VMware vCenter Configuration Manager Installation and Getting Started Guide vCenter Configuration Manager 5.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
vCenter Configuration Manager Installation and Getting Started Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com © 2006-2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents Updated Information 9 About This Book 11 Preparing for Installation 13 Use Installation Manager Understand Installation Configurations Understand Tools Installation Check Prerequisites for Installation Hardware and Software Requirements Administration Rights Default Network Authority Account Collector Services Account VMware Application Services Account VCM Remote Virtual Directory Secure Communications Certificates Server Authentication Understand Use of FIPS Cryptography by VCM VCM Use of
vCenter Configuration Manager Installation and Getting Started Guide Upgrade and Migration Scenarios Prerequisites Back up Your Databases Back up Your Files Back up Your Certificates Software Supported by the VCM Collector Migration Process Prerequisites Foundation Checker Must Run Successfully Use the SQL Migration Helper Tool Migrate Only Your Database Replace your existing 32-Bit Environment with the Supported 64-bit Environment How to Recover Your Machine if the Migration is not Successful Migrate a 32
Contents Getting Started with VCM for Mac OS X Adding Mac OS X Machines Licensing Mac OS X Machines Installing the Agent on Mac OS X Machines Performing a Mac OS X Collection Exploring Mac OS X Collection Results Discover, License, and Collect Oracle Data from UNIX Machines Adding UNIX Machines Hosting Oracle and Installing the Agent Discovering Oracle Instances Creating the Oracle Collection User Account Performing an Oracle Collection Exploring Oracle Collection Results Reference Information about Oracle
vCenter Configuration Manager Installation and Getting Started Guide Running VCM Patching Reports Customize Your Environment for VCM Patching 174 175 Getting Started with Operating System Provisioning 177 About OS Provisioning OS Provisioning Components Provision Machines Workflow Collect OS Distributions Discover Provisionable Machines Provision Machines Configure ESX and ESXi Machines Change Agent Communication Working with Provisioned Machines Re-Provision Machines Getting Started with Software Pro
Contents Making VCM Aware of Domain Controllers Confirming the Presence of Domains Adding and Assigning Network Authority Accounts Discovering Domain Controllers Verifying Domain Controller Machines in Available Machines Licensing and Deploying the VCM Agent Performing a Machine Data Type Collection Configuring VCM for Active Directory as an Additional Product Deploying VCM for AD to the Domain Controllers Running the Determine Forest Action Running the Setup DCs Action Performing an Active Directory Data
vCenter Configuration Manager Installation and Getting Started Guide 8 VMware, Inc.
Updated Information VCM Installation and Getting Started Guide is updated with each release of the product or when necessary. This table provides the update history of the vCenter Configuration Manager Installation and Getting Started Guide. Revision Description EN-000485-01 n "Maintaining Operating System Provisioning Servers" on page 37 added to provide information regarding backup and recovery instructions, and file maintenance requirements.
vCenter Configuration Manager Installation and Getting Started Guide 10 VMware, Inc.
About This Book The VMware vCenter Configuration Manager Installation and Getting Started Guide describes the steps necessary for a successful VCM installation. This document contains the following information: n Preparing for the VCM installation. n Installing VCM. n Getting started with VCM and its components. n Maintenance and troubleshooting. Read this document and complete the associated procedures to prepare for a successful installation.
vCenter Configuration Manager Installation and Getting Started Guide Technical Support and Education Resources The following technical support resources are available to you. To access the current version of this book and other books, go to http://www.vmware.com/support/pubs. Online and Telephone To use online support to submit technical support requests, view your product and contract Support information, and register your products, go to http://www.vmware.com/support.
Preparing for Installation 1 Use this information to help you prepare to install VCM components and tools in your enterprise. n Use Installation Manager: Provides an overview of Installation Manager, which is used to install and activate all VCM components and tools. n Understand Installation Configurations: Describes the supported installation configurations for VCM. n Understand Tools Installation: Explains how VCM tools are installed.
vCenter Configuration Manager Installation and Getting Started Guide Use Installation Manager Use Installation Manager to perform new installations as well as upgrades. Installation Manager provides a highly simplified process for installing components and tools, and steps you through the entire installation or upgrade process. Installation Manager: n Performs checks to ensure the machine(s) meets the hardware and software prerequisites necessary for installation.
Preparing for Installation Understand Tools Installation Several tools are installed with automatically VCM. These tools include: n Foundation Checker n Import/Export Tool and Content Wizard Tool n Package Studio You may install VCM tools separately on a non-Collector machine as needed. To install the Tools only, use the installation procedures in "Installing and Getting Started with VCM Tools" on page 233.
vCenter Configuration Manager Installation and Getting Started Guide The Local System account named NT AUTHORITY\System has unrestricted access to all local system resources. This account is a member of the Windows Administrators group on the local machine, and a member of the SQL Server sysadmin fixed server role. If the NT AUTHORITY\System account does not have access to the VCM installation binary files (possibly because someone removed the account or inherently removed access), the installation will re
Preparing for Installation To be valid, a Collector certificate must be: n Located in the local machine personal certificate store. n Valid for Server Authentication. If any Enhanced Key Usage extension or property is present, it must include the Server Authentication OID 1.3.6.1.5.5.7.3.1. If the Key Usage extension is present, it must include DIGITAL_SIGNATURE. n Active, and not expired.
vCenter Configuration Manager Installation and Getting Started Guide n The Collector Certificate is used to initiate and secure a TLS communication channel with an HTTP Agent. The Agent must be able to establish that the Collector Certificate can be trusted, which means that the Collector Certificate is valid and the certification path starting with the Collector Certificate ends with a trusted certificate.
Preparing for Installation For more information about Installing the Agent on UNIX/Linux Machines and UNIX/Linux packages and platforms, refer to section Installing the VCM Agent on UNIX/Linux Machines. Understand Use of FIPS Cryptography by VCM Federal Information Processing Standards (FIPS) are developed by the US National Institute of Standards (NIST) and the Canadian Communications Security Establishment (CSE).
vCenter Configuration Manager Installation and Getting Started Guide Cryptography used in VCM Software Components VCM uses various software components that also use cryptography. Microsoft IIS, Internet Explorer, and SChannel (SSL/TLS) systems call the CryptoAPI, and thus use the Windows FIPS-validated modules. VCM for Virtualization uses ActiveX COM components from WeOnlyDo! Software (WOD) for SSH and SFTP services. WOD utilizes the FIPS 140-2 compliant OpenSSL library. Table 1-1.
Installing VCM 2 Use Installation Manager to install VCM and all of its components and tools. To install only the VCM tools, follow the installation procedures in "Installing and Getting Started with VCM Tools" on page 233. IMPORTANT Before you migrate VCM to VCM 5.4, read Migrating VCM and Related Components.
vCenter Configuration Manager Installation and Getting Started Guide 1. Select one of these options: n Run Installation Manager. Starts Installation Manager and begins the installation. n View Help. Displays the Installation Manager Help, which describes the selections that appear during the installation. n Browse Contents of Installation CD. Starts Windows Explorer and displays the content of the installation CD, which includes documentation. n Contact Support Team.
Installing and Configuring the OS Provisioning Server and Components 3 The Operating System (OS) Provisioning server installs OS distributions on target machines. The OS Provisioning server is installed and configured on a Red Hat server, and then operating systems are imported into the OS Provisioning Server repository. After the distributions are imported, the server manages the installation process.
vCenter Configuration Manager Installation and Getting Started Guide Procedure 1. Mount the VCM-OS-Provisioning-Server-.iso by either attaching to the media image or mounting the image. When mounting the image, do not use the no-exec option. 2. Change the directory to where the image is located. cd / where is the path to the mounted file. 3. Run the # ./INSTALL-ME-FIRST command to install the database package.
Installing and Configuring the OS Provisioning Server and Components # su - fsrepo [fsrepo@~]$ create-repository 11. When the action completes, run the [fsrepo@~]$ exit command. If necessary you can review the /opt/FastScale/home/fsrepo/fscreate-repo.log. The OS Provisioning Server maintenance commands can also be added to the root user's path. The default shell profiles are modified by OS Provisioning Server to add /opt/FastScale/sbin to the root account.
vCenter Configuration Manager Installation and Getting Started Guide Whether you use a private provisioning network or a shared network you can use either the OS Provisioning Server DHCP server or a separate DHCP server; however, only one DHCP server should be active on any network, and the DHCP server will need to be able to “point” new systems to the OS Provisioning Server for discovery and provisioning. The OS Provisioning Server provides DHCP services on the provisioning network by default.
Installing and Configuring the OS Provisioning Server and Components 3. On the corporate DHCP server, update the dhcpd.conf file with the following options: allow bootp; allow booting; next-server ; where is replaced with the specified IP address. Configure TFTP The OS Provisioning Server provides TFTP services on the provisioning network, which, by default, has a private IP address.
vCenter Configuration Manager Installation and Getting Started Guide [Thu Jul 22 08:57:08 IST 2010] UNINSTALL-ME: Command : /sbin/service FastScale stop Shutting down FSnetfs: [ OK ] Shutting down FSsyslog: [ OK ] Shutting down FSmesgd: [ OK ] Shutting down FSdhcpd: [ OK ] .......... [Thu Jul 22 09:00:44 IST 2010] UNINSTALL-ME: Uninstallation complete! Preparing Boot Images for Windows Provisioning It is necessary to prepare a Windows boot image to successfully provision target Windows machines.
Installing and Configuring the OS Provisioning Server and Components Option Description Provisioning Server Public IP> deployment IP address as the argument to the '-l' option.
vCenter Configuration Manager Installation and Getting Started Guide For example, # cp -R /media/cdrom/Win2003-R2-SP2-Standard /tmp/Win2003-R2-SP2-Standard 3. Replace the first CD with the second CD and type: # cp -R /media/cdrom/ /tmp/ For example, # cp -R /media/cdrom/Win2003-R2-SP2-Standard /tmp/Win2003-R2-SP2-Standard When importing the second CD, do not replace any files if prompted during the copy operation.
Installing and Configuring the OS Provisioning Server and Components 8. The script runs as follows with a specific example: Importing data into repository... Importing source data... No recipes are accessible. Adding new recipe WINSERVER2003_std_r2_sp2BasicRecipe-2 Creating UCI WINSERVER2003_std_r2_sp2-BasicUCI. Attaching UCI WINSERVER2003_std_r2_sp2-BasicUCI to recipe 2. UCI WINSERVER2003_std_r2_sp2-BasicUCI is attached to recipe 2. Updating the Summary data...
vCenter Configuration Manager Installation and Getting Started Guide 7. The script runs as follows: Importing data into repository... Importing source data... No recipes are accessible. Adding new recipe ESX4.0ulBasicRecipe-2 Creating UCI ESX4.0ul-BasicUCI. Attaching UCI ESX4.0ul-BasicUCI to recipe 2. UCI ESX4.0ul-BasicUCI is attached to recipe 2. Updating the Summary data...
Installing and Configuring the OS Provisioning Server and Components n All private keys are RSA keys. Certificates are created or obtained, and copied to the required locations using industry best practices. n On the VCM Collector: Copy certificate to c:\Program Files (x86) \VMware\VCM\Tools\sTunnel\certs\vcm_stunnel_ cert.pem. Copy private key to c:\Program Files (x86)\VMware\VCM\Tools\sTunnel\key\vcm_stunnel_ pk.pem.
vCenter Configuration Manager Installation and Getting Started Guide ; The hash can be obtained with the command: openssl x509 -noout -in cert.pem -hash CApath = /opt/FastScale/var/certs client = no foreground = no output = /opt/FastScale/logs/stunnel.log pid = /opt/FastScale/logs/stunnel.pid [fsmesgds] accept = 40610 connect = localhost:21310 ; Authentication stuff verify = 3 [fsrepods] accept = 40607 connect = 127.0.0.1:21307 ; Authentication stuff verify = 3 3. Restart stunnel.
Installing and Configuring the OS Provisioning Server and Components Procedure 1. Place the VCM Stunnel certificate in [C:]\Program Files (x86)\VMware\VCM\Tools\sTunnel\certs\vcm_stunnel_cert.pem. 2. Place the VCM Stunnel RSA private key in [C:]\Program Files (x86)\VMware\VCM\Tools\sTunnel\key\vcm_stunnel_pk.pem. 3. Place the OS Provisioning Server Stunnel CA certificate validation chain in the file(s) and directory specified in the stunnel.conf file.
vCenter Configuration Manager Installation and Getting Started Guide ;; verify = level ;; level 1 - verify peer certificate if present ;; level 2 - verify peer certificate ;; level 3 - verify peer with locally installed certificate ;; default - no verify verify = 3 ;; limit connections to certain ciphers ciphers = AES128-SHA:DES-CBC3-SHA :@STRENGTH ;; asm_hostname_or_ip_address must be replaced with the correct value for the OS Provisioning Server [fsrepo] accept = 127.0.0.
Installing and Configuring the OS Provisioning Server and Components Procedure 1. From the VCM Collector, start Internet Explorer and go to http://localhost:21307/. If the connection is properly configured, the following message is displayed. - PAGE 38vCenter Configuration Manager Installation and Getting Started Guide Procedure 1. Log in as the fsrepo user. # su - fsrepo 2. Run the backup command to backup the repository files to /temp/fs-backup.
Installing and Configuring the OS Provisioning Server and Components [fsrepo@localhost~]$ db2 CONNECT RESET; [fsrepo@localhost~]$ db2 RESTORE DATABASE FSREPO FROM /tmp/fs-backup TAKEN AT WITH 2 BUFFERS BUFFER 1024 PARALLELISM 1 WITHOUT PROMPTING; [fsrepo@localhost~]$ db2 CONNECT TO FSREPO; [fsrepo@localhost~]$ db2 UNQUIESCE DATABASE; [fsrepo@localhost~]$ db2 CONNECT RESET; [fsrepo@localhost~]$ exit 3. Restore the required files from the backup location to the OS Provisioning server.
vCenter Configuration Manager Installation and Getting Started Guide key = /opt/FastScale/var/certs/private/service.key ; Either CAfile or CAPath, but not both, should be defined ; CAfile = /opt/FastScale/var/certs/ca-cert.pem ; Certificate Authority directory ; This is the directory in which stunnel will look for certificates when using the verify. ; Note that the certificates in this directory should be named ; XXXXXXXX.
Installing and Configuring the OS Provisioning Server and Components Prerequisites n Before placing the VCM Stunnel certificate and the VCM Stunnel private key, you must ensure the files are secured according to your corporate best practices. n Verify that you have a [C:]\Program Files (x86)\VMware\VCM\Tools\sTunnel\certs\ directory. If the directory does not exist, create it. n Verify that you have a [C:]\Program Files (x86)\VMware\VCM\Tools\sTunnel\key\ directory.
vCenter Configuration Manager Installation and Getting Started Guide ;; cert (the first 4 bytes of the MD5 hash in least significant byte order). ;; The hash can be obtained with the command: openssl x509 -noout -in cert.pem -hash CApath = C:\Program Files (x86)\VMware\VCM\Tools\sTunnel\certs ;; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = stunnel.
Installing and Configuring the OS Provisioning Server and Components Prerequisites n Configure Stunnel on the OS Provisioning Server as described in "Configure Stunnel on the OS Provisioning Server " on page 39. n Configure Stunnel on the VCM Collector as described in "Configure Stunnel on the VCM Collector" on page 40. Procedure 1. From the VCM Collector, start Internet Explorer and go to http://localhost:21307/. If the connection is properly configured, the following message is displayed.
vCenter Configuration Manager Installation and Getting Started Guide 44 VMware, Inc.
Upgrading or Migrating vCenter Configuration Manager 4 When you migrate vCenter Configuration Manager (VCM), you must consider all aspects of your environment. Before you install VCM 5.4 and the related components and tools in your enterprise, you must make sure the Collector machine meets the requirements for the new version. Upgrade and Migration Scenarios A migration to VCM 5.
vCenter Configuration Manager Installation and Getting Started Guide Prerequisites VCM 5.4 now supports 64-bit environments only, which include 64-bit hardware, a 64-bit operating system, and SQL Server 2008 R2. If you migrate from a 32-bit environment to a 64-bit environment, you must prepare your 64-bit environment for a VCM installation. For details about configuring a 64-bit machine as a Collector, see the VCM Hardware and Software Requirements Guide. Before you migrate to VCM 5.
Upgrading or Migrating vCenter Configuration Manager Back up Your Databases Back up all of the databases used in your configuration. Depending on which version you migrate, the database names differ slightly. Before you migrate from a previous version of VCM, back up these databases: Table 4-1.
vCenter Configuration Manager Installation and Getting Started Guide Migration Process You can migrate these environments to support VCM 5.4: n "Migrate a 32-bit environment running VCM 5.3 or earlier to VCM 5.4" on page 50 n "Migrate a 64-bit environment running VCM 5.3 or earlier to VCM 5.4" on page 51 n "Migrate a split installation of VCM 5.
Upgrading or Migrating vCenter Configuration Manager Replace your existing 32-Bit Environment with the Supported 64-bit Environment A 32-bit environment must be functional before you migrate to VCM 5.4. Before you start the migration, you must: 1. Replace the 32-bit architecture with 64-bit hardware. 2. Install Windows Server 2008 R2. Prepare the Hardware To prepare your hardware for the migration to VCM 5.4, you must replace your 32-bit Collector machine with a 64-bit machine.
vCenter Configuration Manager Installation and Getting Started Guide Migrate a 32-bit environment running VCM 5.3 or earlier to VCM 5.4 Your 32-bit environment must be functional before you migrate to VCM 5.4. CAUTION Before you begin the migration, to avoid any potential loss of data you must back up your content, including databases, the CMFILES$ share, any files used to customize the Collector, any reports that are exported to a non-default location, and certificates. Procedure 1.
Upgrading or Migrating vCenter Configuration Manager For information about the sp_changedbowner stored procedure, see SQL Server 2008 R2 Books Online. Migrate a 64-bit environment running VCM 5.3 or earlier to VCM 5.4 An existing 64-bit Collector can be migrated to VCM 5.4. In the migration, you install a new system, copy over the VCM database and other components, and then install VCM 5.4 pointing to the existing database so that its configuration is preserved and its structure is updated.
vCenter Configuration Manager Installation and Getting Started Guide 11. During the installation, do not select SSL unless your machine is already configured for SSL. 12. After the upgrade completes, copy the contents of WebConsole\L1033\Files from the previous Collector so that any remote commands, and discovery and imported template files, will be available on the new Collector. 13. On the Collector, run the script you created to import VCM scheduled jobs. 14.
Upgrading or Migrating vCenter Configuration Manager To upgrade to VCM 5.4: 1. Upgrade the operating system to Windows Server 2008 R2. 2. Uninstall the 32-bit version of SQL Server Reporting Services (SSRS) 2005. 3. Upgrade SQL Server 2005 to SQL Server 2008 R2. 4. Run the SQL Server 2008 R2 installation again to add SQL Server Reporting Services 2008. 5.
vCenter Configuration Manager Installation and Getting Started Guide n Will fail for any machine on which an Agent does not already exist. n Will use an Agent's current settings. For example, if the Agent uses DCOM, the Upgrade will maintain that setting, or if the Agent uses HTTP on Port 26542 the Upgrade will maintain that setting. n Will not upgrade components that do not require upgrading. 6. Click Next. The Schedule page appears. 7. Schedule the operation.
Upgrading or Migrating vCenter Configuration Manager Platforms Not Supported for Upgrade to 5.4 Agent Installing or upgrading on the following platforms is supported only to the 5.1.3 UNIX Agent. You can install the 5.4 Agent. However, these platforms are not tested with any additional 5.4 functionality. Platform Supported Agent Version Agent File Name AIX 4.3.3 5.1.3 CMAgent.5.1.0.AIX.4 Red Hat 2.1 5.1.3 CMAgent.5.1.0.Linux.2.1 Solaris 2.5 5.1.
vCenter Configuration Manager Installation and Getting Started Guide To Upgrade the UNIX Agent(s) with a Remote Package This method sends the upgrade package with the remote command to execute on the UNIX machine. The following remote upgrade packages are designed specifically for the various operating systems where the Agent(s) can be upgraded: n AIX 4.3.3 Agent Upgrade (use only CMAgent.5.1.0.AIX.
Upgrading or Migrating vCenter Configuration Manager CAUTION When upgrading VCM for Virtualization, take the following precautions: Do not change the password for the CSI Communication Proxy service. Doing so may require the Agent Proxy to be reinstalled and reconfigured. Avoid installing the Agent Proxy and the Active Directory product on the same machine.
vCenter Configuration Manager Installation and Getting Started Guide 7. Click Next. The Important page appears. Review the contents, click Back to make any necessary alterations. 8. Click Finish. The Agent Proxy is upgraded at the time specified. 9. To verify the completion of the upgrade process, click Jobs on the Portal toolbar to access the Jobs Summary. You can also verify jobs for the past 24 hours if you think that you may have missed it.
Upgrading or Migrating vCenter Configuration Manager 6. The installer proceeds with the installation. When the VCM Windows Agent has been successfully installed, click Finish. 7. Copy the following executable from your upgraded Collector machine to any location on your nonCollector Agent Proxy machine. The path to this file on the Collector machine is as follows, or is in the path relative to where you installed the software. C:\Program Files (x86)\VMware\VCM\AgentFiles\Products\VirtualizationProductInstal
vCenter Configuration Manager Installation and Getting Started Guide Procedure 1. Go to https://vCenter machine name/mob/?moid=ExtensionManager. vCenter machine name represents the name of your vCenter Server 4.0 instance. 2. In the Methods area, click the UnregisterExtension link. 3. Type the string value for extensionKey: com.CM.VirtualCenterCompliancePlugIn 4. Click Invoke Method. The plug-in is unregistered. 60 VMware, Inc.
Getting Started with VCM Components and Tools 5 This chapter covers global getting started procedures for VCM and all of its components and tools. After completing this chapter, proceed to the specific getting started chapters that apply to the components you have licensed and the VCM tools you plan to use. The remaining getting started chapters build on this one. Therefore, you should have a solid understanding of the content in this chapter before you proceed to the remaining chapters.
vCenter Configuration Manager Installation and Getting Started Guide All VCM user accounts must have the following rights on the VCM Collector machine: n Ability to log on locally to access IIS. n Read access to the System32 folder. n Write access to the CMFiles$\Exported_Reports folder for exporting reports. n If default permissions have been changed, read access to the C:\Program Files (x86)\VMware\VCM\WebConsole directory, along with all subdirectories and files.
Getting Started with VCM Components and Tools 2. Depending on your browser security settings, you may have to supply your user network credentials. 3. (Optional) Select Automatically log on using this role to have VCM automatically log you on without prompting you for a role in future logons. 4. Click Log On. The Portal appears. In the future, your VCM user account may have multiple roles.
vCenter Configuration Manager Installation and Getting Started Guide General Information Bar The general information bar displays the VCM Collector’s (active SQL Server) name, your VCM user name and active Role, and these buttons: n Log Out. Exits the Portal. The Portal closes, and the VCM Logon screen appears again. n About. Displays information about how to contact VMware Customer Support. It also displays version information for VCM and all of its components.
Getting Started with VCM Components and Tools The Copy button is used to copy information from the selected rows in the data grid to the clipboard. The Copy link to clipboard button is used to copy the link of the content on-screen to the clipboard. Click the View data grid in separate window button to display the data grid in a separate window. The Export displayed data button exports data to a CSV formatted file. This file is exported to \\\CMfiles$\Exported Reports.
vCenter Configuration Manager Installation and Getting Started Guide Select: Reports Patching(**) If you want to: n View Active Directory Group Policy Container Settings. n View information about Active Directory Domains, DCs, and Trusts. n Track and display access control entries and security descriptor data on all collected objects. n View Active Directory Schema information. n Run "out-of-the-box" reports against your collected data.
Getting Started with VCM Components and Tools Where to Go Next You are now ready to proceed to Getting Started with VCM to start using VCM and all of its components and tools. After you have completed the steps in Getting Started with VCM, you must proceed to the next applicable chapter that is relevant to the components you have licensed in your installation.
vCenter Configuration Manager Installation and Getting Started Guide 68 VMware, Inc.
Getting Started with VCM 6 Before you can begin using VCM to manage the machines in your enterprise, you must complete the following steps: 1. Discover, License, and Install Windows Machines. 2. Discover, License, and Install UNIX/Linux Machines. 3. Discover, License, and Install Mac OS X Machines. 4. Discover, License, and Collect Oracle Data from UNIX Machines. 5. Customize VCM for your Environment. 6. Set up and use VCM auditing.
vCenter Configuration Manager Installation and Getting Started Guide If the Windows machines that you want to manage belongs to a domain that is not shown in this list, then you must add that domain manually. Click Add, then follow the steps in the Add Domain wizard to manually add that domain. Once the domain is shown in the Available Domains list, you will be able to manage Windows machines in that domain.
Getting Started with VCM 1. Click Administration > Settings > Network Authority > Available Accounts. 2. If you need to add a new account, click Add and follow the prompts. NOTE Repeat the Network Authority Available Accounts wizard, creating a specific account for each domain that has machines that you intend to manage through VCM. Assigning Network Authority Accounts VCM offers considerable flexibility in assigning Network Authority Accounts to domains and machine groups.
vCenter Configuration Manager Installation and Getting Started Guide The following procedure illustrates how to assign Network Authority to accounts by NetBios domain. However, you can also assign Network Authority by Active Directory Domain, or even by Machine Group (Administration > Settings > Network Authority > Assigned Accounts > By Machine Group). For more information on these options, see the online Help. 1.
Getting Started with VCM Your initial discovery can take anywhere from one afternoon to a couple of days, depending on the size of your network. You may not have a 100% success rate with the first discovery process you run because some machines may not be available during that time (for example, laptops that are not currently on the network). It may, therefore, take a few days to coordinate and resolve scenarios in order for you to discover the machines in your enterprise.
vCenter Configuration Manager Installation and Getting Started Guide 3. Type a Name and Description for this new Discovery Rule, then click Next. The Discovery Method page appears. 4. If you have Active Directory in your environment, VMware recommends a discovery that is targeted for Active Directory. Select By Active Directory. 5. For an initial discovery, do not select Also discover the presence and version of the VCM Agent when this rule is run.
Getting Started with VCM 8. Create the filter. For more specific filtering of machines for discovery and other advanced features, refer to the online Help. Click Next. The Important page appears. 9. Select Yes so that you can run the Discovery Rule immediately. Because you are discovering machines for the first time, you want to run the discovery now. Leave License and Install Agent on Discovered Machines unselected.
vCenter Configuration Manager Installation and Getting Started Guide VCM requires that you specify the machines you want to manage. Remember, the number of licenses you have purchased may not match the number of machines that have been discovered and are visible in Administration > Machines Manager > Available Machines > Available Windows Machines or Administration > Machines Manager > Available UNIX Machines.
Getting Started with VCM 4. Leave the Install VCM Agents for the selected machines box unchecked during your first pass at licensing machines. Once you have more experience licensing machines and deploying the VCM Windows Agent, you may choose to check this box when licensing. The machines that you selected appear in the Selected area. Click Next to view your Product License Details. The licensed machine count has increased by the number of machines that you have selected to license. 5. Click Next.
vCenter Configuration Manager Installation and Getting Started Guide 3. Click Install and follow the prompts. NOTE To use advanced options such as HTTP communication for your agent, or to deploy the agent from an alternate source, refer to the online Help. To access the online Help at any time during the wizard, click the Help button in the lower left corner of the dialog box. 4. Verify that your agent installation job has completed.
Getting Started with VCM 1. On your Collector, navigate to the Agent files directory at: C:\Program Files (x86)\VMware\VCM\AgentFiles 2. Locate the CMAgentInstall.exe file, and then install it from a network share or copy it to the target machine. 3. Navigate to the Collector data directory at c:\Program Files (x86)\VMware\VCM\CollectorData. Locate the Enterprise Certificate .pem file. This file must be accessible during the agent installation. The path used here is the default location.
vCenter Configuration Manager Installation and Getting Started Guide NOTE For Vista, Windows7, and Windows 2008 only: If you set compatibility mode on any Agent executables to a prior version of Windows, the operating system may be reported incorrectly in VCM. To Manually Uninstall the VCM Windows Agent The VCM Windows Agent uninstall executable will be present only if the Agent was installed manually using CMAgentInstall.exe or CMAgentInstall.msi.
Getting Started with VCM n PORTNUMBER: Installs the Windows Agent on the port number specified, using HTTP instead of DCOM. For HTTP installs, where PORTNUMBER is set, you must also specify a certificate file using the syntax: CERTIFICATEFILE=”x:\[mypath]\[mycert].pem”. For example: msiexec.exe /qn /i "C:\temp\CMAgent[VersionNumber].msi" PORTNUMBER=2666 CERTIFICATEFILE=”x:\mypath\mycert.pem” n INSTALLDIR: Changes the default root directory specification (%SystemRoot%\CMAgent). For example: msiexec.
vCenter Configuration Manager Installation and Getting Started Guide 8. Restart the machine to apply the changes. 9. Install the Agent as specified in Licensing and Deploying the VCM Agent. 10. After installing the Agent on the target machine, re-enable UAC. To enable, perform the steps specified above. In Step 5, select Enable UAC in the Tool Name list. 11. Restart the machine to apply the changes. Disabling UAC using Group Policy Use the following procedure to disable the UAC on multiple machines.
Getting Started with VCM Performing an Initial Collection You are now ready to collect data. VMware recommends using the default filter set, which collects a general view of the licensed Windows machines in your enterprise configuration, until you are ready to build specific filters and target your collections. The first time you use the default filter set for a collection, the VCM Agent will return all of the data (as specified by the filters in the default filter set) to be stored in the VCM database.
vCenter Configuration Manager Installation and Getting Started Guide 5. For initial collections, there should be no conflicts with previously scheduled or running jobs containing the same data types. Click Finish. 6. Verify that your collection job has completed before proceeding to the next step. To do so, click the Jobs button at the top of the Portal window to access the Jobs Summary.
Getting Started with VCM 1. Begin by looking at the Windows Operating Systems Dashboard under Console > Dashboards > Windows > Operating Systems. 2. Note that several other Windows Dashboards are also available. Take time to familiarize yourself with the remainder of the Windows Dashboards. Windows Collection Results are also available to you in a more “raw” format by data class.
vCenter Configuration Manager Installation and Getting Started Guide 4. When you select the node, you will see a Summary Report as displayed above of the data class that you selected. Click View Data Grid to go directly to the data grid, or click an area of the Summary Report to filter the data before the data grid is displayed. 86 VMware, Inc.
Getting Started with VCM TIP The default view is the Summary Report; however, at any time you may switch the default view to go directly to the data grid by using the ’Enable/Disable Summary’ feature on the data grid view. See About Data Grids in the online Help for more information on how to filter and sort your data and get full use of the data grid.
vCenter Configuration Manager Installation and Getting Started Guide Getting Started Collecting Windows Custom Information As a System Administrator, you can extend the data that VCM can collect by using a script, which will allow you to view, report on, alert on, detect change on, and run compliance against data not currently exposed by VCM. This extension allows you to view, report on, alert on, detect change on, and run compliance against custom data not currently exposed by VCM.
Getting Started with VCM n You must obtain or write a PowerShell script that will return data in a VCM-compatible elementnormal XML format. n The VCM agent (for VCM 5.3 or later) must be installed on each VCM-managed machine used to collect the Windows custom information. Older agents must first be upgraded. n PowerShell must be installed on each VCM-managed machine. PowerShell is installed by default on Windows 2008 R2 and Windows 7 machines.
vCenter Configuration Manager Installation and Getting Started Guide 11. Click Next and then Finish. 12. Run a collection using your new collection filter. 13. Ensure the job completes. 14. View data in the Custom Information nodes ( Console > Windows > Operating System > Custom Information). When the Windows Custom Information data is available in the VCM database, you can generate reports and enforce compliance.
Getting Started with VCM The Job History Machine Detail view displays a single row for each WCI filter included in the collection job. These rows provide information about the execution of the WCI scripts and the parsing of the script results. In cases where the script cannot be executed because prerequisite components are not installed or available (such as PowerShell is not installed), the status for a row will be “Not Executed.
vCenter Configuration Manager Installation and Getting Started Guide Executing PowerShell Scripts PowerShell contains built-in policies, which limit its use as an attack vector. The primary policy is for script execution. By default the script execution policy is set to Restricted, which means that PowerShell can only be used interactively or for executing commands directly from the command line. The additional policy settings are as follows: n AllSigned: Any PowerShell script (.
Getting Started with VCM For additional information about Windows PowerShell and signing scripts, see: n Scripting with Windows PowerShell: http://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx n Windows PowerShell Owner's Manual: http://technet.microsoft.com/en-us/library/ee176949.aspx n Signing Windows PowerShell Scripts: http://technet.microsoft.com/enus/magazine/2008.04.powershell.aspx n Execution Policies: http://technet.microsoft.com/en-us/library/dd347641.
vCenter Configuration Manager Installation and Getting Started Guide n The default WCI filter returns PowerShell version information from VCM-managed machines. n Do not include any formatting white space. For example, do not use CR LF at the end of elements, nodes, or attributes. See also the example below of developing a custom PowerShell script for use with the WCI data type.
Getting Started with VCM The top-level name is an arbitrary name picked to distinguish the results of this script from others. A couple of additional challenges must also be overcome with this data, related to column names returned by the schtasks command, and the fact that the schtasks command does not include any unique and repeatable identifier for specific task entries. Details about these challenges are described next.
vCenter Configuration Manager Installation and Getting Started Guide the task name is used as the element name for task rows, but the “increment” option is selected for duplicate handling when creating a collection filter based on this script. This action allows the collection process to add an incremental entry to a list of multiple entries with the same task name: the first example of GoogleUpdateTaskMachineCore, while the second example will be relabeled as GoogleUpdateTaskMachineCore_1.
Getting Started with VCM Discover, License, and Install UNIX/Linux Machines The following steps must be performed before collecting data from UNIX/Linux machines: 1. Add UNIX/Linux machines. 2. License your UNIX/Linux machines. 3. Install the VCM Agent on your UNIX/Linux machines. 4. Perform an initial UNIX/Linux collection. 5. Explore the UNIX/Linux collection results. These steps are explained in the following subsections.
vCenter Configuration Manager Installation and Getting Started Guide 3. Select Basic, and then click Next. The Manually Add Machines - Basic page appears. NOTE When you expand your UNIX/Linux collections to a broader set of machines, you may want to use other methods to add your UNIX/Linux machines. Refer to the online Help for the advanced features such as importing from a file or using IP Discovery. 4. Enter the Machine and the Domain, and then select DNS for Type.
Getting Started with VCM NOTE Remember, discovered machines with an indeterminate Machine Type will not be licensed if they are included in your selection. 2. Select the machine(s) you want to license. To select multiple machines, use Shift-click or Ctrl-click. 3. Click License. The Machines page appears. 4. The machines that you specified appear in the Selected area. Add or remove machines from the list as needed. 5. Click Next. The Product License Details page appears. 6.
vCenter Configuration Manager Installation and Getting Started Guide Use the following steps to install the Agent. 1. Verify that the machine on which you intend to install the agent has enough free disk space. For more information, see the VCM Hardware and Software Requirements Guide. 2. When VCM is installed on the VCM Collector machine, the necessary Agent packages are created in the following locations: \Program Files (x86)\VMware\VCM\Installer\Packages or The following agent binaries are available for
Getting Started with VCM inflating: CSIInstall/scripts/AltSource_ftp.sh inflating: CSIInstall/scripts/AltSource_rcp.sh inflating: CSIInstall/scripts/AltSource_sftp.sh inflating: CSIInstall/scripts/AltSource_wget.sh extracting: CSIInstall/scripts/AltSourceCmd inflating: CSIInstall/InstallCMAgent inflating: CSIInstall/csi.config inflating: CSIInstall/CMAgent. creating: CSIInstall/.security/certificates/ inflating:CSIInstall/.
vCenter Configuration Manager Installation and Getting Started Guide Installation Options with Default Values Description CSI_CREATE_USER=Y The user is being created. This value indicates whether or not the Recommend keeping default value. user is to be created. Note: When installing in trusted mode on HP-UX v1.0 (11.11), the user must already exist on the target machine. If you attempt to install and create the user, the installation of the Agent fails.
Getting Started with VCM Installation Options with Default Description Values CSI_CREATE_LOCAL_SERVICE=Y Setting CSI_CREATE_LOCAL_SERVICE to Y allows the system to Recommend keeping default value. create the local service (copy files to system directories). CSI_REFRESH_INETD=Y Setting this option to allows the system to refresh xinetd (Linux) or Keep default value only if you are inetd (Solaris, AIX, and HP-UX). running your agent as inetd.
vCenter Configuration Manager Installation and Getting Started Guide values specified in csi.config without prompting for input. To run the installation in silent mode, enter: # ./CSIInstall/InstallCMAgent -s You might use this method if you have manually edited the csi.config file, if you have modified the csi.config file using the interactive method, or if you are using a custom configuration file that you saved from a previous agent installation.
Getting Started with VCM drwxr-x--- 3 root cfgsoft 4096 Jul 2 17:34 Agent drwxr-x--- 3 root cfgsoft 4096 Jul 2 17:34 CFC -rw-rw---- 1 root cfgsoft 49993 Jul 2 17:34 CSIRegistry -rw-rw---- 1 root cfgsoft 0 Jul 2 17:34 .CSIRegistry.
vCenter Configuration Manager Installation and Getting Started Guide 1. (Optional) Copy csi.config, the file that contains all of the custom configuration settings, to a safe location. (This file can be found in /CMAgent/install.) 2. Navigate up one level from the uninstall directory in the CMAgent directory. 3. Run the uninstall script using the following command: # .
Getting Started with VCM instead of the default collection options, and then select the UNIX Patch Assessment filter set. For more information, see the "UNIX Patch Assessment" Help topic. 4. The Data Types dialog box appears. Select the Select All check box, then confirm that the Use default filters option button is also selected. Click Next. 5. For initial collections, there should be no conflicts with previously scheduled or running jobs containing the same data types. Click Finish. 6.
vCenter Configuration Manager Installation and Getting Started Guide Note that several other UNIX Dashboards are also available. Take time to familiarize yourself with the remainder of the UNIX Dashboards. UNIX Collection Results are also available to you in a more “raw” format as well. This level of reporting is more relevant for day-to-day operations, troubleshooting, and analysis, and can be viewed in a Summary report or data grid format.
Getting Started with VCM When you select the node, you see a Summary Report as displayed above of the data type that you selected. Click View data grid to go directly to the data grid, or click an area of the Summary Report to filter the data before the data grid appears. Several other categories (called “data classes”) of information regarding your UNIX/Linux Collection are available under the UNIX tab. The UNIX tab is where the remainder of your collected UNIX/Linux data is visible through the Portal.
vCenter Configuration Manager Installation and Getting Started Guide Like Dashboards, Reports are run real time against the current data available in the CMDB for the machines in the active machine group, and therefore they are only as current as the time of the last collection. In addition, it may require time for the report to generate based on the volume or complexity of the data requested. Refer to the online Help for more information on how to schedule and disseminate reports.
Getting Started with VCM Adding Mac OS X Machines Before you can collect data from your Mac OS X machines, they must be displayed in the Available UNIX Machines list located in the Portal under Administration > Machines Manager > Available Machines. NOTE A Discovered Machines Import Tool (DMIT) is available from VMware Customer Support to assist you with the following process. This tool imports machines discovered by the Network Mapper (Nmap) into the configuration database.
vCenter Configuration Manager Installation and Getting Started Guide 4. Enter the Machine and the Domain, and then select DNS for Type. For Machine Type, select the appropriate operating system. Modify the port number if you are not using the default. NOTE The port number specified must be the same number used when the Agent is installed on the managed Mac OS X machine. 5. Click Add to add the entry to the list. 6. Repeat for any other machines. 7. Click Next and accept the changes.
Getting Started with VCM 5. Click Next. The Product License Details page appears. 6. The licensed machine count has increased by the number of machines that you have selected to license. 7. Click Next. The Important page appears. 8. Review the information. 9. Click Finish. Installing the Agent on Mac OS X Machines Before collecting data from your Mac OS X machines, you must install the VCM Agent on each licensed Mac OS X machine. IMPORTANT The Collector should be installed before the Agents are installed.
vCenter Configuration Manager Installation and Getting Started Guide 4. Use chmod u+x to change the permissions on the agent binary file. 5. In the directory where you copied the file, execute the agent binary package to create the necessary directory structure and extract the files. The command and output will look similar to the following example, with differing file names depending on the operating system: # ./CMAgent..Darwin UnZipSFX 5.51 of 22 May 2004, by Info-ZIP (http://www.
Getting Started with VCM Installation Options with Default Values Description • +H means only for HP-UX • +L means only for Linux • +D means only for Darwin (Mac OS X) • + means for all OS CSI_CREATE_USER=Y The user is being created. This value indicates whether or not the Recommend keeping default value. user is to be created. CSI_USER_ID=501 This value is the integer value for the user ID of the created user. Recommend keeping default value.
vCenter Configuration Manager Installation and Getting Started Guide Installation Options with Default Description Values CSI_REFRESH_INETD=Y Setting this option to allows the system to refresh xinetd (Linux) or Keep default value only if you are inetd (Solaris, AIX, and HP-UX). This option does not apply to Mac running your agent as inetd. If you OS X.
Getting Started with VCM mode, enter: # ./CSIInstall/InstallCMAgent -s You might use this method if you have manually edited the csi.config file, if you have modified the csi.config file using the interactive method, or if you are using a custom configuration file that you saved from a previous agent installation. When the silent installation completes, a summary of the installation process and status is displayed. Make sure the installation completed without errors.
vCenter Configuration Manager Installation and Getting Started Guide drwxr-x--- 3 root cfgsoft 4096 Jul 2 17:34 Agent drwxr-x--- 3 root cfgsoft 4096 Jul 2 17:34 CFC -rw-rw---- 1 root cfgsoft 49993 Jul 2 17:34 CSIRegistry -rw-rw---- 1 root cfgsoft 0 Jul 2 17:34 .CSIRegistry.
Getting Started with VCM NOTE Consider these points when uninstalling an Agent: • The uninstall reverses all changes made by installation, however the installation log files are retained in /install. defaults to the CMAgent directory that was created during installation. Refer to "Locating the Agent Directory" later in this document if necessary.
vCenter Configuration Manager Installation and Getting Started Guide The data classes and filters for Mac OS X include the following: 120 n Machines > General n File System > File Structure n System Logs > syslog events n IP Information > General n IP Information > Routing n IP Information > Interfaces (IF) n IP Information > Open Ports n Security > Users > Current n Security > Users > Information n Security > Groups n Custom Information – subset of CITs n Properties files (.
Getting Started with VCM 4. The Data Types dialog box appears. Select the Select All check box, then confirm that the Use default filters option button is also selected. Click Next. 5. For initial collections, there should be no conflicts with previously scheduled or running jobs containing the same data types. Click Finish. 6. Verify that your collection job has completed before proceeding to the next step. To do so, click the Jobs button at the top of the Portal window to access the Jobs Summary.
vCenter Configuration Manager Installation and Getting Started Guide When you select the node, you see a Summary Report as displayed above of the data type that you selected. Click View data grid to go directly to the data grid, or click an area of the Summary Report to filter the data before the data grid appears. Several other categories (called “data classes”) of information regarding your Mac OS X Collection are available under the UNIX tab.
Getting Started with VCM Reports An alternate way to view your collected Mac OS X data is by running VCM Reports or creating your own custom reports using VCM ’s reporting wizard. To begin exploring the reporting functionality, go to the Reports slider, then click Machine Group Reports > UNIX. Like Dashboards, Reports are run real time against the current data available in the CMDB for the machines in the active machine group, and therefore they are only as current as the time of the last collection.
vCenter Configuration Manager Installation and Getting Started Guide To get started with VCM for Oracle, follow these steps: 1. Add UNIX machines hosting Oracle and install the Agent. 2. Discover Oracle Instances. 3. Create the Oracle Collection User Account. 4. Perform an Oracle collection. 5. Explore Oracle collection results. 6. Explore reference information about Oracle. For instructions on removing access to the Oracle database, see "Removing Access to the Oracle Database" on page 127.
Getting Started with VCM 1. In Administration > Machines Manager > Additional Components > VCM for Oracle, click Add. The Add Oracle Instances wizard opens. 2. Select the machine(s) on which you want to add an Oracle Instance. Click Next. The Configuration Values wizard page appears. NOTE On UNIX Machines, a Machines - General collection is necessary to see machines in the wizard. Supported UNIX machines displayed in the wizard include Solaris versions 9 and 10. 3.
vCenter Configuration Manager Installation and Getting Started Guide n Machine Name n Oracle Home (Collected) n Oracle Home (Override) n Oracle SID n Oracle Software Owner (Override) n Oracle Software Owner (Override) n Oracle User 3. In the Schedule wizard page, set the job timing schedule. You can run the action immediately or schedule it to run later. Click Next. You can remove access to the Oracle database. See "Removing Access to the Oracle Database" on page 127.
Getting Started with VCM 3. On the Files Wizard page, select the InstallOracleCollectionUserAccount.sh file. 4. Run the job as root. If desired, select the option of storing results on the VCM Collector. 5. Select the machine(s) on which to create the Oracle Collection User account. 6. Select to run the remote command now. As the remote command is running, the following actions will be performed: a. Action will be run with root privileges (for example, Setuid – RunHigh). b.
vCenter Configuration Manager Installation and Getting Started Guide f. If the option was chosen to store results in a local directory, the job status (success or failure) will be returned here. 1 After the Oracle OS-authenticated account is removed, VCM will not be able to collect Oracle data unless an account is recreated.
Getting Started with VCM chmod o+rx $ORACLE_HOME/nls chmod o+rx $ORACLE_HOME/nls/data chmod o+r $ORACLE_HOME/nls/data/lx1boot.nlb chmod o+r $ORACLE_HOME/nls/data/* chmod o+rx $ORACLE_HOME/oracore chmod o+rx $ORACLE_HOME/oracore/zoneinfo chmod o+r $ORACLE_HOME/oracore/zoneinfo/timezlrg.dat Alternate Approach to Modify Permissions in Oracle Oracle has provided a change permissions script, changePerm.sh, which is included with most Oracle 10g installations.
vCenter Configuration Manager Installation and Getting Started Guide For Oracle 9i Online Documentation, see: (http://www.oracle.com/pls/db92/db92.docindex?remark=homepage) For Oracle 10g Online Documentation, see: (http://www.oracle.com/pls/db102/homepage) Customize VCM for your Environment You have now completed the preliminary setup procedures. For more information about how to use VCM, refer to online Help, available in the Portal.
Getting Started with VCM How to Set Up and Use VCM Auditing The VCM Auditing capability tracks all changes in the security aspects of VCM. Security-related events are written to the Windows Event Log, which is stored on the Collector, independent of the VCM application. The format of the event log prohibits any modifications to the recorded entries, making it a secure, tamper-proof auditing record of changes in security.
vCenter Configuration Manager Installation and Getting Started Guide 132 VMware, Inc.
Getting Started with VCM for Virtualization 7 VCM collects virtualization configuration information for virtual machine hosts, their guest operating systems, and VMware vCenter Servers™. The collected data is displayed in the Console slider under the Virtual Environments node. The information is organized in a logical grouping of the configurations of VM hosts, VM guest operating systems, and vCenter servers.
vCenter Configuration Manager Installation and Getting Started Guide Figure 1. Virtual Environments Configuration Diagram ESX/ESXi Server Collections When collecting from ESX and ESXi servers, you must configure at least one VCM Agent Proxy machine. You can configure the Collector as the Agent Proxy or configure standalone Agent Proxy machines.
Getting Started with VCM for Virtualization vCenter Server Collections When collecting data from vCenter Server, you must license the Windows machine running the vCenter Server and install a VCM Agent (version 5.4 or later), PowerShell, and vSphere PowerCLI. The Agent runs the vCenter Server collection by using vSphere PowerCLI to access the vSphere API on vCenter server. The data is relayed to the Collector and added to the database.
vCenter Configuration Manager Installation and Getting Started Guide Procedure 1. Select Administration > Machines Manager > Licensed Machines > Licensed Windows Machines. 2. Select the vCenter Server machines and verify that the Protocol field displays HTTP. 3. If HTTP is not displayed, change the protocol. a. Click Change Protocol. b. On the Machines page, verify the list of selected machines and click Next. c. On the Change Protocol page, select Switch to HTTP and click Next. d.
Getting Started with VCM for Virtualization Procedure 1. Download and install the appropriate version of PowerShell 2.0 included in the Windows Management Framework. 2. Reboot the vCenter Server machine. Download and Install VMware vSphere PowerCLI Before you can collect from vCenter Servers, you must install VMware vSphere PowerCLI 4.1 on those machines. Prerequisites Locate the VMware vSphere PowerCLI 4.1 download page at http://www.vmware.com/support/developer/PowerCLI/index.html.
vCenter Configuration Manager Installation and Getting Started Guide Troubleshooting vCenter Server Data Collections If you encounter problems with vCenter collections, review the troubleshooting options. vCenter Data Missing Data does not appear in the vCenter server data grids. Problem After you collect vCenter data, the data grids do not display the new data.
Getting Started with VCM for Virtualization Procedure 1. Determine if the Collector is licensed by selecting Administration > Machines Manager > Available Machines > Available Windows Machines. If the Collector is licensed, the machine is displayed in the Licensed Windows Machines data grid. 2. If the Collector is not listed in the Licensed Windows Machines data grid, license the Collector. a. Select the Collector in the data grid and click License. b.
vCenter Configuration Manager Installation and Getting Started Guide Prerequisites n Verify that at least one Agent Proxy machine is configured. See "Configure the Collector as an Agent Proxy" on page 138. n License the ESX and ESXi machines as as UNIX machines. See "Licensing UNIX/Linux Machines" on page 98. n Verify that vCenter Server data is collected. If using vCenter, the hostname in vCenter must match the configured hostname of the ESX server.
Getting Started with VCM for Virtualization Option Description n Ignore untrusted SSL Certificate: Connection allowed even when certificates are not verified as trusted. 4. On the Important page, record the .xml file name. The file is saved to the location configured for CMFiles$\VMHosts_Config. The default location is \Program Files (x86)\VMware\VCM\WebConsole\L1033\Files\VMHosts_Config. 5. Click Finish. The machines are displayed in the Licensed VM Hosts.
vCenter Configuration Manager Installation and Getting Started Guide Option Description Servers passes the SSH and Web Services user information to the target machines. Configure ESXi Servers Passes the Web Services to the target machines 8. (Optional) Configure the default server location. The following settings are automatically configured to the default server locations. If you need to change the paths, click the ellipsis button. n SSH Public Key file (ESX 3.
Getting Started with VCM for Virtualization You can monitor the collection job in Job Manager. When the collection is completed, the data is available for reports and compliance assessments. What to do next You review the collected data in the Console, run reports, configure alerts, and use the machine groups. See "Reviewing Virtualization Collection Results" on page 143. Reviewing Virtualization Collection Results You have several options for reviewing and using virtualization data in VCM.
vCenter Configuration Manager Installation and Getting Started Guide Prerequsites n Verify you are using VMware vCenter 4 Server. n Verify the VMware vSphere Client is installed. n Verify the VMware Tools are installed on the virtual machines. Procedure 1. On the VCM Collector, browse to [path]\VMware\VCM\Tools\vSphere Client VCM Plugin\bin and double-click VCVPInstaller.exe. 2. In the VCVP Plug-in Registration dialog box, configure these options.
Getting Started with VCM for Virtualization Procedure 1. Select Administration > Settings > Integrated Products > VMware > vSphere Client VCM Plug-In. 2. Select the setting you want to configure and click Edit Settings. 3. On the Settings Wizard page for each setting, configure the options. Option Description Machine group against which the external reports Type the name of the machine group. will be run The default value is All Machines.
vCenter Configuration Manager Installation and Getting Started Guide Prerequisites Unregister the previous version of the vSphere Client VCM Plug-In. See "Unregister the Previous Version of the vSphere Client VCM Plug-In" on page 146. Procedure 1. Upgrade VCM. What to do next Register the new vSphere Client VCM Plug-In by following the instructions in "Register the vSphere Client VCM Plug-In" on page 143.
Getting Started with VCM for Virtualization HTTPS/SSL Is Not Configured on the Collector If the VCM Summary and VCM Actions tabs are not displayed, the settings are improperly configured. Problem In the vSphere Client, you cannot see the VCM Summary or VCM Actions tabs. Cause If Use SSL was selected during VCM installation, the https/SSL is not properly configured on the Collector. Solution 1. Open the .xml file specified during the registration. 2.
vCenter Configuration Manager Installation and Getting Started Guide 148 VMware, Inc.
Getting Started with VCM Remote 8 Getting Started with VCM Remote Many workstations come and go from the network. This transient behavior is especially true of mobile workstations, such as laptops. From a mobile workstation, you can connect by dialing in, connect from a client site via a Virtual Private Network (VPN), or connect from an alternate location via a DSL line or cable modem.
vCenter Configuration Manager Installation and Getting Started Guide Before Collecting Remote Data Begin using VCM Remote by following the steps outlined below. For more information, click any step to jump to the related section.
Getting Started with VCM Remote The VCM Remote Client can be installed using any of several methods, including a manual installation (provided below), "Installing the Remote Client using a Command Line" on page 153, or "Installing the Remote Client using Windows Remote Commands" on page 154. All the methods are described in this section. Additionally, communication between the Collector and the Remote Client is secured using Transport Layer Security (TLS) certificates.
vCenter Configuration Manager Installation and Getting Started Guide 4. Accept the default installation location, or click Change to enter a different location. Click Next. 5. Type the name of the Collector machine and the path to the Web Console’s ASP path as follows: n Collector Machine Name: Type the name of the machine on which the VCM Collector and Microsoft IIS are installed. n Path to ASP Page: This path was created in the IIS default web site by the VCM Remote server installation.
Getting Started with VCM Remote 7. Configure or select one of the following certificate options: n If you copied the VCM-generated Enterprise certificate to the CM Remote Client, to locate the certificate (.pem), click Browse. n If you are using an existing Enterprise certificate in the client certificate store, select Skip Certificate Deployment. IMPORTANT Do not select Skip Certificate File Import unless you are certain the Enterprise certificate exists in the client certificate store.
vCenter Configuration Manager Installation and Getting Started Guide msiexec.exe /qn /i "[path]\cm remote client.msi" COLLECTOR="YourCollectorName" PATHTOASP="VCMRemote/ecmremotehttp.asp" INSTALLDIR="c:\Program Files (x86)\VMware\VCM Remote Client” CERTIFICATE_ FILE="[path]\YourEnterpriseCertificateName.pem" /l*v "[path\]filename.log" NOTE If the names and paths contain spaces, you must use double quotation marks. See the example above. Where: /qn: No error messages are displayed. [path]\cm remote client.
Getting Started with VCM Remote 1. On your VCM Collector, copy ...\VMware\VCM\AgentFiles\CM Remote Client.msi to...\VMware\VCM\WebConsole\L1033\Files\Remote_Command_Files. 2. On your VCM Collector, copy ...\VMware\VCM\CollectorData\.pem to the same location specified in step 1 (to...\VMware\VCM\WebConsole\L1033\Files\Remote_ Command_Files). 3. In VCM, select Console > Windows Remote Commands. 4. Click Add. The Remote Commands wizard appears. 5.
vCenter Configuration Manager Installation and Getting Started Guide sAddRemove = 1 'Whether or not VCM remote should appear in the Add/Remove programs List, should be 0 = hide, 1 = show sMSIPackageName = "CM Remote Client.msi" 'Name of the MSI package that installs VCM Remote Agent CheckVars If sAddRemove = 0 Then AppToRun = "msiexec.exe /qn /i " & Chr(34) & EcmAgtContext.JobDownloadDirectory & "\" & sMSIPackageName & Chr(34) & " ALLUSERS=1 COLLECTOR=" & Chr(34) & sCollName & Chr(34) & " PATHTOASP=" & C
Getting Started with VCM Remote sVirDir = Trim(sVirDir) End If If sInstallDir = "" Then sInstallDir = "c:\vcm remote client" Else sInstallDir = Trim(sInstallDir) End If If sAddRemove <> 0 And sAddRemove <> 1 Then sAddRemove = 1 'Set whether or not VCM Remote appears in the Add/Remove programs list. 1=display, 0=do not display End If If sAddRemove = "" Then sAddRemove = 1 End If If IsNumeric(sAddRemove) = False Then sAddRemove = 1 End If sAddRemove = Trim(sAddRemove) End Sub 9.
vCenter Configuration Manager Installation and Getting Started Guide n Run Action now: This option immediately installs VCM Remote Client on the target machines. n Schedule the Action to run later: This option allows you to specify the Time and Date for the installation. NOTE The job appears in the Instant Collection job history queue as Install CM Remote Client. 16. Click Next. When you are ready to proceed, click Finish.
Getting Started with VCM Remote 1. In VCM, click Administration > Settings > General Settings > VCM Remote. The default selection for the Broadband, Dialup, and LAN collection filter settings that VCM Remote will use for connections require you to edit the setting and specify a collection filter. 2. To specify the name of the filter set for each connection, select the setting that you want to change, then click Edit Setting. The General Settings Edit Setting wizard appears. 3.
vCenter Configuration Manager Installation and Getting Started Guide 160 VMware, Inc.
Getting Started with VCM Patching 9 VCM Patching for Windows and UNIX/Linux VCM Patching is the VCM patch assessment, deployment, and verification module, which ensures continuous enterprise security through proactive compliance of the IT infrastructure. VCM Patching ensures that your machines have the latest security patches and other software downloads.
vCenter Configuration Manager Installation and Getting Started Guide VCM Patching for UNIX/Linux VCM Patching for UNIX/Linux provides several features that help you deploy patches to remediate UNIX/Linux machines: n Bulletins: The Bulletins section contains a list of vendor bulletins available to VCM Patching. n Assessment Templates: An Assessment Template contains one or more bulletins that dynamically show which machines require the patches described by each bulletin.
Getting Started with VCM Patching VMware, Inc.
vCenter Configuration Manager Installation and Getting Started Guide 164 VMware, Inc.
10 Getting Started with VCM Patching You can use VCM Patching to assess the state of managed Windows and UNIX/Linux machines and deploy patches to those machines. Getting Started with VCM Patching for Windows Machines Getting Started with VCM Patching for UNIX/Linux Machines For information about other VCM Patching functionality, such as Windows Patch Staging or creating filters for UNIX Patch Assessment results, see the online Help.
vCenter Configuration Manager Installation and Getting Started Guide VCM displays a dialog box communicating the status of your request. Follow the prompts to update your bulletins, force an update to the bulletins, or cancel the request. 6. Click Finish to submit the download job to the pending job queue. When the job finishes, the content is available in VCM.
6. Review all of the bulletins to include in the assessment template. 7. To create a template that includes all of the bulletins for patches to deploy, select all of the relevant bulletins and click Create Template. 8. Verify that the bulletins are automatically selected, and click Finish to create the template. 9. On the VCM toolbar, verify that the correct Machine Group is selected. 10. Select Patching > Windows > Assessment Templates. 11. In the node tree, select the template to run and select Assess.
vCenter Configuration Manager Installation and Getting Started Guide select Enable/Disable Summary to enable the Summary view, and click the template node again. The Summary view displays a graph of the patch status for the machines that were assessed and the patch status by asset classification and bulletin severity rating. The Not Patched column displays machines that require a patch or a reboot for a patch that was applied. From the Summary view, you can drill down directly to the affected machines.
12. Click Next to either schedule the deploy job or to instruct VCM Patching to execute the job immediately. 13. On the Reboot Options page, select to not reboot the machine and click Next. 14. On the confirmation page, click Finish to deploy the patch. When the deployment completes, VCM Patching automatically runs a delta collection of the VCM Patching Security Bulletins filter set to update the assessment information. 15.
vCenter Configuration Manager Installation and Getting Started Guide Prerequisite Place patch bulletin files on the local machine to load the bulletin updates from a local file. Procedure 1. Select Patching > UNIX/Linux Platform > Bulletins > By Bulletin. 2. Select Check for Update. You can check for updates on the Internet or load the updates from patch bulletin files on the local machine. 3. Select Check for Updates via the Internet and click Next.
n The VCM Agent must be installed on the machine. n The machine must be licensed for VCM Patching. n If you choose Filters in the following procedure, you must already have pre-configured Filters. The following procedure runs the assessment using patch bulletins. Procedure 1. Select the All UNIX Machines machine group. 2. Select Patching > UNIX/Linux Platform > Bulletins > By Bulletin. 3. Select Assess. 4. In the UNIX Patch Assessment wizard, select Default Filter or Filters.
vCenter Configuration Manager Installation and Getting Started Guide Procedure 1. Select Patching > UNIX/Linux Platform > Assessment Results > All Bulletins to display the patch status of all of the machines that were assessed. 2. To display the assessment results for a single bulletin, select By Specific Bulletin and select a bulletin in the center pane. 3. Review the patch status for each machine. Patched: The patch has been applied to the machine.
Machine Group Mapping When you define an alternate patch location for a particular machine group, you must select that machine group in VCM before you deploy the patches. If you do not select this machine group, VCM Patching will not acknowledge the alternate patch location and the patches will not be deployed. The alternate patch location is defined in Patching > VCM Patching Administration > Machine Group Mapping > Local Patch Path.
vCenter Configuration Manager Installation and Getting Started Guide 9. On the Patch Deployment Schedule page, set the timing for the patch deployment job. 10. On the Reboot Options page, select the options to reboot the machine and send a message, or select to avoid a reboot. 11. On the Confirmation page, confirm the patch summary information and complete the wizard to deploy the patch. After you deploy patches, VCM collects assessment data again to confirm the patches were applied.
Customize Your Environment for VCM Patching Perform routine maintenance on your VCM configuration management database to fine-tune the visibility of configuration information so that the policies you develop and the actions you take are appropriate for your IT infrastructure. To ensure you are retaining the correct information for auditing, review the data retention settings and update them appropriately according to your policies. For more information about VCM Patching, see the online Help. VMware, Inc.
vCenter Configuration Manager Installation and Getting Started Guide 176 VMware, Inc.
Getting Started with Operating System Provisioning 11 Operating system (OS) provisioning is the process of deploying opreating system to physical or virtual machines. As part of the process, you can add newly provisioned machines to VCM. About OS Provisioning Some provisioned machines, for example Servers, are brought up quickly to meet expanding business needs. These machines may have limited use and lifespan, and may be re-provisioned for other purposes.
vCenter Configuration Manager Installation and Getting Started Guide Provision Machines Workflow The process of provisioning operating systems to target machines includes the following general tasks, underlying actions, and results: 1. Set the BIOS on the target machines to network boot. 2. Connect the machines to the network and turn them on. The OS Provisioning Server discovers the machines. 3.
Getting Started with Operating System Provisioning 5. Reboot the target machines. As each machine requests an IP address from the DHCP server and then requests a PXE boot, OS Provisioning Server checks the machine MAC address to determine if a machine has an installation session waiting. If an installation session is found, the download process begins. 6. The OS Distribution and the VCM Agent are downloaded to the target machines using TFTP. 7.
vCenter Configuration Manager Installation and Getting Started Guide Alternately, you can manually add machines to the list rather than use the OS Provisioning Server discovery process. To manually add machines, select Administration > Machines Manager > OS Provisioning > Provisionable Machines and click Add. Use the wizard to add machines to the data grid. You will need to know the machine MAC addresses. See the online Help for information about using the wizard.
Getting Started with Operating System Provisioning 8. (Optional) (Available only for Windows, Red Hat, and SUSE Linux Enterprise Server) On the Postinstall Script page, type a Script Name and the script, and then click Next. See the online Help for more information about the options. 9. (Available only for Windows) On the Disk Configuration page, select one of the options and click Next.
vCenter Configuration Manager Installation and Getting Started Guide Change Agent Communication The VCM Agent is installed by the OS Provisioning Server with default settings. After the machine is provisioned, you can change the settings or install a new Agent. Windows Agents are installed with DCOM as the communication protocol. If you want to change the protocol, see the online Help for more information.
Getting Started with Operating System Provisioning NOTE Static IP addressing is recommended when deploying ESX or ESXi hosts. If DHCP is used, the ESX or ESXi machine’s host name will be set to localhost rather than the host name provided during deployment. 7. On the IP Settings page, configure the HostName and click Next. If you did not select Use DHCP to determine IP address on the previous page, you will also need to configure the IP Address, Subnet, Default Gateway, and DNS.
vCenter Configuration Manager Installation and Getting Started Guide 184 VMware, Inc.
Getting Started with Software Provisioning 12 Introduction to VCM Software Provisioning Software provisioning is the process you use to create software packages, publish the packages to repositories, and then install packages on one or more target machines. To support the provisioning process, the VCM Software Provisioning components consist of VMware vCenter Configuration Manager Package Studio, software package repositories, and Package Manager.
vCenter Configuration Manager Installation and Getting Started Guide Software Provisioning Component Relationships The following diagram displays the general relationship between Package Studio, repositories, and Package Manager in a working environment. Figure 1.
Getting Started with Software Provisioning n Software Repository for Windows: Installed on at least one Windows machine in your environment, and installed on the same machine with Package Studio. Install the repository before installing Package Studio. n VMware vCenter Configuration Manager Package Studio: Installed on the same machine as your software repository. n Package Manager: Installed on all Windows machines on which you are managing software provisioning.
vCenter Configuration Manager Installation and Getting Started Guide Prerequisites n To uninstall the application, you must use the same version of the Repository.msi that was used to install the application. Procedure 1. Copy the Repository.msi to the machine on which you are uninstalling the application or point to the file in a shared directory. 2. Run the .msi file using the following command line syntax: msiexec /x [path]\Repository.msi /l*v %temp%\Repository.
Getting Started with Software Provisioning Prerequisites n Target machine meets the supported hardware requirements, operating system, and software requirements. See VCM Hardware and Software Requirements Guide for currently supported platforms and requirements. n Access to the PackageStudio.msi, which is available on the VMware website or in the vCenter Configuration Manager application files. The default location in the VCM application files is C:\Program Files (x86)\VMware\VCM\AgentFiles\Products.
vCenter Configuration Manager Installation and Getting Started Guide Install Package Manager on Managed Machines The Package Manager is automatically installed on target machines when the 5.3 VCM Agent or later is installed. On the target machine, the Package Manager does not contain the software packages, only pointers to the packages in the repository sources of which it is aware. When directed to install, the package is copied from the repository to the cratecache folder on the target machines.
Getting Started with Software Provisioning Creating Packages A software package provides the files and metadata necessary to install and remove programs. One of the most useful features of a package is the metadata regarding dependencies, conflicts, and other relationships that are not represented by software installation files.
vCenter Configuration Manager Installation and Getting Started Guide a. Click Add Platforms to add a platform. b. Select a platform, and then click Add Sections. c. Select a section, and then click Publish Package. d. Select the package (.crate), and then click Open. The Publish Package dialog box appears. e. (Optional) Select additional platforms and sections to which to publish the package. f. Click Publish. The package is published to the software repository. 5. Click External Software.
Getting Started with Software Provisioning n You have created software provisioning packages using VMware vCenter Configuration Manager Package Studio and published the packages to the repositories. n Package Manager is installed on the target machines. Package Manager is automatically installed when you install the VCM 5.3 Agent or later.
vCenter Configuration Manager Installation and Getting Started Guide 8. Review the information, resolve any conflicts, and then click Finish. You can monitor the process in the Jobs Manager. See "Viewing Provisioning Jobs in the Job Manager" on page 196 for more information. When the collection is completed, select Console > Windows tab > Operating System > Software Provisioning > Repositories. The data grid displays the packages in the repositories.
Getting Started with Software Provisioning Install Packages The process of installing packages includes identifying and processing dependencies and conflicts, running any specified prescripts, running the installation using any specified command arguments, and then running any specified post-scripts. You can also remove packages. Procedure 1. Select Console > Windows tab > Operating System > Software Provisioning > Package Managers 2. Click Install.
vCenter Configuration Manager Installation and Getting Started Guide Related Software Provisioning Actions You can use the following management options in VCM when working with software provisioning: n Job Manager: Displays current jobs running, and job history. Use the job history when troubleshooting the processing of a job. See "Viewing Provisioning Jobs in the Job Manager" on page 196 for more information.
Getting Started with Software Provisioning In this example the Compliance rule checks whether the source, where platform=Any and section=Release, was added to selected Package Managers as a source. If not, then add the repository source to the machines where the rule fails. Procedure 1. Select Compliance > Machine Group Compliance > Rule Groups. Either add a rule to an existing rule group or create a new rule group. 2. To add a rule to a Rule Group, expand your rule group, and then select Rules.
vCenter Configuration Manager Installation and Getting Started Guide In this example, you want to determine if a software application named XSoftware is correctly installed. If the software is installed correctly, a service named XService should be running. Configure a Compliance rule to determine if XService service is running. If it is not running, install the XSoftware package. Procedure 1. Select Compliance > Machine Group Compliance > Rule Groups.
Getting Started with Software Provisioning 21. Select one of the following Security Options: This option determines if a package is installed or removed based on the state of the signature. Select one of the following options: n Install secure signed package only: The package must be signed and the public key of the signing certificate you used to sign the package is available on all the machines on which you are installing or removing the package.
vCenter Configuration Manager Installation and Getting Started Guide 200 VMware, Inc.
Getting Started with VCM Management Extensions for Assets 13 Getting Started with VCM Management Extensions for Assets VCM Management Extensions for Assets (VCMMXA) facilitates the storage of asset data across multiplatform enterprises into a single repository. With VCMMXA, you can integrate and manage data not collected by VCM. This data appears in the VCM Console. To get started using VCMMXA, follow these steps. Step 1: Add, Edit, or Delete Hardware and Software Configuration Item Fields.
vCenter Configuration Manager Installation and Getting Started Guide 3. Consider whether the fields are listed in the order in which you want them to appear in the Console. If not, click Column Order in the data grid view to reorder the fields to your specifications. 3. Consider whether the fields are listed in the order in which you want them to appear in the Console. If not, click Column Order in the data grid view to reorder the fields to your specifications. 4.
Getting Started with VCM Management Extensions for Assets 2. Click VCM Devices or Other Devices, depending on the type of field you want to delete. 3. If you are editing an existing field, select the field, and then click Edit. Otherwise, to add a field, click Add. The Add:Edit Fields wizard appears. 4. Enter the name and description of the field, and then click Next. This name appears as the column heading in Console > Asset Extensions > Hardware Configuration Items. 5.
vCenter Configuration Manager Installation and Getting Started Guide 1. Click Administration > Settings > Asset Extension Settings > Hardware Configuration Items. 2. Click VCM Devices or Other Devices, depending on the type of field you want to delete. 3. Select the field, and then click Delete. You cannot delete fields marked with a Locked icon. 4. Click OK to confirm. VCM deletes the field from VCMMXA. Modifying Software Configuration Item Fields Use VCMMXA to manage your software assets.
Getting Started with VCM Management Extensions for Assets 5. If you have defined this field as a lookup, the wizard prompts you to define or edit the lookup values. Enter the required information, and then click Next. 6. Assign the roles that should have edit access to this field. Users with these roles can then edit the values of the field from Console > Asset Extensions > Software Configuration Items. Click Next. 7. Confirm your addition or edit, and then click Finish.
vCenter Configuration Manager Installation and Getting Started Guide 4. Select the fields to edit, and then click Next. 5. Enter a value for each of the fields displayed, and then click Next. 6. Confirm your change, and then click Finish. The VCM Devices data grid updates the values of the fields for the machines you edited and displays the resulting data. Modifying Other Devices In addition to accommodating VCM-licensed machines, VCMMXA also allows you to add up to 135,000 non-VCM managed assets.
Getting Started with VCM Management Extensions for Assets NOTE If you want to change only the values for that device, and not the device name or description itself, click Edit Values, instead of Edit. The Edit Values Wizard allows you to quickly edit the specific field values that you select. The Edit Device wizard is a longer wizard designed to let you edit the entire device asset record. 3. Follow the prompts through the wizard to complete the action. Click Help at any time for more information.
vCenter Configuration Manager Installation and Getting Started Guide 1. Select the record, and then click Delete. 2. Click OK to confirm your deletion. VCMMXA deletes the requested record from the Software Configuration Items data grid. Further Reading For information on how to customize for your environment, refer to Customizing VCM. Each of these areas regarding customization also applies to VCMMXA.
Getting Started with VCM Service Desk Integration 14 Getting Started with Service Desk Integration VCM Service Desk Integration allows you to track planned and unplanned changes to managed machines in your organization, and to integrate these changes with your organization’s change management process.
vCenter Configuration Manager Installation and Getting Started Guide Service Desk Integration in Job Manager When VCM Service Desk Integration is licensed and activated, it suspends any requested change to a VCM-managed machine while VCM integrates with the Service Desk application to pass the change through a change management process. If a job was suspended in VCM, it appears in Administration > Job Manager > Pending Response.
Getting Started with VCM Service Desk Integration NOTE Jobs for VCM Patching-managed machines appear in the Patching Job Manager, not the VCM Job Manager. Locate these jobs at: Patching > Administration > Job Manager. Click VCM Patching Administration > Job Manager > Pending Response to locate jobs that are currently awaiting approval.
vCenter Configuration Manager Installation and Getting Started Guide 212 VMware, Inc.
Getting Started with VCM for Active Directory 15 VCM for Active Directory (AD) collects AD objects across Domains and Forests, and displays them through a single console. This data is consolidated and displayed under the Active Directory slider, providing a logical grouping of AD object and configuration information, allowing you to view your AD structure, troubleshoot issues, and detect change.
vCenter Configuration Manager Installation and Getting Started Guide Confirming the Presence of Domains Prior to setting up VCM for Active Directory, you must confirm that all fully-qualified DNS Domains that you want to manage have been discovered by VCM. Domains are discovered during the VCM installation process; however, you may need to manually add Domains that were unavailable during the installation process. 1. Click Administration > Settings > Network Authority > Available Domains. 2.
Getting Started with VCM for Active Directory Adding and Assigning Network Authority Accounts Before you can perform any type of action (Discovery, Collection, and so forth), the Collector must gain access to each Domain to interact with the selected Domain Controllers (DCs) in the organization. A VCM network authority account must have administrator rights and be added for each Domain to be managed in the organization. Once these accounts have been added, they must be assigned to Domains.
vCenter Configuration Manager Installation and Getting Started Guide 4. Select By Browse List, then click Next. The Discovery Filters page appears. 5. Select Only discover machines in the Browse List that match these criteria. 6. Specify the filter parameters. Select Domain Controller Type <> " (two single quotes). 7. Click Next. The Important page appears. 8. For the Would you like to run this Discovery Rule now? option, select Yes. 9. Click Finish.
Getting Started with VCM for Active Directory Verifying Domain Controller Machines in Available Machines Once your Domain Controller discovery is completed, verify that your Domain Controllers are available for licensing and Agent installation. 1. Click Administration > Machines Manager > Available Machines > Available Windows Machines. 2. Verify that the domain controller machines are available in the Domains that you added in your discovery rule.
vCenter Configuration Manager Installation and Getting Started Guide 9. Verify the method used for communication. The default communication method is DCOM. For most VCM for Active Directory configurations, the default values in this screen should be used. Click Next. The Schedule page appears. 10. Select Run Action now, and then click Next. 11. Click Finish.
Getting Started with VCM for Active Directory 4. Click the Tools tab. 5. In the Tool Name list, select Disable UAC. 6. Click Launch. A Command window displays the running action. When the command is completed, close the window. 7. Close the System Configuration dialog box. 8. Restart the machine to apply the changes. 9. Install the Agent as specified in Licensing and Deploying the VCM Agent. 10. After installing the Agent on the target machine, re-enable UAC.
vCenter Configuration Manager Installation and Getting Started Guide 7. On the Domains/OUs tab, select the domain/OU to which the target machines belong, and then click OK. 8. On the Select Group Policy Object dialog box, click Finish. 9. On the Add or Remove Snap-Ins dialog box, click OK. 10. The domain/OU policy is added to the Console Root in the left pane. 11.
Getting Started with VCM for Active Directory IMPORTANT Click Administration > Job Manager > History > Instant Collections > Past 24 Hours to verify that all jobs have completed before proceeding to the next step. Configuring VCM for Active Directory as an Additional Product Now that VCM is aware of your Domain Controllers, follow the steps listed below to configure VCM for AD as an additional product. 1. Deploy VCM for AD to the Domain Controllers 2. Run the Determine Forest Action 3.
vCenter Configuration Manager Installation and Getting Started Guide NOTE VCM for AD will operate with only a single domain controller configured with VCM for AD as both the FDS/RDS (Forest Data Source/Replication Data Source). However, to collect important nonreplicated attributes such as Last Logon, it is essential that you configure as many domain controllers as possible with VCM for AD.
Getting Started with VCM for Active Directory 6. Upon completing the Setup DCs action, a collection will be submitted to the selected DCs. Forest information will be displayed in the Administration > Machines Manager > Additional Products > VCM for Active Directory data grid.
vCenter Configuration Manager Installation and Getting Started Guide 3. Select a Forest Data Source (FDS) for each Forest to be managed in VCM for Active Directory, and then click Next. The Select the Replication Data Source(s) (RDS) page appears. 4. Select a Replication Data Source (RDS) for each Domain that you want to be managed by VCM for Active Directory. Click Next. The Important page appears. 5. Click Finish. 6.
Getting Started with VCM for Active Directory Performing an Active Directory Data Collection You are now ready to perform your first collection of Active Directory objects using the same collection wizard used for Windows and UNIX/Linux collections. The first time you run an AD collection, the Agent will return all the objects and attributes from your Active Directory specified in the default filter set. 1. Click Collect, located on the Portal toolbar. The Collection Type Selection dialog box appears. 2.
vCenter Configuration Manager Installation and Getting Started Guide NOTE The delta collection feature makes subsequent collections run faster and more efficiently than the initial collection. For the initial collection, make sure that you click the check box so that the delta feature is disabled. 6. Click Next.The Data Types page appears. 7. Click Select All. 8. Select the Use default filters is selected option. 9. Click Next. The Location page appears. 10.
Getting Started with VCM for Active Directory 11. Expand the Enterprise tree, and then select an AD Location. 12. Click OK, to close the page. 13. On the Location page, click Next. 14. Click Finish. IMPORTANT Click Administration > Job Manager > History > Instant Collections > Past 24 Hours to verify that all jobs have completed before proceeding to the next step.
vCenter Configuration Manager Installation and Getting Started Guide Note that several other Active Directory Dashboards are available. Take time to familiarize yourself with the remainder of the VCM for AD Dashboards. Active Directory Summary Reports Your AD Collection Results are also available to you in a more “raw” format as well. This level of reporting is more relevant for day to day operations, troubleshooting, and analysis and can be viewed in a Summary report or data grid format.
Getting Started with VCM for Active Directory NOTE The default view is the Summary Report. At any time, however, you may switch the default view to go directly to the data grid by using the Enable/Disable Summary feature on the data grid view. See Help for more information on how to filter and sort your data and get full use of the data grid. Several other categories (called “data classes”) of information regarding your AD Collection are available under the Active Directory Slider.
vCenter Configuration Manager Installation and Getting Started Guide Active Directory Reports An alternative way to view your collected AD data is by running VCM Reports or creating your own custom reports using VCM’s reporting wizard. To begin exploring VCM’s Reporting functionality, click Reports > Active Directory Reports.
Accessing Additional Compliance Content 16 VMware provides several additional VCM Compliance Content Packages relative to the different components you have just activated. These packages are not available in the Portal until you download and import them. It is important to check to see if any of the VCM Compliance Content Packages are important to your organization, and then import them at this time. Before you begin using this content, you must complete these steps: 1. Locate the Content Directory. 2.
vCenter Configuration Manager Installation and Getting Started Guide If the particular Content Package(s) you have imported contains filter sets, they will appear under Administration > Collection Filters > Filter Sets. Particular VCM Content Package(s) may contain SSRS Reports, SSRS Node Summaries, and SSRS Dashboards, which will show up in their respective locations in the Portal. After this content has been imported into the Portal, further collections using custom filters may be required to use it.
Installing and Getting Started with VCM Tools 17 Several VCM components and tools were automatically installed on the Collector machine by the VCM Installation Manager during installation, as explained in the chapter Using VCM Installation Manager. However, if you want to install only the VCM tools on a non-Collector machine, follow the procedure in the first section in this chapter, Installing the Tools Only.
vCenter Configuration Manager Installation and Getting Started Guide The VCM tool or tools are now installed on this machine. Proceed to the following sections in this chapter to get started using the tools. NOTE The VCM Tools installation has prerequisites much like a VCM installation. Each tool in the Advanced Installation has its own installation requirements. For example, Import/Export (I/E) and Content Wizard can be installed only on a machine that is running VCM.
Installing and Getting Started with VCM Tools IMPORTANT Use of the CLI should be restricted to advanced users who exercise caution when testing out their scripts. Import/Export and CW were automatically installed on your Collector machine during your VCMinstallation. Import/Export and CW can only be run on a Collector machine. Refer to the following sections to get started with each tool. VCM Import/Export 1.
vCenter Configuration Manager Installation and Getting Started Guide NOTE VMware recommends that you refer to Import/Export Help to gain a thorough understanding of the logging of Content that is not imported by Import/Export even though it is requested by the user. Content Wizard Unlike Import/Export, Content Wizard may be used when no user intervention is required or when you want to connect directly to the VMware Web site for the latest Content Package updates.
Maintaining VCM After Installation 18 After you have performed the initial setup and familiarized yourself with VCM and its components and tools, VMware recommends that you step through the specific configuration settings for each licensed component and customize them. Additionally, you should perform routine maintenance on your VCM configuration management database (CMDB) just as you would any other SQL database in your enterprise.
vCenter Configuration Manager Installation and Getting Started Guide In addition to several general global settings, these components have specific settings that should be considered if you licensed the component. n Asset Extensions (VCMMXA) n VCM for Active Directory n VCM for Virtualization n UNIX n Windows For more information on settings specific to these products, see the Help associated with each product.
Maintaining VCM After Installation Configure Database File Growth After VCM is installed, the installer creates a single 2GB data file and a 1GB log file. As data is added to VCM through normal operations, these files will grow as required. File growth settings are set to the default for Microsoft SQL Server 2008 R2. The default values may result in file fragmentation or suboptimal performance in some environments. This procedure describes how to set the AutoGrowth property in each database.
vCenter Configuration Manager Installation and Getting Started Guide Configure Database Recovery Settings SQL Server supports these recovery models, which you can set differently for each database: n Simple. In Simple recovery, the only information kept in the transaction log is data that is necessary to recover the database to a known good state when the server restarts. It is a misconception that this setting does not cause the transaction log file to grow.
Maintaining VCM After Installation 2. Open the Management folder, right-click Maintenance Plans and select Maintenance Plan Wizard. 3. Click Next. The Select Plan Properties page appears. VMware, Inc.
vCenter Configuration Manager Installation and Getting Started Guide 4. Enter a maintenance plan name, select Single schedule for the entire plan or no schedule, and click Change. 5. In the Job Schedule Properties - Maintenance Plan dialog box, set the scheduling properties for the job, as shown in this example. Schedule the run time when the system is idle or has low usage. 6. Click OK to return to the Select Plan Properties page and click Next. 242 VMware, Inc.
Maintaining VCM After Installation 7. On the Select Maintenance Tasks page, select the maintenance tasks to be performed, including Check Database Integrity, Rebuild Index, Update Statistics, and Clean Up History, and then click Next. 8. On the Select Maintenance Task Order page, specify the order for the maintenance tasks to be performed and click Next. VMware, Inc.
vCenter Configuration Manager Installation and Getting Started Guide 9. On the Define Database Check Integrity Task page, click the Databases drop down menu and select the CSI_Domain, VCM, VCM_Coll, VCM_Raw, and VCM_UNIX databases and click OK. When the databases are selected, Specific databases appears in the Databases field. Check the option Include indexes and click Next. NOTE It is important to select the VCM_Raw database because it contains transient data that is consumed by the other databases.
Maintaining VCM After Installation 10. On the Define Rebuild Index Task page, specify how the Maintenance Plan should rebuild the Index. Click the Databases drop down menu, select the CSI_Domain, VCM, VCM_Coll, and VCM_UNIX databases, and click OK. When the databases are selected, Specific databases appears in the Databases field. In the Advanced options area, select Sort results in tempdb and click Next. NOTE It is not necessary to rebuild the Index for the VCM_Raw database. VMware, Inc.
vCenter Configuration Manager Installation and Getting Started Guide 11. On the Define Update Statistics Task page, specify how the Maintenance Plan should update the database statistics. Click the Databases drop down menu. Select the CSI_Domain, VCM, VCM_Coll, and VCM_UNIX databases, and then click OK. When the databases are selected, Specific databases appears in the Databases field. Click Next. 12.
Maintaining VCM After Installation 13. On the Select Report Options page, select Write a report to a text file, specify the folder location to save a record of the maintenance plan actions for future reference, and click Next. 14. On the Complete the Wizard page, verify the selections in the Maintenance Plan Wizard and expand the tree selections to view the settings, and click Finish. VMware, Inc.
vCenter Configuration Manager Installation and Getting Started Guide 15. When the Maintenance Plan Wizard completes, verify that the actions were successful. 16. To view, save, copy, or send the report, click Report and select an option. You have now established a routine maintenance plan to assure that SQL Server 2008 R2 continues to operate efficiently.
Troubleshooting Problems with VCM A This chapter provides important information that will help you troubleshoot issues that may occur during the VCM software installation, upgrade, or use.
vCenter Configuration Manager Installation and Getting Started Guide o Support for additional UNIX platforms was added in 5.1, along with the automated distribution of bulletin information to Agent machines. n n The process of distributing the bulletin information to UNIX Agent machines has failed. n The bulletin information was removed from the UNIX Agent machine. n Bulletin information may not be loaded on your Collector.
Troubleshooting Problems with VCM 1. Open a command prompt. 2. Navigate to the C:\Program Files (x86)\VMware\VCM\AgentData\protected directory, and delete these files: ECMv.csi.pds and ECMv.csi.pds.lck. 3. Execute the following command: GenerateAgentProxyKeys.cmd. 4. Verify that the following files were generated: _securecomm_public_key.txt _ssh_public_key.txt 5. From the command prompt, execute the following command: DatabaseUploadKey.cmd _securecomm_public_key.
vCenter Configuration Manager Installation and Getting Started Guide 1. Log into VCM and select Administration > Settings > General Settings > Database. 2. In the Database settings, click to highlight the setting labeled IIS HTTP string http or https. 3. Click Edit Setting and change the IIS HTTP string setting to https. After performing these steps, you can operate VCM through a secure channel.
Index % %Systemroot% environment variable 79 A About Patching 161 about this book 11 access by user 61 accessing compliance content 231 account application services 16 collector services 16 network authority 15 Oracle collection user 125 active directory (AD) 213 agent 217 collection results 227 configuration 221 data collection 225 domain controllers 213 getting started 213 network authority account 215 reference information 230 run determine forest action 222 run setup DCs action 223 AD (active directo
vCenter Configuration Manager Installation and Getting Started Guide collection results AD Oracle Remote UNIX/Linux virtualization collection scripts custom for WCI collection user account creating, Config User Action creating, remote command Oracle collections active directory AD exploring, Windows Mac OS X Oracle patching Remote results, Mac OS X troubleshooting vCenter Server UNIX/Linux vCenter Server data virtualization WCI Windows machines collector aware of Remote client certificates importing conten
Index collection results Oracle UNIX/Linux virtualization Windows imported content Remote collection results 129 107 143 84 231 159 F filter sets imported content in Remote settings Remote forest run determine forest action forests active directory foundation checker installation ftp, use binary mode 231 158 158 222 213 233 234 100, 113 G getting started active directory assets auditing components, tools deploy patches, UNIX/Linux deploy patches, Windows explore assessment results, UNIX explore assessm
vCenter Configuration Manager Installation and Getting Started Guide collection collection results licensing maintenance after installation backup/disaster recovery plan configure database file growth create plan customize settings database recovery settings migrating modifying assets hardware configurations assets software configurations 119 121 112 237 248 239 240 237 240 45 202 204 N network authority account AD checking node summaries resolving problems 15 215 70 250 O operating systems agent binar
Index assets Oracle Service Desk registering vSphere Client Plug-in remediation compliance rule software provisioning Remote collection results collections filter sets getting started settings filter sets virtual directory Remote client automatic upgrade collector aware installing command line remote command remote package UNIX agent upgrade repairing uninstall, troubleshooting reports parameter error, resolving resolving problems WCI repositories collect installing repository sources adding resetting requ
vCenter Configuration Manager Installation and Getting Started Guide check for Windows updating IIS settings virtual directory upgrading agent agent proxy agent proxy manually automatic failed, troubleshooting Red Hat workstations UNIX agent local package remote package virtualization vSphere Client Plug-in user access 165 251 251 45 53 57 58 54 22 54, 98 54 55 56 56 59, 145 61 discover, license, install discovering install agent licensing uninstalling agent wizards content import/export workstations upg
