5.3

ManualsBrandsVMware ManualsApplicationsvCenter Configuration Manager

Table Of Contents

Copyright
About This Book
Preparing for Installation
- Using Installation Manager
- Understanding Installation Configurations
- Understanding Tools Installation
- Checking Prerequisites for Installation
- Understanding VCM's Use of FIPS Cryptography
Installing VCM Using Installation Manager
- Using the Installation Manager
  - Navigating VCM Installation Manager Screens
  - Installing VCM and the Related Components
Upgrading VCM and Related Components
- Prerequisites
  - Backup and Recovery
  - Assumptions for Upgrading Your VCM Collector and Database
- Upgrading to VCM 5.3
- Upgrading Existing Windows Agents
- Upgrading Existing Remote Clients
- Upgrading Existing UNIX Agents
  - To Upgrade the UNIX Agent(s) with a Local Package
  - To Upgrade the UNIX Agent(s) with a Remote Package
- Upgrading VCM for Virtualization
  - Upgrading an Agent Proxy Machine
  - Upgrading the vSphere Client VCM Plug-in
Getting Started with VCM Components and Tools
- Understanding User Access
- Launching and Logging Onto VCM
  - How to Launch VCM and Log On
- Getting Familiar with the Portal
- Where to Go Next
Getting Started with VCM
- Discover, License, and Install Windows Machines
- Discover, License, and Install UNIX/Linux Machines
- Discover, License, and Install Mac OS X Machines
- Discover, License, and Collect Oracle Data from UNIX Machines
- Customize VCM for your Environment
- How to Set Up and Use VCM Auditing
Getting Started with VCM for Virtualization
- Virtual Environment Configuration
- ESX 2.5/3.x,vSphere 4, and ESXi Servers Collections
- vCenter Server Collections
- Configuring Agent Proxy Virtualization Collections
- Configuring Agent Proxy Machines
- Configuring ESX/vSphere Servers
- Configuring Web Services for ESX/vSphere Server Communication
- Performing an Initial Virtualization Collection
- Exploring Virtualization Collection Results
- Configuring vCenter Server Data Collections
- About the vSphere Client VCM Plug-in
- Further Reading
Getting Started with VCM Remote
- Getting Started with VCM Remote
- Installing the VCM Remote Client
  - Installing the Remote Client manually
- Making VCM Aware of VCM Remote Clients
- Configuring VCM Remote Settings
  - Creating Custom Collection Filter Sets
  - Specifying Custom Filter Sets in the VCM Remote Settings
- Performing a Collection Using VCM Remote
- Exploring VCM Remote Collection Results
Getting Started with VCM Patching
- Getting Started with VCM Patching
- Getting Started with VCM Patching for Windows Machines
- Getting Started with VCM Patching for UNIX/Linux Machines
- Further Reading
Getting Started with Software Provisioning
- VMware vCenter Configuration Manager Package Studio
- Software Repository for Windows
- Package Manager for Windows
- Overview of Component Relationships
- Installing the Software Provisioning Components
- Using Package Studio to Create Software Packages and Publish to Repositories
  - Creating Packages
- Using VCM Software Provisioning for Windows
- Related Software Provisioning Actions
- Further Reading
Getting Started with VCM Management Extensions for Assets
- Getting Started with VCM Management Extensions for Assets
- Review Hardware and Software Configuration Item Fields
  - Modifying Hardware Configuration Item Fields
  - Modifying Software Configuration Item Fields
- Adding Hardware Configuration Items
  - Editing Values for Devices
  - Modifying Other Devices
- Adding Software Configuration Items
- Further Reading
Getting Started with VCM Service Desk Integration
- Getting Started with Service Desk Integration
- Service Desk Integration in the Console
- Service Desk Integration in Job Manager
- Further Reading
Getting Started with VCM for Active Directory
- Making VCM Aware of Domain Controllers
- Configuring VCM for Active Directory as an Additional Product
- Performing an Active Directory Data Collection
- Exploring Active Directory Collection Results
- Further Reading
Getting Started with VCM for SMS
- Getting Started with VCM for SMS
- Making VCM Aware of the SMS Servers
- Performing SMS Server Collections
- Performing SMS Client Collections
- Exploring SMS Collection Results
- Further Reading
Getting Started with Windows Server Update Services
- Getting Started with Windows Server Update Services
- Making VCM Aware of the WSUS Server
- Performing WSUS Server Collections
- Performing WSUS Client Collections
- Exploring WSUS Collection Results
  - Viewing WSUS Clients
  - Viewing WSUS Reports
- Further Reading
Accessing Additional Compliance Content
- Locating the Content Directory
- Launching the Content Wizard to Import Relevant Content
- Exploring Imported Content Results in the Portal
Installing and Getting Started with VCM Tools
- Installing the VCM Tools Only
- Foundation Checker
- VCM Job Manager Tool
- VCM Import/Export and Content Wizard (CW)
  - VCM Import/Export
  - Content Wizard
Maintaining VCM After Installation
- Customize VCM and Component-specific Settings
- Configure Database File Growth
- Configure Database Recovery Settings
- Create a Maintenance Plan for SQL Server 2005
- Incorporate the VCM CMDB into your Backup/Disaster Recovery Plans
Troubleshooting Problems with VCM
- Evaluating Missing UNIX Patch Assessment Results
- Resolving Reports and Node Summaries Problems
  - To Resolve the Problem
- Resolving Protected Storage Errors
  - To Resolve the Problem
- Resetting the Required Secure Channel (SSL)
- Resolving a Report Parameter Error
Configuring a Collector as an Agent Proxy
- Verifying Membership to CSI_COMM_PROXY_SVC on the Agent Proxy Machine
- Generating Key Pairs on the Agent Proxy Machine
- Uploading Keys to the Database
Index

Secure Communications Certificates

VCM uses Transport Layer Security (TLS) to secure all HTTP communication with Windows and UNIX

Agents in HTTP mode (includes all UNIX Agents and Windows Agents in HTTP mode). TLS uses

certificates to authenticate the Collector and Agents to each other. You must specify certificates for the

Collector and for the Enterprise during the installation process. If you plan to use your own certificates,

familiarize yourself with the certificate names so that you can select them during installation.

To be valid, a Collector certificate must meet the following criteria:

The Collector certificate must be located in the local machine personal certificate store.

The Collector certificate must be valid for Server Authentication. If any Enhanced Key Usage extension

or property is present, it must include the Server Authentication OID 1.3.6.1.5.5.7.3.1. If the Key Usage

extension is present, it must include DIGITAL_SIGNATURE.

The Collector certificate must not be expired.

If you want Installation Manager to generate the Collector and Enterprise certificates for you, select the

Generate option during installation.

NOTE If you will be installing more than one Collector that will communicate with the same Agent(s), or

you plan to replace/renew your certificates at a later date, there are special considerations for generating

and selecting certificates in VCM Installation Manager. For more information about VCM and Transport

Layer Security (TLS), see Transport Layer Security Implementation for VCM.

Server Authentication

Server Authentication is a method of authenticating the server to the client. VCM supports server

authentication. In VCM environments where TLS is employed, VCM Agents verify the identity of the

Collector (or Collectors) through the use and verification of certificates (over HTTP).

Typically, the server authenticates a client/user by requiring information, such as a user name and

password. When server authentication is used, the client/user verifies that the server is valid. To

accomplish this verification using TLS, the server provides a certificate issued by a trusted authority, such

as Verisign®. If your client web browser has the Verisign® Certified Authority certificate in its trusted

store, it can trust that the server is actually the web site you are accessing.

TLS uses certificates managed by a public key infrastructure (PKI) to guarantee the identity of servers and

clients. A certificate is a package containing a public key and information that identifies the owner and

source of that key, and one or more certifications (signatures) verifying that the package is authentic. To

sign a certificate, an issuer adds information about itself to the information already in the certificate

request. The public key and identifying information are hashed and signed using the private key of the

issuer’s certificate.

Certificates are defined by the X.509 RFC standard, which includes fields that form a contract between the

creator and consumer. The Enhanced Key Usage extension specifies the use for which the certificate is

valid, including Server Authentication.

Enterprise and Collector Certificates

An Enterprise Certificate and one or more Collector Certificates enable secure HTTP Collector-Agent

communication in VCM. The Enterprise Certificate enables VCM to operate in a multi-Collector

environment. Agents have the Enterprise Certificate in their trusted certificate stores, which they use

implicitly to validate any certificate issued by the Enterprise Certificate. All Collector Certificates are

expected to be issued by the Enterprise Certificate, which is critical in environments where a single Agent

Preparing for Installation

VMware, Inc. 15