VMware vCenter Configuration Manager
Advanced Installation Guide
vCenter Configuration Manager 5.6
This document supports the version of each product listed and supports all
subsequent versions until the document is replaced by a new edition. To
check for more recent editions of this document, see
http://www.vmware.com/support/pubs.
EN-001036-00
vCenter Configuration Manager Advanced Installation Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
© 2006–2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All
other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2
VMware, Inc.
Contents
About This Book 7
Achieving a Successful VCMInstallation 10
VCM Collector and Agent OS Platform Support 10
Hardware Requirements for Collector Machines 12
Determine the Size of Your Environment 12
Identify Your Specific Hardware Requirements 13
Database Sizing for Managed vCenter Server Instances 13
Hardware and Disk Requirements By Number of Managed Machines 14
Software and Operating System Requirements for Collector Machines 16
Sizing Impacts on Software Requirements 16
Software Installation and Configuration Overview 16
VCM Upgrades and Migrations 17
Preparing for Installation 18
VCM Installation Configurations 18
System Prerequisites to Install VCM 20
Establish Local Administration Rights 21
Verify Browser Compatibility 22
Verify the Default Network Authority Account 22
Verify the SQL Server Service Account 22
Specify the Collector Services Account 23
Verify the VMware Application Services Account 23
Verify the VCM Agent is Not Installed 24
Verify the SQLXML Version 25
Configure Resources to Install VCM on a Virtual Machine 26
Configure the Disk to Install VCM on a Virtual Machine 27
Configure the CPU to Install VCM on a Virtual Machine 27
Configure the Memory to Install VCM on a Virtual Machine 28
Secure Communications Certificates 30
Authenticating the Server to the Client 30
Enterprise and Collector Certificates 31
Delivering Initial Certificates to Agents 31
Single-Tier Server Installation 34
Configure a Single-Tier Installation Environment 36
Verify that the Installing User is an Administrator 37
Install and Configure a Windows Server 2008 R2 Operating System 38
Configure the Operating System Locale Settings 39
Disable the Remote Desktop Session Host 40
Enable DCOM 40
Install the .NET Framework 40
Verify the ASP.NET Client System Web Version 41
VMware, Inc.
3
vCenter Configuration Manager Advanced Installation Guide
Verify the ASPRole Service 41
Verify the ASP.NETRole Service 41
Configuring the Database Components of the VCM Collector 42
Install SQL Server on the VCMCollector 42
Verify and Configure the SQL Server Properties 44
Verify Matching SQL Server and Computer Names 45
Verify the SQLServer Agent Service Account is a sysadmin 45
Select the SQLServer Agent Service Account 46
Establish SQL Server Administration Rights 46
Configure the Web Components 47
Configuring IIS 49
Verify the ISAPI Extensions 50
Configure SSRS on the VCMCollector 51
Back Up Your SSRS Key 51
Disable IE Protected Mode for SSRS 51
Configure SSRS 52
Configure Basic Authentication on the Report Server 53
Configure Kerberos Authentication 54
Configure the VCM Collector Components 57
Two-Tier Split Installation 60
Configuring a Two-Tier Split Installation Environment 61
Verify that the Installing User is an Administrator 62
Install and Configure a Windows Server 2008 R2 Operating System 62
Configure the Operating System Locale Settings 64
Disable the Remote Desktop Session Host 64
Enable DCOM 64
Configuring the VCM Database Server 65
Disable the Firewall or Add an Exception for SQL Server Port 1433 65
Install SQL Server on the Database Server 66
Verify and Configure the SQL Server Properties 68
Verify Matching SQL Server and Computer Names 68
Verify the SQLServer Agent Service Account is a sysadmin 69
Select the SQLServer Agent Service Account 69
Establish SQL Server Administration Rights 70
Configure the Combined VCM Collector and Web Server 71
Install the .NET Framework 71
Configure the Web Components 72
Installing and Configuring SSRS on the Combined VCM Collector and Web Server 77
Configure Kerberos Authentication 81
Configure the VCM Collector Components 84
Three-Tier Split Installation 86
Configuring a Three-Tier Split Installation Environment 87
Verify that the Installing User is an Administrator 87
Install and Configure a Windows Server 2008 R2 Operating System 88
Configure the Operating System Locale Settings 89
Disable the Remote Desktop Session Host 90
Enable DCOM 90
Configure the VCM Database Server 90
Install SQL Server on the Database Server 91
Verify and Configure the SQL Server Properties 93
Verify Matching SQL Server and Computer Names 93
Verify the SQLServer Agent Service Account is a sysadmin 94
Select the SQLServer Agent Service Account 95
Establish SQL Server Administration Rights 95
Configure the Web Server 96
4
VMware, Inc.
Contents
Configuring IIS 98
Verify the ISAPI Extensions 100
Place the Web Server in the Internet Explorer Trusted Zone 100
Access to Patch Download Folder for Windows Patch Deployment 101
Installing and Configuring SSRS on the Web Server 102
Configure Kerberos Authentication 107
Modify the SQLCMD Path Variable 109
Configure the VCM Collector 110
Install the .NET Framework 111
Using VCM Remote 112
Installing VCM 116
DCOM and Port Requirements for VCM 117
Use Installation Managerto Install VCM 117
Install VCM 117
File System Permissions 118
Change Permissions On Machine Certificate Keys 119
Verify VCM Remote Virtual Directory Permissions 120
Configuring SQL Server for VCM 122
SQL Server Database Settings 122
SQL Server Processor Settings 123
SQL Server IO Configuration 123
Using the RAID Levels with SQLServer 124
Disk Interface and Disk Drive Performance 125
Use SQLIO to Determine IO Channel Throughput 126
Upgrading or Migrating VCM 128
Upgrading VCM and Components 128
Upgrade VCM 129
Upgrade Existing Windows Agents 130
Upgrade Existing VCM Remote Clients 130
Red Hat Server and Workstation Licensing 131
Upgrade Existing UNIX Agents 131
Upgrading Virtual Environments Collections 134
Upgrade the Managing Agent 134
Upgrading the vSphere Client VCM Plug-In 134
Upgrading Agent Proxy Machines 135
Migrating VCM 137
Prerequisites to Migrate VCM 138
Migrate Only Your Database 140
Replace Your Existing 32-Bit Environment with a Supported 64-bit Environment 141
Migrate a 32-bit Environment Running VCM 5.3 or Earlier to VCM 5.6 142
Migrate a 64-bit Environment Running VCM 5.3 or Earlier to VCM 5.6 143
Migrate a Split Installation of VCM 5.3 or Earlier to a Single-Tier, Two-Tier, or Three-Tier
Server Installation 145
How to Recover Your Collector Machine if the Migration is not Successful 147
Maintaining VCM After Installation 150
Customize VCM and Component-Specific Settings 150
Configure Database File Growth 152
Database Recovery Models 152
Configure Database Recovery Settings 153
Create a Maintenance Plan for SQL Server 2008 R2 154
Incorporate the VCM Database into Your Backup and Disaster Recovery Plans 156
Hardware and Operating System Requirements for VCM Managed Machines 158
VMware, Inc.
5
vCenter Configuration Manager Advanced Installation Guide
VCM Agent Support on Non-English Windows Platforms 158
VCM Managed Machine Requirements 158
Windows Custom Information Supports PowerShell 2.0 160
Supported OS Provisioning Target Systems 161
Software Provisioning Requirements 161
UNIX and Linux Patch Assessment and Deployment Requirements 162
Support for VMware Cloud Infrastructure 163
Cloud and Virtualization Infrastructure Platforms 163
Managing Agent Requirements 163
Agent Proxy Requirements for VMware ESX and ESXi 163
vCenter Operations Manager Integration Features 165
FIPS Requirements 165
FIPS for Windows 165
FIPS for VCM Agent Proxies 167
Agent Sizing Information 167
Windows Machines 167
UNIX and Linux Machines 169
Mac OS X Machines 169
Hardware and Software Requirements for the Operating System Provisioning Server 170
Supported OS Provisioning Server Platform 170
OS Provisioning Server System Requirements 170
OS Provisioning Server Software Requirements 171
Required Packages 171
Disallowed Packages 171
OS Provisioning Server Network Requirements 171
Provisioning Network Interface 171
Configure the OS Provisioning Server Firewall 172
Installing, Configuring, and Upgrading the OS Provisioning Server and Components 174
Restricted Network Environment 174
Install and Configure the OS Provisioning Server 174
Install the Operating System Provisioning Server 175
Uninstall the OS Provisioning Server 176
Configure DHCP 177
Configure a DHCP Server Other Than the OS Provisioning Server 178
Configure TFTP 178
Create a Windows Boot Image 179
Copy the VCM Certificate to the OS Provisioning Server for Linux Provisioning 180
Import Distributions into the OS Provisioning Server Repository 181
Create Directories for Windows Distributions 181
Import Windows Distributions 182
Import Linux Distributions 183
Using the basicimport Command Options 185
Working with Custom Linux ISO Distributions 185
Upgrade the OS Provisioning Server to 5.5 186
Managing the OS Provisioning Server System Logs 188
ospctrl Command Options 189
Index 190
6
VMware, Inc.
About This Book
The VCM Advanced Installation Guide describes the steps to install VCM in all supported installation
configurations. This document includes detailed information that does not appear in the VCM Installation
Guide.
This document contains the following information:
n
Hardware requirements for VCM Collector machines
n
Software and operating system requirements for VCM Collector machines
n
System prerequisites to install VCM
n
Secure Communication Certificates
n
Single-tier, two-tier, and three-tier installation configurations
n
Configuring SQLServer for VCM
n
Hardware requirements for VCM managed machines
n
Hardware and software requirements for the OSProvisioning Server
Read this document and follow the procedures to successfully install VCM on existing physical or virtual
machines in your environment.
The VCM Advanced Installation Guide applies to VCM 5.6, Foundation Checker 5.6, and Service Desk
Connector 1.3.0.
Intended Audience
This information is written for experienced Windows or UNIX/Linux/Mac OSX system administrators
who are familiar with managing network users and resources and with performing system maintenance.
To use this information effectively, you must have a basic understanding of how to configure network
resources, install software, and administer operating systems. You also need to fully understand your
network topology and resource naming conventions.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send
your feedback to docfeedback@vmware.com.
VMware, Inc.
7
vCenter Configuration Manager Advanced Installation Guide
VMware VCM Documentation
The vCenter Configuration Manager (VCM) documentation consists of the VCM Installation Guide, VCM
Administration Guide, VCM Advanced InstallationGuide, VCM online help, and other associated
documentation.
8
VMware, Inc.
vCenter Configuration Manager Advanced Installation Guide
Technical Support and Education Resources
The following technical support resources are available to you. To access the current version of this book
and other books, go to http://www.vmware.com/support/pubs.
Online and Telephone
Support
To use online support to submit technical support requests, view your
product and contract information, and register your products, go to
http://www.vmware.com/support.
Customers with appropriate support contracts should use telephone support
for priority 1 issues. Go to http://www.vmware.com/support/phone_
support.html.
Support Offerings To find out how VMware support offerings can help meet your business
needs, go to http://www.vmware.com/support/services.
VMware Professional
Services
VMware Education Services courses offer extensive hands-on labs, case study
examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For
onsite pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
9
VMware, Inc.
Achieving a Successful VCMInstallation
Perform the requirements to successfully install VMware vCenter Configuration Manager (VCM), and
then install VCM in any of the supported single-tier, two-tier, or three-tier installation configurations.
Determine your specific hardware and software requirements for VMware vCenter Configuration
Manager (VCM). Perform the preparatory steps to install and configure your physical and virtual
machines for a successful VCM installation.
To determine your hardware and software requirements, begin by answering several questions.
n
How many vCenter Server, UNIX, Linux, and Windows servers and workstations will you license?
n
How often will you collect data?
n
How much data will you collect?
n
How long will you retain the collected data and change data?
n
What additional VCM components will you use? For available VCM components, see the Download
VMware vCenter Configuration Manager Web site.
n
Do you understand the VCM security requirements? See the VCM Security Guide.
1
To achieve a successful VCM installation, you must understand the hardware and software requirements
for VCM Collector machines and VCM managed machines, prepare your environment for VCM
installation, then install VCM.
Before you install VCM, use the following chapters to prepare for VCM installation. Perform the
prerequisite steps and procedures in the order presented, configure resources, configure your installation
environment, then install VCM.
After you install VCM, set the file growth for your VCMdatabase, then create a maintenance plan.
VCM Collector and Agent OS Platform Support
All Agent and Collector OS platform support is specific to versions and editions indicated in the supported
platforms table. Some configurations can reduce or block the performance or functionality of VCM
components, such as configurations by vendors, third-party, custom lock downs, endpoint security
products, policies, and restricted system. Troubleshooting and support of VCM components in lockeddown or reconfigured environments is not included under the standard product maintenance agreement.
Support in these environments is available through an additional Professional Services engagement.
All testing is performed in a hardened environment, as documented in the VCM Security Guide. Testing
with OS vendor hardening applied for the VCM Collector is part of the supported configurations.
VMware, Inc.
10
vCenter Configuration Manager Advanced Installation Guide
For details about VCM Collector machines, see Hardware Requirements for Collector Machines and
Software and Operating System Requirements for Collector Machines in the VCM Installation Guide.
For details about VCM managed machines, see Hardware and Operating System Requirements for
Managed Machines in the VCM Installation Guide.
11
VMware, Inc.
Hardware Requirements for Collector Machines
Your VCM Collector hardware requirements depend on the number of physical and virtual managed
machines in your environment.
Use this information to determine how many machines you plan to manage. You can determine the
individual hardware requirements to ensure a successful VCM installation.
Disk space requirements vary based on the following factors.
n
Number of machines from which you collect data
n
Type of data collected and filters used
n
Frequency of collections
n
Data retention
Determine the Size of Your Environment
VCM hardware requirements are recommended based on whether your environment contains 1–1000,
1000–2000, 2000–5000, or more managed machines. To determine the number of managed machines on
which to base your collector size, consider the number of vCenter Server instances, Windows servers and
workstations, UNIX or Linux machines, and virtual machines that you are licensing. Identify any other
VCM components that you are licensing. To determine your total number of managed machines, enter
data for your enterprise in the sizing worksheet.
2
In VCM, the term “managed machines” refers to the servers and workstations that VCM manages, and
from which VCM collects data. If you use VCM for Microsoft Active Directory (AD), this definition
includes AD objects that you plan to have in your environment in the next 12 to 24 months.
Use the formulas in the worksheets to determine how your AD objects will increase your managed
machine count and affect your final sizing requirements. After you complete the worksheet and
determined the number of managed machines, size your Collector machine. Use the blank worksheet to
record the managed machines in your environment.
VMware, Inc.
12
vCenter Configuration Manager Advanced Installation Guide
Table 2–1. Sizing Worksheet
Product Description Anticipated Number o f Managed
VCM Windows Servers
ESXi Servers
Guest Virtual Machines
Linux or UNIX
Mac
Windows Workstations
Machin es in th e Next 12-24
Months
VCM
for AD
Divide total number of AD objects by 100 to determine the
approximate "machine count" for your AD environment.
Total Managed Machines: _______
In the following example, an enterprise environment contains machines and objects that represent 1377
managed machines, which places it in the 1000–2000 managed machines category.
Table 2–2.
Example of Sizing Worksheet with Sample Data
Product Description
Anticipat ed Number o f Managed
Machin es in th e Next 12-24 Months
VCM Windows Servers 92
vSphere/ESX/ESXi Servers 5
Virtual Machines (VM) 50
Linux or UNIX 100
Mac 100
Windows Workstations 920
VCM
for
AD
Divide total number of AD objects by 100 to determine
the approximate "machine count" for your AD
environment.
10,000 AD Objects/100 = 100 managed
machines to accommodate VCM for
AD
Total Managed Machines: 1377
Identify Your Specific Hardware Requirements
Size your VCM Collector and database based on the requirements for managed vCenter Server instances
and the number of machines managed by VCM.
Database Sizing for Managed vCenter Server Instances
Use the following requirements to size your SQLServer database depending on the number of hosts and
guests per vCenter Server managed by VCM. These requirements are in addition to the base VCM
storage requirements, and are based on an estimated 10% data change per day times 15 days of data
retention.
13
VMware, Inc.
Hard ware Requirements for Collector Machines
Table 2–3. VCMDatabase Sizing per vCenter Server Instance
Host s Guests Est. Daily Ch ange Data Retent ion in Days Data Size
25 250 10% 15 3GB
50 500 10% 15 6GB
250 2500 10% 15 30GB
The best practice in production environments is to have the Managing Agent process requests for a single
vCenter Server. Dedicate one Managing Agent machine for each vCenter Server. In a single vCenter
Server instance environment, the VCM Collector can be the Managing Agent.
A single Managing Agent can manage multiple vCenter Server instances depending on your collection
schedules and when potential job latency is not an issue, such as when a single Managing Agent must
process multiple requests serially. A single Managing Agent can manage multiple vCenter Server instances
as long as only one vCenter Server is collected at a time.
When job latency is not a problem, and depending on your collection schedules, you might dedicate a
single Managing Agent for every five vCenter Server instances or 100 hosts. You could dedicate one
Managing Agent to a vCenter Server that manages 100 hosts, or a collection of four vCenter Server
instances that each manage 10 hosts could share a Managing Agent.
Hardware and Disk Requirements By Number of Managed Machines
Use the Minimum Hardware Requirements and Minimum Disk Configuration Requirements tables to
determine your hardware and disk configuration requirements for a single-tier server installation.
Use the total number of managed machines from the Sizing Worksheet to locate your environment size
(1–1000, 1000–2000, 2000–5000, or more). If you have more than 5000 machines in your environment,
contact VMware Technical Support to help you determine your hardware requirements.
If you run SQLServer on a virtual machine, see Microsoft SQL Server on VMware Best Practices Guide at
http://www.vmware.com/files/pdf/sql_server_best_practices_guide.pdf. If you run SQL Server in a Hyper-
V environment, see Best Practices and Performance Considerations for Running SQL Server 2008 in a Hyper-V
Environment on the Microsoft Web site.
The requirements listed in the following tables are based on the following assumptions.
n
Daily VCM collections using the default filter set with additional Microsoft AD security descriptors
collected using VCM for AD.
n
15 days retention of change data.
n
Simple recovery mode only.
n
Daily VCM Patching collections.
n
No applications other than VCM are running on your server.
VCM for AD collections cause the TempDB database to grow significantly. If you have a fully populated
Microsoft Active Directory and plan to perform frequent AD collections, increase your hardware
requirements.
Longer data retention, additional WMI, registry filters, and custom information collections also add to the
requirements.
The following table provides hardware requirements for a single-tier server installation of VCM. If you
are installing VCM in a two-tier or three-tier environment, approximate sizing requirements are provided
in the VMware Knowledge Base. See http://kb.vmware.com/kb/2033894.
VMware, Inc.
14
vCenter Configuration Manager Advanced Installation Guide
Table 2–4. Minimum Hardware Requirements by Number of Managed Machines for Single-Tier
Server Installations
Requ irements Number of VCM Manag ed Machines
1–1000 1000–2000 2000+
Processors Dual Xeon or single Dual
Core 2GHz minimum
Quad Xeon or two Dual
Core 2GHz minimum
Eight-way Xeon or four
Dual Core 2GHz minimum
RAM 8GB+ minimum 12GB+ minimum 16GB+ minimum
Number of
2 3 4
Separate Disk
Channels
The space allocations in the following table do not include space for backups. Allocate backup space that is
equal to the size of the VCM data for a single full backup, or larger to keep multiple partial backups.
Table 2–5. Minimum Disk Configuration Requirements by Number of Managed Machines
Number of VCM Manag ed
Machin es
RAID Channel and RAID Level Partitions Usable
Space
1–500 Channel 0 – RAID 1 OS 36GB
Collector Data
36GB
Files
TempDB 36GB
SQL Log Files 28GB
Channel 1 – RAID 0+1 (recommended) or
SQL Data Files 56GB
RAID 10
501–1000 Channel 0 – RAID 1 OS 36GB
Collector Data
36GB
Files
Channel 1 – RAID 1 TempDB 56GB
SQL Log Files 56GB
Channel 2 – RAID 0+1 (recommended) or
SQL Data Files 113GB
RAID10
1001–2000 Channel 0 – RAID 1 OS 36GB
Collector Data
54GB
Files
Channel 1 – RAID 1 TempDB 113GB
Channel 2 – RAID 1 SQL Log Files 113GB
Channel 3 – RAID 0+1 (recommended) or
SQLData Files 227GB
RAID 10
15
VMware, Inc.
Software and Operating System Requirements for Collector Machines
Your VCM environment software configuration must meet the requirements to install VCM 5.6. The
software requirements are based on the number of managed machines in your environment and your
installation configuration.
The software requirements are organized into steps. You must perform the steps in the order specified to
ensure a successful VCM installation.
All software requirements apply to the server in your single-tier installation. For more information about
installation configurations, see "VCM Installation Configurations" on page 18.
Sizing Impacts on Software Requirements
Use the total number of managed machines that you identified in "Determine the Size of Your
Environment" on page 12 to locate your environment size (1–1000, 1000–2000, 2000–5000, or more). If you
have more than 5000 machines in your environment, contact VMware Technical Support for your specific
requirements.
VCM supports Standard and Enterprise editions of SQL Server 2008 R2.
3
CAUTION If your Windows machine has an evaluation version of SQLServer StandardEdition or
Enterprise Edition, use it only for evaluation purposes. Do not use an evaluation version in a
production environment, because it is not officially supported for production.
Table 3–1. Minimum Software Requirements by Number of VCM Managed Machines
Soft ware
Compo nent
Operating
System
SQL Version SQL Server 2008 R2 Standard
SSRS Version SQL Server 2008 Reporting
Number of Manag ed Machines
1–1000 1000–2000 2000–5000
Windows Server 2008 R2 Windows Server 2008 R2 Windows Server 2008 R2
Edition (64-bit)
Services
SQL Server 2008 R2 Standard
Edition (64-bit)
SQL Server 2008 Reporting
Services
Software Installation and Configuration Overview
VCM supports the Collector running on a Windows Server 2008 R2 operating system. Complete the
preparatory steps to prepare your Windows Server 2008 R2 machine for a successful VCM installation.
When you use VCM Installation Manager to install VCM, the system checks will run without error,
indicating that you have met all of the requirements to install VCM.
Enterprise Edition
SQL Server 2008 R2
Standard Edition (64-bit)
SQL Server 2008 Reporting
Services
VMware, Inc.
16
vCenter Configuration Manager Advanced Installation Guide
VCM supports several installation configurations including single-tier, two-tier, and three-tier. You use
Installation Manager to install VCM in these configurations.See "Preparing for Installation" on page 18.
To understand the requirements to upgrade or migrate your environment to the latest version of VCM,
see "VCM Upgrades and Migrations" on page 17.
VCM Upgrades and Migrations
To upgrade your version of VCM to the current version, you must have VCM 5.5, 5.5.1, 5.4, or 5.4.1. To
migrate your environment to the current version of VCM, you must have version 4.11.1 or later installed
and running.
CAUTION VCM 5.6 does not include the Patch Administrator role. If you previously assigned the
Patch Administrator role to a user, either reassign a different role to the user or let the user know
that the role no longer exists.
What to do next
To upgrade VCM, see the upgrade and migration examples at "Upgrading or Migrating VCM" on page
128.
17
VMware, Inc.
Preparing for Installation
Prepare your environment for a VCMinstallation by performing the prerequisites to include hardware,
software, and physical and virtual machines before you install VCM components and tools.
VCM Installation Configurations
VCM supports several installation configurations including single-tier, two-tier, and three-tier. Use
Installation Manager to install VCM in these configurations.
n
Single-Tier Server Installation
In a single-tier server installation, the VCM database server, Web server, and the VCM Collector
components reside on a single Windows Server 2008 R2 machine, which is referred to as the VCM
Collector. The installation installs all of the core VCM components, including the databases, console,
and services. This configuration enables integrated security by default.
n
Two-Tier Split Installation
In a two-tier split installation, the VCM database resides on the Windows Server 2008 R2 database
server machine, and the VCM Collector and Web components reside on the second Windows Server
2008 R2 machine.
4
n
Three-Tier Split Installation
In a three-tier split installation, the VCM databases, the Web applications, and the VCM Collector
components reside on three different Windows Server 2008 R2 machines.
To perform the prerequisite steps for VCM installation, see "System Prerequisites to Install VCM" on page
20.
VMware, Inc.
18
vCenter Configuration Manager Advanced Installation Guide
19
VMware, Inc.
System Prerequisites to Install VCM
Perform the system prerequisites to prepare your physical or virtual machine for VCM installation. The
prerequisites ensure that your machine meets the requirements for your environment to support a
successful VCM installation.
After you perform the system prerequisites, during VCM installation the Installation Manager runs
system checks on the database server, Web server, and VCM Collector machine in your installation
configuration. These system checks verify that you have satisfied all of the prerequisites for a successful
VCM installation. During the system checks, Foundation Checker verifies component-specific issues
against VCM, captures common issues, and identifies any problems with the version of VCM being
installed.
Foundation Checker might generate warnings, which you must review. In some cases, you might need to
resolve the warnings before you install VCM, even though the warnings will not prevent you from
starting the installation.
If Foundation Checker generates errors, you must resolve them before you install VCM. For more
information about Foundation Checker, see the VCM Foundation Checker User's Guide.
Use the following topics to verify your system requirements.
5
n
Verify that your environment meets the security requirements. See the VCM Security Guide.
n
"Establish Local Administration Rights" on page 21
Verify that the user account of the person who performs the VCM installation, upgrade, or migration
has all of the required rights.
n
"Verify Browser Compatibility" on page 22
Verify that the target VCM Collector machine, and any other machines that will access the VCM Web
console interface on the VCM Collector, have a compatible Web browser installed.
n
"Verify the Default Network Authority Account" on page 22
Define the network authority account in the Local Administrators group on the Collector machine
before you install VCM. The network authority account must be a domain account. VCM uses the
default network authority account to collect data from Windows Agent machines.
n
"Specify the Collector Services Account" on page 23
Specify the Collector Service account to use during VCM installation. The account can be a system
administrator account and must exist in the Local Administrators group on the Collector machine. The
account must not be the Local System account.
n
"Verify the VMware Application Services Account" on page 23
VMware, Inc.
20
vCenter Configuration Manager Advanced Installation Guide
Verify that the VMware Application Services Account is a domain user.
n
"Verify the VCM Agent is Not Installed" on page 24
The target Windows machine must not have a VCM Agent installed before you install VCM. If an
Agent is installed, you must uninstall the Agent for VCM to install.
n
"Verify the SQLXML Version" on page 25
SQLXML provides client-side XML functionality and enhancements to existing SQL features. SQLXML
4.0 SP1 is installed with SQL Server 2008 R2. Verify that the correct version is installed.
Establish Local Administration Rights
Verify that the user account of the person who performs the VCM installation, upgrade, or migration has
all of the required rights.
The following rights are required.
n
System administrator on the machines on which the installation or upgrade is performed.
n
System administrator on the database instance to be used.
n
Member of a domain.
The installing user account should not be the account used for VCM services, because the login of the
VCM service account is disabled during installation.
After installation, do not create a VCM user that uses the SQL Server services account credentials.
What to do next
Verify the compatibility of your browser. See "Verify Browser Compatibility" on page 22.
21
VMware, Inc.
Verify Browser Compatibility
Verify that the target VCM Collector machine, and any other machines that will access the VCM Web
console interface on the VCM Collector, have a compatible Web browser installed.
VCM supports the following browsers.
n
Internet Explorer version 8 and 9.
n
Internet Explorer version 10 in compatibility mode.
n
Mozilla Firefox version 6.0 or later with the Internet Explorer IE Tab add-on. This add-on requires
Internet Explorer 6.0 to be installed on the machine.
What to do next
Verify the default Network Authority account. See "Verify the Default Network Authority Account" on
page 22.
Verify the Default Network Authority Account
Define the network authority account in the Local Administrators group on the Collector machine before
you install VCM. The network authority account must be a domain account. VCM uses the default
network authority account to collect data from Windows Agent machines.
System Prerequisites to Install VCM
You specify the default network authority account during VCM installation. The default network authority
account can be a system administrator account, such as a Domain Admin in the Local Admin Group.
It is acceptable, but not preferred, to use the same account for the Application services account, Collector
service account, VCM Remote account, and the Tomcat Services account. If you use a single account, the
permissions required for the Collector service account will be sufficient. The account must be a local
administrator, should not be a domain administrator, has bulk-insert permissions in SQL, and is a dbo of
the VCM databases. In general, the Default Network Authority should be a different account, possibly a
Domain Administrator with rights on more systems in the environment.
Procedu re
1. On the Collector, right-click Computer and select Manage to open Server Manager.
2. Expand Configuration, expand Local Users and Groups, and click Groups.
3. Double-click Administrators and verify that the network authority account is listed as a member of the
Administrators group.
If the user or administrator’s group is not listed, add the user or group to the list. Verify that the user
has Windows administrator rights issued by the network administrator.
To change the network authority account after installing VCM, click Administration and select Settings >
Network Authority.
What to do next
Keep Server Manager open to specify the Collector Services account. See "Specify the Collector Services
Account" on page 23.
Verify the SQL Server Service Account
The SQL Server service account, under which the service for the SQL Server instance runs to manage the
VCM databases, must be LocalSystem or an account that has local administrative privileges.
VMware, Inc.
22
vCenter Configuration Manager Advanced Installation Guide
CAUTION Do not use Network Service for the SQL Server service account. If you use the Network
Service account for your SQL Server instance, VCM installation could fail. Foundation Checker does
not check for this account during VCM installation.
The LocalSystem account, NT AUTHORITY\System, has unrestricted access to all local system resources.
This account is a member of the Windows Administrators group on the local machine.
If the NT AUTHORITY\System account does not have access to the VCM installation binary files, the
installation results in an access denied error. This situation is not common, but could occur if the
installation files are copied to or extracted in a user's home directory. In this case, you must grant access to
the NT AUTHORITY\System account from the installation source directory, then run the installation
again. A user or user’s group has access when they have full control of the file or folder.
Specify the Collector Services Account
Specify the Collector Service account to use during VCM installation. The account can be a system
administrator account and must exist in the Local Administrators group on the Collector machine. The
account must not be the Local System account.
Logging in to VCM using a service account can lead to unexpected or inconsistent behavior. Services that
use the same account as a logged in user might modify the logged in user's current role or the machine
group, or log the user out of the system.
If the password for the account changes, you must change the password in the Services Management
console and the Component Services DCOM Config console.
Procedu re
1. In Server Manager, verify that the Groups menu is open.
If not, expand Configuration, expand Local Users and Groups, and click Groups.
2. Double-click Administrators and verify that the account used for Collector Services is listed as a
member of the Administrators group.
If the user or administrator’s group is not listed, to ensure that the user has Windows administrator
rights issued by the network administrator, add the user or group to the list.
What to do next
Keep Server Manager open to specify the VCM Application Services account in Server Manager. See
"Verify the VMware Application Services Account" on page 23.
Verify the VMware Application Services Account
Verify that the VMware Application Services Account is a domain user.
IMPORTANT Never use this account as a VCM login or for any other purpose. Logging in to VCM using a
service account can lead to unexpected or inconsistent behavior. Services that use the same account as a
logged in user might modify the logged in user's current role or the machine group, or log the user out of
the system.
23
VMware, Inc.
Procedu re
1. In Server Manager, verify that the Groups menu is open.
If not, expand Configuration, expand Local Users and Groups, and click Groups.
2. Double-click Administrators and verify that the application services account is listed as a member of
the Administrators group.
If the user or administrator’s group is not listed, add the user or group to the list. Ensure that the user
has Windows administrator rights issued by the network administrator.
What to do next
Verify that the VCM Agent is not installed on the Collector machine. See "Verify the VCM Agent is Not
Installed" on page 24.
Verify the VCM Agent is Not Installed
The VCM Collector installation includes an updated Agent. The target Windows machine must not have a
VCM Agent installed before you install VCM. If an Agent is installed, you must uninstall the Agent for
VCM to install.
Procedu re
System Prerequisites to Install VCM
1. To determine whether a VCM Agent is installed on the Windows machine, verify whether the
following folder exists.
%windir%\CMAgent
The %windir% environment variable specifies the directory where Windows is installed. This folder is
the default location. The Agent installation directory is accessible in the registry at the following
location.
HKLM\Software\Configuresoft\ECM\4.0\Common\PathsRootDir
2. If a VCM Agent is installed, remove the Agent from the target Windows machine.
a. If a working VCM Collector exists, use the VCM Web console to unlicense this machine and
remove the VCM Agent.
b. If a working VCM Collector does not exist, uninstall the Agent manually.
3. To uninstall the Agent manually, determine if the Agent was installed using the MSI installer.
a. Search for the string CMAgent under the following registry key.
HKEY_LOCAL_
MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
If an Uninstall registry subkey exists that has a GUID-named key and reference to the VCM
Agent, such as {7C51E2CA-C932-44EF-8B77-3C03356A24CC}, the VCM Agent was installed
using the MSI Installer.
b. Examine the uninstall data to confirm that this is the VCM Agent.
VMware, Inc.
c. Open the setting UninstallString and copy the value.
An example value is as follows.
MsiExec.exe /X{7C51E2CA-C932-44EF-8B77-3C03356A24CC}
d. If an Uninstall GUIDregistry key that references the VCM Agent does not exist, the Agent was
installed using the manual installer.
24
vCenter Configuration Manager Advanced Installation Guide
4. Uninstall the VCM Agent.
a. If the Agent was installed using the MSI installer, to uninstall the Agent click Start and click Run to
execute the command line using the UninstallString registry value.
An example value is as follows.
MsiExec.exe /X{7C51E2CA-C932-44EF-8B77-3C03356A24CC}.
b. If the Agent was installed using the manual installer, run the following command to uninstall the
Agent.
%windir%\CMAgent\Uninstall\Packages\CMAgentInstall\UnCMAgentInstall.exe /S
INSTALL.LOG
What to do next
Verify that the correct version of SQLXML is installed. See "Verify the SQLXML Version" on page 25.
Verify the SQLXML Version
SQLXML provides client-side XML functionality and enhancements to existing SQL features. SQLXML 4.0
SP1 is installed with SQL Server 2008 R2. Verify that the correct version is installed.
Procedu re
1. Click Start and click Control Panel.
2. Click Programs and select Programs and Features.
3. Verify that SQLXML 4.0 SP1 appears in the list of installed programs.
4. If SQLXML 4.0 SP1 does not appear, install it from the Microsoft Download Center.
What to do next
n
If you will install VCM on a virtual machine, configure the disk, CPU, and memory resources. See
"Configure Resources to Install VCM on a Virtual Machine" on page 26.
n
Understand the use of secure communications certificates and be prepared to specify the certificates
during VCM installation. See Secure Communications Certificates in the VCM Installation Guide.
25
VMware, Inc.
Configure Resources to Install VCM on a Virtual Machine
To install VCM on a virtual machine, you must prepare the virtual machine to be used as a VCM Collector.
Because VCM can place heavy workloads on the database, you must understand your environment
workloads to determine the resource requirements.
For the VCM Collector to operate properly on a virtual machine, the virtual machine must satisfy several
prerequisites to run SQL Server on a VMware virtual machine.You should provision the VCM virtual
machine similar to a high throughput OLTP database application.
Use these guidelines to install VCM in development, test, or IT environments. For large scale
environments, you might need to alter the requirements.
IMPORTANT Do not install VCM on an ESX server that has over-allocated resources.
Prerequisit es
n
Follow the requirements for physical hardware.See the VCM Installation Guide.
n
Perform the system prerequisite tasks. See the VCM Installation Guide.
6
n
Follow the best practices to install SQLServer. See the Microsoft SQL Server on VMware Best Practices
Guide available on the VMware Web site at http://www.vmware.com.
Procedu re
1. "Configure the Disk to Install VCM on a Virtual Machine" on page 27
Configure the disk for the virtual machine. For large scale environments, you might need to alter the
requirements.
2. "Configure the CPU to Install VCM on a Virtual Machine" on page 27
Configure the CPU for the virtual machine. For large scale environments, you might need to alter the
requirements.
3. "Configure the Memory to Install VCM on a Virtual Machine" on page 28
Allocate the memory for the virtual machine. For large scale environments, you might need to alter
the requirements.
What to do next
Familiarize yourself with the certificate names in advance so that you can select them during installation.
See the VCM Installation Guide.
VMware, Inc.
26
vCenter Configuration Manager Advanced Installation Guide
Configure the Disk to Install VCM on a Virtual Machine
Configure the disk for the virtual machine. For large scale environments, you might need to alter the
requirements.
Prerequisit es
n
Prepare the virtual machine to be used as a VCM Collector. See "Configure Resources to Install VCM
on a Virtual Machine" on page 26.
n
Keep the spindle count consistent and allocate a sufficient number of spindles to the database files when
you migrate VCM from a physical machine to a virtual machine.
n
Place the database data files on multiple logical unit numbers (LUNs).
n
Create a TEMPDB data file for each virtual CPU that is allocated to the VCM Collector.
n
Use paravirtual SCSI (PVSCSI) controllers for the database disks to provide greater throughput and
lower CPU utilization, which improves VCM performance.
n
Maintain a 1:1 mapping between the number of virtual machines and the number of LUNs on a single
ESX host to avoid disk I/O contention.
Procedu re
1. Start vCenter Server.
2. Select your virtual machine.
3. Click the Resource Allocation tab.
4. In the CPU pane, click Edit.
5. In the Virtual Machine Properties dialog box, click the Resources tab.
6. In the Resource Allocation pane, click Disk and update the disk resource allocation to meet the needs
of your environment.
7. Click OK.
What to do next
Configure the CPUfor the virtual machine. See "Configure the CPU to Install VCM on a Virtual Machine"
on page 27.
Configure the CPU to Install VCM on a Virtual Machine
Configure the CPU for the virtual machine. For large scale environments, you might need to alter the
requirements.
Prerequisit es
n
Prepare the virtual machine to be used as a VCM Collector. See "Configure Resources to Install VCM
on a Virtual Machine" on page 26.
n
Test the workload in your planned virtualized environment to verify that the physical CPU resources
on the ESX host adequately meet the needs of guest virtual machines.
n
Provision multiple virtual CPUs only if the anticipated workload will use them. Over-provisioning
might result in higher virtualization overhead.
n
Install the latest version of VMware Tools on the guest operating system.
27
VMware, Inc.
Configure Resources to Install VCM on a Virtual Machine
Procedu re
1. Start vCenter Server.
2. Select your virtual machine.
3. Click the Resource Allocation tab.
4. In the CPU pane, click Edit.
5. In the Virtual Machine Properties dialog box, click the Resources tab.
6. In the Resource Allocation pane, click CPU and change the CPU resource allocation.
7. Click OK.
What to do next
Configure the memory for the virtual machine. See "Configure the Memory to Install VCM on a Virtual
Machine" on page 28.
Configure the Memory to Install VCM on a Virtual Machine
Allocate the memory for the virtual machine. For large scale environments, you might need to alter the
requirements.
Prerequisit es
n
Prepare the virtual machine to be used as a VCM Collector. See "Configure Resources to Install VCM
on a Virtual Machine" on page 26.
n
Verify that the ESX host has sufficient cumulative physical memory resources to meet the needs of the
guest virtual machines. Do not install VCM on an ESX server that has over allocated resources.
n
On the ESX host, enable memory page sharing and memory ballooning to optimize memory.
n
To reduce or avoid disk I/O, increase the database buffer cache.
Procedu re
1. Start vCenter Server.
2. Select your virtual machine.
3. Click the Resource Allocation tab.
4. In the Memory pane, click Edit.
5. In the Virtual Machine Properties dialog box, click the Resources tab.
6. In the Resource Allocation pane, click Memory and change the memory resource allocation.
7. Click OK.
What to do next
Prepare your single-tier, two-tier, or three-tier installation configuration. See "Single-Tier Server
Installation" on page 34, "Two-Tier Split Installation" on page 60, or "Three-Tier Split Installation" on page
86.
VMware, Inc.
28
vCenter Configuration Manager Advanced Installation Guide
29
VMware, Inc.
Secure Communications Certificates
During VCM installation, specify the Collector and Enterprise certificates. VCM uses Transport Layer
Security (TLS) to secure all UNIX Agents and all Windows Agents using HTTP, and TLS uses certificates to
authenticate the Collector and Agents to each other.
If you use your own certificates, you must familiarize yourself with the certificate names in advance so
that you can select them during installation.
A valid Collector certificate must have the following attributes.
n
Located in the local machine personal certificate store.
n
Valid for Server Authentication. If any Enhanced Key Usage extension or property is present, it must
include the Server Authentication OID 1.3.6.1.5.5.7.3.1. If the Key Usage extension is present, it
must include DIGITAL_SIGNATURE.
n
Active, and not expired.
If you do not want to use your own certificates, you can have Installation Manager generate the Collector
and Enterprise certificates for you, select the Generate option during the installation.
7
If you install more than one Collector that will communicate with the same Agents, or if you plan to
replace or renew your certificates, follow the special considerations to generate and select certificates in
VCM Installation Manager. See the VCM Security Guide.
Authenticating the Server to the Client
VCM supports Server Authentication to authenticate the server to the client. In VCM environments where
TLS is used, VCM Agents verify the identity of the Collectors by verifying the certificates. If you use your
own certificates, you must familiarize yourself with the certificate names in advance so that you can select
them during installation.
The server typically authenticates a client or user by requiring information such as a user name and
password. When Server Authentication is used, the client or user verifies that the server is valid. To
accomplish this verification, the server provides a certificate issued by a trusted authority, such as Verisign.
If your client Web browser has the Verisign Certified Authority certificate in its trusted store, the Web
browser can trust that the server is actually the Web site you access.
To guarantee the identity of servers and clients, TLS uses certificates that are managed by a public key
infrastructure (PKI). A certificate is a package that contains a public key, information that identifies the
owner and source of that key, and one or more certifications (signatures) to verify that the package is
authentic. To sign a certificate, an issuer adds information about itself to the information that is already
contained in the certificate request. The public key and identifying information are hashed and signed
using the private key of the issuer’s certificate.
VMware, Inc.
30
vCenter Configuration Manager Advanced Installation Guide
Certificates are defined by the X.509 RFC standard, which includes fields that form a contract between the
creator and consumer. The Enhanced Key Usage extension specifies the use for which the certificate is
valid, including Server Authentication.
Enterprise and Collector Certificates
An Enterprise Certificate and one or more Collector Certificates enable secure HTTP Collector and Agent
communication in VCM. The Enterprise Certificate enables VCM to operate in a multi-Collector
environment. Agents have the Enterprise Certificate in their trusted certificate stores, and they use the
Enterprise Certificate to validate any certificate issued by the Enterprise Certificate. All Collector
Certificates are expected to be issued by the Enterprise Certificate, which is critical in environments where
a single Agent is shared between multiple Collectors.
Server authentication is required to establish a TLS connection with an Agent. All VCM Collectors should
have a common Enterprise Certificate. Each Collector Certificate is issued by the Enterprise Certificate,
and is capable of Server Authentication. Collector Certificates in VCM must adhere to the requirements
for secure communications certificates. See "Secure Communications Certificates" on page 30.
n
The Collector Certificate initiates and secures a TLS communication channel with an HTTP Agent. The
Agent must be able to establish that the Collector Certificate can be trusted, which means that the
Collector Certificate is valid and the certification path starting with the Collector Certificate ends with a
trusted certificate. By design, the Enterprise Certificate is installed in the Agent’s trusted store. The trust
chain ends with the Enterprise Certificate.
n
Self-signed Agent Certificates are generated during Agent installation, upon first contact from the
Collector. Agent Certificates are used for Mutual Authentication only. VCM support for Mutual
Authentication requires the administrator to manually verify the fingerprint of each Agent's certificate
before marking those Agents as trusted in Administration > Certificates.
n
The Collector Certificate and associated private key must be available to the Collector. This certificate is
stored in the local machine personal system store.
Delivering Initial Certificates to Agents
VCM Agents use the Enterprise Certificate to validate Collector Certificates. The Agent must have access
to the Enterprise Certificate as a trusted certificate. In most cases, VCM delivers and installs the Enterprise
Certificate as needed during the HTTP Agent installation.
When you manually install Windows HTTP or VCM Remote client components, you must specify a path
to the PEM file that provides the Enterprise Certificate and the Collector's public key.
Installing the Agent from a Disk (Windows only)
The VCM Installation DVD does not contain customer-specific certificates. If HTTP is specified, the manual
VCM installer requests the location of the Enterprise Certificate file during the installation. You must have
the Enterprise Certificate file available at installation time. You can copy the certificate file, which has a
.pem extension, from the CollectorData folder on the Collector. You must copy the certificate file
when you run the manual installer directly using CMAgentInstall.exe or when you use the Agent
Only option in the DVD auto-run program.
31
VMware, Inc.
Secure Communications Certificates
Using CMAgentInstall.exe to install the Agent (Windows only)
The CMAgentInstall.exe or CMAgent[version].msi is the manual Agent installer program. The
manual installer requests the location of the Enterprise Certificate file when HTTP is specified. You must
have the Enterprise Certificate file available at installation time. You can copy the certificate file from the
CollectorData folder on the Collector. For information about using the EXE and command line options
to install the Agent, see the VCM Administration Guide.
Using the MSI Install Package
When you specify HTTP, the MSI Agent install package also requires access to the .pem file. For
information about using the MSI and command line options to install the Agent, see the VCM
Administration Guide.
Installing the Agent for UNIX/Linux
See Install the Agent on UNIX/Linux Machines in the VCM Administration Guide.
What to do next
Configure your installation configuration. See "Single-Tier Server Installation" on page 34, "Two-Tier Split
Installation" on page 60, or "Three-Tier Split Installation" on page 86.
VMware, Inc.
32
vCenter Configuration Manager Advanced Installation Guide
33
VMware, Inc.
Single-Tier Server Installation
In a single-tier server installation, the VCM database server, Web server, and the VCM Collector
components reside on a single Windows Server 2008 R2 machine, which is referred to as the VCM
Collector. The installation installs all of the core VCM components, including the databases, console, and
services. This configuration enables integrated security by default. Integrated security, also referred to as
Windows Authentication or NT Challenge Response authentication, provides trusted logon to the Web
console without having to configure Kerberos.
VCM 5.6 supports 64-bit environments that include 64-bit hardware, the 64-bit Windows Server 2008 R2
operating system, and SQL Server 2008 R2.
Figure 8–1. Single-Tier Server Installation Components
8
VMware, Inc.
34
vCenter Configuration Manager Advanced Installation Guide
Figure 8–2. TypicalVCM Enterprise-Wide, Single-Server Installation
VCM Agent Proxies for Virtualization can be installed on the VCM Collector, which is the default
installation, or on one or more separate Windows Servers.
n
If the Agent Proxy is installed on the VCM Collector, which is the default installation, the Collector
communicates directly with the ESX Servers.
n
If the Agent Proxy is installed on a separate Server, which is optional, the VCM Collector communicates
with the Agent Proxy Server, which communicates with the ESX Servers.
In addition to the VCM Collector, the single-tier installation configuration includes an Operating System
Provisioning Server. The OS Provisioning Server manages the OS provisioning actions as commanded by
VCM.
For hardware and software requirements for the OS Provisioning Server, see the VCM Installation Guide.
35
VMware, Inc.
Figure 8–3. VCM Collector with OS Provisioning Ser ver
Single-Tier Server Installation
For advanced information to install VCM in a single-tier environment, see the VCM Advanced Installation
Guide.
Configure a Single-Tier Installation Environment
In a single-tier installation configuration, you configure the single Windows Server 2008 R2 machine for
the Database, Web, and VCM Collector components, then install VCM. The machine can be a physical or
virtual Windows machine.
Prerequisit es
n
Perform the general system prerequisites. See "System Prerequisites to Install VCM" on page 20.
n
Connect the single Windows Server 2008 R2 VCM Collector machine to your domain.
n
Obtain the SQL Server 2008 R2 Enterprise or Standard edition installation disk or verify access to a file
share where the installer resides.
n
Verify that the single-tier server machine has at least 11 GB of free disk space and 2GB of RAM.
VMware, Inc.
36
vCenter Configuration Manager Advanced Installation Guide
Procedu re
1. "Verify that the Installing User is an Administrator" on page 37
The user who installs the Windows Server 2008 R2 operating system must be an Administrator and a
domain account.
2. "Install and Configure a Windows Server 2008 R2 Operating System" on page 38
To prepare your Windows machine for VCMinstallation, install the Windows Server 2008 R2
operating system on each Windows machine in your installation configuration and verify that the
settings are configured for VCM operation.
3. "Install the .NET Framework" on page 40
To support library and language interoperability, the VCMCollector must have the required versions
of the .NET Framework installed.
4. "Configuring the Database Components of the VCM Collector" on page 42
To ensure that the installation creates the VCM databases, you must configure the database
components of the VCM Collector before you install VCM. In a single-tier installation configuration,
the VCM database resides on the VCM Collector. The databases include VCM, VCM_Coll, VCM_Raw,
and VCM_UNIX.
5. "Configure the Web Components" on page 47
The Web components of the VCM Collector contain Web applications such as IIS and SQL Server
Reporting Services (SSRS), other services, and VCM software components. Before you install VCM,
you must configure the Web components of the VCM Collector.
6. "Configure SSRS on the VCMCollector" on page 51
SQL Server Reporting Services (SSRS) is a server-based report generation software system that is
administered using a web interface and used to deliver VCM reports.
7. "Configure the VCM Collector Components" on page 57
The VCM Collector contains the VCM software application, VCM services, and the OS Provisioning
Server. To prepare the VCM Collector components for VCM installation, configure the required
utilities.
What to do next
Review the DCOMand port requirements, and use VCM Installation Manager to install the VCM
components. See "Installing VCM" on page 116.
Verify that the Installing User is an Administrator
The user who installs the Windows Server 2008 R2 operating system must be an Administrator and a
domain account.
37
VMware, Inc.
Single-Tier Server Installation
Procedu re
1. Verify that the user is an Administrator.
a. Click Start and select All Programs > Administrative Tools > Computer Management.
b. Expand System Tools, expand Local Users and Groups, and click Users.
c. Right-click the user and click Properties.
d. Click the Member Of tab and verify that Administrators is listed.
e. If Administrators is not listed, add the user to the Administrators group.
f. Click Check Names and click OK.
2. Verify that the user is a domain account.
a. Click Groups.
b. Right-click Administrators and click Properties.
c. Verify that the Domain User is listed in the Members area.
What to do next
Prepare your Windows machine for VCM installation. See "Install and Configure a Windows Server 2008
R2 Operating System" on page 38.
Install and Configure a Windows Server 2008 R2 Operating System
To prepare your Windows machine for VCMinstallation, install the Windows Server 2008 R2 operating
system on each Windows machine in your installation configuration and verify that the settings are
configured for VCM operation.
Prerequisit es
n
Determine whether you require the Windows Server 2008 R2 Enterprise Edition or Standard Edition.
See the VCM Installation Guide.
n
The user who installs the Windows Server 2008 R2 operating system must be an Administrator and a
domain account. See "Verify that the Installing User is an Administrator" on page 37.
n
Verify that the computer name settings for your Windows machine is a valid DNS machine name with
no underscores. If you attempt to change the machine name after the machine is identified as a
Collector, problems might occur with VCM, SQL Server, and SQL Server Reporting Services.
VMware, Inc.
38
vCenter Configuration Manager Advanced Installation Guide
Procedu re
1. Install Microsoft Windows Server 2008 R2 on your Windows machine.
2. During the installation, you can configure several options.
Option Description
Regional and
Language
Determines how numbers, dates, currencies, and time settings appear.
n
Language: Setting for your language. The default is English.
Options
n
Time and currency format: Determines how numbers, dates, currencies, and time
settings appear. The default is English (United States).
n
Keyboard or input method: Allows text entry for multiple languages. The default
is US.
Disk
Configuration
Allows you to separate the machine disk drive into partitions to store data in
different partitions. You can create new disk partitions and delete existing partitions.
After you configure the disk, select a partition to install Windows Server 2008 R2
Edition.
Product Key When the installation prompts, enter your product key.
Licensing
Modes
Administrator
Password
Windows Server 2008 R2 Standard edition supports a single license that is included
with the product key.
The installation setup creates an account called administrator. To log on, you must
create a password that complies with the criteria. The password must have the
following attributes.
n
Minimum of six characters
n
Does not contain “administrator” or “admin”
n
Contains uppercase letters
n
Contains lower case letters
n
Contains numbers
n
Contains at least one non-alphanumeric character
3. Perform the initial configuration tasks to set the time zone and the computer name.
Configure the Operating System Locale Settings
To set the language for VCM installation, verify that your Windows Server Locale Setting is configured
correctly.
Procedu re
1. In Windows Explorer, click Start and select Control Panel > Clock, Language, and Region.
2. Click Region and Language.
3. Click the Administrative tab and set the language to English (United States).
39
VMware, Inc.
Single-Tier Server Installation
Disable the Remote Desktop Session Host
A Remote Desktop Session Host server hosts Windows-based programs for Remote Desktop Services
clients.
If the Remote Desktop Session Host role service is enabled, you must disable it to avoid changes to
settings for new connections, modifications of existing connections, or removal of connections.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. In the navigation pane, expand Roles and click Remote Desktop Services.
3. In the Remote Desktop Services pane, scroll down to Role Services.
4. Click the Remote Desktop Session Host role service to highlight it.
5. Click Remove Role Services.
6. Deselect the Remote Desktop Session Host role service and follow the prompts to finish disabling the
Remote Desktop Session host role.
Enable DCOM
The Distributed Component Object Model (DCOM) protocol allows application components to interact
across Windows machines. DCOM must be enabled on the Windows machine to install and run VCM.
Although DCOMis enabled by default when Windows Server 2008 R2 is installed, DCOMmight have
been disabled by a custom installation or a lock-down script.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Component Services to open
Component Services.
2. In the Component Services navigation pane, expand Component Services and expand Computers.
3. Right-click the computer and click Properties.
4. Click the Default Properties tab.
5. Select Enable Distributed COM on this computer and click OK.
What to do next
Install the .NET framework. See "Install the .NET Framework" on page 40.
Install the .NET Framework
To support library and language interoperability, the VCMCollector must have the required versions of
the .NET Framework installed.
VCM 5.6 requires the .NET 3.5.1 Framework. If you use Package Studio, the VCM Collector must have
.NET 3.5.1 installed. If you use Package Manager, the VCM Collector must have .NET 3.5.1 or .NET 4.0
installed.
Determine the installed version of the .NET Framework. If one of the .NET Framework versions is
missing, install the version from the Microsoft download Web site.
VMware, Inc.
40
vCenter Configuration Manager Advanced Installation Guide
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. Click Features.
3. Verify that .NET Framework 3.5.1 appears in the feature summary.
4. If .NET Framework 3.5.1 does not appear, under Features select Add Features and select .NET 3.5.1.
Verify the ASP.NET Client System Web Version
To support client programming, verify the ASP.NET Client System Web version to confirm that the .NET
framework is installed correctly, and install it if the version is not correct.
1. Click Start and select All Programs > Administrative Tools > Internet Information Services (IIS)
Manager.
2. Expand <server name> and click Sites.
3. Expand Default Web Site, expand aspnet_client, and expand system_web.
4. Verify that the version is 2_0_50727.
Verify the ASPRole Service
To support client programming, verify the status of the ASP Role Service to confirm that the .NET
framework is installed correctly.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. Expand Server Manager (<server name>) and expand Roles.
3. Click Web Server (IIS).
4. Scroll down to Role Services.
5. Locate ASP and verify whether the role service is installed.
6. If the role service is not installed, click Add Role Services and add the ASP role service.
Verify the ASP.NETRole Service
To support client programming, verify the status of the ASP.NET Role Service to confirm that the .NET
framework is installed correctly.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. Expand Server Manager (<server name>) and expand Roles.
3. Click Web Server (IIS).
4. Scroll down to Role Services.
5. Locate ASP.NET and verify that the role service is installed.
6. If the role service is not installed, click Add Role Services and add the ASP.NET role service.
What to do next
Configure the database components. See "Configuring the Database Components of the VCM Collector"
on page 42.
41
VMware, Inc.
Single-Tier Server Installation
Configuring the Database Components of the VCM Collector
To ensure that the installation creates the VCM databases, you must configure the database components
of the VCM Collector before you install VCM. In a single-tier installation configuration, the VCM database
resides on the VCM Collector. The databases include VCM, VCM_Coll, VCM_Raw, and VCM_UNIX.
VCM operates with a Standard or Enterprise edition of SQL Server. You must install the 64-bit SQL Server
2008 R2, English (United States) version on your designated database server machine and verify that the
settings are configured correctly for a VCM installation. For information about installing the VCM
Collector on a non-English operating system, see the VMware knowledge base article at
http://kb.vmware.com/kb/1035034.For information about VCM Agent support on non-English platforms,
see the VMware knowledge base article at http://kb.vmware.com/kb/2008337.
If you plan to change the communication port that SQL Server uses from the default port of 1433 to a
nonstandard port number, make the changes during the installation of SQL Server and SQL Server
Reporting Services (SSRS). Changing the port after you install SSRS disables SSRS communication with
SQL Server, which causes an SSRS validation error during the VCM installation process. If you change the
port after installation, you must configure additional SSRS settings to repair the configuration.
Install SQL Server on the VCMCollector
In a single-tier installation configuration, the VCM database server resides on the same server on which
you install VCM. The database server contains the VCM, VCM_Coll, VCM_Raw, and VCM_UNIX
databases. You must configure the VCM database server before you install VCM in a single-tier
installation configuration.
CAUTION If your Windows machine has an evaluation version of SQLServer StandardEdition or
Enterprise Edition, use it only for evaluation purposes. Do not use an evaluation version in a
production environment, because it is not officially supported for production.
Prerequisit es
n
Obtain the SQL Server 2008 R2 Enterprise or Standard edition installation disk or verify access to a file
share where the installer resides.
Procedu re
1. Start the SQLServer 2008 R2 installation.
2. Perform the following actions to install SQL Server 2008 R2 Enterprise or Standard edition.
Wizard Page Action
SQL Server
Click New installation or add features to an existing installation.
Installation
Center
Setup Support
Rules
Setup Support
Click Install and verify that all of the rules pass. To view the detailed system
configuration check report, click the link.
Click Install to install the setup support files.
Files
VMware, Inc.
42
vCenter Configuration Manager Advanced Installation Guide
Wizard Page Action
Setup Support
Verify that all of the rules passed.
Rules – for
SQL Server
Setup support
files
Installation
Select New installation or add shared features.
Type
Product Key Verify that the product key is entered.
License Terms Accept the license terms.
Setup Role Select SQL Server Feature Installation.
Feature
Selection
Select the following features.
Instance Features:
n
Database Engine Services
n
Reporting Services
Shared Features:
n
Client Tools Connectivity
n
SQL Server Books online
Installation
Rules
Instance
Configuration
Disk Space
Requirements
Server
Configuration
Database
Engine
Configuration
n
Management Tools - Basic
and Management Tools - Complete
Verify that the rules passed. To view the detailed system configuration check
report, click the link.
Select Default Instance. If an instance of SQL Server is not installed, the installation
creates a default instance. If an instance of SQLServer is already installed, select
Named Instance and assign a name.
Review the disk usage summary.
Click Use the same account for all SQL Server services and enter the NT
AUTHORITY\SYSTEM account and password.
It is possible to use a domain account for SQL Server services. A domain account
might be required for split installations, because the SQL Server Agent might need
access to the Collector for some activities. If you use a domain account, you should
use a local administrator on the SQL Server machine to access DBServices.
Otherwise, you must grant manual permissions.
Select Windows authentication and click Add Current User to add the account to
the SQL Server administrators.
Error
Review the summary information.
Reporting
43
VMware, Inc.
Wizard Page Action
Single-Tier Server Installation
Installation
Configuration
Verify that the rules passed. To view the detailed system configuration check
report, click the link.
Rules
Ready to
Install
What to do next
n
Reboot the single-server machine.
n
Configure the SQLServer properties. See "Verify and Configure the SQL Server Properties" on page 44.
Review the summary of features and click Install to install SQL Server 2008 R2.
When the installation is finished, click the link to view the log file.
Verify and Configure the SQL Server Properties
To ensure that SQLServer will operate with VCM, verify the SQLServer property settings and set the
server-wide SQL database settings in preparation to install VCM. For information about server-wide and
database-specific SQL Server database settings, see the VCM Administration Guide.
Procedu re
1. Click Start and select All Programs > Microsoft SQL Server 2008 R2 > SQL Server Management
Studio.
2. Right-click the SQL instance and select Properties.
3. Confirm the General page server properties.
a. Verify that the Version is 10.50.1600.1
b. Verify that the Language is English (United States).
If the language is not correct, uninstall and install the correct version of SQL Server.
c. Verify that the Server Collation is SQL_Latin1_General_CP1_CI_AS.
If the server collation is not correct, uninstall and reinstall SQL Server.
4. Select and confirm the Security page server properties.
a. Select Windows Authentication mode, which is recommended.
b. Although SQL Server and Windows Authentication mode is acceptable for VCM, select Windows
Authentication mode, which is recommended.
5. Select and confirm the Database Settings page server properties.
a. For Default index fill factor, type or select a percentage value, which specifies the amount of free
space in each index page when the page is rebuilt.
Set the fill factor to 80% to keep 20% free space available in each index page.
b. For Recovery interval (minutes), type or select 5.
6. Click OK to save your changes.
What to do next
To ensure that SQLServer and VCMoperate correctly together, verify that the SQLServer name matches
the Windows machine name. See "Verify Matching SQL Server and Computer Names" on page 45.
VMware, Inc.
44
vCenter Configuration Manager Advanced Installation Guide
Verify Matching SQL Server and Computer Names
To ensure that SQLServer and VCM operate correctly together, you must verify that the SQLServer
name matches the Windows machine name. If you recently installed SQL Server 2008 R2, you do not need
to verify that the names match. If you obtained a machine that was renamed after the operating system
and SQL Server 2008 R2 were installed, verify and reset the SQLServer server name.
Procedu re
1. Click Start and select All Programs > Microsoft SQL Server 2008 R2 > SQL Server Management
Studio.
2. Click Database Engine Query.
3. In the SQL Query pane, type SELECT @@Servername and click Execute.
4. Verify that the resulting SQL Server name matches the Windows machine name.
5. If the SQL Server name does not match the Windows machine name, reset the SQL Server name.
a. In the SQL Query pane, type the following command and replace NewServerName with the server
name.
exec sp_dropserver @@SERVERNAME
exec sp_addserver 'NewServerName', 'local'
b. Click Execute.
c. To restart the SQL Server services, click Start and select Programs > Microsoft SQL Server 2008
R2 > Configuration Tools > SQL Server Configuration Manager > SQL Server 2008 R2
Services.
d. Right-click SQL Server and click Restart.
6. Reboot the database server machine.
What to do next
Verify that the SQL Server Agent service account has the SQL Server sysadmin role. See "Verify the
SQLServer Agent Service Account is a sysadmin" on page 45.
Verify the SQLServer Agent Service Account is a sysadmin
The SQL Server Agent service account that runs scheduled jobs in SQL Server must be a sysadmin.
Procedu re
1. Click Start and select All Programs.
2. Click Microsoft SQL Server 2008 R2 and select SQL Server Management Studio.
3. Expand the server, expand Security, expand Server Roles.
4. Double-click sysadmin and view the members of the sysadmin role.
5. Verify that the account to use for the SQL Server Agent service is a member of the sysadmin fixed
role.
6. If the account is not a member of the sysadmin fixed role, add this role to the account.
What to do next
Select the SQL Server Agent service account See "Select the SQLServer Agent Service Account" on page 46.
45
VMware, Inc.
Single-Tier Server Installation
Select the SQLServer Agent Service Account
SQL Server Agent is a service that runs scheduled jobs in SQLServer and runs as a specific user account.
Verify that the SQL Server Agent service account that you provided during the SQL Server installation is a
SQL Server sysadmin.
Prerequisit es
n
Verify that the account you provide for the SQL Server Agent service has permission to log on as a
service and the required additional permissions. See the online Microsoft Developer Network for more
information.
n
Understand the supported service account types for non-clustered and clustered servers. VCM 5.6
supports Active/Active SQL clusters. See the online Microsoft Developer Network for more
information.
n
Verify that the account you will use for the SQL Server Agent service account has the sysadmin
privilege. See "Verify the SQLServer Agent Service Account is a sysadmin" on page 45.
Procedu re
1. On the VCMdatabase server machine, click Start and select All Programs.
2. Click Microsoft SQL Server 2008 R2 and select Configuration Tools > SQL Server Configuration
Manager.
3. Click SQL Server Services.
4. Right-click SQL Server Agent (MSSQLSERVER) and click Properties.
5. On the Log On tab, select a log on option and provide the account information.
Option Description
Built-in account In a single-tier installation, you can select the Local System account,
which has unrestricted access to all system resources. In a split
installation environment, do not select the built-in Local System
account. This account is a member of the Windows Administrators
group on the local machine.
This account In a split installation, the SQLServer Agent must be running as a user
account. Select a Windows domain account for the SQL Server Agent
service account.
This option provides increased security. Select this option for jobs that
require application resources across a network, to forward events to
other Windows application logs, or to notify administrators through
email or pagers.
6. Type or select an account name that has the sysadmin privilege.
7. Click OK.
What to do next
Establish SQLServer administration rights. See "Establish SQL Server Administration Rights" on page 46.
Establish SQL Server Administration Rights
Members of the SQLServer sysadmin fixed server role can perform any activity in the server. The user
who installs VCM must have SQL Server sysadmin rights.
VMware, Inc.
46
vCenter Configuration Manager Advanced Installation Guide
Procedu re
1. Click Start and select All Programs > Microsoft SQL Server 2008 R2 > SQL Server Management
Studio.
2. Expand the server instance, select Security and select Logins.
3. Right-click the login ID of the user who installs VCM and select Properties.
4. In the Select a page area, select Server Roles.
5. In the Server roles area, select the sysadmin check box.
6. Click OK to save the settings and close the window.
What to do next
Configure the Web components of the VCM Collector. See "Configure the Web Components" on page 47.
Configure the Web Components
The Web components of the VCM Collector contain Web applications such as IIS and SQL Server
Reporting Services (SSRS), other services, and VCM software components. Before you install VCM, you
must configure the Web components of the VCM Collector.
The Windows machine that hosts the Web components must be running Internet Information Services
(IIS) 7.5. IIS is installed when you install Windows Server 2008 R2.
The SQL Server license includes SQL Server Reporting Services (SSRS). In your installation configuration,
when you run SSRS and SQL Server on the same machine, the SQL Server database machine can take on
the role of the Report Server (SSRS).
VCM 5.6 supports running SSRS on the Web server or on the database server in a split installation.
Depending on the separation of services in your environment, you might want to install SSRS on the Web
server machine in a split installation, because SSRS has its own Web server.
If you install SSRS on the Web server, it requires an additional SQL Server license, because you are
installing SSRS on a Windows Server 2008 R2 machine that is separate from the SQL Server database
services. If you run SQL Server Enterprise Edition, all SQL Server services running in guests on a single
virtual machine host are covered by the Enterprise Edition license.
Prerequisit es
n
Perform the prerequisite tasks for your installation configuration.
n
Place the Web server in the Internet Explorer Trusted Zone so that Internet Explorer can delegate the
VCM user's credentials to the Web service for use with SQL Server. See "Place the Web Server in the
Internet Explorer Trusted Zone" on page 100.
n
If the domain firewall is turned on, verify that any required ports are open. If the database server is
blocked from communicating with the Collector, problems can occur when you submit jobs. VCM
displays an error about the SAS service, and the VCM Debug Event Log displays failures when calling
ecm_sp_collector_control.
n
Verify that .NET Framework 3.5.1 is installed on Windows Server 2008 R2 machines where Package
Studio will be installed.
n
Verify that you have an Internet connection to check for patch bulletin updates.
n
On the Windows Server 2008 R2 Web server machine, verify that the following .NET Framework
47
VMware, Inc.
Single-Tier Server Installation
components are installed.
n
Windows Process Activation Service
n
Process Model
n
.NETEnvironment
n
Configuration APIs
Procedu re
1. Restart the Web server machine.
2. Click Start and select All Programs > Administrative Tools > Server Manager.
3. Click Roles and verify that the Web Server (IIS) role appears.
4. If the Web Server (IIS) role does not appear, in the Roles Summary area, click Add Roles and add the
Web Server (IIS) role.
5. On the Select Server Roles page, select Web Server (IIS) and select the Web Server components to
add.
Option Action
Common HTTPFeatures Select these options:
n
Static Content
n
Default Document
n
Directory Browsing
n
HTTP Errors
Application Development Select these options:
n
ASP .NET
n
.Net Extensibility
n
ASP
n
ISAPI Extensions
n
ISAPI Filters
n
Server Side Includes
Health and Diagnostics Select these options:
n
HTTP Logging
n
Request Monitor
Security Select these options:
n
Basic Authentication
VMware, Inc.
n
Request Filtering
Performance Select:
n
Static Content Compression
48
vCenter Configuration Manager Advanced Installation Guide
Configuring IIS
To ensure that the Web components are correctly configured, verify that the correct role services are
enabled, the bindings are set correctly, and the default Web site is correct.
Verify the IIS 7.5 Role Services are Enabled
Verify that the correct IIS 7.5 Role Services are enabled on the VCM Collector.
Procedu re
1. On the Collector, click Start and select All Programs > Administrative Tools > Server Manager.
2. Expand Roles and click Web Server (IIS).
3. If the Web Server (IIS) role does not appear in the list of Roles, scroll to Role Services, click Add Role
Services and add the Web Server (IIS) Role.
When you installed IIS, the ASP Role Service, ASP.NET Role Service, and IIS ServerSideIncludes Role
Service were installed.
4. In the Web Server (IIS) pane, scroll to Role Services and verify that the status is set to Installed for the
following Role Services.
Role Service Cat egory Role Service
Common HTTP Features Static Content
Default Document
Directory Browsing
HTTPErrors
HTTPRedirection
Application Development ASP.NET
.NET Extensibility
ASP
ISAPIExtensions
ISAPI Filters
Server Side Includes
Health and Diagnostics HTTP Logging
Logging Tools
Request Monitor
Tracing
Security Basic Authentication
Windows Authentication
Digest Authentication
URL Authorization
Request Filtering
IP and Domain Restrictions
Performance Static Content Compression
Dynamic Content Compression
49
VMware, Inc.
Single-Tier Server Installation
Role Service Cat egory Role Service
Management Tools IISManagement Console
IIS Management Scripts and Tools
Management Service
5. If any of the Role Services are not installed, click Add Role Services, select the check boxes of the
services to install, and click Install.
Configure the IIS 7.5 Settings
IIS settings configure the information required for requests to communicate with a Web site. To support
VCMinteraction with IIS, configure the settings for the IIS 7.5 bindings on the VCMCollector machine to
ensure that the settings are correct.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Internet Information Services (IIS)
Manager.
2. Expand <server name>, expand Sites, and click Default Web Site.
3. In the Actions pane, under Manage Web Site and Browse Web Site, click Advanced Settings.
4. Expand Connection Limits and set Connection Time-out (seconds) to 3600.
5. Click OK.
Verify the IIS 7.5 Default Web Site
IIS 7.5 provides a default Web site that defines the default authentication settings for applications and
virtual directories. Verify that the IIS 7.5 default Web site has the correct settings.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Internet Information Services (IIS)
Manager.
2. Expand <server name>, expand Sites, and click Default Web Site.
3. In the Default Web Site Home pane, locate the IIS options.
4. Double-click Authentication and set the authentication.
Option Action
Anonymous Authentication Set to Disabled.
ASP.NET Impersonation Set to Disabled.
Basic Authentication Set to Enabled.
Forms Authentication Set to Disabled.
Verify the ISAPI Extensions
The ISAPI Extensions role provides support for dynamic Web content development. You must verify that
the role service is installed, and install it if needed.
VMware, Inc.
50
vCenter Configuration Manager Advanced Installation Guide
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. Expand Server Manager (<server name>) and expand Roles.
3. Click Web Server (IIS).
4. Scroll to Role Services.
5. Locate ISAPI Extensions and verify that the role service is installed.
6. If the role service is not installed, click Add Role Services and add the ISAPI Extensions role service.
What to do next
Prepare SQL Server Reporting Services (SSRS) to generate VCM reports. See "Configure SSRS on the
VCMCollector" on page 51.
Configure SSRS on the VCMCollector
SQL Server Reporting Services (SSRS) is a server-based report generation software system that is
administered using a web interface and used to deliver VCM reports.
Back Up Your SSRS Key
The rskeymgmt utility manages the symmetric keys used by a report server. This utility provides a way to
delete encrypted content that can no longer be used if you cannot recover or apply the key.
Use the Microsoft command-line utility to back up the symmetric key to an encrypted file.
Prerequisit es
n
See the online Microsoft Support center for details about how to use the rskeymgmt utility.
Procedu re
1. On the Collector file system, locate the rskeymgmt.exe utility at c:\Program Files (x86)
\Microsoft SQLServer\100\Tools\Binn or the directory where you installed SQLServer.
2. To copy your SSRS key set to a removable media device and store it in a secure location, open a
command line prompt and run the rskeymgmt.exe utility with the appropriate options.
Disable IE Protected Mode for SSRS
On the VCM Collector, when User Account Control (UAC) is turned on and Internet Explorer Protected
Mode is enabled, SSRS user permissions errors and Web service errors on dashboards and node
summaries can occur. UAC and Internet Explorer Protected Mode also block access to the
http://localhost/reports SSRS administration interfaces. If you use another machine to access the VCM Web
console interface, this problem does not occur.
CAUTION Do not use the VCM Collector Web console interface for general Internet access, because
doing so causes VCM SSRS dashboard errors. If you access the Internet through the VCM Collector
Web console interface, to enable the SSRS dashboards you must either disable Internet Explorer
Protected Mode for the zone of the Collector or run Internet Explorer as administrator.
Do not modify the Internet Explorer Protected Mode setting in other circumstances, because doing
so reduces the protection on the Collector and can increase the exposure of the Collector to attacks
through Internet Explorer.
51
VMware, Inc.
Single-Tier Server Installation
Procedu re
1. In Internet Explorer, click Tools.
2. Click Internet Options and click the Security tab.
3. Click Local intranet and deselect the Enable Protected Mode (requires restarting Internet Explorer)
check box.
4. Click Apply and OK, and close all instances of Internet Explorer.
Configure SSRS
Configure SSRS manually in your installation configuration, because the SSRS command-line configuration
tool does not perform these steps.
SSRS might require HTTPS during installation. If HTTPSis required, you manually export a self-signed
certificate and import it to the VCM Collector machine’s root certificate store. If you do not manually
export the certificate, a manual import of a VCM report might fail. If the manual import fails, run the
import from the VCM Collector machine. For more information, see the Microsoft IIS Resource Kit Tools.
Prerequisit es
n
Back up your SSRS key. See "Back Up Your SSRS Key" on page 51.
n
Disable the Internet Explorer Protected Mode. See "Disable IE Protected Mode for SSRS" on page 51.
Procedu re
1. On your single server, start SQLServer 2008 R2 Reporting Services Configuration Manager.
a. Click Start, select Run, and type rsconfigtool.exe.
b. In the Reporting Services Configuration Connection dialog box, click Connect to connect and log in
to SQL Server 2008 R2 Reporting Services.
2. Update the SQL Server database.
a. In the navigation pane, click Database and click Change Database.
b. In the Report Server Database Configuration pane, verify that Action is selected.
c. On the Change Database page, select Create a new report server database and click Next.
d. Change the server name of your database server to the database machine and database instance
where SSRS will connect.
e. Verify that the authentication type is set to Current User – Integrated Security and click Test
Connection.
f. When the test message is successful, close the Test Connection dialog box and click Next.
g. On the Database pane, enter a name for the Database and select the language as English (United
States).
h. Set the Report Server Mode to Native Mode and click Next.
i. In the Credentials pane, change the Authentication Type to Windows Credentials, specify an
account, and click Next.
VMware, Inc.
Specify an account that has permission to connect from the Web service on the single server to the
database on the single server, and specify the password for the account.
j. In the Summary pane, review the selections and click Next.
k. In the Progress and Finish pane, resolve any errors, and click Finish.
52
vCenter Configuration Manager Advanced Installation Guide
3. Update the encryption keys.
a. In the navigation pane, click Encryption Keys.
b. In the Delete Encrypted Content area, click Delete and accept the prompt to delete all encrypted
data.
c. In the Change area, click Change to replace the encryption key, and click OK.
4. Configure the Web Service URL.
a. In the navigation pane, click Web Service URL.
b. Verify or configure the settings and click Apply to activate the Report Server Web Service URL.
Option Action
Virtual Directory Set to ReportServer.
IP Address Set to All Assigned (Recommended).
TCP Port Set to 80 if you are not using HTTPS.
SSLCertificate Not Selected
c. In the Results area, confirm that the virtual directory is created and that the URL is reserved.
5. Confirm the Report Manager URL.
a. In the navigation pane, click Report Manager URL and click Apply to activate the Report Manager
URL.
b. Verify that the virtual directory was created and that the URL was reserved in the Results area.
c. Click the default URL and verify that it opens SQLServer Reporting Services.
6. Click Exit to close SQLServer 2008 R2 Reporting Services Configuration Manager.
What to do next
To authenticate users and client applications against the report server, configure Basic Authentication on
the report server. See "Configure Kerberos Authentication" on page 54.
Configure Basic Authentication on the Report Server
SQL Server Reporting Services (SSRS) provides several options to authenticate users and client applications
against the report server. When you install VCM in a single-tier split installation and use Basic
authentication, you must allow direct access to the Reports virtual directory.
Update the RSReportServer.config file so that VCM can authenticate users who use the VCM Web
console, and users can launch SSRS reports. To configure Basic authentication on the report server, edit the
XML elements and values in the RSReportServer.config file.
Procedu re
1. On the Windows machine where you installed SSRS, locate the rsreportserver.config file.
The default location is C:\Program Files\Microsoft SQL
ServerReportingServicesInstance\Reporting
Services\ReportServer\rsreportserver.config.
2. Stop the SSRS service.
3. Open the rsreportserver.config file for editing.
53
VMware, Inc.
Single-Tier Server Installation
4. In the file, locate the <AuthenticationTypes> block.
The block resembles the following example.
<Authentication>
<AuthenticationTypes>
<RSWindowsNegotiate/>
<RSWindowsNTLM/>
</AuthenticationTypes>
...
</Authentication>
5. Remove any existing parameters and add the <RSWindowsBasic/> parameter to the
<AuthenticationTypes> XML element.
The modified block resembles the following block.
<Authentication>
<AuthenticationTypes>
<RSWindowsBasic/>
</AuthenticationTypes>
...
</Authentication>
6. Save the configuration file.
7. Start the SSRS service.
What to do next
To authenticate VCM reports with Kerberos, see "Configure Kerberos Authentication" on page 54.
Configure Kerberos Authentication
The Kerberos network protocol uses secret-key cryptography to ensure security in your VCM
applications. To authenticate VCM Reports, you must use Basic Authentication with HTTPS or Kerberos
Authentication.
When you configure Kerberos Authentication in your installation, configure it on the database server.
Prerequisit es
n
Verify that your Windows Server 2008 R2 machine has Active Directory management tools installed. If
the tools are not installed, install them. See Microsoft TechNet online. This configuration requires an
Active Directory domain running at Windows Server 2003 or later domain functional level.
n
If SQL Server Reporting Services is running on a different Windows machine than the VCM Collector in
a single-tier installation, verify that the Application Pool account is a local administrator.
VMware, Inc.
54
vCenter Configuration Manager Advanced Installation Guide
Procedu re
1. Log in to your Windows Server 2008 R2 machine as a user who has domain administrator privileges.
2. Start Active Directory Domain Services and select Active Directory Users and Computers.
3. Verify whether AD accounts exist in your domain for the SQLServer service and the VCM IIS
Application Pool.
4. If the accounts do not exist, create them.
a. Set the database account to be a local administrator on the database server.
b. Make the Application Pool account a local administrator on the VCM Collector in a single-tier
installation.
5. Select the Computers container and locate the Web system.
a. Open the properties for Web system.
b. Click the Delegation tab.
c. Select Trust this computer for delegation to any service.
6. Open IIS manager and set the identity of the CMAppPool application pool to the IISaccount.
7. In Reporting Services Configuration Manager, configure the SQL Server Reporting Services service to
run as the IISApplication Pool account.
8. Change SQL Server to run as the SQLServerDomain account.
a. In Reporting Services Configuration Manager, click Encryption Keys and click Delete to delete
encrypted content.
b. In the navigation pane, click Service Account and enter the app_pool_account account for the
database connection.
9. Open a command prompt to set the service principal names directory property for the Active
Directory service accounts.
a. Click Start, select All Programs > Accessories, right-click Command Prompt, and select Run as
administrator.
b. Type: Setspn -a MSSQLSvc/db_server_name domain\sql_server_account_name and
press Enter.
c. Type: Setspn -a MSSQLSvc/db_server_name:1433 domain\sql_server_account_name
and press Enter.
d. Type: Setspn -a MSSQLSvc/db_server_fqdn domain\sql_server_account_name and
press Enter.
e. Type: Setspn -a MSSQLSvc/db_server_fqdn:1433 domain\sql_server_account_name
and press Enter.
55
VMware, Inc.
Single-Tier Server Installation
10. Verify whether SSRSis running on the SQLServer and if it is not running, locate and update the
Report Server configuration file named rsreportserver.config.
a. Locate the AuthenticationTypes XML element.
b. Remove <RSWindowsNTLM/> and <RSWindowsBasic/>.
c. Add <RSWindowsNegotiate/> and <RSWindowsKerberos/>.
The default location for the configuration file is C:\Program Files\Microsoft SQL
ServerReportingServicesInstance\Reporting
Services\ReportServer\rsreportserver.config.
11. In SQL Server Management Studio, grant the Application Pool user access to the VCM and VCM_Unix
databases, with membership in the VCM__SelectRole_General role in each database.
12. (Optional) If you did not configure the SQL Server Reporting Services service to run as the
IISApplication Pool account before installing VCM, start Internet Explorer as administrator and set the
report settings.
a. Click Start, select All Programs, right-click Internet Explorer and select Run as administrator.
b. Connect to http://localhost/Reports/Pages/Folder.aspx.
c. Click ECM Reports and click the ECM data source to display the properties menu.
d. To use integrated authentication, type the following text into the Connection string text box and
click Apply.
Integrated Security=SSPI;Data Source=db_server_name;Initial
Catalog=VCM;LANGUAGE=us_english;
e. Click the back button to return to the ECM Reports view.
13. Select Folder Settings, select Security, select the new SSRS user or group, and click New Role
Assignment.
14. Click Browser to allow the VCM SSRS user or group to view folders and reports and subscribe to
reports, and click OK.
15. In Server Manager, set the authentication mode.
a. In the navigation pane, select Roles > Web Server (IIS) and click Add Role Services in the Role
Services area.
b. In the Select Role Services wizard, locate the Security (Installed) section, click Windows
Authentication, and follow the prompts to install the service.
c. In the navigation pane, select Roles > Web Server (IIS).
d. Under server_name, select Sites\Default Web Site\VCM, double-click Authentication, and
verify that Windows Authentication is the only option enabled.
e. Under server_name\Sites\Default Web Site, double-click Authentication, click Windows
Authentication, verify that Windows Authentication is enabled, and click Advanced Settings.
f. Verify that Kernel Mode Authentication is disabled and click OK.
VMware, Inc.
56
vCenter Configuration Manager Advanced Installation Guide
16. In Windows Explorer, update the configuration files.
a. Open the configuration file at
Windows\System32\inetsrv\config\applicationhost.config and locate the
<authentication> section.
b. Verify that Windows authentication is enabled, and if it is not enabled, enable it.
c. Save any changes and close the file.
17. Open a command prompt to set the property for the Active Directory service accounts for the service
principal names directory.
a. Click Start and select All Programs > Accessories.
b. Right-click Command Prompt and select Run as administrator.
c. Type Setspn -a http/web_server_name domain\Application Pool Account Name and
press Enter.
d. Type Setspn -a http/web_server_fqdn domain\Application Pool Account Name and
press Enter.
18. Open the properties for the SQLServer and Application Pool accounts, click the Delegation tab, and
select Trust this user for delegation to any service.
What to do next
Configure the VCMCollector Components before you install VCM. See "Configure the VCM Collector
Components" on page 57.
Configure the VCM Collector Components
The VCM Collector contains the VCM software application, VCM services, and the OS Provisioning
Server. To prepare the VCM Collector components for VCM installation, configure the required utilities.
In your single-tier installation configuration, configure the Web server and VCM Collector components on
the same machine.
NOTE This procedure is required only if you did not install the complete set of Management Tools and
support components earlier.
Prerequisit es
n
Perform the prerequisite tasks for your installation configuration. See "Single-Tier Server Installation"
on page 34.
n
From the VCM Collector, verify that you can access the Microsoft Download Center, Microsoft SQL
Server 2008 Feature Pack to download SQL XML 4.0 and SP1 in the following procedure. See the online
Microsoft Download Center.
n
Verify that you can access the Microsoft Download Center, Microsoft SQL Server 2008 R2 Feature Pack
to download and install the Native Client (sqlncli.msi) in the following procedure. See the online
Microsoft Download Center. The SQL Command Line Tools in the SQLServer 2008 R2 Feature Pack are
required.
n
Install .NET Framework 3.5.1 on the Windows Server 2008 R2 machines where Package Studio will be
installed.
57
VMware, Inc.
Single-Tier Server Installation
Procedu re
1. Download and install SQL XML 4.0 and SP1, X64 Package.
2. Download and install SQL Server 2008 R2 Command Line Utilities, which includes the SQLCMD utility,
X64 Package (SqlCmdLnUtils.msi).
The SQL Command Line Tools in the SQLServer 2008 R2 Feature Pack are required.
3. Download and install the SQL Server 2008 R2 Native Client, X64 Package (sqlncli.msi).
The Native Client from the SQL Server 2008 R2 Feature Pack is required.
4. Reboot the VCM Collector.
What to do next
Review the DCOMand port requirements, and install VCM. See "Installing VCM" on page 116.
VMware, Inc.
58
vCenter Configuration Manager Advanced Installation Guide
59
VMware, Inc.
Two-Tier Split Installation
In a two-tier split installation, the VCM database resides on the Windows Server 2008 R2 database server
machine, and the VCM Collector and Web components reside on the second Windows Server 2008 R2
machine.
VCM 5.6 supports 64-bit environments that include 64-bit hardware, the 64-bit Windows Server 2008 R2
operating system, and SQL Server 2008 R2.
CAUTION A two-tier installation configuration uses basic authentication with HTTPS by default. Be
aware of the risks to exposure of sensitive data if you use basic security without HTTPS. Optionally,
you can use Kerberos Authentication.
Figure 9–1. Two-Tier Split Installation
9
You must install SQL Server Reporting Services (SSRS) on either the database server or the combined
VCMCollector and Web server.
The VMware Knowledge Base includes information about sizing your hardware environment for a twotier installation of VCM. See http://kb.vmware.com/kb/2033894.
For advanced information to install VCM in a two-tier environment, see the VCM Advanced Installation
Guide.
VMware, Inc.
60
vCenter Configuration Manager Advanced Installation Guide
Configuring a Two-Tier Split Installation Environment
In a two-tier installation environment, you configure the database server first, then configure the
combined VCM Collector and Web server before you install VCM. All machines are physical or virtual
Windows machines.
Your VCM database server and combined Web and VCM Collector server need the following
components.
Datab ase Server Components Combin ed Web an d VCM Co llecto r Server Components
VCM Database Components SSRS 2008 for VCM Reports
VMware VCM Package Manager for Windows VCM Web Console
SSRS 2008 for VCM Reports (Optional if you install
it on the combined Web and VCM Collector)
(Optional) Other Tools (Optional) SSRS 2008 for VCM Reports
Prerequisit es
n
Perform the general system prerequisite steps. See "System Prerequisites to Install VCM" on page 20.
n
Connect the database server machine to the domain.
n
Connect the combined VCM Collector and Web server machine to the domain.
n
Obtain the SQL Server 2008 R2 Enterprise or Standard edition installation disk or verify access to a file
VCM Collector Components
Import/Export Utility
Foundation Checker
VMware VCM Package Manager for Windows
VMware VCM Package Studio
share where the installer resides.
Procedu re
1. "Verify that the Installing User is an Administrator" on page 62
The user who installs the Windows Server 2008 R2 operating system must be an Administrator and a
domain account.
2. "Install and Configure a Windows Server 2008 R2 Operating System" on page 62
To prepare your Windows machine for VCMinstallation, install the Windows Server 2008 R2
operating system on each Windows machine in your installation configuration and verify that the
settings are configured for VCM operation.
3. "Configuring the VCM Database Server" on page 65
To ensure that the installation creates the VCM databases, you must configure the VCM database
server before you install VCM. In a two-tier split installation configuration, the VCM database server
resides on a dedicated machine. The databases include VCM, VCM_Coll, VCM_Raw, and VCM_UNIX.
4. "Configure the Combined VCM Collector and Web Server" on page 71
In a two-tier split installation configuration, the VCM Collector and the Web server components reside
together on a dedicated Windows Server 2008 R2 machine, and the VCM database server resides on a
separate Windows Server 2008 R2 machine.
5. "Configure the Web Components" on page 72
61
VMware, Inc.
The combined VCM Collector and Web server contains Web applications such as IIS and SQL Server
Reporting Services (SSRS), other services, and VCM software components. Before you install VCM,
you must configure the combined VCM Collector and Web server.
6. "Configure the VCM Collector Components" on page 84
The combined VCM Collector and Web server contains the VCM software application, VCM services,
and the OS Provisioning Server. To prepare the VCM Collector components of the combined VCM
Collector and Web server for VCM installation, configure the required utilities.
What to do next
Review the DCOMand port requirements, and use VCM Installation Manager to install the VCM
components. See "Installing VCM" on page 116.
Verify that the Installing User is an Administrator
The user who installs the Windows Server 2008 R2 operating system must be an Administrator and a
domain account.
Procedu re
1. Verify that the user is an Administrator.
a. Click Start and select All Programs > Administrative Tools > Computer Management.
Two-Tier Split Installation
b. Expand System Tools, expand Local Users and Groups, and click Users.
c. Right-click the user and click Properties.
d. Click the Member Of tab and verify that Administrators is listed.
e. If Administrators is not listed, add the user to the Administrators group.
f. Click Check Names and click OK.
2. Verify that the user is a domain account.
a. Click Groups.
b. Right-click Administrators and click Properties.
c. Verify that the Domain User is listed in the Members area.
What to do next
Prepare your Windows machine for VCM installation. See "Install and Configure a Windows Server 2008
R2 Operating System" on page 62.
Install and Configure a Windows Server 2008 R2 Operating System
To prepare your Windows machine for VCMinstallation, install the Windows Server 2008 R2 operating
system on each Windows machine in your installation configuration and verify that the settings are
configured for VCM operation.
VMware, Inc.
62
vCenter Configuration Manager Advanced Installation Guide
Prerequisit es
n
Determine whether you require the Windows Server 2008 R2 Enterprise Edition or Standard Edition.
See the VCM Installation Guide.
n
The user who installs the Windows Server 2008 R2 operating system must be an Administrator and a
domain account. See "Verify that the Installing User is an Administrator" on page 62.
n
Verify that the computer name settings for your Windows machine is a valid DNS machine name with
no underscores. If you attempt to change the machine name after the machine is identified as a
Collector, problems might occur with VCM, SQL Server, and SQL Server Reporting Services.
Procedu re
1. Install Microsoft Windows Server 2008 R2 on your Windows machine.
2. During the installation, you can configure several options.
Option Description
Regional and
Language
Determines how numbers, dates, currencies, and time settings appear.
n
Language: Setting for your language. The default is English.
Options
n
Time and currency format: Determines how numbers, dates, currencies, and time
settings appear. The default is English (United States).
n
Keyboard or input method: Allows text entry for multiple languages. The default
is US.
Disk
Configuration
Allows you to separate the machine disk drive into partitions to store data in
different partitions. You can create new disk partitions and delete existing partitions.
After you configure the disk, select a partition to install Windows Server 2008 R2
Edition.
Product Key When the installation prompts, enter your product key.
Licensing
Modes
Administrator
Password
Windows Server 2008 R2 Standard edition supports a single license that is included
with the product key.
The installation setup creates an account called administrator. To log on, you must
create a password that complies with the criteria. The password must have the
following attributes.
n
Minimum of six characters
n
Does not contain “administrator” or “admin”
n
Contains uppercase letters
n
Contains lower case letters
n
Contains numbers
n
Contains at least one non-alphanumeric character
3. Perform the initial configuration tasks to set the time zone and the computer name.
63
VMware, Inc.
Two-Tier Split Installation
Configure the Operating System Locale Settings
To set the language for VCM installation, verify that your Windows Server Locale Setting is configured
correctly.
Procedu re
1. In Windows Explorer, click Start and select Control Panel > Clock, Language, and Region.
2. Click Region and Language.
3. Click the Administrative tab and set the language to English (United States).
Disable the Remote Desktop Session Host
A Remote Desktop Session Host server hosts Windows-based programs for Remote Desktop Services
clients.
If the Remote Desktop Session Host role service is enabled, you must disable it to avoid changes to
settings for new connections, modifications of existing connections, or removal of connections.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. In the navigation pane, expand Roles and click Remote Desktop Services.
3. In the Remote Desktop Services pane, scroll down to Role Services.
4. Click the Remote Desktop Session Host role service to highlight it.
5. Click Remove Role Services.
6. Deselect the Remote Desktop Session Host role service and follow the prompts to finish disabling the
Remote Desktop Session host role.
Enable DCOM
The Distributed Component Object Model (DCOM) protocol allows application components to interact
across Windows machines. DCOM must be enabled on the Windows machine to install and run VCM.
Although DCOMis enabled by default when Windows Server 2008 R2 is installed, DCOMmight have
been disabled by a custom installation or a lock-down script.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Component Services to open
Component Services.
2. In the Component Services navigation pane, expand Component Services and expand Computers.
3. Right-click the computer and click Properties.
4. Click the Default Properties tab.
5. Select Enable Distributed COM on this computer and click OK.
What to do next
Configure the database server. See "Configuring the VCM Database Server" on page 65.
VMware, Inc.
64
vCenter Configuration Manager Advanced Installation Guide
Configuring the VCM Database Server
To ensure that the installation creates the VCM databases, you must configure the VCM database server
before you install VCM. In a two-tier split installation configuration, the VCM database server resides on a
dedicated machine. The databases include VCM, VCM_Coll, VCM_Raw, and VCM_UNIX.
The SQL Server license includes SQL Server Reporting Services (SSRS). In your two-tier split installation
configuration, when you run SSRS and SQL Server on the same machine, the SQL Server database
machine can take on the role of the Report Server (SSRS).
VCM 5.6 supports running SSRS on the Web server or on the database server in a split installation.
Depending on the separation of services in your environment, you might want to install SSRS on the Web
server machine in a split installation, because SSRS has its own Web server.
If you install SSRS on the Web server, it requires an additional SQL Server license, because you are
installing SSRS on a Windows Server 2008 R2 machine that is separate from the SQL Server database
services. If you run SQL Server Enterprise Edition, all SQL Server services running in guests on a single
virtual machine host are covered by the Enterprise Edition license.
VCM operates with a Standard or Enterprise edition of SQL Server. You must install the 64-bit SQL Server
2008 R2, English (United States) version on your designated database server machine and verify that the
settings are configured correctly for a VCM installation. For information about installing the VCM
Collector on a non-English operating system, see the VMware knowledge base article at
http://kb.vmware.com/kb/1035034.For information about VCM Agent support on non-English platforms,
see the VMware knowledge base article at http://kb.vmware.com/kb/2008337.
If you plan to change the communication port that SQL Server uses from the default port of 1433 to a
nonstandard port number, make the changes during the installation of SQL Server and SQL Server
Reporting Services (SSRS). Changing the port after you install SSRS disables SSRS communication with
SQL Server, which causes an SSRS validation error during the VCM installation process. If you change the
port after installation, you must configure additional SSRS settings to repair the configuration.
Disable the Firewall or Add an Exception for SQL Server Port 1433
On the machine that is running SQL Server, to access SQLServer through a firewall, you must configure
the firewall or add an exception for port 1433. Port 1433 is the SQL Server default instance running over
TCP.
Procedu re
1. To turn off the Windows domain firewall, follow these steps.
a. Click Start and select Control Panel.
b. Click System and Security.
c. Click Windows Firewall.
d. Click Turn Windows Firewall on or off.
e. Under Domain network location settings, click Turn off Windows Firewall.
2. To add an exception for SQL port 1433, follow these steps.
65
VMware, Inc.
Two-Tier Split Installation
a. In Windows Firewall in the Control Panel, click Advanced Settings to open the Windows Firewall
with Advanced Security dialog box.
b. Click Inbound Rules and click New Rule.
c. Click Port and Next.
d. Click TCP, click Specific local ports, type 1433, and click Next.
e. Click Allow the connection and click Next.
f. Click Domain, uncheck Private, uncheck Public, and click Next.
g. Type a name for the rule and click Finish.
Install SQL Server on the Database Server
In a two-tier split installation configuration, the VCM database server resides on a dedicated machine. The
database server contains the VCM, VCM_Coll, VCM_Raw, and VCM_UNIX databases. You must
configure the VCM database server before you install VCM in a two-tier split installation configuration.
CAUTION If your Windows machine has an evaluation version of SQLServer StandardEdition or
Enterprise Edition, use it only for evaluation purposes. Do not use an evaluation version in a
production environment, because it is not officially supported for production.
Prerequisit es
n
Obtain the SQL Server 2008 R2 Enterprise or Standard edition installation disk or verify access to a file
share where the installer resides.
Procedu re
1. Start the SQLServer 2008 R2 installation.
2. Perform the following actions to install SQL Server 2008 R2 Enterprise or Standard edition.
Wizard Page Action
SQL Server
Click New installation or add features to an existing installation.
Installation
Center
Setup Support
Rules
Setup Support
Click Install and verify that all of the rules pass. To view the detailed system
configuration check report, click the link.
Click Install to install the setup support files.
Files
Setup Support
Verify that all of the rules passed.
Rules – for
SQL Server
Setup support
files
VMware, Inc.
Installation
Select New installation or add shared features.
Type
Product Key Verify that the product key is entered.
66
vCenter Configuration Manager Advanced Installation Guide
Wizard Page Action
License Terms Accept the license terms.
Setup Role Select SQL Server Feature Installation.
Feature
Selection
Installation
Rules
Instance
Configuration
Disk Space
Requirements
Server
Configuration
Select the following features.
Instance Features:
n
Database Engine Services
Shared Features:
n
Client Tools Connectivity
n
SQL Server Books online
n
Management Tools - Basic
and Management Tools - Complete
Verify that the rules passed. To view the detailed system configuration check
report, click the link.
Select Default Instance. If an instance of SQL Server is not installed, the installation
creates a default instance. If an instance of SQLServer is already installed, select
Named Instance and assign a name.
Review the disk usage summary.
Click Use the same account for all SQL Server services and enter the NT
AUTHORITY\SYSTEM account and password.
It is possible to use a domain account for SQL Server services. A domain account
might be required for split installations, because the SQL Server Agent might need
access to the Collector for some activities. If you use a domain account, you should
use a local administrator on the SQL Server machine to access DBServices.
Otherwise, you must grant manual permissions.
Database
Engine
Select Windows authentication and click Add Current User to add the account to
the SQL Server administrators.
Configuration
Error
Review the summary information.
Reporting
Installation
Configuration
Verify that the rules passed. To view the detailed system configuration check
report, click the link.
Rules
Ready to
Install
What to do next
n
Reboot the database server machine.
67
Review the summary of features and click Install to install SQL Server 2008 R2.
When the installation is finished, click the link to view the log file.
VMware, Inc.
Two-Tier Split Installation
Verify and Configure the SQL Server Properties
To ensure that SQLServer will operate with VCM, verify the SQLServer property settings and set the
server-wide SQL database settings in preparation to install VCM. For information about server-wide and
database-specific SQL Server database settings, see the VCM Administration Guide.
Procedu re
1. Click Start and select All Programs > Microsoft SQL Server 2008 R2 > SQL Server Management
Studio.
2. Right-click the SQL instance and select Properties.
3. Confirm the General page server properties.
a. Verify that the Version is 10.50.1600.1
b. Verify that the Language is English (United States).
If the language is not correct, uninstall and install the correct version of SQL Server.
c. Verify that the Server Collation is SQL_Latin1_General_CP1_CI_AS.
If the server collation is not correct, uninstall and reinstall SQL Server.
4. Select and confirm the Security page server properties.
a. Select Windows Authentication mode, which is recommended.
b. Although SQL Server and Windows Authentication mode is acceptable for VCM, select Windows
Authentication mode, which is recommended.
5. Select and confirm the Database Settings page server properties.
a. For Default index fill factor, type or select a percentage value, which specifies the amount of free
space in each index page when the page is rebuilt.
Set the fill factor to 80% to keep 20% free space available in each index page.
b. For Recovery interval (minutes), type or select 5.
6. Click OK to save your changes.
What to do next
To ensure that SQLServer and VCMoperate correctly together, verify that the SQLServer name matches
the Windows machine name. See "Verify Matching SQL Server and Computer Names" on page 68.
Verify Matching SQL Server and Computer Names
To ensure that SQLServer and VCM operate correctly together, you must verify that the SQLServer
name matches the Windows machine name. If you recently installed SQL Server 2008 R2, you do not need
to verify that the names match. If you obtained a machine that was renamed after the operating system
and SQL Server 2008 R2 were installed, verify and reset the SQLServer server name.
Procedu re
1. Click Start and select All Programs > Microsoft SQL Server 2008 R2 > SQL Server Management
Studio.
VMware, Inc.
2. Click Database Engine Query.
3. In the SQL Query pane, type SELECT @@Servername and click Execute.
4. Verify that the resulting SQL Server name matches the Windows machine name.
68
vCenter Configuration Manager Advanced Installation Guide
5. If the SQL Server name does not match the Windows machine name, reset the SQL Server name.
a. In the SQL Query pane, type the following command and replace NewServerName with the server
name.
exec sp_dropserver @@SERVERNAME
exec sp_addserver 'NewServerName', 'local'
b. Click Execute.
c. To restart the SQL Server services, click Start and select Programs > Microsoft SQL Server 2008
R2 > Configuration Tools > SQL Server Configuration Manager > SQL Server 2008 R2
Services.
d. Right-click SQL Server and click Restart.
6. Reboot the database server machine.
What to do next
n
Reboot the database server machine.
n
Verify that the SQL Server Agent service account has the SQL Server sysadmin role. See "Verify the
SQLServer Agent Service Account is a sysadmin" on page 69.
Verify the SQLServer Agent Service Account is a sysadmin
The SQL Server Agent service account that runs scheduled jobs in SQL Server must be a sysadmin.
Open SQLServer Management Studio and verify that the account you will use for the SQL Server Agent
service account has the sysadmin privilege.
Procedu re
1. Click Start and select All Programs.
2. Click Microsoft SQL Server 2008 R2 and select SQL Server Management Studio.
3. Expand the server, expand Security, expand Server Roles.
4. Double-click sysadmin and view the members of the sysadmin role.
5. Verify that the account to use for the SQL Server Agent service is a member of the sysadmin fixed
role.
6. If the account is not a member of the sysadmin fixed role, add this role to the account.
What to do next
Select the SQL Server Agent service account See "Select the SQLServer Agent Service Account" on page 69.
Select the SQLServer Agent Service Account
SQL Server Agent is a service that runs scheduled jobs in SQLServer and runs as a specific user account.
Verify that the SQL Server Agent service account that you provided during the SQL Server installation is a
SQL Server sysadmin. The SQL Server Agent runs as a user account.
69
VMware, Inc.
Two-Tier Split Installation
Prerequisit es
n
Verify that the account you provide for the SQL Server Agent service has permission to log on as a
service and the required additional permissions. See the online Microsoft Developer Network for more
information.
n
Understand the supported service account types for non-clustered and clustered servers. VCM 5.6
supports Active/Active SQL clusters. See the online Microsoft Developer Network for more
information.
n
Verify that the account you will use for the SQL Server Agent service account has the sysadmin
privilege. See "Verify the SQLServer Agent Service Account is a sysadmin" on page 69.
Procedu re
1. On the VCMdatabase server machine, click Start and select All Programs.
2. Click Microsoft SQL Server 2008 R2 and select Configuration Tools > SQL Server Configuration
Manager.
3. Click SQL Server Services.
4. Right-click SQL Server Agent (MSSQLSERVER) and click Properties.
5. On the Log On tab, select a log on option and provide the account information.
Option Description
Built-in account In a single-tier installation, you can select the Local System account,
which has unrestricted access to all system resources. In a split
installation environment, do not select the built-in Local System
account. This account is a member of the Windows Administrators
group on the local machine.
This account In a split installation, the SQLServer Agent must be running as a user
account. Select a Windows domain account for the SQL Server Agent
service account.
This option provides increased security. Select this option for jobs that
require application resources across a network, to forward events to
other Windows application logs, or to notify administrators through
email or pagers.
6. Type or select an account name that has the sysadmin privilege.
7. Click OK.
What to do next
Establish SQLServer administration rights. See "Establish SQL Server Administration Rights" on page 70.
Establish SQL Server Administration Rights
Members of the SQLServer sysadmin fixed server role can perform any activity in the server. The user
who installs VCM must have SQL Server sysadmin rights.
VMware, Inc.
70
vCenter Configuration Manager Advanced Installation Guide
Procedu re
1. Click Start and select All Programs > Microsoft SQL Server 2008 R2 > SQL Server Management
Studio.
2. Expand the server instance, select Security and select Logins.
3. Right-click the login ID of the user who installs VCM and select Properties.
4. In the Select a page area, select Server Roles.
5. In the Server roles area, select the sysadmin check box.
6. Click OK to save the settings and close the window.
What to do next
Configure the combined VCM Collector and Web server. See "Configure the Combined VCM Collector
and Web Server" on page 71.
Configure the Combined VCM Collector and Web Server
In a two-tier split installation configuration, the VCM Collector and the Web server components reside
together on a dedicated Windows Server 2008 R2 machine, and the VCM database server resides on a
separate Windows Server 2008 R2 machine.
To configure the combined VCM Collector and Web server for a two-tier installation, verify the SQLXML
version, configure IIS, install and configure SSRS, then configure the VCM Collector components.
Install the .NET Framework
To support library and language interoperability, the VCMCollector must have the required versions of
the .NET Framework installed.
VCM 5.6 requires the .NET 3.5.1 Framework. If you use Package Studio, the VCM Collector must have
.NET 3.5.1 installed. If you use Package Manager, the VCM Collector must have .NET 3.5.1 or .NET 4.0
installed.
Determine the installed version of the .NET Framework. If one of the .NET Framework versions is
missing, install the version from the Microsoft download Web site.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. Click Features.
3. Verify that .NET Framework 3.5.1 appears in the feature summary.
4. If .NET Framework 3.5.1 does not appear, under Features select Add Features and select .NET 3.5.1.
Verify the ASP.NET Client System Web Version
To support client programming, verify the ASP.NET Client System Web version to confirm that the .NET
framework is installed correctly, and install it if the version is not correct.
1. Click Start and select All Programs > Administrative Tools > Internet Information Services (IIS)
Manager.
2. Expand <server name> and click Sites.
3. Expand Default Web Site, expand aspnet_client, and expand system_web.
4. Verify that the version is 2_0_50727.
71
VMware, Inc.
Two-Tier Split Installation
Verify the ASPRole Service
To support client programming, verify the status of the ASP Role Service to confirm that the .NET
framework is installed correctly.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. Expand Server Manager (<server name>) and expand Roles.
3. Click Web Server (IIS).
4. Scroll down to Role Services.
5. Locate ASP and verify whether the role service is installed.
6. If the role service is not installed, click Add Role Services and add the ASP role service.
Verify ASP.NETRole Service
To support client programming, verify the status of the ASP.NET Role Service to confirm that the .NET
framework is installed correctly.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. Expand Server Manager (<server name>) and expand Roles.
3. Click Web Server (IIS).
4. Scroll down to Role Services.
5. Locate ASP.NET and verify that the role service is installed.
6. If the role service is not installed, click Add Role Services and add the ASP.NET role service.
What to do next
Configure the Web components for the combined VCM Collector and Web server. See "Configure the
Web Components" on page 72.
Configure the Web Components
The combined VCM Collector and Web server contains Web applications such as IIS and SQL Server
Reporting Services (SSRS), other services, and VCM software components. Before you install VCM, you
must configure the combined VCM Collector and Web server.
The Windows machine that hosts the Web components must be running Internet Information Services
(IIS) 7.5. IIS is installed when you install Windows Server 2008 R2.
For a two-tier installation, the Web server components reside on the same machine as the VCM Collector.
The SQL Server license includes SQL Server Reporting Services (SSRS). In your two-tier split installation
configuration, when you run SSRS and SQL Server on the same machine, the SQL Server database
machine can take on the role of the Report Server (SSRS).
VCM 5.6 supports running SSRS on the Web server or on the database server in a split installation.
Depending on the separation of services in your environment, you might want to install SSRS on the Web
server machine in a split installation, because SSRS has its own Web server.
VMware, Inc.
72
vCenter Configuration Manager Advanced Installation Guide
If you install SSRS on the Web server, it requires an additional SQL Server license, because you are
installing SSRS on a Windows Server 2008 R2 machine that is separate from the SQL Server database
services. If you run SQL Server Enterprise Edition, all SQL Server services running in guests on a single
virtual machine host are covered by the Enterprise Edition license.
Prerequisit es
n
Perform the prerequisite tasks for your two-tier split installation configuration. See "Two-Tier Split
Installation" on page 60.
n
Place the Web server in the Internet Explorer Trusted Zone so that Internet Explorer can delegate the
VCM user's credentials to the Web service for use with SQL Server. See "Place the Web Server in the
Internet Explorer Trusted Zone" on page 100.
n
If the domain firewall is turned on, verify that any required ports are open. If the database server is
blocked from communicating with the Collector, problems can occur when you submit jobs. VCM
displays an error about the SAS service, and the VCM Debug Event Log displays failures when calling
ecm_sp_collector_control.
n
Verify that .NET Framework 3.5.1 is installed on Windows Server 2008 R2 machines where Package
Studio will be installed.
n
Verify that you have an Internet connection to check for patch bulletin updates.
n
On the Windows Server 2008 R2 Web server machine, verify that the following .NET Framework
components are installed.
n
Windows Process Activation Service
n
Process Model
n
.NETEnvironment
n
Configuration APIs
Procedu re
1. Restart the Web server machine.
2. Click Start and select All Programs > Administrative Tools > Server Manager.
3. Click Roles and verify that the Web Server (IIS) role appears.
4. If the Web Server (IIS) role does not appear, in the Roles Summary area, click Add Roles and add the
Web Server (IIS) role.
5. On the Select Server Roles page, select Web Server (IIS) and select the Web Server components to
add.
Option Action
Common HTTPFeatures Select these options:
n
Static Content
n
Default Document
n
Directory Browsing
n
HTTP Errors
73
VMware, Inc.
Option Action
Application Development Select these options:
n
ASP .NET
n
.Net Extensibility
n
ASP
n
ISAPI Extensions
n
ISAPI Filters
n
Server Side Includes
Health and Diagnostics Select these options:
n
HTTP Logging
n
Request Monitor
Security Select these options:
n
Basic Authentication
n
Request Filtering
Two-Tier Split Installation
Performance Select:
n
Static Content Compression
Configuring IIS
To ensure that the Web components are correctly configured, verify that the correct role services are
enabled, the bindings are set correctly, and the default Web site is correct.
Verify the IIS 7.5 Role Services are Enabled
Verify that the correct IIS 7.5 Role Services are enabled on the combined VCM Collector and Web server .
Procedu re
1. On the Collector, click Start and select All Programs > Administrative Tools > Server Manager.
2. Expand Roles and click Web Server (IIS).
3. If the Web Server (IIS) role does not appear in the list of Roles, scroll to Role Services, click Add Role
Services and add the Web Server (IIS) Role.
When you installed IIS, the ASP Role Service, ASP.NET Role Service, and IIS ServerSideIncludes Role
Service were installed.
VMware, Inc.
74
vCenter Configuration Manager Advanced Installation Guide
4. In the Web Server (IIS) pane, scroll to Role Services and verify that the status is set to Installed for the
following Role Services.
Role Service Cat egory Role Service
Common HTTP Features Static Content
Application Development ASP.NET
Health and Diagnostics HTTP Logging
Security Basic Authentication
Default Document
Directory Browsing
HTTPErrors
HTTPRedirection
.NET Extensibility
ASP
ISAPIExtensions
ISAPI Filters
Server Side Includes
Request Monitor
Windows Authentication
Digest Authentication
URL Authorization
Request Filtering
IP and Domain Restrictions
Performance Static Content Compression
Dynamic Content Compression
Management Tools IISManagement Console
IIS Management Scripts and Tools
Management Service
5. If any of the Role Services are not installed, click Add Role Services, select the check boxes of the
services to install, and click Install.
Configure the IIS 7.5 Settings
IIS settings configure the information required for requests to communicate with a Web site. To support
VCMinteraction with IIS, configure the settings for the IIS 7.5 bindings on the combined VCMCollector
and Web server to ensure that the settings are correct.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Internet Information Services (IIS)
Manager.
2. Expand <server name>, expand Sites, and click Default Web Site.
3. In the Actions pane, under Edit Site, click Bindings.
4. Click Add to open the Site Bindings dialog box.
75
VMware, Inc.
Two-Tier Split Installation
a. In the Type menu, select http.
b. In the IPaddress menu, select All Unassigned.
c. In the Port text box, type 80.
5. In the Site Bindings dialog box, click Close.
6. In the Actions pane, under Manage Web Site and Browse Web Site, click Advanced Settings.
7. Expand Connection Limits and set Connection Time-out (seconds) to 3600.
8. Click OK.
Verify the IIS 7.5 Default Web Site
IIS 7.5 provides a default Web site that defines the default authentication settings for applications and
virtual directories. Verify that the IIS 7.5 default Web site has the correct settings.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Internet Information Services (IIS)
Manager.
2. Expand <server name>, expand Sites, and click Default Web Site.
3. In the Default Web Site Home pane, locate the IIS options.
4. Double-click Authentication and set the authentication.
Option Action
Anonymous Authentication Set to Disabled.
ASP.NET Impersonation Set to Disabled.
Basic Authentication Set to Enabled.
Forms Authentication Set to Disabled.
Verify the ISAPI Extensions
The ISAPI Extensions role provides support for dynamic Web content development. You must verify that
the role service is installed, and install it if needed.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. Expand Server Manager (<server name>) and expand Roles.
3. Click Web Server (IIS).
4. Scroll to Role Services.
5. Locate ISAPI Extensions and verify that the role service is installed.
What to do next
Prepare SQL Server Reporting Services (SSRS) to generate VCM reports. See "Installing and Configuring
SSRS on the Combined VCM Collector and Web Server" on page 77.
VMware, Inc.
6. If the role service is not installed, click Add Role Services and add the ISAPI Extensions role service.
76
vCenter Configuration Manager Advanced Installation Guide
Installing and Configuring SSRS on the Combined VCM Collector and Web Server
SQL Server Reporting Services (SSRS) is a server-based report generation software system that is
administered using a web interface and used to deliver VCM reports.
Back Up Your SSRS Key
The rskeymgmt utility manages the symmetric keys used by a report server. This utility provides a way to
delete encrypted content that can no longer be used if you cannot recover or apply the key.
Use the Microsoft command-line utility to back up the symmetric key to an encrypted file.
Prerequisit es
n
See the online Microsoft Support center for details about how to use the rskeymgmt utility.
Procedu re
1. On the Collector file system, locate the rskeymgmt.exe utility at c:\Program Files (x86)
\Microsoft SQLServer\100\Tools\Binn or the directory where you installed SQLServer.
2. To copy your SSRS key set to a removable media device and store it in a secure location, open a
command line prompt and run the rskeymgmt.exe utility with the appropriate options.
Install SQL Server Reporting Services
In a two-tier installation configuration, for the Web server to generate VCM reports, install SQL Server
Reporting Services (SSRS).
Prerequisit es
n
Back up your SSRS key. See "Back Up Your SSRS Key" on page 77.
n
Obtain the SQL Server 2008 R2 Enterprise or Standard edition installation disk or verify access to a file
share where the installer resides.
Procedu re
1. Start the SQLServer 2008 R2 installation.
2. Perform the actions to install SQL Server Reporting Services.
Wizard Page Action
SQL Server
Installation
Center
Setup Support
Rules
Setup Support
Files
Click New installation or add features to an existing installation.
Click Install and verify that all of the rules pass. To view the detailed system
configuration check report, click the link.
Click Install to install the setup support files.
Setup Support
Verify that all of the rules passed.
Rules – for
SQL Server
Setup support
files
77
VMware, Inc.
Wizard Page Action
Two-Tier Split Installation
Installation
Select New installation or add shared features.
Type
Product Key Verify that the product key is entered.
License Terms Accept the license terms.
Setup Role Select SQL Server Feature Installation.
Feature
Selection
Installation
Rules
Instance
Configuration
Select the following options.
n
Reporting Services
n
Client Tools Connectivity
n
(Optional) SQL Server Books Online
n
Management Tools - Basic
n
Management Tools - Complete
Verify that the rules passed. To view the detailed system configuration check
report, click the link.
Select Default Instance. If an instance of SQL Server is not installed, the installation
creates a default instance. If an instance of SQL Server is installed, select Named
Instance and assign a name.
Disk Space
Review the disk usage summary.
Requirements
Server
Configuration
Database
Engine
Configuration
Error
Reporting
Installation
Configuration
Rules
Ready to
Install
Click Use the same account for all SQL Server services.
n
If you will not install SSRS on the combined VCMCollector and Web Server
machine, enter the NT AUTHORITY\SYSTEM account and password.
n
If you will install SSRS on the combined VCMCollector and Web Server, use the
Network Service account instead of NT AUTHORITY\SYSTEM.
It is possible to use a domain account for SQL Server services. A domain account
might be required for split installations, because the SQL Server Agent might need
access to the Collector for some activities. If you use a domain account, you should
use a local administrator on the SQL Server machine to access DBServices,
otherwise you must grant manual permissions.
Select Mixed Mode (SQL Server authentication and Windows authentication),
enter and confirm the password, and click Add Current User to add the account to
the SQL Server administrators.
Review the summary information.
Verify that the rules passed. To view the detailed system configuration check
report, click the link.
Review the summary of features and click Install to install SQL Server Reporting
Services. When the installation is finished, click the link to view the log file.
VMware, Inc.
78
vCenter Configuration Manager Advanced Installation Guide
Configure SSRS
Configure SSRS manually in your installation configuration, because the SSRS command-line configuration
tool does not perform these steps.
SSRS might require HTTPS during installation. If HTTPSis required, you manually export a self-signed
certificate and import it to the VCMCollector machine’s root certificate store. If you do not manually
export the certificate, a manual import of a VCM report might fail. If the manual import fails, run the
import from the VCM Collector machine. For more information, see the Microsoft IIS Resource Kit Tools.
Prerequisit es
n
Back up your SSRS key. See "Back Up Your SSRS Key" on page 77.
Procedu re
1. On your combined VCMCollector and Web server, start SQLServer 2008 R2 Reporting Services
Configuration Manager.
a. Click Start, select Run, and type rsconfigtool.exe.
b. In the Reporting Services Configuration Connection dialog box, click Connect to connect and log in
to SQL Server 2008 R2 Reporting Services.
2. Update the SQL Server database.
a. In the navigation pane, click Database and click Change Database.
b. In the Report Server Database Configuration pane, verify that Action is selected.
c. On the Change Database page, select Create a new report server database and click Next.
d. Change the server name of your database server to the database machine and database instance
where SSRS will connect.
e. Verify that the authentication type is set to Current User – Integrated Security and click Test
Connection.
f. When the test message is successful, close the Test Connection dialog box and click Next.
g. On the Database pane, enter a name for the Database and select the language as English (United
States).
h. Set the Report Server Mode to Native Mode and click Next.
i. In the Credentials pane, change the Authentication Type to Windows Credentials, specify an
account, and click Next.
Specify an account that has permission to connect from the combined VCMCollector and Web
server to the database server, and specify the password for the account.
j. In the Summary pane, review the selections and click Next.
k. In the Progress and Finish pane, resolve any errors, and click Finish.
3. Update the encryption keys.
a. In the navigation pane, click Encryption Keys.
b. In the Delete Encrypted Content area, click Delete and accept the prompt to delete all encrypted
data.
c. In the Change area, click Change to replace the encryption key, and click OK.
4. Configure the Web Service URL.
79
VMware, Inc.
Two-Tier Split Installation
a. In the navigation pane, click Web Service URL.
b. Verify or configure the settings and click Apply to activate the Report Server Web Service URL.
Option Action
Virtual Directory Set to ReportServer.
IP Address Set to All Assigned (Recommended).
TCP Port Set to 80 if you are not using HTTPS.
SSLCertificate Not Selected
c. In the Results area, confirm that the virtual directory is created and that the URL is reserved.
5. Confirm the Report Manager URL.
a. In the navigation pane, click Report Manager URL and click Apply to activate the Report Manager
URL.
b. Verify that the virtual directory was created and that the URL was reserved in the Results area.
c. Click the default URL and verify that it opens SQLServer Reporting Services.
6. Click Exit to close SQLServer 2008 R2 Reporting Services Configuration Manager.
What to do next
To authenticate users and client applications against the report server, configure Basic Authentication on
the report server. See "Configure Basic Authentication on the Report Server for Multi-Tier Installations" on
page 80.
Configure Basic Authentication on the Report Server for Multi-Tier Installations
SQL Server Reporting Services (SSRS) provides several options to authenticate users and client applications
against the report server. When you install VCM in a two-tier split installation and use Basic
authentication, you must allow direct access to the Reports virtual directory.
Update the RSReportServer.config file so that VCM can authenticate users who use the VCM Web
console, and users can launch SSRS reports. To configure Basic authentication on the report server, edit the
XML elements and values in the RSReportServer.config file.
Procedu re
1. On the Windows machine where you installed SSRS, locate the rsreportserver.config file.
The default location is C:\Program Files\Microsoft SQL
ServerReportingServicesInstance\Reporting
Services\ReportServer\rsreportserver.config.
2. Stop the SSRS service.
3. Open the rsreportserver.config file for editing.
VMware, Inc.
80
vCenter Configuration Manager Advanced Installation Guide
4. In the file, locate the <AuthenticationTypes> block.
The block resembles the following example.
<Authentication>
<AuthenticationTypes>
<RSWindowsNegotiate/>
<RSWindowsNTLM/>
</AuthenticationTypes>
...
</Authentication>
5. Remove any existing parameters and add the <RSWindowsBasic/> parameter to the
<AuthenticationTypes> XML element.
The modified block resembles the following block.
<Authentication>
<AuthenticationTypes>
<RSWindowsBasic/>
</AuthenticationTypes>
...
</Authentication>
6. Save the configuration file.
7. Start the SSRS service.
What to do next
To authenticate VCM reports with Kerberos, see "Configure Kerberos Authentication" on page 81.
Configure Kerberos Authentication
The Kerberos network protocol uses secret-key cryptography to ensure security in your VCM
applications. To authenticate VCM Reports, you must use Basic Authentication with HTTPS or Kerberos
Authentication.
When you configure Kerberos Authentication in your two-tier split installation, configure it on the
database server and the combined VCMCollector and Web server.
Prerequisit es
n
Verify that your Windows Server 2008 R2 machine has Active Directory management tools installed. If
the tools are not installed, install them. See Microsoft TechNet online. This configuration requires an
Active Directory domain running at Windows Server 2003 or later domain functional level.
n
If SQL Server Reporting Services is running on a different Windows machine than the VCM Collector in
a two-tier installation, verify that the Application Pool account is a local administrator.
81
VMware, Inc.
Two-Tier Split Installation
Procedu re
1. Log in to your Windows Server 2008 R2 machine as a user who has domain administrator privileges.
2. Start Active Directory Domain Services and select Active Directory Users and Computers.
3. Verify whether AD accounts exist in your domain for the SQLServer service and the VCM IIS
Application Pool.
4. If the accounts do not exist, create them.
a. Set the database account to be a local administrator on the database server.
b. Make the Application Pool account a local administrator on the VCM Collector in a two-tier
installation.
5. Select the Computers container and locate the Web system.
a. Open the properties for Web system.
b. Click the Delegation tab.
c. Select Trust this computer for delegation to any service.
6. Open IIS manager and set the identity of the CMAppPool application pool to the IISaccount.
7. In Reporting Services Configuration Manager, configure the SQL Server Reporting Services service to
run as the IISApplication Pool account.
8. Change SQL Server to run as the SQLServerDomain account.
a. In Reporting Services Configuration Manager, click Encryption Keys and click Delete to delete
encrypted content.
b. In the navigation pane, click Service Account and enter the app_pool_account account for the
database connection.
9. Open a command prompt to set the service principal names directory property for the Active
Directory service accounts.
a. Click Start, select All Programs > Accessories, right-click Command Prompt, and select Run as
administrator.
b. Type: Setspn -a MSSQLSvc/db_server_name domain\sql_server_account_name and
press Enter.
c. Type: Setspn -a MSSQLSvc/db_server_name:1433 domain\sql_server_account_name
and press Enter.
d. Type: Setspn -a MSSQLSvc/db_server_fqdn domain\sql_server_account_name and
press Enter.
e. Type: Setspn -a MSSQLSvc/db_server_fqdn:1433 domain\sql_server_account_name
and press Enter.
VMware, Inc.
82
vCenter Configuration Manager Advanced Installation Guide
10. Verify whether SSRSis running on the SQLServer and if it is not running, locate and update the
Report Server configuration file named rsreportserver.config.
a. Locate the AuthenticationTypes XML element.
b. Remove <RSWindowsNTLM/> and <RSWindowsBasic/>.
c. Add <RSWindowsNegotiate/> and <RSWindowsKerberos/>.
The default location for the configuration file is C:\Program Files\Microsoft SQL
ServerReportingServicesInstance\Reporting
Services\ReportServer\rsreportserver.config.
11. In SQL Server Management Studio, grant the Application Pool user access to the VCM and VCM_Unix
databases, with membership in the VCM__SelectRole_General role in each database.
12. (Optional) If you did not configure the SQL Server Reporting Services service to run as the
IISApplication Pool account before installing VCM, start Internet Explorer as administrator and set the
report settings.
a. Click Start, select All Programs, right-click Internet Explorer and select Run as administrator.
b. Connect to http://localhost/Reports/Pages/Folder.aspx.
c. Click ECM Reports and click the ECM data source to display the properties menu.
d. To use integrated authentication, type the following text into the Connection string text box and
click Apply.
Integrated Security=SSPI;Data Source=db_server_name;Initial
Catalog=VCM;LANGUAGE=us_english;
e. Click the back button to return to the ECM Reports view.
13. Select Folder Settings, select Security, select the new SSRS user or group, and click New Role
Assignment.
14. Click Browser to allow the VCM SSRS user or group to view folders and reports and subscribe to
reports, and click OK.
15. In Server Manager, set the authentication mode.
a. In the navigation pane, select Roles > Web Server (IIS) and click Add Role Services in the Role
Services area.
b. In the Select Role Services wizard, locate the Security (Installed) section, click Windows
Authentication, and follow the prompts to install the service.
c. In the navigation pane, select Roles > Web Server (IIS).
d. Under server_name, select Sites\Default Web Site\VCM, double-click Authentication, and
verify that Windows Authentication is the only option enabled.
e. Under server_name\Sites\Default Web Site, double-click Authentication, click Windows
Authentication, verify that Windows Authentication is enabled, and click Advanced Settings.
f. Verify that Kernel Mode Authentication is disabled and click OK.
83
VMware, Inc.
Two-Tier Split Installation
16. In Windows Explorer, update the configuration files.
a. Open the configuration file at
Windows\System32\inetsrv\config\applicationhost.config and locate the
<authentication> section.
b. Verify that Windows authentication is enabled, and if it is not enabled, enable it.
c. Save any changes and close the file.
17. Open a command prompt to set the property for the Active Directory service accounts for the service
principal names directory.
a. Click Start and select All Programs > Accessories.
b. Right-click Command Prompt and select Run as administrator.
c. Type Setspn -a http/web_server_name domain\Application Pool Account Name and
press Enter.
d. Type Setspn -a http/web_server_fqdn domain\Application Pool Account Name and
press Enter.
18. Open the properties for the SQLServer and Application Pool accounts, click the Delegation tab, and
select Trust this user for delegation to any service.
What to do next
Configure the VCM Collector components of the combined VCM Collector and Web server before you
install VCM. See "Configure the VCM Collector Components" on page 84.
Configure the VCM Collector Components
The combined VCM Collector and Web server contains the VCM software application, VCM services, and
the OS Provisioning Server. To prepare the VCM Collector components of the combined VCM Collector
and Web server for VCM installation, configure the required utilities.
In your two-tier split installation configuration, configure the Web server and VCM Collector components
on the same machine.
NOTE This procedure is required only if you did not install the complete set of Management Tools and
support components earlier.
Prerequisit es
n
Perform the prerequisite tasks for your two-tier split installation configuration. See "Two-Tier Split
Installation" on page 60.
n
From the VCM Collector, verify that you can access the Microsoft Download Center, Microsoft SQL
Server 2008 Feature Pack to download SQL XML 4.0 and SP1 in the following procedure. See the online
Microsoft Download Center.
n
Verify that you can access the Microsoft Download Center, Microsoft SQL Server 2008 R2 Feature Pack
to download and install the Native Client (sqlncli.msi) in the following procedure. See the online
Microsoft Download Center. The SQL Command Line Tools in the SQLServer 2008 R2 Feature Pack are
required on the combined VCM Collector and Web server.
n
VMware, Inc.
Install .NET Framework 3.5.1 on the Windows Server 2008 R2 machines where Package Studio will be
installed.
84
vCenter Configuration Manager Advanced Installation Guide
Procedu re
1. Download and install SQL XML 4.0 and SP1, X64 Package.
2. Download and install SQL Server 2008 R2 Command Line Utilities, which includes the SQLCMD utility,
X64 Package (SqlCmdLnUtils.msi).
The SQL Command Line Tools in the SQLServer 2008 R2 Feature Pack are required on the combined
VCM Collector and Web server.
3. Download and install the SQL Server 2008 R2 Native Client, X64 Package (sqlncli.msi).
The Native Client from the SQL Server 2008 R2 Feature Pack is required on the combined VCM
Collector and Web server.
4. Reboot the combined VCM Collector and Web server.
What to do next
Review the DCOMand port requirements, and use VCM Installation Manager to install the VCM
components. See "Installing VCM" on page 116.
85
VMware, Inc.
Three-Tier Split Installation
In a three-tier split installation, the VCM databases, the Web applications, and the VCM Collector
components reside on three different Windows Server 2008 R2 machines.
CAUTION A three-tier installation configuration uses basic authentication with HTTPS by default. Be
aware of the risks to exposure of sensitive data if you use basic security without HTTPS. Optionally,
you can use Kerberos Authentication.
VCM 5.6 supports 64-bit environments that include 64-bit hardware, the 64-bit Windows Server 2008 R2
operating system, and SQL Server 2008 R2.
Figure 10–1. Three-Tier Split Installation
10
VCM 5.6 supports running SSRS on the Web server or on the database server in a split installation.
Depending on the separation of services in your environment, you might want to install SSRS on the Web
server machine in a split installation, because SSRS has its own Web server.
The VMware Knowledge Base includes information about sizing your hardware environment for a threetier installation of VCM. See http://kb.vmware.com/kb/2033894.
For advanced information to install VCM in a three-tier environment, see the VCM Advanced Installation
Guide.
VMware, Inc.
86
vCenter Configuration Manager Advanced Installation Guide
Configuring a Three-Tier Split Installation Environment
In a three-tier installation environment, you configure the database server first, configure the Web server
next, then configure the VCM Collector. All machines are physical or virtual Windows machines.
Prerequisit es
n
Perform the general system prerequisite tasks. See "System Prerequisites to Install VCM" on page 20.
n
Connect the database server machine, Web server machine, and VCM Collector machine to the
domain.
n
Obtain the SQL Server 2008 R2 Enterprise or Standard edition installation disk or verify access to a file
share where the installer resides.
Procedu re
1. "Verify that the Installing User is an Administrator" on page 87
The user who installs the Windows Server 2008 R2 operating system must be an Administrator and a
domain account.
2. "Install and Configure a Windows Server 2008 R2 Operating System" on page 88
To prepare your Windows machine for VCMinstallation, install the Windows Server 2008 R2
operating system on each Windows machine in your installation configuration and verify that the
settings are configured for VCM operation.
3. "Configure the VCM Database Server" on page 90
To ensure that the installation creates the VCM databases, you must configure the VCM database
server before you install VCM. In a three-tier split installation configuration, the VCM database server
resides on a dedicated machine. The databases include VCM, VCM_Coll, VCM_Raw, and VCM_UNIX.
4. "Configure the Web Server" on page 96
The Web server contains Web applications such as IIS and SQL Server Reporting Services (SSRS), other
services, and VCM software components. Before you install VCM, you must configure the Web
server.
5. "Configure the VCM Collector" on page 110
The VCM Collector contains the VCM software application, VCM services, and the OS Provisioning
Server. To prepare the VCM Collector for VCM installation, configure the required utilities.
What to do next
Review the DCOMand port requirements, and use VCM Installation Manager to install the VCM
components. See "Installing VCM" on page 116.
Verify that the Installing User is an Administrator
The user who installs the Windows Server 2008 R2 operating system must be an Administrator and a
domain account.
87
VMware, Inc.
Three-Tier Split Installation
Procedu re
1. Verify that the user is an Administrator.
a. Click Start and select All Programs > Administrative Tools > Computer Management.
b. Expand System Tools, expand Local Users and Groups, and click Users.
c. Right-click the user and click Properties.
d. Click the Member Of tab and verify that Administrators is listed.
e. If Administrators is not listed, add the user to the Administrators group.
f. Click Check Names and click OK.
2. Verify that the user is a domain account.
a. Click Groups.
b. Right-click Administrators and click Properties.
c. Verify that the Domain User is listed in the Members area.
What to do next
Prepare your Windows machine for VCM installation. See "Install and Configure a Windows Server 2008
R2 Operating System" on page 88.
Install and Configure a Windows Server 2008 R2 Operating System
To prepare your Windows machine for VCMinstallation, install the Windows Server 2008 R2 operating
system on each Windows machine in your installation configuration and verify that the settings are
configured for VCM operation.
Prerequisit es
n
Determine whether you require the Windows Server 2008 R2 Enterprise Edition or Standard Edition.
See the VCM Installation Guide.
n
The user who installs the Windows Server 2008 R2 operating system must be an Administrator and a
domain account. See "Verify that the Installing User is an Administrator" on page 87.
n
Verify that the computer name settings for your Windows machine is a valid DNS machine name with
no underscores. If you attempt to change the machine name after the machine is identified as a
Collector, problems might occur with VCM, SQL Server, and SQL Server Reporting Services.
VMware, Inc.
88
vCenter Configuration Manager Advanced Installation Guide
Procedu re
1. Install Microsoft Windows Server 2008 R2 on your Windows machine.
2. During the installation, you can configure several options.
Option Description
Regional and
Language
Determines how numbers, dates, currencies, and time settings appear.
n
Language: Setting for your language. The default is English.
Options
n
Time and currency format: Determines how numbers, dates, currencies, and time
settings appear. The default is English (United States).
n
Keyboard or input method: Allows text entry for multiple languages. The default
is US.
Disk
Configuration
Allows you to separate the machine disk drive into partitions to store data in
different partitions. You can create new disk partitions and delete existing partitions.
After you configure the disk, select a partition to install Windows Server 2008 R2
Edition.
Product Key When the installation prompts, enter your product key.
Licensing
Modes
Administrator
Password
Windows Server 2008 R2 Standard edition supports a single license that is included
with the product key.
The installation setup creates an account called administrator. To log on, you must
create a password that complies with the criteria. The password must have the
following attributes.
n
Minimum of six characters
n
Does not contain “administrator” or “admin”
n
Contains uppercase letters
n
Contains lower case letters
n
Contains numbers
n
Contains at least one non-alphanumeric character
3. Perform the initial configuration tasks to set the time zone and the computer name.
Configure the Operating System Locale Settings
To set the language for VCM installation, verify that your Windows Server Locale Setting is configured
correctly.
Procedu re
1. In Windows Explorer, click Start and select Control Panel > Clock, Language, and Region.
2. Click Region and Language.
3. Click the Administrative tab and set the language to English (United States).
89
VMware, Inc.
Three-Tier Split Installation
Disable the Remote Desktop Session Host
A Remote Desktop Session Host server hosts Windows-based programs for Remote Desktop Services
clients.
If the Remote Desktop Session Host role service is enabled, you must disable it to avoid changes to
settings for new connections, modifications of existing connections, or removal of connections.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. In the navigation pane, expand Roles and click Remote Desktop Services.
3. In the Remote Desktop Services pane, scroll down to Role Services.
4. Click the Remote Desktop Session Host role service to highlight it.
5. Click Remove Role Services.
6. Deselect the Remote Desktop Session Host role service and follow the prompts to finish disabling the
Remote Desktop Session host role.
Enable DCOM
The Distributed Component Object Model (DCOM) protocol allows application components to interact
across Windows machines. DCOM must be enabled on the Windows machine to install and run VCM.
Although DCOMis enabled by default when Windows Server 2008 R2 is installed, DCOMmight have
been disabled by a custom installation or a lock-down script.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Component Services to open
Component Services.
2. In the Component Services navigation pane, expand Component Services and expand Computers.
3. Right-click the computer and click Properties.
4. Click the Default Properties tab.
5. Select Enable Distributed COM on this computer and click OK.
What to do next
Configure the database server. See "Configure the VCM Database Server" on page 90.
Configure the VCM Database Server
To ensure that the installation creates the VCM databases, you must configure the VCM database server
before you install VCM. In a three-tier split installation configuration, the VCM database server resides on
a dedicated machine. The databases include VCM, VCM_Coll, VCM_Raw, and VCM_UNIX.
The SQL Server license includes SQL Server Reporting Services (SSRS). In your three-tier split installation
configuration, when you run SSRS and SQL Server on the same machine, the SQL Server database
machine can take on the role of the Report Server (SSRS).
VCM 5.6 supports running SSRS on the Web server or on the database server in a split installation.
Depending on the separation of services in your environment, you might want to install SSRS on the Web
server machine in a split installation, because SSRS has its own Web server.
VMware, Inc.
90
vCenter Configuration Manager Advanced Installation Guide
If you install SSRS on the Web server, it requires an additional SQL Server license, because you are
installing SSRS on a Windows Server 2008 R2 machine that is separate from the SQL Server database
services. If you run SQL Server Enterprise Edition, all SQL Server services running in guests on a single
virtual machine host are covered by the Enterprise Edition license.
VCM operates with a Standard or Enterprise edition of SQL Server. You must install the 64-bit SQL Server
2008 R2, English (United States) version on your designated database server machine and verify that the
settings are configured correctly for a VCM installation. For information about installing the VCM
Collector on a non-English operating system, see the VMware knowledge base article at
http://kb.vmware.com/kb/1035034.For information about VCM Agent support on non-English platforms,
see the VMware knowledge base article at http://kb.vmware.com/kb/2008337.
If you plan to change the communication port that SQL Server uses from the default port of 1433 to a
nonstandard port number, make the changes during the installation of SQL Server and SQL Server
Reporting Services (SSRS). Changing the port after you install SSRS disables SSRS communication with
SQL Server, which causes an SSRS validation error during the VCM installation process. If you change the
port after installation, you must configure additional SSRS settings to repair the configuration.
Install SQL Server on the Database Server
In a three-tier split installation configuration, the VCM database server resides on a dedicated machine.
The database server contains the VCM, VCM_Coll, VCM_Raw, and VCM_UNIX databases. You must
configure the VCM database server before you install VCM in a three-tier split installation configuration.
CAUTION If your Windows machine has an evaluation version of SQLServer StandardEdition or
Enterprise Edition, use it only for evaluation purposes. Do not use an evaluation version in a
production environment, because it is not officially supported for production.
Prerequisit es
n
Obtain the SQL Server 2008 R2 Enterprise or Standard edition installation disk or verify access to a file
share where the installer resides.
Procedu re
1. Start the SQLServer 2008 R2 installation.
2. Perform the following actions to install SQL Server 2008 R2 Enterprise or Standard edition.
Wizard Page Action
SQL Server
Click New installation or add features to an existing installation.
Installation
Center
Setup Support
Rules
Setup Support
Click Install and verify that all of the rules pass. To view the detailed system
configuration check report, click the link.
Click Install to install the setup support files.
Files
Setup Support
Verify that all of the rules passed.
Rules – for
SQL Server
Setup support
files
91
VMware, Inc.
Wizard Page Action
Three-Tier Split Installation
Installation
Select New installation or add shared features.
Type
Product Key Verify that the product key is entered.
License Terms Accept the license terms.
Setup Role Select SQL Server Feature Installation.
Feature
Selection
Select the following features.
Instance Features:
n
Database Engine Services
Shared Features:
n
Client Tools Connectivity
n
SQL Server Books online
n
Management Tools - Basic
and Management Tools - Complete
Installation
Rules
Instance
Configuration
Verify that the rules passed. To view the detailed system configuration check
report, click the link.
Select Default Instance. If an instance of SQL Server is not installed, the installation
creates a default instance. If an instance of SQLServer is already installed, select
Named Instance and assign a name.
Disk Space
Requirements
Server
Configuration
Database
Engine
Configuration
Error
Reporting
Installation
Configuration
Rules
Ready to
Install
Review the disk usage summary.
Click Use the same account for all SQL Server services and enter the NT
AUTHORITY\SYSTEM account and password.
It is possible to use a domain account for SQL Server services. A domain account
might be required for split installations, because the SQL Server Agent might need
access to the Collector for some activities. If you use a domain account, you should
use a local administrator on the SQL Server machine to access DBServices.
Otherwise, you must grant manual permissions.
Select Windows authentication and click Add Current User to add the account to
the SQL Server administrators.
Review the summary information.
Verify that the rules passed. To view the detailed system configuration check
report, click the link.
Review the summary of features and click Install to install SQL Server 2008 R2.
When the installation is finished, click the link to view the log file.
VMware, Inc.
92
vCenter Configuration Manager Advanced Installation Guide
What to do next
n
Reboot the database server machine.
Verify and Configure the SQL Server Properties
To ensure that SQLServer will operate with VCM, verify the SQLServer property settings and set the
server-wide SQL database settings in preparation to install VCM. For information about server-wide and
database-specific SQL Server database settings, see the VCM Administration Guide.
Procedu re
1. Click Start and select All Programs > Microsoft SQL Server 2008 R2 > SQL Server Management
Studio.
2. Right-click the SQL instance and select Properties.
3. Confirm the General page server properties.
a. Verify that the Version is 10.50.1600.1
b. Verify that the Language is English (United States).
If the language is not correct, uninstall and install the correct version of SQL Server.
c. Verify that the Server Collation is SQL_Latin1_General_CP1_CI_AS.
If the server collation is not correct, uninstall and reinstall SQL Server.
4. Select and confirm the Security page server properties.
a. Select Windows Authentication mode, which is recommended.
b. Although SQL Server and Windows Authentication mode is acceptable for VCM, select Windows
Authentication mode, which is recommended.
5. Select and confirm the Database Settings page server properties.
a. For Default index fill factor, type or select a percentage value, which specifies the amount of free
space in each index page when the page is rebuilt.
Set the fill factor to 80% to keep 20% free space available in each index page.
b. For Recovery interval (minutes), type or select 5.
6. Click OK to save your changes.
What to do next
n
Restart the database machine.
n
To ensure that SQLServer and VCMoperate correctly together, verify that the SQLServer name
matches the Windows machine name. See "Verify Matching SQL Server and Computer Names" on
page 93.
Verify Matching SQL Server and Computer Names
To ensure that SQLServer and VCM operate correctly together, you must verify that the SQLServer
name matches the Windows machine name. If you recently installed SQL Server 2008 R2, you do not need
to verify that the names match. If you obtained a machine that was renamed after the operating system
and SQL Server 2008 R2 were installed, verify and reset the SQLServer server name.
93
VMware, Inc.
Three-Tier Split Installation
Procedu re
1. Click Start and select All Programs > Microsoft SQL Server 2008 R2 > SQL Server Management
Studio.
2. Click Database Engine Query.
3. In the SQL Query pane, type SELECT @@Servername and click Execute.
4. Verify that the resulting SQL Server name matches the Windows machine name.
5. If the SQL Server name does not match the Windows machine name, reset the SQL Server name.
a. In the SQL Query pane, type the following command and replace NewServerName with the server
name.
exec sp_dropserver @@SERVERNAME
exec sp_addserver 'NewServerName', 'local'
b. Click Execute.
c. To restart the SQL Server services, click Start and select Programs > Microsoft SQL Server 2008
R2 > Configuration Tools > SQL Server Configuration Manager > SQL Server 2008 R2
Services.
d. Right-click SQL Server and click Restart.
6. Reboot the database server machine.
What to do next
n
Reboot the database server machine.
n
Verify that the SQL Server Agent service account has the SQL Server sysadmin role. See "Verify the
SQLServer Agent Service Account is a sysadmin" on page 94.
Verify the SQLServer Agent Service Account is a sysadmin
The SQL Server Agent service account that runs scheduled jobs in SQL Server must be a sysadmin.
Open SQLServer Management Studio and verify that the account you will use for the SQL Server Agent
service account has the sysadmin privilege.
Procedu re
1. Click Start and select All Programs.
2. Click Microsoft SQL Server 2008 R2 and select SQL Server Management Studio.
3. Expand the server, expand Security, expand Server Roles.
4. Double-click sysadmin and view the members of the sysadmin role.
5. Verify that the account to use for the SQL Server Agent service is a member of the sysadmin fixed
role.
6. If the account is not a member of the sysadmin fixed role, add this role to the account.
What to do next
Select the SQL Server Agent service account See "Select the SQLServer Agent Service Account" on page 95.
VMware, Inc.
94
vCenter Configuration Manager Advanced Installation Guide
Select the SQLServer Agent Service Account
SQL Server Agent is a service that runs scheduled jobs in SQLServer and runs as a specific user account.
Verify that the SQL Server Agent service account that you provided during the SQL Server installation is a
SQL Server sysadmin. The SQL Server Agent runs as a user account.
Prerequisit es
n
Verify that the account you provide for the SQL Server Agent service has permission to log on as a
service and the required additional permissions. See the online Microsoft Developer Network for more
information.
n
Understand the supported service account types for non-clustered and clustered servers. VCM 5.6
supports Active/Active SQL clusters. See the online Microsoft Developer Network for more
information.
n
Verify that the account you will use for the SQL Server Agent service account has the sysadmin
privilege. See "Verify the SQLServer Agent Service Account is a sysadmin" on page 94.
Procedu re
1. On the VCMdatabase server machine, click Start and select All Programs.
2. Click Microsoft SQL Server 2008 R2 and select Configuration Tools > SQL Server Configuration
Manager.
3. Click SQL Server Services.
4. Right-click SQL Server Agent (MSSQLSERVER) and click Properties.
5. On the Log On tab, select a log on option and provide the account information.
Option Description
Built-in account In a single-tier installation, you can select the Local System account,
which has unrestricted access to all system resources. In a split
installation environment, do not select the built-in Local System
account. This account is a member of the Windows Administrators
group on the local machine.
This account In a split installation, the SQLServer Agent must be running as a user
account. Select a Windows domain account for the SQL Server Agent
service account.
This option provides increased security. Select this option for jobs that
require application resources across a network, to forward events to
other Windows application logs, or to notify administrators through
email or pagers.
6. Type or select an account name that has the sysadmin privilege.
7. Click OK.
What to do next
Establish SQLServer administration rights. See "Establish SQL Server Administration Rights" on page 95.
Establish SQL Server Administration Rights
Members of the SQLServer sysadmin fixed server role can perform any activity in the server. The user
who installs VCM must have SQL Server sysadmin rights.
95
VMware, Inc.
Procedu re
1. Click Start and select All Programs > Microsoft SQL Server 2008 R2 > SQL Server Management
Studio.
2. Expand the server instance, select Security and select Logins.
3. Right-click the login ID of the user who installs VCM and select Properties.
4. In the Select a page area, select Server Roles.
5. In the Server roles area, select the sysadmin check box.
6. Click OK to save the settings and close the window.
What to do next
Configure the dedicated Web server. See "Configure the Web Server" on page 96.
Configure the Web Server
The Web server contains Web applications such as IIS and SQL Server Reporting Services (SSRS), other
services, and VCM software components. Before you install VCM, you must configure the Web server.
The Windows machine that hosts the Web components must be running Internet Information Services
(IIS) 7.5. IIS is installed when you install Windows Server 2008 R2.
Three-Tier Split Installation
The SQL Server license includes SQL Server Reporting Services (SSRS). In your three-tier split installation
configuration, when you run SSRS and SQL Server on the same machine, the SQL Server database
machine can take on the role of the Report Server (SSRS).
VCM 5.6 supports running SSRS on the Web server or on the database server in a split installation.
Depending on the separation of services in your environment, you might want to install SSRS on the Web
server machine in a split installation, because SSRS has its own Web server.
If you install SSRS on the Web server, it requires an additional SQL Server license, because you are
installing SSRS on a Windows Server 2008 R2 machine that is separate from the SQL Server database
services. If you run SQL Server Enterprise Edition, all SQL Server services running in guests on a single
virtual machine host are covered by the Enterprise Edition license.
Prerequisit es
n
Perform the prerequisite tasks for your three-tier split installation configuration. See "Three-Tier Split
Installation" on page 86.
n
Place the Web server in the Internet Explorer Trusted Zone so that Internet Explorer can delegate the
VCM user's credentials to the Web service for use with SQL Server. See "Place the Web Server in the
Internet Explorer Trusted Zone" on page 100.
n
If the domain firewall is turned on, verify that any required ports are open. If the database server is
blocked from communicating with the Collector, problems can occur when you submit jobs. VCM
displays an error about the SAS service, and the VCM Debug Event Log displays failures when calling
ecm_sp_collector_control.
n
n
n
VMware, Inc.
Verify that .NET Framework 3.5.1 is installed on Windows Server 2008 R2 machines where Package
Studio will be installed.
Verify that you have an Internet connection to check for patch bulletin updates.
On the Windows Server 2008 R2 Web server machine, verify that the following .NET Framework
96
vCenter Configuration Manager Advanced Installation Guide
components are installed.
n
Windows Process Activation Service
n
Process Model
n
.NETEnvironment
n
Configuration APIs
Procedu re
1. Restart the Web server machine.
2. Click Start and select All Programs > Administrative Tools > Server Manager.
3. Click Roles and verify that the Web Server (IIS) role appears.
4. If the Web Server (IIS) role does not appear, in the Roles Summary area, click Add Roles and add the
Web Server (IIS) role.
5. On the Select Server Roles page, select Web Server (IIS) and select the Web Server components to
add.
Option Action
Common HTTPFeatures Select these options:
n
Static Content
n
Default Document
n
Directory Browsing
n
HTTP Errors
Application Development Select these options:
n
ASP .NET
n
.Net Extensibility
n
ASP
n
ISAPI Extensions
n
ISAPI Filters
n
Server Side Includes
Health and Diagnostics Select these options:
n
HTTP Logging
n
Request Monitor
Security Select these options:
n
Basic Authentication
n
Request Filtering
Performance Select:
n
Static Content Compression
97
VMware, Inc.
Three-Tier Split Installation
Configuring IIS
To ensure that the Web components are correctly configured, verify that the correct role services are
enabled, the bindings are set correctly, and the default Web site is correct.
Verify the IIS 7.5 Role Services are Enabled
Verify that the correct IIS 7.5 Role Services are enabled on the Web server.
Procedu re
1. On the Collector, click Start and select All Programs > Administrative Tools > Server Manager.
2. Expand Roles and click Web Server (IIS).
3. If the Web Server (IIS) role does not appear in the list of Roles, scroll to Role Services, click Add Role
Services and add the Web Server (IIS) Role.
When you installed IIS, the ASP Role Service, ASP.NET Role Service, and IIS ServerSideIncludes Role
Service were installed.
4. In the Web Server (IIS) pane, scroll to Role Services and verify that the status is set to Installed for the
following Role Services.
Role Service Cat egory Role Service
Common HTTP Features Static Content
Default Document
Directory Browsing
HTTPErrors
HTTPRedirection
Application Development ASP.NET
.NET Extensibility
ASP
ISAPIExtensions
ISAPI Filters
Server Side Includes
Health and Diagnostics Logging Tools
Request Monitor
Tracing
Security Basic Authentication
Windows Authentication
Digest Authentication
URL Authorization
Request Filtering
IP and Domain Restrictions
VMware, Inc.
Performance Static Content Compression
Dynamic Content Compression
98
vCenter Configuration Manager Advanced Installation Guide
Role Service Cat egory Role Service
Management Tools IISManagement Console
5. If any of the Role Services are not installed, click Add Role Services, select the check boxes of the
services to install, and click Install.
Configure the IIS 7.5 Settings
IIS settings configure the information required for requests to communicate with a Web site. To support
VCMinteraction with IIS, configure the settings for the IIS 7.5 bindings on the Web server to ensure that
the settings are correct.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Internet Information Services (IIS)
Manager.
2. Expand <server name>, expand Sites, and click Default Web Site.
3. In the Actions pane, under Edit Site, click Bindings.
IIS Management Scripts and Tools
Management Service
4. Click Add to open the Site Bindings dialog box.
a. In the Type menu, select http.
b. In the IPaddress menu, select All Unassigned.
c. In the Port text box, type 80.
5. In the Site Bindings dialog box, click Close.
6. In the Actions pane, under Manage Web Site and Browse Web Site, click Advanced Settings.
7. Expand Connection Limits and set Connection Time-out (seconds) to 3600.
8. Click OK.
Verify the IIS 7.5 Default Web Site
IIS 7.5 provides a default Web site that defines the default authentication settings for applications and
virtual directories. Verify that the IIS 7.5 default Web site has the correct settings.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Internet Information Services (IIS)
Manager.
2. Expand <server name>, expand Sites, and click Default Web Site.
3. In the Default Web Site Home pane, locate the IIS options.
4. Double-click Authentication and set the authentication.
Option Action
Anonymous Authentication Set to Disabled.
ASP.NET Impersonation Set to Disabled.
Basic Authentication Set to Enabled.
99
VMware, Inc.
Three-Tier Split Installation
Option Action
Forms Authentication Set to Disabled.
Verify the ISAPI Extensions
The ISAPI Extensions role provides support for dynamic Web content development. You must verify that
the role service is installed, and install it if needed.
Procedu re
1. Click Start and select All Programs > Administrative Tools > Server Manager.
2. Expand Server Manager (<server name>) and expand Roles.
3. Click Web Server (IIS).
4. Scroll to Role Services.
5. Locate ISAPI Extensions and verify that the role service is installed.
6. If the role service is not installed, click Add Role Services and add the ISAPI Extensions role service.
What to do next
Place the Web server in the Internet Explorer trusted zone so that Internet Explorer can delegate the VCM
user's credentials to the Web service for use with SQL Server. See "Place the Web Server in the Internet
Explorer Trusted Zone" on page 100.
Place the Web Server in the Internet Explorer Trusted Zone
To ensure that Internet Explorer can delegate the VCM user's credentials to the Web service for use with
SQL Server, you must place the VCM Web server in the Internet Explorer Trusted Zone.
When the VCM Web server is in the trusted zone, users can disable navigation into the trusted zone from
less privileged zones, which reduces the potential of cross-site scripting. When the Web server is not in a
trusted zone, the browser cannot authenticate the Web server.
Procedu re
1. Open Internet Explorer.
2. Click Tools and select Internet Options.
3. Click the Security tab.
4. In the Select a zone to view or change security settings area, click Local intranet.
5. Click Sites.
6. In the Local intranet dialog box, click Advanced.
7. In the Add this website to the zone area, type the host name and click Add.
8. Click Close.
9. Click OK and click OK again.
What to do next
Grant the Collector service access to the patch download folder to download patches during Windows
patch deployment. See "Access to Patch Download Folder for Windows Patch Deployment" on page 101.
VMware, Inc.
100
Loading...