5.7
Table Of Contents
- VMware vCenter Configuration Manager Installation Guide
- Contents
- About This Book
- Preparing to Install VCM
- Common Prerequisites for All VCM Servers
- VCM Installation
- Post-Installation
- Hardware and Operating System Requirements for VCM Managed Machines
- VCM Agent Support on Non-English Windows Platforms
- VCM Managed Machine Requirements
- Linux, UNIX, and Mac OS Agent Files
- Windows Custom Information Supports PowerShell 2.0
- Supported OS Provisioning Target Systems
- Software Provisioning Requirements
- Linux and UNIX Patch Assessment and Deployment Requirements
- Support for VMware Cloud Infrastructure
- vCenter Operations Manager Integration Features
- FIPS Requirements
- Agent Sizing Information
- Index
Network Authority Account
The Network Authority account is for data collection from DCOMWindows machines, data collection
from Active Directory, and for Active Directory and NT domain discovery. VCM supports multiple
Network Authority accounts but must have at least a default Network Authority account configured.
Configure Network Authority accounts in VCM under the Administration slider.
If the account password changes, you must also update the password in VCM.
Network Authority accounts require local administrator permission on any Windows machine that they
access, and SQL Server sysadmin rights if collecting SQL Server data. When policies permit, and for
convenience, make the Network Authority account a separate, domain administrator account with
permissions on Windows machines throughout a large enterprise.
Network Authority accounts with restricted permissions might work for limited VCM activities, but
restricted Network Authority accounts are not supported.
ECMSRSUser Account
VCM creates a local account called ECMSRSUser on the VCM Web server. The account provides Report
Server access for VCM users.
The account is a standard user account with no special permissions nor access on VCM databases. The
unencrypted account password is stored in Configuresoft.Ecm.Reports.dll and cannot be changed.
Alternatively, you can delete or disable ECMSRSUser, and grant VCM users Content Manager rights to
the ECM Reports folder in SSRS.
SQL Server Permissions and Constructs
At installation, VCM creates the vcm_app certificate login, which is used for signed procedures that need
greater access for operations such as re-creating the VCM_Raw database or granting users access to VCM
databases.
The vcm_app certificate login has corresponding users in the VCM databases and is granted the following
permissions.
n
ALTER ANY DATABASE
n
ALTER ANY LOGIN
n
AUTHENTICATE SERVER
n
CONNECT SQL
At installation, VCM creates the vcm_app_jobs certificate login, which is used for signed procedures to
execute SQL Server Agent jobs for VCM. The vcm_app_jobs certificate login has corresponding users in
the VCM and msdb databases and is granted the following permissions.
n
AUTHENTICATE SERVER
n
CONNECT SQL
The SQL Server Service Broker is used to execute asynchronous operations so that non-interactive, long-
running activities do not slow the VCM user interface. VCM enables the Service Broker at installation, and
creates and enables the AsyncExecQueue whenever the VCM Collector service starts.
vCenter Configuration Manager Installation Guide
12
VMware, Inc.