VMware vCenter Configuration Manager - 5.5 Administrator’s Guide

VMware vCenter Configuration Manager
Administration Guide
vCenter Configuration Manager 5.5
This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see
http://www.vmware.com/support/pubs.
EN-000674-00
vCenter Configuration Manager Administration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
© 2006–2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com
2
VMware, Inc.
Contents
About This Book 9
Getting Started with VCM 11
Understanding User Access 11
Running VCM as Administrator on the Collector 12 Log In to VCM 12 Getting Familiar with the Portal 13
General Information Bar 13
Toolbar 14
Sliders 15 Customizing VCM for your Environment 16
Installing and Getting Started with VCM Tools 19
Install the VCM Tools Only 19 VCM Import/Export and Content Wizard Tools 20
Run the Import/Export Tool 21
Run the Content Wizard to Access Additional Compliance Content 21 Run the Deployment Utility 21 Package Studio 22 Foundation Checker 22
Configuring VMware Cloud Infrastructure 23
Virtual Environments Configuration 23
Managing Agents 24
Managing vCenter Server Instances, Hosts, and Guest Virtual Machines 25
Managing Instances of vCloud Director and vApp Virtual Machines 25
Managing vShield Manager Instances 25 Configure Virtual Environments Collections 25 Configure Managing Agent Machines 26
Collect Machines Data From the Managing Agent Machines 27
Set the Trust Status for Managing Agent Machines 27
Configure HTTPS Bypass Setting 28
Enable Managing Agent Machines 28 Obtain the SSL Certificate Thumbprint 29 Configure vCenter Server Data Collections 30
Add vCenter Server Instances 30
Configure the vCenter Server Settings 31
Collect vCenter Server Data 32
vCenter Server Collection Results 33 Configure vCenter Server Virtual Machine Collections 33
Collect vCenter Server Virtual Machines Data 34
Manage vCenter Server Virtual Machines 34 Configure vCloud Director Collections 35
Add vCloud Director Instances 35
Configure the vCloud Director Settings 36
Collect vCloud Director Data 37
vCloud Director Collection Results 38 Configure vCloud Director vApp Virtual Machines Collections 39
Network Address Translation and vCloud Director vApp Discovery Rules 39
Discover vCloud Director vApp Virtual Machines 41
VMware, Inc.
3
vCenter Configuration Manager Administration Guide
Configure vShield Manager Collections 45 Configure ESX Service Console OS Collections 48
Configure the Collector as an Agent Proxy 49
Configure Virtual Machine Hosts 50
Copy Files to the ESX/ESXi Servers 51
Collect ESX Logs Data 53
Virtualization Collection Results 53 Configure the vSphere Client VCM Plug-In 54
Register the vSphere Client VCM Plug-In 54
Configuring the vSphere Client VCM Plug-In Integration Settings 55
Manage Machines from the vSphere Client 56
Troubleshooting the vSphere Client VCM Plug-In Registration 56
Running Compliance for the VMware Cloud Infrastructure 59
Create and Run Virtual Environment Compliance Templates 59 Create Virtual Environment Compliance Rule Groups 60 Create and Test Virtual Environment Compliance Rules 60 Create and Test Virtual Environment Compliance Filters 61 Preview Virtual Environment Compliance Rule Groups 62 Create Virtual Environment Compliance Templates 63 Run Virtual Environment Compliance Templates 64 Create Virtual Environment Compliance Exceptions 64
Configuring vCenter Operations Manager Integration 67
Configure vCenter Operations Manager with VCM 67
Auditing Security Changes in Your Environment 69
Configuring Windows Machines 71
Verify Available Domains 72 Check the Network Authority 72 Assign Network Authority Accounts 73 Discover Windows Machines 73 License Windows Machines 74 Disable User Account Control for VCM Agent Installation 75
Disable User Account Control for a Windows Machine 75
Disable User Account Control By Using Group Policy 76 Install the VCM Windows Agent on Your Windows Machines 77
Locate the Enterprise Certificate 78
Manually Install the VCM Windows Agent 78
Manually Uninstall the VCM Windows Agent 82 Enable UAC After VCM Agent Installation 83
Enable User Account Control on a Single Windows Machine 83
Enable UAC By Using a Group Policy 83 Collect Windows Data 84 Windows Collection Results 85 Getting Started with Windows Custom Information 86
Prerequisites to Collect Windows Custom Information 87
Using PowerShell Scripts for WCI Collections 87
Windows Custom Information Change Management 97
Collecting Windows Custom Information 98
Create Your Own WCI PowerShell Collection Script 99
Verify that Your Custom PowerShell Script is Valid 99
Install PowerShell 100
Collect Windows Custom Information Data 100
Run the Script-Based Collection Filter 101
View Windows Custom Information Job Status Details 102
4
VMware, Inc.
Contents
Windows Custom Information Collection Results 103
Run Windows Custom Information Reports 104
Troubleshooting Custom PowerShell Scripts 104
Configuring Linux and UNIX Machines 107
Upgrade Requirements for UNIX/Linux Machines 107 Add UNIX/Linux Machines 108 License UNIX/Linux Machines 109 Install the Agent on UNIX/Linux Machines 109
Installation Options for UNIX/Linux csi.config 113
Manually Uninstall the UNIX/Linux Agent 115 Collect UNIX/Linux Data 116
Updates to UNIXPatch Assessment Content Affects UNIX Agent Performance 116 UNIX/Linux Collection Results 116 Configuring Oracle Instances 117
Discover Oracle Instances 118
Edit Oracle Instances 118
Collect Oracle Data 123
Oracle Collection Results 124
Configuring Mac OS X Machines 125
Add Mac OS X Machines 125 License Mac OS X Machines 126 Install the Agent on Mac OS X Machines 127
Installation Options for Max OS X csi.config 130
Manually Uninstall the Mac OS X Agent 132 Collect Mac OS X Data 132
Collected Mac OS X Data Types 133 Mac OS X Collection Results 133
Patching Managed Machines 135
VCM Patching for Windows Machines 135
VCM Patching for UNIX and Linux Machines 136 UNIXand Linux Patch Assessment and Deployment 136
New UNIX Patch Assessment Content 137 Getting Started with VCM Patching 138
Getting Started with VCM Patching for Windows Machines 138
Check for Updates to Bulletins 139
Collect Data from Windows Machines by Using the VCM Patching Filter Sets 139
Assess Windows Machines 140
Review VCM Patching Windows Assessment Results 141
Prerequisites for Patch Deployment 141
Default Location for UNIX/Linux Patches 143
Location for UNIX/Linux Patches 143
Default Location for UNIX/Linux Patches 144
vCenter Software Content Repository Tool 144
Deploy Patches to Windows Machines 144
Getting Started with VCM Patching for UNIX and Linux Machines 146
Check for Updates to Bulletins 146
Collect Patch Assessment Data from UNIX and Linux Machines 147
Explore Assessment Results and Acquire and Store the Patches 148
Default Location for UNIX/Linux Patches 150
Deploy Patches to UNIX/Linux Machines 150
How the Deploy Action Works 151 Running VCM Patching Reports 151 Customize Your Environment for VCMPatching 152
Running and Enforcing Compliance 153
VMware, Inc.
5
vCenter Configuration Manager Administration Guide
Getting Started with SCAP Compliance 153
Conduct SCAP Compliance Assessments 154
Provisioning Physical or Virtual Machine Operating Systems 157
Operating System Provisioning Components 157
How Operating System Provisioning Works 158 Configure Operating System Provisioning Servers 159
Add Operating System Provisioning Servers 160
Set the Trust Status for Operating System Provisioning Servers 160
Collect Operating System Distributions 161
Discover Provisionable Machines 161 Provision Machines with Operating System Distributions 162
Provision Windows Machines 162
Provision Linux Machines 165
Change Agent Communication 171 Provisioned Machines Results 171 Reprovision Machines 172
Provisioning Software on Managed Machines 175
Using Package Studio to Create Software Packages and Publish to Repositories 175
Software Repository for Windows 175
Package Manager for Windows 175
Software Provisioning Component Relationships 176 Install the Software Provisioning Components 176
Install Software Repository for Windows 177
Install Package Studio 178
Install Package Manager on Managed Machines 180 Using Package Studio to Create Software Packages and Publish to Repositories 181
Creating Packages 181 Using VCM Software Provisioning for Windows 183
Collect Package Manager Information from Machines 183
Collect Software Repository Data 184
Add Repository Sources to Package Managers 185
Install Packages 186 Related Software Provisioning Actions 188
Viewing Provisioning Jobs in the Job Manager 188
Create Compliance Rules Based on Software Provisioning Data 189
Create Compliance Rules Containing Software Provisioning Remediation Actions 190
Configuring Active Directory Environments 193
Configure Domain Controllers 193
Verify Available Domains 194
Check the Network Authority Account 194
Assign Network Authority Accounts 195
Discover Domain Controllers 195
License Domain Controllers 196
Install the VCM Windows Agent on Your Domain Controllers 197
Collect Domain Controller Data 198 Configure VCM for Active Directory as an Additional Product 199
Install VCM for Active Directory on the Domain Controllers 199
Run the Determine Forest Action 200
Run the Domain Controller Setup Action 201 Collect Active Directory Data 201 Active Directory Collection Results 202
Configuring Remote Machines 205
VCM Remote Management Workflow 205
6
VMware, Inc.
Contents
Configuring VCM Remote Connection Types 205
Using Certificates With VCM Remote 206 Configure and Install the VCM Remote Client 206
Configure the VCM Remote Settings 206
Install the VCMRemote Client 209
Connect VCM Remote Client Machines to the Network 216
VCM Remote Collection Results 217
Tracking Unmanaged Hardware and Software Asset Data 219
Configure Asset Data Fields 219
Review Available Asset Data Fields 220
Add an Asset Data Field 220
Edit an Asset Data Field 221
Delete a VCM for Assets Data Field 222
Change the Order of Asset Data Columns 222
Refresh Dynamic Asset Data Fields 223 Configure Asset Data Values for VCM Machines 223 Configure Asset Data for Other Hardware Devices 224
Add Other Hardware Devices 224
Add Multiple Similar Other Hardware Devices 225
Edit Asset Data for Other Hardware Devices 225
Edit Asset Data Values for Other Hardware Devices 226
Delete Other Hardware Devices 226 Configure Asset Data for Software 227
Add Software Assets 227
Add Multiple Similar Software Assets 228
Edit Asset Data for Software 229
Edit Asset Data Values for Software 229
Delete Software Data 230
Managing Changes with Service Desk Integration 231
Configure Service Desk Integration 231 View Service Desk Integration in the Console 231 View Service Desk Integration in Job Manager 232
Index 233
VMware, Inc.
7
vCenter Configuration Manager Administration Guide
8
VMware, Inc.

About This Book

The VMware vCenter Configuration Manager Administration Guide describes the steps required to configure VCM to collect and manage data from your virtual and physical environment.
Read this document and complete the associated procedures to prepare for a successful implementation of the components.
Intended Audience
This information is written for experienced Windows or UNIX/Linux/Mac OS X system administrators who are familiar with managing network users and resources and with performing system maintenance.
To use this information effectively, you must have a basic understanding of how to configure network resources, install software, and administer operating systems. You also need to fully understand your network topology and resource naming conventions.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your feedback to docfeedback@vmware.com.
VMware VCM Documentation
The vCenter Configuration Manager (VCM) documentation consists of the VCM Installation Guide, VCM Troubleshooting Guide, VCM online Help, and other associated documentation.
VMware, Inc.
9
vCenter Configuration Manager Administration Guide
Technical Support and Education Resources
The following technical support resources are available to you. To access the current version of this book and other books, go to http://www.vmware.com/support/pubs.
Online and Telephone Support
To use online support to submit technical support requests, view your product and contract information, and register your products, go to
http://www.vmware.com/support.
Customers with appropriate support contracts should use telephone support for priority 1 issues. Go to http://www.vmware.com/support/phone_support.html.
Support Offerings To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional Services
VMware Education Services courses offer extensive hands-on labs, case study examples, and course materials designed to be used as on-the-job reference tools. Courses are available onsite, in the classroom, and live online. For onsite pilot programs and implementation best practices, VMware Consulting Services provides offerings to help you assess, plan, build, and manage your virtual environment. To access information about education classes, certification programs, and consulting services, go to http://www.vmware.com/services.
10
VMware, Inc.

Getting Started with VCM

When you use VCM, you must understand user access and how to start VCM from any physical or virtual machine. You must also familiarize yourself with the VCM Web Console features.
n
"Understanding User Access" on page 11
User access determines who has access to VCM and with what roles.
n
"Log In to VCM" on page 12
Access VCM from any physical or virtual machine in your network.
n
"Getting Familiar with the Portal" on page 13
The VCM Web Console provides access to all VCM features to manage your environment.

Understanding User Access

User access determines who has access to VCM and with what roles. To manage your user access, create rules that are assigned to roles. VCM assigns the roles to each user login you create. User access is managed in the Administration User Manager node.
1
The user account that was used to install VCM is automatically granted access to VCM, placed in the roles of ADMIN and USER, and placed into the Admin role. This user can log in to VCM using the Admin role. The AD_Admin role allows full administration access to AD objects only.
When a user is added to the Admin role in VCM or granted access to the Administration User Manager node, that user is placed in the fixed machine roles Security Administrators and Bulk Insert Administrators Groups. They are also added to the database roles of public, ADMIN, and User in the VCM Database.
Users who will not have access to the Administration User Manager node will be assigned to public. Depending on the functions granted to a user, they might need additional or fewer privileges for their role to function properly.
VCM provides a Change Restricted role to limit users from making certain changes in your environment. With this role, users can discover, collect data from machines, assess machines, display bulletin and template details, check for updates, and view history. Users can add, edit, and delete reports, compliance rules and rule groups, and compliance and patch assessment templates.They can also install the Agent, upgrade VCM, and uninstall VCM.
When you apply the VCM Change Restricted role to a user’s VCM login, they cannot perform the following actions.
VMware, Inc.
11
vCenter Configuration Manager Administration Guide
n
Remote command execution
n
Change actions against target managed machines
n
Change rollback
n
Compliance enforcement
n
Patch deployment
n
Software deployment
n
OS provisioning
n
Machine reboots
All VCM user accounts must have the following rights on the VCM Collector machine.
n
Ability to log on locally to access IIS
n
Read access to the System32 folder
n
Write access to the CMFiles$\Exported_Reports folder to export reports
n
If default permissions have been changed, read access to the C:\Program Files (x86)\VMware\VCM\WebConsole directory and all subdirectories and files
Users who add machines to VCM using a file or the Available Machines Add Machines action must have write access to CMFiles$\Discovery_Files.

Running VCM as Administrator on the Collector

By default for localhost, Internet Explorer on Windows Server 2008 R2 runs with Protected Mode enabled. If you are logged in to VCM as an Administrator, because Protected Mode is enabled, problems can occur with the SQLServer Reporting Service (SSRS) Web service interface components such as dashboards and node summaries.
CAUTION Although you should not access VCM on the Collector using a Web console, to restore
the SSRS functionality you can run Internet Explorer as administrator or disable Protected Mode for the zone of the Collector (localhost). If you perform this action, you must take additional precautions to protect the Collector because of the increased exposure to attacks on the Collector through the Web browser, such as cross-site scripting.

Log In to VCM

Access VCM from any physical or virtual machine in your network. The level of access is determined by your VCM administrator.
Prerequisites
n
Verify that the physical or virtual machines from which you are accessing VCM have a supported version of Internet Explorer installed. For supported platforms, see the VCM Installation Guide.
n
Configure the Internet Explorer Pop-up Blocker settings to add your Collector to your list of allowed Web sites, or disable Pop-up Blocker. Click Internet Explorer and select Tools > Pop-up Blocker > Pop- up Blocker Settings and then add the path for your Collector in the allowable address field.
12
VMware, Inc.
Procedure
1. To connect to VCM from a physical or virtual machine on your network, open Internet Explorer and type http://<name-or-IP-address-of-Collector-machine>/VCM.
2. Type your user network credentials.
3. (Optional) Select Automatically log on using this role to have VCM log you in.
4. Click Log On.
Your VCM user account can have multiple roles. If you selected the Automatically log on using this role option, VCM will automatically log you on as the User Role displayed on the Logon screen. To change roles, you must use the Logoff button in the top right corner of the Console. This action will return you to the Logon screen so that you can use the drop-down menu to select a different role.

Getting Familiar with the Portal

The VCM Web Console provides access to all VCM features to manage your environment.
The Web Console uses a browser-based interface to run from any Windows machine that has access to the server on which VCM is installed. The Windows machine must be running Internet Explorer or Mozilla Firefox with the Internet Explorer tab plug-in installed.
The Web Console includes several major areas and controls.
Getting Started with VCM

General Information Bar

The general information bar displays the VCM Collector’s active SQL Server name, your VCM user name and active Role, and the following buttons.
VMware, Inc.
13
vCenter Configuration Manager Administration Guide
n
Log Out: Exits the Web Console. The Web Console closes and the VCM Logon screen appears.
n
About: Displays information about how to contact VMware Technical Support and version information for VCM and all of its components. This information may be important when you contact VMware Technical Support.
n
Help: Opens the online Help for the currently-active display.

Toolbar

The global toolbar provides you with easily-accessible options to enhance control of your environment and data.
The left and right arrow buttons navigate to the previous or next page in the data area.
The Jobs button opens the Jobs Running status window. This button provides access to the Collector status and allows you to stop and restart the Collector service.
The Collect button opens a wizard that allows you to define and initiate data collections.
The Remote Commands button allows you to invoke the Remote Commands wizard from the toolbar without having to access the node.
The Refresh data grid view button refreshes the data grid. Press F5 on the keyboard as an alternative action.
The View row cells button displays a vertically scrolling view of a single row of data, rather than the table-based data grid view in a separate window, and allows you to move between records.
The Select all displayed data rows button selects all the rows in the data grid.
The Copy button copies information from the selected rows in the data grid to the clipboard.
The Copy link to clipboard button copies the link of the content on-screen to the clipboard.
The View data grid in separate window button displays the data grid in a separate window.
The Export displayed d ata button exports data to a CSV formatted file. This file is exported to
Reports
The Options button opens the User Options window. These s ettings pertain to the User who is logged in to VCM. All VCM users can configure these settings to their individual preferences.
\\<name_of_Collector_machine>\CMfiles$\Exported
.
14
VMware, Inc.
Getting Started with VCM

Sliders

The sliders on the left side of the Web Console include the items listed and described in the following table. The individual items that you see in VCM will vary depending on the components that you have licensed.
n
Active Directory and AD objects are available only when VCM for Active Directory (AD) is licensed. This slider is viewable based on your role.
n
Patching options are available only when VCM Patching is licensed. This slider is viewable based on your role.
n
Administration is visible only to users who have Administrative rights to VCM as part of their VCM role.
For detailed instructions about any of these features, see the online Help.
Slider Actio n
Console
n
View, export, or print enterprise-wide, summary information.
n
Review or acknowledge current alert notifications.
n
Manage VCM discovered and non-VCM discovered hardware and software assets.
n
Review changes that occurred from one collection to the next.
Compliance
Active Directory
n
Create, edit, or run remote commands on a VCM managed Windows or UNIX machine.
n
View information about VCM discovered domains.
n
Navigate and manage integrated service desk events.
n
Manage virtual machines.
n
View your Windows NT Domain and Active Directory related data.
n
View information for enterprise-level applications.
n
Review non-security related UNIX machine-specific information.
n
Review UNIX security data to ensure consistent security configurations across your environment.
n
Create and manage Compliance rule groups and templates based on AD objects or machine group data.
n
View, export, or print enterprise-wide, summary information for Active Directory objects.
n
Review alert notifications for the selected AD location.
n
Review Active Directory-related changes that occurred from one collection to the next.
n
View collected information about Active Directory objects such as Users, Groups, Contacts, Computers, Printers, Shares, and Organizational Units.
VMware, Inc.
n
Review Active Directory site lists, including Site Links, Site Link Bridges, Subnets, Intersite Transports, Servers, Connections and Licensing.
n
View Active Directory Group Policy Container Settings.
n
View information about Active Directory Domains, DCs, and Trusts.
n
Track and display access control entries and security descriptor data on all collected
15
vCenter Configuration Manager Administration Guide
Slider Actio n
objects.
n
View Active Directory Schema information.
Reports
Patching
n
Run out-of-the-box reports against your collected data.
n
Write your own SQL and SSRS reports using VCM’s report wizard.
n
Review a list of bulletins available to VCM.
n
Create, run, or import VCM Patching templates to display the machines that require the patches described in each bulletin.
n
Monitor VCM Patching jobs.
n
Deploy patches.
AdministrationnManage basic configuration options for VCM.
n
Establish filters to limit the data you collect from machines in your environment.
n
Review how your VCM licenses are being used.
n
Identify and manage your physical and virtual machines.
n
Manage VCM Logins and Roles.
n
Set options for assessment and deployment.
n
View the status of jobs that are currently running, scheduled to run, or completed.
n
Configure VCM to notify you of certain conditions in your environment.

Customizing VCM for your Environment

Create a machine group structure that matches the organization of the machines in your environment. With these machine groups, you can manage specific machines in your environment such as all SQL Servers in a particular location. You can apply specific changes or create roles and rules for those machines independently from other machines in your environment. This approach ensures that you can restrict access to critical machines to the appropriate users with rights to VCM.
You can customize the following options for your environment.
n
Alerts: Define the objects and types of changes that you are alerted to when they are detected in VCM. For example, you can set an alert to notify you if a registry setting changes in your environment.
n
Collection Filters and Filter Sets: Use collection filters to specify the data to collect from the VCM managed machines. A default collection filter is provided for each data type. You can add custom collection filters that are specific to your enterprise. You can apply filters during instant collections and scheduled collections if the filters are included in a filter set. After you create collection filters, organize them into filter sets. You can create specific filter sets or filter set groups for different machine groups. You can apply filter sets during instant collections or scheduled collections.
n
Compliance Templates and Rule Groups: Use compliance templates and rule groups to define specific settings and verify whether the machines match those criteria. VCM provides prepackaged templates and rules to check the compliance of your machines with regulatory, industry, and vendor standards. VMware provides additional compliance packages that you can import into VCM.
n
Reports: Create and print tailored reports of information that does not appear in VCM. VCM provides prepackaged reports that you can run after you collect data from your VCM managed machines.
16
VMware, Inc.
Getting Started with VCM
n
Roles and Rules: VCM roles and access rules work together to control user access to VCM. For example, you can create a role that allows a user to view all data, but not make changes to the environment. You can create a role to run certain reports or a role that allows unlimited access to a single machine group.
The VCM Change Restricted role limits users from making certain changes in your environment. See
"Understanding User Access" on page 11.
For information to import additional compliance packages into VCM, see Import/Export and Content
Wizard.
VMware, Inc.
17
vCenter Configuration Manager Administration Guide
18
VMware, Inc.

Installing and Getting Started with VCM Tools

VCM Installation Manager installs several VCM components and tools on the Collector machine during the installation.
Using VCM Installation Manager, you can install the following tools.
n
n
n
2
"Run the Import/Export Tool" on page 21
Use the Import/Export Tool to back up your VCM database business objects and import them into a new VCM database or into a recovered VCM database. This tool also supports the migration of any VCM Management Extension for Asset data that was manually added to VCM.
"Run the Content Wizard to Access Additional Compliance Content" on page 21
Use the Content Wizard to import additional VMware content such as VCM Compliance Content Packages.
"Run the Deployment Utility" on page 21
The Deployment Utility for UNIX/Linux and ESX/vSphere copies files to multiple target machines when you configure UNIX/Linux and ESX/vSphere machines for management in VCM.
n
"Package Studio" on page 22
Use Package Studio to create software packages that can be installed by VCM.
n
"Foundation Checker" on page 22
Use the Foundation Checker tool to verify that a Windows machine designated as a VCM Collector meets all of the prerequisites necessary to install VCM.

Install the VCM Tools Only

You can install the VCM tools on a non-Collector Windows machine.
If you plan to install VCMon the non-Collector Windows machine later, you must uninstall the tools and then install VCM.
Prerequisites
Perform the installation requirements for each tool in the Advanced Installation selection. For example, you can install Import/Export (I/E) and Content Wizard only on a machine that is running VCM.
VMware, Inc.
19
vCenter Configuration Manager Administration Guide
Procedure
1. On the non-Collector Windows machine on which you want to install the tools, insert the installation CD.
2. In Installation Manager, click Run Installation Manager.
During the installation, follow the installation requirements that Installation Manager reports when Foundation Checker runs.
3. Complete the initial installation pages, and click Next on subsequent pages to access the Select Installation Type page.
a. Clear the VMware vCenter Configuration Manager check box.
b. Select Tools.
c. To install a subset of tools, clear the Tools check box and select only the individual tools to install.
4. Click Next.
5. Complete the remaining instructions and click Next.
6. On the Installation Complete page, click Finish.
7. On the Installation Manager page, click Exit.

VCM Import/Export and Content Wizard Tools

Use the Import/Export Tool and the Content Wizard Tool to move or update VCM business objects. These tools support the migration of any VCM Management Extension for Asset data that was added to VCM manually, but does not import or export any collected data.
The Import/Export Tool supports the following scenarios.
n
Back up (export) and restore (import) business objects to the same machine.
n
Back up (export) and import (if needed) business objects during a VCM upgrade.
n
Export and migrate (import) business objects to additional machines in a multi-Collector environment during setup or to move custom content.
n
Use the Content Wizard to download current Compliance Content from VMware and import it into an existing database.
n
Using the Command Line Interface, automate the propagation of content to other machines in a multi­collector environment with a “golden machine”.
n
Aid in disaster recovery by using the Command Line Interface to automate and schedule the backup of VCM content and configuration parameters.
The Command Line Interface (CLI) is a powerful extension of the Import/Export graphic user interface (GUI). In addition to supporting the scenarios noted above, the CLI allows content to be overwritten, as opposed to “rename only”, and provides for automation through scripting suitable for customizations.
IMPORTANT Use of the CLI should be restricted to advanced users who exercise caution when testing
their scripts.
The Import/Export Tool and Content Wizard Tool were installed on your Collector machine during your VCM installation.
20
VMware, Inc.
Installing and Getting Started with VCM Tools

Run the Import/Export Tool

Use the Import/Export Tool to back up your VCM database business objects and import them into a new VCM database or into a recovered VCM database. This tool also supports the migration of any VCM Management Extension for Asset data that was manually added to VCM.
Prerequisites
Install the Import/Export Tool. See "Installing and Getting Started with VCM Tools" on page 19.
Procedure
1. On the Collector, click Start.
2. Select All Programs > VMware vCenter Configuration Manager > Tools > Import Export Tool.
3. For importing and exporting procedures, click Help > Contents and use the online help.

Run the Content Wizard to Access Additional Compliance Content

Use the Content Wizard to import additional VMware content such as VCM Compliance Content Packages. These packages are not available in VCM until you download and import them. Check the VCM Compliance Content Packages to determine if you need to import them.
Prerequisites
Install the Content Wizard. See "Installing and Getting Started with VCM Tools" on page 19.
Procedure
1. On the Collector, click Start.
2. Select All Programs > VMware vCenter Configuration Manager > Tools > Content Wizard Tool.
3. In the Content Wizard, select Get Updates from the Internet and click Next.
4. After the wizard identifies available content, click Next.
5. Select the updates to install on your Collector and click Install.
When the installation is finished, the Event Log Results window appears.
6. On the Event Log Results window, click Save and specify a location to save the logs.
7. Click Close.
8. On the Content Wizard page, click Exit.
What to do next
View the imported data in VCM. For example, click Compliance and select Machine Group Compliance > Templates. You can now run any imported compliance template against your collected data.

Run the Deployment Utility

The Deployment Utility for UNIX/Linux and ESX/vSphere copies files to multiple target machines when you configure UNIX/Linux and ESX/vSphere machines for management in VCM.
VMware, Inc.
21
vCenter Configuration Manager Administration Guide
Procedure
1. On the Collector, navigate to C:\Program Files (x86)\VMware\VCM\Tools.
2. Copy the DeployUtility-<version>.zip file from the Collector to your Windows machine.
3. Extract the files.
4. Double-click DeployUtil.exe to start the application.
What to do next
In the Deployment Utility, click Help and review the procedure for the type of machine you are configuring.

Package Studio

Use Package Studio to create software packages that can be installed by VCM. It is one component of VCM Software Provisioning that includes the Software Repository for Windows and the Package Manager.
For procedures to run the Package Studio, see the Software Provisioning Components Installation and User's Guide.

Foundation Checker

Use the Foundation Checker tool to verify that a Windows machine designated as a VCM Collector meets all of the prerequisites necessary to install VCM.
Installation Manager uses VCM Foundation Checker to check a machine’s viability for a successful VCM deployment. Foundation Checker runs system checks that determine various conditions, settings, and requirements, and displays a results file that displays the system checks that passed, failed, or generated warnings.
If the checks run without error, you can install VCM. If the checks identify missing components or incorrect configurations, Foundation Checker instructs you where to verify the component or configuration and how to remedy the errors.
To run the Foundation Checker on a Windows machine on which you will install another instance of VCM, see the Foundation Checker User's Guide.
22
VMware, Inc.

Configuring VMware Cloud Infrastructure

VCM collects information from your instances of vCenter Server, vCloud Director, and vShield Manager so that you can then use the information to manage and maintain your virtual environment.
The collected data appears in the Console under the Virtual Environments node. The information is organized in logical groupings based on the information sources, including vCenter Server, vCloud Director, and vShield Manager.
Based on the collected virtual environments data, you can manage the objects and data at an enterprise and individual level, including running compliance rules and reports; running actions, such as changing settings and taking virtual machine snapshots; and managing the guest operating systems as fully managed VCM machines.

Virtual Environments Configuration

To manage your virtual environments, you collect vCenter Server, vCloud Director, and vShield Manager data. To collect the data, you use one or more Managing Agent machines.
After configuring your Managing Agent machines, you add and configure your vCenter Server, vCloud Director, and vShield Manager instances in VCMto use the Managing Agent for communication. For a diagram illustrating how the components are configured together, see Figure 3–1. Virtual Environments
Configuration Diagram.
3
VMware, Inc.
23
vCenter Configuration Manager Administration Guide
Figure 3–1. Virtual Environments Configuration Diagram

Managing Agents

The Managing Agent machines must have the 5.5 Agent or later installed. They must also be configured to manage the secure communication between the vCenter Server, vCloud Director, and vShield Manager instances and the Collector. Depending on the size of your Cloud Infrastructure environment, you can use your Collector as a Managing Agent or you can use another Windows machine. If your individual vCenter Server instances manage no more than 1–30 hosts and a maximum of 1000 guests, then you can use the Collector as your Managing Agent. If any of your vCenter Server instances exceed this amount, you must use a Windows machine that is not your Collector as a Managing Agent.
24
VMware, Inc.
Configuring VMware Cloud Infrastructure
CAUTION Do not use the Windows machines on which your vCenter Server instances are running
as Managing Agent machines.

Managing vCenter Server Instances, Hosts, and Guest Virtual Machines

You collect data from vCenter Server instances regarding resources managed by the vCenter Server, and to identify and manage the host and guest machines. The host and guest machines are managed based on configured vCenter Server instances. From VCM, you can run vCenter Server actions such as configuring settings, turning the power on and off, or taking a snapshot. To fully manage the guest machines, install the VCM Agent on the virtual machines and manage their operating system.

Managing Instances of vCloud Director and vApp Virtual Machines

You collect data from vCloud Director instances regarding their configurations, resources managed by vCloud Director, and to identify and manage the vApp virtual machine guest operating systems. To fully manage the guest machines, you install the VCM Agent on the virtual machines and manage their operating system.

Managing vShield Manager Instances

You collect from vShield Manager instances to gather data regarding vShield App security groups. You can run reports on the collected data.

Configure Virtual Environments Collections

To manage your virtual environments, configure your Managing Agent and then implement the procedures that suit your environment.
Procedure
1. "Configure Managing Agent Machines" on page 26
The Managing Agents are one or more physical or virtual machine running a supported Windows operating system that manages the communication between the Collector and your instances of vCenter Server, vCloud Director, and vShield Manager.
2. "Obtain the SSL Certificate Thumbprint" on page 29
When configuring the settings for your virtual environments systems, you can use an SSL certificate thumbprint file to ensure secure communication between the Collector and your instances of vCenter Server, vCloud Director, and vShield Manager.
3. "Configure vCenter Server Data Collections" on page 30
Collect data from your vCenter Server so that you can identify and manage your virtual environments, including ESX and ESXi hosts, and guest virtual machines.
4. "Configure vCenter Server Virtual Machine Collections" on page 33
Configure virtual machine collections so that you can identify and manage the guest operating systems on the vCenter Server virtual machines.
VMware, Inc.
5. "Configure vCloud Director Collections" on page 35
Configure collections from your vCloud Director instances so that you can run compliance and reports, and identify your vApp virtual machines.
6. "Configure vCloud Director vApp Virtual Machines Collections" on page 39
25
vCenter Configuration Manager Administration Guide
Collect vCloud Director data so that you can identify and manage the guest operating systems of the vApp virtual machines.
7. "Configure vShield Manager Collections" on page 45
Configure collections from your vShield Manager instances so that you can run reports on the collected data.
8. "Configure ESX Service Console OS Collections" on page 48
The ESX Service Console OS Linux data type data and the ESXlogs are collected directly from the ESX operating systems, not from vCenter Server. Configure the ESX servers so that you can collect the Linux data type and ESX log data from the ESX service console operating system.
9. "Configure the vSphere Client VCM Plug-In" on page 54
The vSphere Client VCM Plug-In provides contextual access to VCM change, compliance, and management functions. It also provides direct access to collected vCenter Server, virtual machine host, and virtual machine guest data.

Configure Managing Agent Machines

The Managing Agents are one or more physical or virtual machine running a supported Windows operating system that manages the communication between the Collector and your instances of vCenter Server, vCloud Director, and vShield Manager.
The Managing Agent machines must have the 5.5 Agent or later installed. They must also be configured to manage the secure communication between the vCenter Server, vCloud Director, and vShield Manager instances and the Collector. Depending on the size of your Cloud Infrastructure environment, you can use your Collector as a Managing Agent or you can use another Windows machine. If your individual vCenter Server instances manage no more than 1–30 hosts and a maximum of 1000 guests, then you can use the Collector as your Managing Agent. If any of your vCenter Server instances exceed this amount, you must use a Windows machine that is not your Collector as a Managing Agent.
CAUTION Do not use the Windows machines on which your vCenter Server instances are running
as Managing Agent machines.
Procedure
1. "Collect Machines Data From the Managing Agent Machines" on page 27
Collect data from your Managing Agent machines to ensure that VCM identifies the Windows machines as licensed and that the 5.5 Agent or later is installed.
2. "Set the Trust Status for Managing Agent Machines" on page 27
You set the trusted status is on machines where you verify that the connection is legitimate. When you set the trust status, you are marking the Agent certificate as trusted.
3. "Configure HTTPS Bypass Setting" on page 28
If your Collector is not configured to use HTTPS, you must configure the Collector to allow HTTP communication when entering sensitive parameter values.
4. "Enable Managing Agent Machines" on page 28
Managing Agent machines must be enabled to perform the necessary communication with your instances of vCenter Server, vCloud Director, and vShield Manager.
26
VMware, Inc.
Configuring VMware Cloud Infrastructure

Collect Machines Data From the Managing Agent Machines

Collect data from your Managing Agent machines to ensure that VCM identifies the Windows machines as licensed and that the 5.5 Agent or later is installed.
The Managing Agent is the Agent used to collect data from your instances of vCenter Server, vCloud Director and vShield Manager.
Prerequisit es
n
Verify that the Windows machine that you designated as the Managing Agent is licensed and that it has the VCM Agent 5.5 or later installed. See "Configuring Windows Machines" on page 71.
Procedu re
1. Click Administration.
2. Select Machines Manager > Licensed Machines > Licensed Windows Machines.
3. Select the Managing Agent machines and click Collect on the VCM toolbar.
4. On the Collection Type page, select Machine Data and click OK.
5. On the Machines page, verify that the Selected list includes the Managing Agent machine and click Next.
6. On the Data Types page, expand Windows.
7. Select Machines, and click Next.
8. On the Important page, resolve any conflicts and click Finish.
9. When the job finishes, verify that the Agent Version value in the data grid is 5.5 or later.
What to do next
Configure the trust status for the Managing Agents. See "Set the Trust Status for Managing Agent
Machines" on page 27.

Set the Trust Status for Managing Agent Machines

You set the trusted status is on machines where you verify that the connection is legitimate. When you set the trust status, you are marking the Agent certificate as trusted.
When you transmit sensitive information, such as credentials, between the Collector and physical or virtual machines on which the Managing Agent is installed, the Agent certificate, including the Agent certificate on the Collector, must be trusted.
If you do not use this level of security, you can set the Allow sensitive parameters to be passed to agents not verified as Trusted option to Yes. To override the setting, click Administration and select Settings > General Settings > Collector.
Prerequisites
n
Ensure that you collected the Machines data type from the Windows machines you are using as Managing Agents. See "Collect Machines Data From the Managing Agent Machines" on page 27.
VMware, Inc.
27
vCenter Configuration Manager Administration Guide
Procedure
1. Click Administration.
2. Select Certificates.
3. Select the Managing Agent machines and click Change Trust Status.
4. Add any additional machines to trust to the lower data grid.
5. Select Check to trust or uncheck to untrust the selected machines and click Next.
6. Review the number of machines affected and click Finish.
What to do next
n
If your Collector is not configured to use HTTPS, set the HTTPS bypass. See "Configure HTTPS Bypass
Setting" on page 28.
n
Identify the Windows machines as Managing Agents. See "Enable Managing Agent Machines" on page
28.

Configure HTTPS Bypass Setting

If your Collector is not configured to use HTTPS, you must configure the Collector to allow HTTP communication when entering sensitive parameter values.
If your Collector is configured to use HTTPS, you do not need to modify this setting.
Procedure
1. Click Administration.
2. Select Settings > General Settings > Collector.
3. Select Allow HTTP communication (HTTPS bypass) when entering sensitive parameter values and click Edit Settings.
4. Select Yes and click Next.
5. Review the summary and click Finish.
What to do next
Identify the Windows machines as Managing Agents. See "Enable Managing Agent Machines" on page 28.

Enable Managing Agent Machines

Managing Agent machines must be enabled to perform the necessary communication with your instances of vCenter Server, vCloud Director, and vShield Manager.
Prerequisites
n
Ensure that the Managing Agent machines are trusted machines. See "Set the Trust Status for Managing
Agent Machines" on page 27.
n
If your Collector is not configured to use HTTPS, set the HTTPS bypass. See "Configure HTTPS Bypass
Setting" on page 28.
28
VMware, Inc.
Configuring VMware Cloud Infrastructure
Procedure
1. Click Administration.
2. Select Administration > Machines Manager > Licensed Machines > Licensed Windows Machiens.
3. Select the Managing Agent machines and click Change Managing Agent Status.
4. Add any additional machines to the lower data grid.
5. Select Enable - allow the selected machines to be used as managing agents and click Next.
6. Review the number of machines affected and click Finish.
What to do next
n
To maintain secure communication, you need the SSLcertificates from your instances of vCenter Server, vCloud Director, and vShield Manager. See "Obtain the SSL Certificate Thumbprint" on page 29.
n
Configure the collections from your instances of vCenter Server, vCloud Director, and vShield Manager.
n
See "Configure vCenter Server Data Collections" on page 30.
n
See "Configure vCloud Director Collections" on page 35.
n
See "Configure vShield Manager Collections" on page 45.

Obtain the SSL Certificate Thumbprint

When configuring the settings for your virtual environments systems, you can use an SSL certificate thumbprint file to ensure secure communication between the Collector and your instances of vCenter Server, vCloud Director, and vShield Manager.
You can use this procedure to copy and save the thumbprint in advance of configuring the settings, or you can follow the process while you are using the wizard.
This procedure applies when your certificates are not properly trusted. If your certificates are configured and trusted, you must log onto the target machine to retrieve the thumbprint from the certificate store.
Prerequisites
Ensure that you have network access to the target instances of vCenter Server, vCloud Director, and vShield Manager from which you need the thumbprint string.
Procedure
1. Open Internet Explorer.
2. In the address bar, type https:\\<your vcenter server, vcloud director, or vshield manager instance>.
3. On the certificate error page, click Continue to this website.
4. On the address bar, click Certificate Error and select View Certificates.
5. Click the Details tab.
VMware, Inc.
6. In the list, select Thumbprint.
7. Copy the thumbprint string to your clipboard or to a file so that you can access it when needed.
29
vCenter Configuration Manager Administration Guide

Configure vCenter Server Data Collections

Collect data from your vCenter Server so that you can identify and manage your virtual environments, including ESX and ESXi hosts, and guest virtual machines.
Prerequist es
n
Configure your Managing Agent machines. See "Configure Managing Agent Machines" on page 26.
n
To maintain secure communication, you need the SSLcertificates from your instances of vCenter Server. See "Obtain the SSL Certificate Thumbprint" on page 29.
Procedure
1. "Add vCenter Server Instances" on page 30
Add the vCenter Server instances to VCM so that you can license and collect vCenter Server data using the Managing Agent.
2. "Configure the vCenter Server Settings" on page 31
Configure the Managing Agent, communication, and vCenter Server access options so that VCM can collect host and guest data from the vCenter Server instances.
3. "Collect vCenter Server Data" on page 32
Collect the vCenter Server, host, and guest data from the vCenter Server instances. The data is displayed by detailed data type and appears in the VCM Console.
The collectedvCenter Server data appears in the Console in the Virtual Environments node. The collected vCenter Server data helps you identify and manage vCenter Server, host, and guest objects. See " vCenter
Server Collection Results" on page 33.

Add vCenter Server Instances

Add the vCenter Server instances to VCM so that you can license and collect vCenter Server data using the Managing Agent.
In addition to adding the vCenter Server instances, and you can also add the Windows machine on which the vCenter Server is installed and manage the underlying Windows operating system.
Prerequisit es
Know the names and domain information for the vCenter Server instances in your environment.
Procedu re
1. Click Administration.
2. Select Machines Manager > Available Machines.
3. Click Add Machines.
4. On the Add Machines page, select Basic: Name, Domain, Type, Automatically license machines, and click Next.
5. On the Manually Add Machines - Basic page, configure these options to identify the vCenter Server instances.
Option Description
Machine Name of the vCenter Server.
30
VMware, Inc.
Loading...
+ 210 hidden pages