User`s guide
Table Of Contents
- VCM Installation and Getting Started Guide
- Updated Information
- About This Book
- Preparing for Installation
- Installing VCM
- Using Installation Manager
- Installing and Configuring the OS Provisioning Server and Components
- Installing the Operating System Provisioning Server
- Preparing Boot Images for Windows Provisioning
- Copy the VCM Certificate to the OS Provisioning Server for Linux Provisioning
- Importing Distributions into the OS Provisioning Server Repository
- Configuring the OS Provisioning Server Integration with the VCM Collector
- Maintaining Operating System Provisioning Servers
- Upgrading or Migrating vCenter Configuration Manager
- Upgrade and Migration Scenarios
- Prerequisites
- Back up Your Databases
- Back up Your Files
- Back up Your Certificates
- Software Supported by the VCM Collector
- Migration Process
- Prerequisites
- Foundation Checker Must Run Successfully
- Use the SQL Migration Helper Tool
- Migrate Only Your Database
- Replace your existing 32-Bit Environment with the Supported 64-bit Environment
- How to Recover Your Machine if the Migration is not Successful
- Migrate a 32-bit environment running VCM 5.3 or earlier to VCM 5.4
- Migrate a 64-bit environment running VCM 5.3 or earlier to VCM 5.4
- Migrate a split installation of VCM 5.3 or earlier to a single-server install...
- After You Migrate VCM
- Upgrade Process
- Upgrading Existing Windows Agents
- Upgrading Existing Remote Clients
- Upgrading Existing UNIX Agents
- Upgrading VCM for Virtualization
- Getting Started with VCM Components and Tools
- Getting Started with VCM
- Discover, License, and Install Windows Machines
- Verifying Available Domains
- Checking the Network Authority
- Assigning Network Authority Accounts
- Discovering Windows Machines
- Licensing Windows Machines
- Installing the VCM Windows Agent on your Windows Machines
- Performing an Initial Collection
- Exploring Windows Collection Results
- Getting Started Collecting Windows Custom Information
- Discover, License, and Install UNIX/Linux Machines
- Discover, License, and Install Mac OS X Machines
- Discover, License, and Collect Oracle Data from UNIX Machines
- Customize VCM for your Environment
- How to Set Up and Use VCM Auditing
- Discover, License, and Install Windows Machines
- Getting Started with VCM for Virtualization
- Getting Started with VCM Remote
- Getting Started with VCM Patching
- Getting Started with Operating System Provisioning
- Getting Started with Software Provisioning
- Getting Started with VCM Management Extensions for Assets
- Getting Started with VCM Service Desk Integration
- Getting Started with VCM for Active Directory
- Accessing Additional Compliance Content
- Installing and Getting Started with VCM Tools
- Maintaining VCM After Installation
- Troubleshooting Problems with VCM
- Index
To be valid, a Collector certificate must be:
n
Located in the local machine personal certificate store.
n
Valid for Server Authentication. If any Enhanced Key Usage extension or property is present, it must
include the Server Authentication OID 1.3.6.1.5.5.7.3.1. If the Key Usage extension is present, it must
include DIGITAL_SIGNATURE.
n
Active, and not expired.
Alternatively, Installation Manager can generate the Collector and Enterprise certificates for you; select the
Generate option during installation.
NOTE If you will install more than one Collector that will communicate with the same Agent(s), or plan
to replace/renew your certificates later, special considerations are required to generate and select
certificates in VCM Installation Manager. For details about VCM and Transport Layer Security (TLS), see
Transport Layer Security Implementation for VCM.
Server Authentication
Server Authentication is a method of authenticating the server to the client. VCM supports server
authentication. In VCM environments where TLS is employed, VCM Agents verify the identity of the
Collector(s) through the use and verification of certificates (over HTTP).
Typically, the server authenticates a client/user by requiring information such as a user name and
password. When server authentication is used, the client/user verifies that the server is valid. To
accomplish this verification using TLS, the server provides a certificate issued by a trusted authority, such
as Verisign®. If your client web browser has the Verisign® Certified Authority certificate in its trusted
store, it can trust that the server is actually the Web site you access.
TLS uses certificates managed by a public key infrastructure (PKI) to guarantee the identity of servers and
clients. A certificate is a package containing a public key and information that identifies the owner and
source of that key, and one or more certifications (signatures) to verify that the package is authentic. To
sign a certificate, an issuer adds information about itself to the information already in the certificate
request. The public key and identifying information are hashed and signed using the private key of the
issuer’s certificate.
Certificates are defined by the X.509 RFC standard, which includes fields that form a contract between the
creator and consumer. The Enhanced Key Usage extension specifies the use for which the certificate is
valid, including Server Authentication.
Enterprise and Collector Certificates
An Enterprise Certificate and one or more Collector Certificates enable secure HTTP Collector-Agent
communication in VCM. The Enterprise Certificate enables VCM to operate in a multi-Collector
environment. Agents have the Enterprise Certificate in their trusted certificate stores, which they use
implicitly to validate any certificate issued by the Enterprise Certificate. All Collector Certificates are
expected to be issued by the Enterprise Certificate, which is critical in environments where a single Agent
is shared between two collectors.
Server Authentication is required to establish a TLS connection with an Agent. All Collectors should have a
common Enterprise Certificate. Each Collector Certificate is issued by the Enterprise Certificate, and is
capable of Server Authentication.
Preparing for Installation
VMware, Inc. 17