5.6
Table Of Contents
- VMware vCenter Configuration Manager Installation Guide
- Contents
- About This Book
- Achieving a Successful VCM Installation
- Hardware Requirements for Collector Machines
- Software and Operating System Requirements for Collector Machines
- Preparing for Installation
- System Prerequisites to Install VCM
- Configure Resources to Install VCM on a Virtual Machine
- Secure Communications Certificates
- Single-Tier Server Installation
- Two-Tier Split Installation
- Three-Tier Split Installation
- Configuring a Three-Tier Split Installation Environment
- Installation Prerequisites for All Servers
- Configuring the VCM Database Server
- Configuring the Web Server
- Verify the Server Role Services on the Web Server
- Verify the IIS Server-Side Includes Role Service
- Verify the ISAPI Extensions
- Install the .NET Framework
- Verify the Authentication Settings
- Install SQL Server on the Web Server
- Install SQL Server 2008 Utilities
- Place the Web Server in the Internet Explorer Trusted Zone
- Configuring SSRS on the Web Server
- Configuring the VCM Collector
- Configuring Additional Components for a Three-Tier Environment
- Installing VCM
- Configuring SQL Server for VCM
- Upgrading or Migrating VCM
- Upgrading VCM and Components
- Upgrading Virtual Environments Collections
- Migrating VCM
- Prerequisites to Migrate VCM
- Migrate Only Your Database
- Replace Your Existing 32-Bit Environment with a Supported 64-bit Environment
- Migrate a 32-bit Environment Running VCM 5.3 or Earlier to VCM 5.6
- Migrate a 64-bit Environment Running VCM 5.3 or Earlier to VCM 5.6
- Migrate a Split Installation of VCM 5.3 or Earlier to a Single-Tier, Two-Tier...
- How to Recover Your Collector Machine if the Migration is not Successful
- Maintaining VCM After Installation
- Hardware and Operating System Requirements for VCM Managed Machines
- VCM Agent Support on Non-English Windows Platforms
- VCM Managed Machine Requirements
- Windows Custom Information Supports PowerShell 2.0
- Supported OS Provisioning Target Systems
- Software Provisioning Requirements
- UNIX and Linux Patch Assessment and Deployment Requirements
- Support for VMware Cloud Infrastructure
- vCenter Operations Manager Integration Features
- FIPS Requirements
- Agent Sizing Information
- Hardware and Software Requirements for the Operating System Provisioning Server
- Installing, Configuring, and Upgrading the OS Provisioning Server and Components
- Index
Secure Communications Certificates
7
Secure Communications Certificates
During VCM installation, specify the Collector and Enterprise certificates. VCM uses Transport Layer
Security (TLS) to secure all UNIX Agents and all Windows Agents using HTTP, and TLS uses certificates to
authenticate the Collector and Agents to each other.
If you use your own certificates, you must familiarize yourself with the certificate names in advance so
that you can select them during installation.
A valid Collector certificate must have the following attributes.
n
Located in the local machine personal certificate store.
n
Valid for Server Authentication. If any Enhanced Key Usage extension or property is present, it must
include the Server Authentication OID 1.3.6.1.5.5.7.3.1. If the Key Usage extension is present, it
must include DIGITAL_SIGNATURE.
n
Active, and not expired.
If you do not want to use your own certificates, you can have Installation Manager generate the Collector
and Enterprise certificates for you, select the Generate option during the installation.
If you install more than one Collector that will communicate with the same Agents, or if you plan to
replace or renew your certificates, follow the special considerations to generate and select certificates in
VCM Installation Manager. See the VCM Security Guide.
Authenticating the Server to the Client
VCM supports Server Authentication to authenticate the server to the client. In VCM environments where
TLS is used, VCM Agents verify the identity of the Collectors by verifying the certificates. If you use your
own certificates, you must familiarize yourself with the certificate names in advance so that you can select
them during installation.
The server typically authenticates a client or user by requiring information such as a user name and
password. When Server Authentication is used, the client or user verifies that the server is valid. To
accomplish this verification, the server provides a certificate issued by a trusted authority, such as Verisign.
If your client Web browser has the Verisign Certified Authority certificate in its trusted store, the Web
browser can trust that the server is actually the Web site you access.
To guarantee the identity of servers and clients, TLS uses certificates that are managed by a public key
infrastructure (PKI). A certificate is a package that contains a public key, information that identifies the
owner and source of that key, and one or more certifications (signatures) to verify that the package is
authentic. To sign a certificate, an issuer adds information about itself to the information that is already
contained in the certificate request. The public key and identifying information are hashed and signed
using the private key of the issuer’s certificate.
VMware, Inc.
29