5.6
Table Of Contents
- VMware vCenter Configuration Manager Security Guide
- Contents
- About This Book
- Introduction to VCM Security
- Domain Infrastructure
- VCM Installation Kits
- Server Zone Security
- VCM Collector Server
- SQL Server
- Web Server
- VCM Agent Systems and Managed Machines
- VCM User Interface System
- Software Provisioning Components
- Operating System Provisioning Components
- Decommissioning
- Authentication
- Transport Layer Security
- Keys and Certificates
- How VCM Uses Certificates
- Installing Certificates for the VCM Collector
- Changing Certificates
- Delivering Initial Certificates to Agents
- Storing and Transporting Certificates
- Mark a Certificate as Authorized on Windows
- Creating Certificates Using Makecert
- Update the Collector Certificate Thumbprint in the VCM Database
- Managing the VCM UNIX Agent Certificate Store
- Supplemental References
- Index
n
Collector service that processes requests and receives results
n
SQL Server database that stores results and application control information
n
Internet Information Services (IIS) Web server that hosts the UI Web application and accepts work
requests
n
Browser-based user interface (UI) that renders in Internet Explorer (IE) on user desktops
n
Agents that inspect managed machines and return results in response to requests
In some installations, optional components might also be present:
n
An Agent proxy that works with ESX, ESXi, and vSphere servers
n
An orchestration system that coordinates with service desk applications such as Remedy
n
A VCM Remote service
n
Operating system provisioning components
n
Software provisioning components
n
Alternative source file servers that store VCM installation kits and VCM Patching patches
With the exception of the UI, Agent, alternative sources, and OS Provisioning Server, all VCM components
run on Microsoft Windows Server systems. The UI runs in Internet Explorer on Windows desktops. The
Agent executes on either Windows or UNIX systems, including Linux, Solaris, HPUX, AIX, and Max OS X.
An alternative source can be any file server that exports shares or FTP.
The following figure shows VCM components, with the exception of provisioning and alternative sources.
Provisioning component areas appear in their respective chapters.
VCM Security Guide
10
VMware, Inc.