This document supports the version of each product listed and supports all
subsequent versions until the document is replaced by a new edition. To
check for more recent editions of this document, see
http://www.vmware.com/support/pubs.
EN-000456-00
vCenter Configuration Manager Installation and Getting Started Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All
other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2VMware, Inc.
Contents
Copyright2
About This Book9
Preparing for Installation11
Using Installation Manager12
Understanding Installation Configurations12
Understanding Tools Installation13
Checking Prerequisites for Installation13
VCM’s Use of Microsoft Cryptographic Service Providers (CSPs) for Windows Machines17
Cryptography for UNIX/Linux Platforms17
Cryptography used in VCM Software Components18
Supported Windows and UNIX Platforms18
Installing VCM Using Installation Manager19
Using the Installation Manager19
Navigating VCM Installation Manager Screens19
Installing VCM and the Related Components19
Upgrading VCM and Related Components35
Prerequisites35
Backup and Recovery35
Assumptions for Upgrading Your VCM Collector and Database36
Upgrading to VCM 5.336
Upgrading the VCM Database Only36
Upgrading VCM on a 32-Bit System36
Upgrading to a 64-Bit System36
Before Upgrading37
Performing the Upgrade37
Upgrading Existing Windows Agents38
Upgrading Existing Remote Clients39
Upgrading Existing UNIX Agents40
To Upgrade the UNIX Agent(s) with a Local Package40
To Upgrade the UNIX Agent(s) with a Remote Package41
Upgrading VCM for Virtualization42
Upgrading an Agent Proxy Machine43
Upgrading the vSphere Client VCM Plug-in45
Getting Started with VCM Components and Tools47
Understanding User Access47
VMware, Inc.3
vCenter Configuration Manager Installation and Getting Started Guide
Launching and Logging Onto VCM48
How to Launch VCM and Log On48
Getting Familiar with the Portal48
General Information Bar49
Portal Toolbar49
Sliders50
Where to Go Next52
Getting Started with VCM53
Discover, License, and Install Windows Machines53
Verifying Available Domains53
Checking the Network Authority54
Assigning Network Authority Accounts55
Discovering Windows Machines56
Licensing Windows Machines59
Installing the VCM Windows Agent on your Windows Machines61
Performing an Initial Collection67
Exploring Windows Collection Results68
Getting Started Collecting Windows Custom Information72
Discover, License, and Install UNIX/Linux Machines80
Adding UNIX/Linux Machines81
Licensing UNIX/Linux Machines82
Installing the Agent on UNIX/Linux Machines83
Performing a UNIX/Linux Collection90
Exploring UNIX/Linux Collection Results91
Discover, License, and Install Mac OS X Machines94
Getting Started with VCM for Mac OS X94
Adding Mac OS X Machines94
Licensing Mac OS X Machines96
Installing the Agent on Mac OS X Machines97
Performing a Mac OS X Collection103
Exploring Mac OS X Collection Results106
Discover, License, and Collect Oracle Data from UNIX Machines108
Adding UNIX Machines Hosting Oracle and Installing the Agent109
Discovering Oracle Instances109
Creating the Oracle Collection User Account110
Performing an Oracle Collection114
Exploring Oracle Collection Results114
Reference Information about Oracle114
Customize VCM for your Environment115
How to Set Up and Use VCM Auditing116
Getting Started with VCM for Virtualization117
Virtual Environment Configuration117
ESX 2.5/3.x,vSphere 4, and ESXi Servers Collections118
Licensing ESX/vSphere Server Machines as Virtual Machine (VM) Hosts127
Configuring Web Services for ESX/vSphere Server Communication128
Adding the Web Services User to the Administrator Role Using the VI Client/vCenter Client
Installing the ESX Web Services Certificate on the Agent Proxy Machine130
For ESX 2.5.x Only: Setting Up VirtualCenter to Collect Virtualization Data134
Adding Web Services Settings134
Performing an Initial Virtualization Collection134
Exploring Virtualization Collection Results135
Configuring vCenter Server Data Collections137
vCenter Server Collection Prerequisites137
Collecting vCenter Server Data141
Reviewing Collected vCenter Server Data142
Troubleshooting vCenter Server Data Collections142
About the vSphere Client VCM Plug-in143
Registering the vSphere Client VCM Plug-in143
Configuring the vSphere Client VCM Plug-in Integration Settings144
Getting Started with the vSphere Client VCM Plug-in145
Upgrading the vSphere Client VCM Plug-in146
Further Reading146
129
Getting Started with VCM Remote147
Getting Started with VCM Remote147
Installing the VCM Remote Client148
Installing the Remote Client manually149
Making VCM Aware of VCM Remote Clients156
Configuring VCM Remote Settings156
Creating Custom Collection Filter Sets156
Specifying Custom Filter Sets in the VCM Remote Settings156
Performing a Collection Using VCM Remote157
Exploring VCM Remote Collection Results157
Getting Started with VCM Patching159
Getting Started with VCM Patching159
Getting Started with VCM Patching for Windows Machines159
Check for Updates to Bulletins159
Collect Data from Windows Machines Using the VCM Patching Filter Sets160
Launch an Assessment161
Explore VCM Patching Windows Assessment Results165
Deploy Patches to Windows Machines165
Getting Started with VCM Patching for UNIX/Linux Machines168
Getting Started168
Check for Updates to Bulletins169
Collect Assessment Data from UNIX/Linux Machines169
Explore Assessment Results and Acquire the Patches173
Modifying Other Devices201
Adding Software Configuration Items202
Further Reading203
Getting Started with VCM Service Desk Integration205
Getting Started with Service Desk Integration205
Service Desk Integration in the Console205
Service Desk Integration in Job Manager206
Further Reading207
Getting Started with VCM for Active Directory209
Making VCM Aware of Domain Controllers209
Confirming the Presence of Domains210
Adding and Assigning Network Authority Accounts211
Discovering Domain Controllers211
Verifying Domain Controller Machines in Available Machines213
Licensing and Deploying the VCM Agent213
Performing a Machine Data Type Collection216
Configuring VCM for Active Directory as an Additional Product216
Deploying VCM for AD to the Domain Controllers216
Running the Determine Forest Action218
Running the Setup DCs Action218
Performing an Active Directory Data Collection220
Exploring Active Directory Collection Results223
Further Reading226
Getting Started with VCM for SMS227
Getting Started with VCM for SMS227
Making VCM Aware of the SMS Servers227
Performing SMS Server Collections228
Performing SMS Client Collections229
Exploring SMS Collection Results229
6VMware, Inc.
Contents
Viewing SMS Dashboards229
Viewing SMS Server Data230
Viewing SMS Client Data231
Viewing SMS Reports232
Further Reading233
Getting Started with Windows Server Update Services235
Getting Started with Windows Server Update Services235
Making VCM Aware of the WSUS Server235
Performing WSUS Server Collections236
Performing WSUS Client Collections236
Exploring WSUS Collection Results237
Viewing WSUS Clients237
Viewing WSUS Reports238
Further Reading238
Accessing Additional Compliance Content239
Locating the Content Directory239
Launching the Content Wizard to Import Relevant Content239
Exploring Imported Content Results in the Portal239
Installing and Getting Started with VCM Tools241
Installing the VCM Tools Only241
Foundation Checker242
VCM Job Manager Tool242
VCM Import/Export and Content Wizard (CW)243
VCM Import/Export244
Content Wizard245
Maintaining VCM After Installation247
Customize VCM and Component-specific Settings247
Configure Database File Growth249
Configure Database Recovery Settings250
Create a Maintenance Plan for SQL Server 2005250
Incorporate the VCM CMDB into your Backup/Disaster Recovery Plans258
To Resolve the Problem260
Resolving Protected Storage Errors260
To Resolve the Problem261
Resetting the Required Secure Channel (SSL)261
Updating the Web.config Configuration File261
Updating the VCM Virtual Directory262
Updating the IIS Settings in VCM262
Resolving a Report Parameter Error262
Configuring a Collector as an Agent Proxy265
Verifying Membership to CSI_COMM_PROXY_SVC on the Agent Proxy Machine265
Generating Key Pairs on the Agent Proxy Machine266
Uploading Keys to the Database266
Index267
VMware, Inc.7
vCenter Configuration Manager Installation and Getting Started Guide
8VMware, Inc.
About This Book
This guide, VCM Installation and Getting Started Guide, describes the steps you must take in order to ensure
a successful VMware vCenter Configuration Manager (VCM) installation. This document contains the
following information:
n
Preparing for the VCM installation.
n
Installing VCM.
n
Getting started with VCM and its components.
n
Maintenance and troubleshooting.
Read this document and complete the associated procedures to prepare for a successful installation.
The VCM Installation and Getting Started Guide covers VCM, Foundation Checker, and Service Desk
Connector.
Intended Audience
The information presented in this manual is written for system administrators who are experienced
Windows or UNIX/Linux system administrators and who are familiar with managing network users and
resources, and performing system maintenance.
To use the information in this guide effectively, you must have a basic understanding of how to configure
network resources, install software, and administer operating systems. You also need to fully understand
your network’s topology and resource naming conventions.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send
your feedback to docfeedback@vmware.com.
VMware VCM Documentation
The vCenter Configuration Manager (VCM) documentation consists of the VCM Hardware and Software
Requirements Guide, VCM Foundation Checker User's Guide, VCM online Help, this manual, and other
associated documentation.
VMware, Inc.9
vCenter Configuration Manager Installation and Getting Started Guide
Technical Support and Education Resources
The following technical support resources are available to you. To access the current version of this book
and other books, go to http://www.vmware.com/support/pubs.
Online and Telephone
Support
Support OfferingsTo find out how VMware support offerings can help meet your business needs,
VMware Professional
Services
To use online support to submit technical support requests, view your product
and contract information, and register your products, go to
http://www.vmware.com/support.
Customers with appropriate support contracts should use telephone support for
priority 1 issues. Go to http://www.vmware.com/support/phone_support.html.
go to http://www.vmware.com/support/services.
VMware Education Services courses offer extensive hands-on labs, case study
examples, and course materials designed to be used as on-the-job reference tools.
Courses are available onsite, in the classroom, and live online. For onsite pilot
programs and implementation best practices, VMware Consulting Services
provides offerings to help you assess, plan, build, and manage your virtual
environment. To access information about education classes, certification
programs, and consulting services, go to http://www.vmware.com/services.
10VMware, Inc.
Preparing for Installation
This chapter provides important information that will help you prepare to install VCM components and
tools in your enterprise. This chapter contains the following sections:
n
Using Installation Manager: Provides an overview of Installation Manager, which is used to install and
activate all VCM components and tools.
n
Understanding Installation Configurations: Describes the supported installation configurations for
VCM.
n
Understanding Tools Installation: Explains how VCM tools are installed.
n
Checking Prerequisites for Installation: Lists the prerequisites you should complete prior to using VCM
Installation Manager to perform the installation.
For an overview of the security precautions you should take before installing VCM, see the VCM Security
Environment Requirements Technical White Paper on the VMware vCenter download site.
This document assumes that your hardware and software configuration meets the requirements described
in VCM Hardware and Software Requirements Guide. If you have not already done so, verify that your
configuration meets the installation requirements by performing a Tools Only installation of VCM
Foundation Checker, and then running it once it is installed. If VCM Foundation Checker does not return
any errors, then you are ready to proceed. For more information on performing a Tools only installation,
see "Installing and Getting Started with VCM Tools" on page 241. If you choose to install and run the
Foundation Checker before installation, it is important to uninstall the Foundation Checker before
running the Installation Manager.
1
VMware, Inc.11
vCenter Configuration Manager Installation and Getting Started Guide
Using Installation Manager
Installation Manager performs new installations as well as upgrades, and provides a highly simplified
process for installing components and tools. Installation Manager has a straightforward interface that steps
you through the entire installation or upgrade process.
Installation Manager:
n
Performs the checks to ensure the machine(s) meets the hardware and software prerequisites necessary
for installing.
n
Provides confirmation of the license file you are applying during installation.
n
Installs VCM and all of its components and tools in the appropriate order on your machine(s).
n
Tests each progressive step during the installation to ensure that all components were successfully
installed and that the licensed components were successfully activated.
In addition, Installation Manager operates with minimal user input, and provides clear feedback on
progress throughout the entire installation process.
Installation Manager installs VCM and all of its components on your machine, even those that you have
not purchased. However, only the components that have been purchased are licensed by your license file.
This enables you to purchase more licenses later, and thereby activate additional components that are
already installed.
To install VCM and all of its components and tools for the first time, follow the procedures described in
Using Installation Manager.
IMPORTANT When upgrading to VCM 5.3.0, be aware that you can use Installation Manager to upgrade
from VCM 4.11.1 or later.
When performing a new installation or an upgrade, you must have the previous license file available and
specify the path to the license file during the installation. Installation Manager will use the license file to
activate the components that you have purchased. If you do not have the license file from VCM 4.11.1 or
later, contact VMware Customer Support.
Understanding Installation Configurations
Before proceeding, you must have already configured your hardware and installed all of the prerequisite
software based on the information in the VCM Hardware and Software Requirements Guide. VCM has two
supported installation configurations: the default, single machine installation in which all components and
tools are installed on a single machine; and the advanced, “split” installation in which the Collector and the
database are installed on two separate machines.
IMPORTANT A split installation across two machines should be used only when your corporate policy
requires you to have your SQL Server data stored on a centralized database server. Split installations are
implemented and supported only by VMware Customer Support. Installation instructions are not
provided in this manual.
Refer to the VCM Hardware and Software Requirements Guide for a detailed diagram of a complete
installation.
12VMware, Inc.
Understanding Tools Installation
The VCM tools include:
n
Foundation Checker
n
Job Manager
n
Import/Export and Configuration Content Wizard (CCW)
n
Web Services Toolkit
All of the tools are automatically installed. Installation procedures are provided in "Using Installation
Manager" on page 12.
VCM tools may be installed separately on a non-Collector machine as appropriate. To install Tools Only,
follow the installation procedures in "Installing and Getting Started with VCM Tools" on page 241
Checking Prerequisites for Installation
This section lists the prerequisites that you should complete prior to using Installation Manager.
Hardware and Software Requirements
Preparing for Installation
Your hardware and software configuration must meet the requirements described in the VCM Hardwareand Software Requirements Guide before you can proceed with your installation.
IMPORTANT You can ensure a smooth and efficient installation by validating that your machines meet all
the requirements by performing a Tools Only installation of Foundation Checker (see "Installing and
Getting Started with VCM Tools" on page 241) and running it once it is installed. If Foundation Checker
returns no errors, then you are ready to proceed. If your machine(s) do not meet these requirements, the
installation cannot proceed.
If you are installing on HP-UX 11.11, Patch PHSS_30966 is required for the HP-UX Agent. If you need
assistance, contact VMware Customer Support.
Administration Rights
The User Account of the person performing your installation or upgrade must be all of the following:
n
A system administrator on the machine(s) on which the installation or upgrade is being performed, and
n
A system administrator on the database instance that will be used, and
n
A member of a domain.
The installing User Account should not be the account used to run the SQL Server Services; nor, after
installation, should you create a VCM user with the SQL Server Services account credentials.
Default Network Authority Account
The default network authority account must be specified during the installation process. This account,
which often is the system administrator’s (for example, a Domain Admin in the Local Admin Group), must
be set up in the Local Administrators group on each machine prior to installation. This should have already
been completed following the checklist in the VCM Hardware and Software Requirements Guide.
VMware, Inc.13
vCenter Configuration Manager Installation and Getting Started Guide
The Local System account named NT AUTHORITY\System has unrestricted access to all local system
resources. This account is a member of the Windows Administrators group on the local machine, and a
member of the SQL Server sysadmin fixed server role. If the NT AUTHORITY\System account does not
have access to the VCM installation binary files (possibly because someone removed the account or
inherently removed access), the installation will result in an “access denied” error in the first step. Details
of this error are not stored in the VCM error log. The solution is to grant access to the NT
AUTHORITY\System account from the installation source directory (right-click the folder, select the
Security tab, and then make sure the user or user’s group has Full Control of the file/folder). Then run the
installation again.
NOTE The network authority account can be changed later in VCM at Administration | Settings |
Network Authority.
Default Collector Services Account
The default services authority account must be specified during the installation process. This account,
which may not necessarily be the system administrator’s, must exist in the Local Administrators group on
the Collector machine. In addition, this account must not be a LocalSystem account.
IMPORTANT If the password for your services account changes, you must also change the password in
both the Services Management and Component Services DCOM Config consoles.
To change your services password in the Services Management console, click Administrative Tools |Services. Locate all of the services that use the services account to log on. Right click each of these services,
then select Properties. Click the Log On tab, and then update the password field to reflect your new
password.
To change your services password in the Component Services DCOM Config console, click
Administrative Tools | Component Services. Expand the Component Services node, then select
Computers | My Computer | DCOM Config. Right click the LicenseDcom file, then select Properties.
Click the Identity tab, and then update the password field to reflect your new password.
VMware Application Services Account
The VMware Application Services Account must be a domain user. Because this account will have full
administrative authority for the CSI_Domain database, it should never be used as a VCM login or for any
other purpose.
VCM Remote Virtual Directory
The VCM Remote Virtual Directory account must be specified during the installation process. This account
should not be the same account you used for your Default Network Authority Account and/or your
Default Services Account to reduce the chances of a security risk to those accounts.
NOTE The service account can be changed later if necessary using the IIS Management console.
14VMware, Inc.
Preparing for Installation
Secure Communications Certificates
VCM uses Transport Layer Security (TLS) to secure all HTTP communication with Windows and UNIX
Agents in HTTP mode (includes all UNIX Agents and Windows Agents in HTTP mode). TLS uses
certificates to authenticate the Collector and Agents to each other. You must specify certificates for the
Collector and for the Enterprise during the installation process. If you plan to use your own certificates,
familiarize yourself with the certificate names so that you can select them during installation.
To be valid, a Collector certificate must meet the following criteria:
n
The Collector certificate must be located in the local machine personal certificate store.
n
The Collector certificate must be valid for Server Authentication. If any Enhanced Key Usage extension
or property is present, it must include the Server Authentication OID 1.3.6.1.5.5.7.3.1. If the Key Usage
extension is present, it must include DIGITAL_SIGNATURE.
n
The Collector certificate must not be expired.
If you want Installation Manager to generate the Collector and Enterprise certificates for you, select the
Generate option during installation.
NOTE If you will be installing more than one Collector that will communicate with the same Agent(s), or
you plan to replace/renew your certificates at a later date, there are special considerations for generating
and selecting certificates in VCM Installation Manager. For more information about VCM and Transport
Layer Security (TLS), see Transport Layer Security Implementation for VCM.
Server Authentication
Server Authentication is a method of authenticating the server to the client. VCM supports server
authentication. In VCM environments where TLS is employed, VCM Agents verify the identity of the
Collector (or Collectors) through the use and verification of certificates (over HTTP).
Typically, the server authenticates a client/user by requiring information, such as a user name and
password. When server authentication is used, the client/user verifies that the server is valid. To
accomplish this verification using TLS, the server provides a certificate issued by a trusted authority, such
as Verisign®. If your client web browser has the Verisign® Certified Authority certificate in its trusted
store, it can trust that the server is actually the web site you are accessing.
TLS uses certificates managed by a public key infrastructure (PKI) to guarantee the identity of servers and
clients. A certificate is a package containing a public key and information that identifies the owner and
source of that key, and one or more certifications (signatures) verifying that the package is authentic. To
sign a certificate, an issuer adds information about itself to the information already in the certificate
request. The public key and identifying information are hashed and signed using the private key of the
issuer’s certificate.
Certificates are defined by the X.509 RFC standard, which includes fields that form a contract between the
creator and consumer. The Enhanced Key Usage extension specifies the use for which the certificate is
valid, including Server Authentication.
Enterprise and Collector Certificates
An Enterprise Certificate and one or more Collector Certificates enable secure HTTP Collector-Agent
communication in VCM. The Enterprise Certificate enables VCM to operate in a multi-Collector
environment. Agents have the Enterprise Certificate in their trusted certificate stores, which they use
implicitly to validate any certificate issued by the Enterprise Certificate. All Collector Certificates are
expected to be issued by the Enterprise Certificate, which is critical in environments where a single Agent
VMware, Inc.15
vCenter Configuration Manager Installation and Getting Started Guide
is shared between two collectors.
Server Authentication is required to establish a TLS connection with an Agent. All Collectors should have a
common Enterprise Certificate. Each Collector Certificate is issued by the Enterprise Certificate, and is
capable of Server Authentication.
n
The Collector Certificate is used to initiate and secure a TLS communication channel with an HTTP
Agent. The Agent must be able to establish that the Collector Certificate can be trusted, which means
that the Collector Certificate is valid and the certification path starting with the Collector Certificate
ends with a trusted certificate. By design, the Enterprise Certificate is installed in the Agent’s trusted
store, and the chain ends with the Enterprise Certificate.
n
A Collector Certificate can also be used to issue Agent certificates. As long as all Collector Certificates
are issued by the same Enterprise Certificate, any Agent Certificate may be issued by any Collector
Certificate, and all Agents will be able to trust all Collectors. Similarly, all collectors will be able to
validate all Agent Certificates. Agent Certificates are used for Mutual Authentication only. Mutual
authentication is supported, but requires interaction with VMware Customer Support and a Collector
Certificate that also has certificate signing capability.
n
The Collector Certificate and associated private key must be available to the Collector. This certificate is
stored in the (local machine) personal system store.
Collector Certificates in VCM must adhere to the requirements specified above in Secure Communications
Certificates.
Delivering Initial Certificates to Agents
VCM Agents use the Enterprise Certificate to validate Collector Certificates. Therefore, the Agent must
have access to the Enterprise Certificate as a trusted certificate. In most cases, VCM will deliver and install
the Enterprise Certificate as needed.
n
Installing the Agent from a Disk (Windows® only): The VCM Installation DVD does not contain
customer-specific certificates. If HTTP is specified, the manual VCM Installer requests the location of the
Enterprise Certificate file during the installation. You must have this file available at installation time.
The certificate file (with a .pem extension) can be copied from the CollectorData folder of the Collector.
This will be the case whether you run the manual installer directly (CMAgentInstall.exe) or use the
“Agent Only” option from the DVD auto-run program.
n
Using CMAgentInstall.exe to Install the Agent (Windows® only): CMAgtInstall.exe or
CMAgent[version].msi is the manual Agent installer program. The manual installer will request the
location of the Enterprise Certificate file, if HTTP is specified. You must have this file available at
installation time. The certificate file can be copied from the CollectorData folder of the Collector.
n
MSI Install Package: If HTTP is specified, the MSI agent install package also requires access to the .pem
file.
n
Installing the Agent for UNIX/Linux: See Installing the VCM Agent on UNIX/Linux Machines in this
document.
Installing the Agent Using a Provisioning System
For Windows®, the manual installation program is available in .exe and .msi formats. Both versions allow
the Enterprise Certificate file to be specified with a command line switch. The certificate installation step
may also be omitted with a command line switch. When these programs are run through a provisioning
system, you must ensure that the Enterprise Certificate is available (and still secure), and configure the
program options appropriately. Alternatively, you may choose to push the Enterprise Certificate to
Agents by some other means and configure the provisioning system to omit certificate installation.
16VMware, Inc.
For UNIX/Linux, each UNIX/Linux installation package is targeted for one or more supported platforms.
To install the UNIX/Linux Agent using a provisioning system, extract the installation package as
appropriate and then deploy the extracted file with the provisioning system. The Enterprise Certificate is
embedded in the installation package on the collector.
For more information about Installing the Agent on UNIX/Linux Machines and UNIX/Linux packages and
platforms, refer to section Installing the VCM Agent on UNIX/Linux Machines.
Understanding VCM's Use of FIPS Cryptography
Federal Information Processing Standards (FIPS) are developed by the US National Institute of Standards
(NIST) and the Canadian Communications Security Establishment (CSE). VCM incorporates cryptography
as set forth in the FIPS standards. Components of VCM use cryptography to protect the confidentiality,
integrity, availability, and authenticity of customer data. The FIPS standards require adherence by VCM to
the following standards:
n
FIPS 46-3: Data Encryption Standard (DES)
n
FIPS 81: DES Modes of Operation
n
FIPS 113: Computer Data Authentication
n
FIPS 171: Key Management
Preparing for Installation
n
FIPS 180-1: Secure Hash Standard (SHA-1)
n
FIPS 186-2: Digital Signature Standard (DSA) and Random Number Generation (RNG)
n
FIPS 198: Message Authentication Codes (MACs) using SHA-1
n
FIPS 197: Advanced Encryption Standard (AES) Cipher
n
FIPS 200: Federal Information Security Management Act (FISMA)
n
SP 800-2: Public Key Cryptography (including RSA)
n
SP 800-20: Triple DES Encryption (3DES) Cipher
VCM’s Use of Microsoft Cryptographic Service Providers (CSPs) for
Windows Machines
On Windows machines, VCM uses cryptography by way of the Microsoft CryptoAPI, which is a
framework that dispatches to Microsoft Cryptographic Service Providers (CSPs). CSPs are not shipped
with VCM or installed by VCM, but instead are part of the security environment included with Microsoft
Windows. In the configurations supported by VCM, these CSPs are FIPS 140-2 validated.
Cryptography for UNIX/Linux Platforms
On UNIX/Linux platforms, the VCM Agent uses the cryptography of the OpenSSL v0.9.7 module. This
cryptographic library is installed with the VCM Agent.
VMware, Inc.17
vCenter Configuration Manager Installation and Getting Started Guide
Cryptography used in VCM Software Components
VCM uses various software components that also use cryptography. Microsoft’s IIS, Internet Explorer,
and SChannel (SSL/TLS) systems also call the CryptoAPI, and thus use the Windows FIPS-validated
modules. VCM for Virtualization uses ActiveX COM components for SSH and SFTP, and for wodSSH,
wodSFTP, and wodKeys (by WeOnlyDo! Software at www.weonlydo.com), which utilize the FIPScertified OpenSSL crypto library. wodSSH is used for windowless communication with remote consoletype services in unattended mode on the VCM for Virtualization Agent Proxy’s host, which is a Windows
platform.
Table 1-1. Installed or Used Crytography Modules
SystemPlatform
UIWindowsUsed
VCMServer WindowsInstalledUsed
Virt ProxyWindows InstalledUsed
AD AgentWindowsUsed
Win AgentWindowsUsed
OpenSSLFIPS
1.1.2
OpenSSLFIPS
1.1.1
OpenSSLCrypt
0.9.7
Crypto++ CryptoAPI
UNIX
Agent
ESX Server AllNo cryptography modules are used or installed on ESX.
HP/UXInstalledInstalled
AIXInstalledInstalled
SolarisInstalledInstalled
DebianInstalledInstalled
Red HatInstalledInstalled
SUSEInstalledInstalled
Supported Windows and UNIX Platforms
For a list of supported Windows and UNIX platforms, and their architectures, see the VCM Hardware and
Software Requirements Guide. For information about TLS, see Transport Layer Security (TLS) Implementation
for VCM located on the VMware vCenter download site.
18VMware, Inc.
Installing VCM Using Installation Manager
This chapter explains how to use VCM Installation Manager to install VCM and all of its components and
tools. To install only the VCM tools, follow the installation procedures in "Installing and Getting Started
with VCM Tools" on page 241.
IMPORTANT When performing an upgrade to VCM 5.3.0, be sure to read Upgrading VCM and Related
Components.
This chapter provides a step-by-step guide to the Installation Manager.
CAUTION Before Installing VCM 5.3.0 on a 32-bit System, check for the following registry entry, and
rename or remove it if it exists: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node. VCM 5.3.0 uses this
registry entry to detect whether the system is a 32-bit or 64-bit operating system.
Using the Installation Manager
The Installation Manager checks your system to ensure it is properly configured, and then installs the
licensed components based on the options selected during the installation process.
2
Navigating VCM Installation Manager Screens
Every VCM Installation Manager screen shows the progress of the installation in the left-most pane. VCM
Installation Manager also has the following buttons available at the bottom of every screen:
n
Help: Opens the VCM Installation and Getting Started Guide.
n
Back, Next: Navigates to the previous or next screen in the installation process, respectively.
n
Cancel: Exits the installation. If you click Cancel, a confirmation pop-up dialog box appears. If you click
OK in this dialog box, Installation Manager will close. No state information is saved. Any information
you have entered thus far during the installation process is lost.
Installing VCM and the Related Components
Follow these steps to start and run the Installation Manager. Be sure to read through the detail about each
configurable component as it is presented to make sure you are supplying the appropriate information, as
the defaults may not fit your configuration. If you are upgrading VCM or SQL Server, or are upgrading to
a 64-bit system, see "Upgrading VCM and Related Components" on page 35.
VMware, Inc.19
vCenter Configuration Manager Installation and Getting Started Guide
1. Insert the installation CD into the machine on which you are installing VCM and all of its components.
The installation screen appears.
NOTE If the installation screen does not appear automatically or if you are installing from a network
location, navigate to the root directory on the CD or share and double-click setup.exe.
The installation screen provides the following options:
n
Run Installation Manager: Launches Installation Manager.
n
View the Installation and Getting Started Guide: Opens the VCM Installation and Getting
Started Guide.
n
Browse Contents of Installation CD: Launches Windows Explorer showing the contents of the
root directory of the installation CD. You can navigate through the directory structure should
you need to access documentation directly.
n
Contact Support: Opens a pop-up dialog box that lists how to contact VMware Customer
Support by e-mail and phone, including hours of operation.
n
Exit: Exits Installation Manager and closes the installation screen.
20VMware, Inc.
Installing VCM Using Installation Manager
2. Click Run Installation Manager. The Introduction page of the Installation Manager appears.
3. Click Next. The License Agreement page appears.
4. If you accept the terms explained on the License Agreement page, select the appropriate option and
check boxes, and then click Next. The Identify Available and Installed Components page appears.
It may take a few minutes for Installation Manager to identify which components are available for
installation. During this time, the Back and Next buttons are inactive until Installation Manager finishes
processing.
When the evaluation process is completed, the Select Installation Type page appears.
VMware, Inc.21
vCenter Configuration Manager Installation and Getting Started Guide
5. When the Select Installation Type page first appears, the VMware vCenter Configuration Manager
and Tools options are automatically selected.
To view all the components, select the Advanced Installation check box. The list expands to display the
individual components. For a normal installation, all of the options should be selected.
Click Next. The Gather System Information page appears.
6. The Gather System Information displays the status of the Foundation Checker. The Foundation
Checker reviews the machine's configuration and validates that the machine meets all the
requirements for the installation. As Foundation Checker runs, various messages about the status of
the check appear in the scrolling text box in the Gather System Information page.
22VMware, Inc.
Installing VCM Using Installation Manager
n
If the Foundation Checker detects missing or improperly configured settings, you are notified with
the message "Errors detected". You will not be allowed to proceed with the installation until the
errors are resolved. Click View Results. The Foundation Checker Results Web page appears. See
the following example.
n
If the Foundation Checker completes the validation successfully, you are notified with the message
"Checks were successful!" and the Next button becomes active. Even though the checks were
successful, VMware recommends you click the View Results button and read through the results to
review any warnings that may represent potential issues for installation.
If you have only one or two errors, do not close the Installation Manager.
On the Foundation Checker Results Web page, review the Errors. Click the link associated with the
errors you must resolve. A brief description is provided, along with a link to more detailed
instructions for resolving the problem.
Refer to the VCM Hardware and Software Requirements Guide and the VCM Foundation Checker User’sGuide for more information. If problems persist, contact VMware Customer Support.
If the fixes to the issues did not require a reboot, click Recheck on the Gather System Information
page to restart the Foundation Checker process. If you are required to reboot the machine, you
must start the installation process from the beginning.
When the process completes successfully, "Checks were successful!" appears in the text box.
VMware, Inc.23
vCenter Configuration Manager Installation and Getting Started Guide
7. When the Foundation Checker process has completed successfully and you have viewed the results of
the checking process, click Next. The Specify License Location dialog box appears in front of the
Verify Components to be Activated page.
8. Click Browse to locate the license file provided by VMware. When you click OK, the Verify
Components to be Activated page appears.
NOTE If you have not received your license file for VCM 5.3, contact your VMware Account
Manager.
24VMware, Inc.
Installing VCM Using Installation Manager
9. The Verify Components to be Activated page updates to display the components included in the
license. Installation Manager installs VCM and all of its components on your machine. However, only
the licensed components will be activated. Review the Components list to confirm the contents of your
license file. If you applied an incorrect license file, click the link below the Components list and browse
for a different file.
If you have selected an invalid or expired license file, an error message will appear in a pop-up dialog
box. Click OK, and the VCM Specify License Location dialog box appears, in which you can specify a
valid license file.
10. When you are ready to continue, click Next. The Configure Components: Install Database SupportComponents to page appears.
11. Specify the location for the VCM application files on the machine, and then click Next. The DatabaseInstance and Name configuration page appears, where you will define the location for the VCM
database.
VMware, Inc.25
vCenter Configuration Manager Installation and Getting Started Guide
12. Specify the SQL Server instance and type a database name as needed. Click Validate. It could take a
minute or two, and then the page updates to include the other SQL Server database settings.
13. Modify any file locations as needed, and then click Next. Most SQL database system administrators
recommend that the Data files (.mdf) and the log files (.ldf) be placed on separate physical drives
(spindles), and often require the files to be on a drive or partition other than the OS drive/partition.
The Install Web Console to configuration page appears.
14. Specify the location if it is other than the default location, and then click Next. The URLto theApplication configuration page appears.
26VMware, Inc.
Installing VCM Using Installation Manager
15. Change the values as needed, otherwise click Next. The SRS Instance configuration page appears.
16. Click Validate and wait for the validation process to complete (it could take a minute or two). If the
validation fails (for example, if the SSRS installation passed, but the foundation checks failed during the
validation process), first verify that both "http://localhost/reports" and "http://localhost/reportserver"
are accessible through a web browser. If that fails, stop the installation and call VMware Customer
Support. The Install Collector Components to configuration page appears. When the validation
process completes, click Next.
17. Change the path as needed, otherwise click Next. The page updates to display the option to specify a
new location based on minimum space needs. Make any necessary changes. The Install CollectorFiles to configuration page appears.
VMware, Inc.27
vCenter Configuration Manager Installation and Getting Started Guide
18. Change the path as needed, otherwise click Next. The NetBIOS and Active Directory configuration
page appears.
19. If you are managing only specific domains with this Collector, click the Specific NetBIOS Domains
and Specific AD Domains options and configure as needed; otherwise, click Next. The DefaultNetwork Authority Account configuration page appears.
At this point, you will need the Default Network Authority Account, Default Services Account, and
Application Services Account. Additionally, you will need your Virtual Directory credentials if you
intend to use VCM Remote.See "Checking Prerequisites for Installation" on page 13 for details.
Only the Default Network Authority Account page is displayed below. The other Account pages have
the same format but require different account information.
28VMware, Inc.
Installing VCM Using Installation Manager
20. Type the account information as specified in "Default Network Authority Account" on page 13, and
then click Next. The Default Collector Service Account configuration page appears.
21. Type the account information as specified in "Default Collector Services Account" on page 14, and then
click Next. The Application Services Account configuration page appears.
22. Type the account information as specified in "VMware Application Services Account" on page 14, and
then click Next. The Select or Generate your Collector Certificate configuration page appears.
23. Select one of the following options:
n
Select: If you already have a pair of certificates with an established trust, click Select and then
choose your certificates. All eligible certificates will be displayed in the Collector Certificate dialog.
The Enterprise selection dialog is populated with certificates that are valid for the selected Collector
Certificate.
n
Generate: If you do not have a pair of certificates with an established trust, click Generate to have
Installation Manager generate the Collector and Enterprise certificates for you.
VMware, Inc.29
vCenter Configuration Manager Installation and Getting Started Guide
To specify a certificate different from the Collector certificate, click the Select button associated with
Select your Enterprise Certificate. For more information about certificates, see "Secure
Communications Certificates" on page 15.
NOTE VCM does not allow apostrophes in TLS certificate names. Before selecting a certificate, verify
that the name does not contain an apostrophe.
IMPORTANT If you will be installing more than one Collector that will communicate with the same
Agent(s), or if you plan to replace/renew your certificates at a later date, there are special
considerations for generating and selecting certificates in Installation Manager. For more information
about VCM and TLS, see the Transport Layer Security (TLS) Implementation for VCM white paper located
on the VMware vCenter download site.
24. Click Next. The Remote Virtual Directory configuration page appears.
25. Enter the account information as specified in "VCM Remote Virtual Directory" on page 14, and then
click Next. The vSphere Client VCM Plug-in (VCVP) configuration page appears.
30VMware, Inc.
Loading...
+ 244 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.