User`s guide
Table Of Contents
- VCM Installation and Getting Started Guide
- Updated Information
- About This Book
- Preparing for Installation
- Installing VCM
- Using Installation Manager
- Installing and Configuring the OS Provisioning Server and Components
- Installing the Operating System Provisioning Server
- Preparing Boot Images for Windows Provisioning
- Copy the VCM Certificate to the OS Provisioning Server for Linux Provisioning
- Importing Distributions into the OS Provisioning Server Repository
- Configuring the OS Provisioning Server Integration with the VCM Collector
- Maintaining Operating System Provisioning Servers
- Upgrading or Migrating vCenter Configuration Manager
- Upgrade and Migration Scenarios
- Prerequisites
- Back up Your Databases
- Back up Your Files
- Back up Your Certificates
- Software Supported by the VCM Collector
- Migration Process
- Prerequisites
- Foundation Checker Must Run Successfully
- Use the SQL Migration Helper Tool
- Migrate Only Your Database
- Replace your existing 32-Bit Environment with the Supported 64-bit Environment
- How to Recover Your Machine if the Migration is not Successful
- Migrate a 32-bit environment running VCM 5.3 or earlier to VCM 5.4
- Migrate a 64-bit environment running VCM 5.3 or earlier to VCM 5.4
- Migrate a split installation of VCM 5.3 or earlier to a single-server install...
- After You Migrate VCM
- Upgrade Process
- Upgrading Existing Windows Agents
- Upgrading Existing Remote Clients
- Upgrading Existing UNIX Agents
- Upgrading VCM for Virtualization
- Getting Started with VCM Components and Tools
- Getting Started with VCM
- Discover, License, and Install Windows Machines
- Verifying Available Domains
- Checking the Network Authority
- Assigning Network Authority Accounts
- Discovering Windows Machines
- Licensing Windows Machines
- Installing the VCM Windows Agent on your Windows Machines
- Performing an Initial Collection
- Exploring Windows Collection Results
- Getting Started Collecting Windows Custom Information
- Discover, License, and Install UNIX/Linux Machines
- Discover, License, and Install Mac OS X Machines
- Discover, License, and Collect Oracle Data from UNIX Machines
- Customize VCM for your Environment
- How to Set Up and Use VCM Auditing
- Discover, License, and Install Windows Machines
- Getting Started with VCM for Virtualization
- Getting Started with VCM Remote
- Getting Started with VCM Patching
- Getting Started with Operating System Provisioning
- Getting Started with Software Provisioning
- Getting Started with VCM Management Extensions for Assets
- Getting Started with VCM Service Desk Integration
- Getting Started with VCM for Active Directory
- Accessing Additional Compliance Content
- Installing and Getting Started with VCM Tools
- Maintaining VCM After Installation
- Troubleshooting Problems with VCM
- Index
n
The Collector Certificate is used to initiate and secure a TLS communication channel with an HTTP
Agent. The Agent must be able to establish that the Collector Certificate can be trusted, which means
that the Collector Certificate is valid and the certification path starting with the Collector Certificate
ends with a trusted certificate. By design, the Enterprise Certificate is installed in the Agent’s trusted
store, and the chain ends with the Enterprise Certificate.
n
A Collector Certificate can also be used to issue Agent certificates. As long as all Collector Certificates
are issued by the same Enterprise Certificate, any Agent Certificate may be issued by any Collector
Certificate, and all Agents will be able to trust all Collectors. Similarly, all collectors will be able to
validate all Agent Certificates. Agent Certificates are used for Mutual Authentication only. Mutual
authentication is supported, but requires interaction with VMware Customer Support and a Collector
Certificate that also has certificate signing capability.
n
The Collector Certificate and associated private key must be available to the Collector. This certificate is
stored in the (local machine) personal system store.
Collector Certificates in VCM must adhere to the requirements specified above in Secure Communications
Certificates.
Delivering Initial Certificates to Agents
VCM Agents use the Enterprise Certificate to validate Collector Certificates. Therefore, the Agent must
have access to the Enterprise Certificate as a trusted certificate. In most cases, VCM will deliver and install
the Enterprise Certificate as needed.
n
Installing the Agent from a Disk (Windows only): The VCM Installation DVD does not contain
customer-specific certificates. If HTTP is specified, the manual VCM Installer requests the location of the
Enterprise Certificate file during the installation. You must have this file available at installation time.
The certificate file (with a .pem extension) can be copied from the CollectorData folder of the Collector.
This will be the case whether you run the manual installer directly (CMAgentInstall.exe) or use the
“Agent Only” option from the DVD auto-run program.
n
Using CMAgentInstall.exe to Install the Agent (Windows only): CMAgentInstall.exe or
CMAgent[version].msi is the manual Agent installer program. The manual installer will request the
location of the Enterprise Certificate file, if HTTP is specified. You must have this file available at
installation time. The certificate file can be copied from the CollectorData folder of the Collector.
n
MSI Install Package: If HTTP is specified, the MSI agent install package also requires access to the .pem
file.
n
Installing the Agent for UNIX/Linux: See Installing the VCM Agent on UNIX/Linux Machines in this
document.
Installing the Agent Using a Provisioning System
For Windows®, the manual installation program is available in .exe and .msi formats. Both versions allow
the Enterprise Certificate file to be specified with a command line switch. You may also omit the certificate
installation step by use of a command line switch. When these programs are run through a provisioning
system, you must ensure that the Enterprise Certificate is available (and still secure), and configure the
program options appropriately. Alternatively, you may choose to push the Enterprise Certificate to
Agents by some other means and configure the provisioning system to omit certificate installation.
For UNIX/Linux, each UNIX/Linux installation package is targeted for one or more supported platforms.
To install the UNIX/Linux Agent using a provisioning system, extract the installation package as
appropriate and then deploy the extracted file with the provisioning system. The Enterprise Certificate is
embedded in the installation package on the Collector.
vCenter Configuration Manager Installation and Getting Started Guide
18 VMware, Inc.