User`s guide
Table Of Contents
- VMware vCenter Configuration ManagerInstallation and Getting Started Guide
- About This Book
- Preparing for Installation
- Installation Manager
- Installation Configurations
- Tools Installation
- General Prerequisites to Install VCM
- Verify Hardware and Software Requirements
- Verify Administration Rights
- Set the Default Network Authority Account
- Specify the Collector Services Account
- Change the Collector Services Account Password in the Services Management Con...
- Change the Collector Services Account Password in the Component Services DCOM...
- Verify the VMware Application Services Account
- Determine the VCM Remote Virtual Directory
- Use Secure Communications Certificates
- Understand Server Authentication
- Verify the Foundation Checker System Checks
- Install UNIX Patch for HP-UX 11.11
- VCM Uses FIPS Cryptography
- Installing VCM
- Installing, Configuring, and Upgrading the OS Provisioning Server and Components
- Upgrading or Migrating VCM
- Upgrades
- Migrations
- Prerequisites to Migrate VCM
- Back Up Your Databases
- Back up Your Files
- Export and Back up Your Certificates
- Migrating VCM
- Migrate Only Your Database
- Replace Your Existing 32-Bit Environment with a Supported 64-bit Environment
- Migrate a 32-bit Environment Running VCM 5.3 or Earlier to VCM 5.4.1
- Migrate a 64-bit Environment Running VCM 5.3 or Earlier to VCM 5.4.1
- Migrate a Split Installation of VCM 5.3 or Earlier to a Single-Server Install...
- How to Recover Your Collector Machine if the Migration is not Successful
- Upgrading VCM and Components
- Maintaining VCM After Installation
- Getting Started with VCM Components and Tools
- Getting Started with VCM
- Discover, License, and Install Windows Machines
- Discover, License, and Install Windows Machines
- Verify Available Domains
- Check the Network Authority
- Assign Network Authority Accounts
- Discover Windows Machines
- License Windows Machines
- Disable User Account Control for VCM Agent Installation
- Install the VCM Windows Agent on Your Windows Machines
- Enable UAC After VCM Agent Installation
- Collect Windows Data
- Windows Collection Results
- Getting Started with Windows Custom Information
- Discover, License, and Install UNIX/Linux Machines
- Discover, License, and Install Mac OS X Machines
- Discover, Configure, and Collect Oracle Data from UNIX Machines
- Customize VCM for your Environment
- How to Set Up and Use VCM Auditing
- Discover, License, and Install Windows Machines
- Getting Started with VCM for Virtualization
- Getting Started with VCM Remote
- Getting Started with VCM Patching
- Getting Started with Operating System Provisioning
- Getting Started with Software Provisioning
- Using Package Studio to Create Software Packages and Publish to Repositories
- Software Repository for Windows
- Package Manager for Windows
- Software Provisioning Component Relationships
- Install the Software Provisioning Components
- Using Package Studio to Create Software Packages and Publish to Repositories
- Using VCM Software Provisioning for Windows
- Related Software Provisioning Actions
- Getting Started with VCM Management Extensions for Assets
- Getting Started with VCM Service Desk Integration
- Getting Started with VCM for Active Directory
- Installing and Getting Started with VCM Tools
- Index
To guarantee the identity of servers and clients, TLS uses certificates that are managed by a public key
infrastructure (PKI). A certificate is a package that contains a public key, information that identifies the
owner and source of that key, and one or more certifications (signatures) to verify that the package is
authentic. To sign a certificate, an issuer adds information about itself to the information that is already
contained in the certificate request. The public key and identifying information are hashed and signed
using the private key of the issuer’s certificate.
Certificates are defined by the X.509 RFC standard, which includes fields that form a contract between the
creator and consumer. The Enhanced Key Usage extension specifies the use for which the certificate is
valid, including Server Authentication.
Enterprise and Collector Certificates
An Enterprise Certificate and one or more Collector Certificates enable secure HTTP Collector and Agent
communication in VCM. The Enterprise Certificate enables VCM to operate in a multi-Collector
environment. Agents have the Enterprise Certificate in their trusted certificate stores, and they use the
Enterprise Certificate to validate any certificate issued by the Enterprise Certificate. All Collector
Certificates are expected to be issued by the Enterprise Certificate, which is critical in environments where
a single Agent is shared between two Collectors.
Server authentication is required to establish a TLS connection with an Agent. All VCM Collectors should
have a common Enterprise Certificate. Each Collector Certificate is issued by the Enterprise Certificate,
and is capable of Server Authentication. Collector Certificates in VCM must adhere to the requirements
for secure communications certificates. See "General Prerequisites to Install VCM" on page 12.
n
The Collector Certificate initiates and secures a TLS communication channel with an HTTP Agent. The
Agent must be able to establish that the Collector Certificate can be trusted, which means that the
Collector Certificate is valid and the certification path starting with the Collector Certificate ends with a
trusted certificate. By design, the Enterprise Certificate is installed in the Agent’s trusted store. The trust
chain ends with the Enterprise Certificate.
n
A Collector Certificate can issue Agent certificates. When all Collector Certificates are issued by the
same Enterprise Certificate, any Agent Certificate may be issued by any Collector Certificate, and all
Agents can trust all Collectors. All Collectors can validate all Agent Certificates. Agent Certificates are
used for Mutual Authentication only. VCM supports Mutual Authentication, which requires interaction
with VMware Technical Support and a Collector Certificate that has certificate signing capability.
n
The Collector Certificate and associated private key must be available to the Collector. This certificate is
stored in the local machine personal system store.
Delivering Initial Certificates to Agents
VCM Agents use the Enterprise Certificate to validate Collector Certificates. The Agent must have access
to the Enterprise Certificate as a trusted certificate. In most cases, VCM delivers and installs the Enterprise
Certificate as needed.
n
Installing the Agent from a Disk (Windows only)
The VCM Installation DVD does not contain customer-specific certificates. If HTTP is specified, the
manual VCM installer requests the location of the Enterprise Certificate file during the installation. You
must have the Enterprise Certificate file available at installation time. You can copy the certificate file,
which has a .pem extension, from the CollectorData folder on the Collector. You must copy the
certificate file when you run the manual installer directly using CMAgentInstall.exe or when you
use the Agent Only option in the DVD auto-run program.
n
Using CMAgentInstall.exe to Install the Agent (Windows only)
Preparing for Installation
VMware, Inc. 15