuring, and Upgrading the OS Provisioning Server and Components
- Index
Certificates are defined by the X.509 RFC standard, which includes fields that form a contract between the
creator and consumer. The Enhanced Key Usage extension specifies the use for which the certificate is
valid, including Server Authentication.
Enterprise and Collector Certificates
An Enterprise Certificate and one or more Collector Certificates enable secure HTTP Collector and Agent
communication in VCM. The Enterprise Certificate enables VCM to operate in a multi-Collector
environment. Agents have the Enterprise Certificate in their trusted certificate stores, and they use the
Enterprise Certificate to validate any certificate issued by the Enterprise Certificate. All Collector
Certificates are expected to be issued by the Enterprise Certificate, which is critical in environments where
a single Agent is shared between multiple Collectors.
Server authentication is required to establish a TLS connection with an Agent. All VCM Collectors should
have a common Enterprise Certificate. Each Collector Certificate is issued by the Enterprise Certificate,
and is capable of Server Authentication. Collector Certificates in VCM must adhere to the requirements
for secure communications certificates. See "Secure Communications Certificates" on the previous page.
n
The Collector Certificate initiates and secures a TLS communication channel with an HTTP Agent. The
Agent must be able to establish that the Collector Certificate can be trusted, which means that the
Collector Certificate is valid and the certification path starting with the Collector Certificate ends with a
trusted certificate. By design, the Enterprise Certificate is installed in the Agent’s trusted store. The trust
chain ends with the Enterprise Certificate.
n
Self-signed Agent Certificates are generated during Agent installation, upon first contact from the
Collector. Agent Certificates are used for Mutual Authentication only. VCM support for Mutual
Authentication requires the administrator to manually verify the fingerprint of each Agent's certificate
before marking those Agents as trusted in Administration > Certificates.
n
The Collector Certificate and associated private key must be available to the Collector. This certificate is
stored in the local machine personal system store.
Delivering Initial Certificates to Agents
VCM Agents use the Enterprise Certificate to validate Collector Certificates. The Agent must have access
to the Enterprise Certificate as a trusted certificate. In most cases, VCM delivers and installs the Enterprise
Certificate as needed during the HTTP Agent installation.
When you manually install Windows HTTP or VCM Remote client components, you must specify a path
to the PEM file that provides the Enterprise Certificate and the Collector's public key.
Installing the Agent from a Disk (Windows only)
The VCM Installation DVD does not contain customer-specific certificates. If HTTP is specified, the manual
VCM installer requests the location of the Enterprise Certificate file during the installation. You must have
the Enterprise Certificate file available at installation time. You can copy the certificate file, which has a
.pem extension, from the CollectorData folder on the Collector. You must copy the certificate file
when you run the manual installer directly using CMAgentInstall.exe or when you use the Agent
Only option in the DVD auto-run program.
vCenter Configuration Manager Advanced Installation Guide
32
VMware, Inc.