5.1
Table Of Contents
- vCloud Director Installation and Upgrade Guide
- Contents
- VMware vCloud Director Installation and Upgrade Guide
- Overview of vCloud Director Installation, Configuration, and Upgrade
- vCloud Director Architecture
- Configuration Planning
- vCloud Director Hardware and Software Requirements
- Creating a vCloud Director Server Group
- Upgrading vCloud Director
- vCloud Director Setup
- Index
Procedure
1 List the IP addresses for this server.
Use a command like ifconfig to discover this server's IP addresses.
2 For each IP address, run the following command to retrieve the fully qualified domain name to which the
IP address is bound.
nslookup
ip-address
3 Make a note of each IP address, the fully qualified domain name associated with it, and whether
vCloud Director should use the address for the HTTP service or the console proxy service.
You need the fully qualified domain names when you create the certificates, and the IP addresses when
you configure network and database connections.
4 Create the certificates.
You can use certificates signed by a trusted certification authority, or self-signed certificates. Signed
certificates provide the highest level of trust. A 2,048-bit key length provides a high level of security.
Create and Import a Signed SSL Certificate
Signed certificates provide the highest level of trust for SSL communications.
Each vCloud Director server requires two SSL certificates, one for each of its IP addresses, in a Java keystore
file. You must create two SSL certificates for each server that you intend to use in your vCloud Director server
group. You can use certificates signed by a trusted certification authority, or self-signed certificates. Signed
certificates provide the highest level of trust.
To create and import self-signed certificates, see “Create a Self-Signed SSL Certificate,” on page 19.
Prerequisites
n
Generate a list of fully-qualified domain names and their associated IP addresses on this server, along
with a service choice for each IP address. See “Create SSL Certificates,” on page 16.
n
Verify that you have access to a computer that has a Java version 6 runtime environment, so that you can
use the keytool command to create the certificate. The vCloud Director installer places a copy of
keytool in /opt/vmware/vcloud-director/jre/bin/keytool, but you can perform this procedure on any
computer that has a Java version 6 runtime environment installed. Certificates created with a keytool from
any other source are not supported for use with vCloud Director. Creating and importing the certificates
before you install and configure vCloud Director software simplifies the installation and configuration
process. These command-line examples assume that keytool is in the user's path. The keystore password
is represented in these examples as passwd.
Procedure
1 Create an untrusted certificate for the HTTP service.
This command creates an untrusted certificate in a keystore file named certificates.ks.
keytool -keystore certificates.ks -storetype JCEKS -storepass
passwd
-genkey -keyalg RSA -
alias http
The certificate is valid for 90 days.
2 Answer the keytool questions.
When keytool asks for your first and last name, type the fully qualified domain name associated with the
IP address you want to use for the HTTP service.
Chapter 1 Overview of vCloud Director Installation, Configuration, and Upgrade
VMware, Inc. 17