Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS
81828384858687888990
When you configure Kerberos Authentication in your two-tier split installation, configure it on the
database server and the combined VCMCollector and Web server.
Prerequisites
n Verify that your Windows Server 2008 R2 machine has Active Directory management tools installed. If
the tools are not installed, install them. See Microsoft TechNet online. This configuration requires an
Active Directory domain running at Windows Server 2003 or later domain functional level.
n If SQL Server Reporting Services is running on a different Windows machine than the VCM Collector in
a two-tier installation, verify that the Application Pool account is a local administrator.
Procedure
1. Log in to your Windows Server 2008 R2 machine as a user who has domain administrator privileges.
2. Start Active Directory Domain Services and select Active Directory Users and Computers.
3. Verify whether AD accounts exist in your domain for the SQLServer service and the VCM IIS
Application Pool.
4. If the accounts do not exist, create them.
a. Set the database account to be a local administrator on the database server.
b. Make the Application Pool account a local administrator on the VCM Collector in a two-tier
installation.
5. Select the Computers container and locate the Web system.
a. Open the properties for Web system.
b. Click the Delegation tab.
c. Select Trust this computer for delegation to any service.
6. Open IIS manager and set the identity of the CMAppPool application pool to the IISaccount.
7. In Reporting Services Configuration Manager, configure the SQL Server Reporting Services service to
run as the IISApplication Pool account.
8. Change SQL Server to run as the SQLServerDomain account.
a. In Reporting Services Configuration Manager, click Encryption Keys and click Delete to delete
encrypted content.
b. In the navigation pane, click Service Account and enter the app_pool_account account for the
database connection.
9. Open a command prompt to set the service principal names directory property for the Active
Directory service accounts.
a. Click Start, select All Programs > Accessories, right-click Command Prompt, and select Run as
administrator.
b. Type: Setspn -a MSSQLSvc/db_server_name domain\sql_server_account_name and press Enter.
c. Type: Setspn -a MSSQLSvc/db_server_name:1433 domain\sql_server_account_name and press
Enter.
d. Type: Setspn -a MSSQLSvc/db_server_fqdn domain\sql_server_account_name and press Enter.
e. Type: Setspn -a MSSQLSvc/db_server_fqdn:1433 domain\sql_server_account_name and press
Enter.
10. Verify whether SSRSis running on the SQLServer and if it is not running, locate and update the
vCenter Configuration Manager Advanced Installation Guide
82
VMware, Inc.