VMware vCloud Request Manager - 1.0 Installation Manual
Request Manager Installation and
Configuration Guide
vCloud Request Manager 1.0.0
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs
.
EN-000475-00
Request Manager Installation and Configuration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual
property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About This Book
5
About vCloud Request Manager 7
1
Request Manager Components 7
How Request Manager Uses Network Ports
Preparing to Use Request Manager 11
Installation Planning Worksheet 12
Finding More Information 13
11
Request Manager System Requirements 15
2
System Requirements 15
Oracle Configuration 17
Performance and Scalability 18
Security 19
Installing Request Manager 21
3
Installation Process Overview 21
Install Request Manager 21
Configure Request Manager 22
Accessing Request Manager 27
4
Access the Request Manager Admin Portal 27
Access the Request Manager Admin Portal without Active Directory 28
Access the Request Manager User Portal 28
Administration Overview 31
5
Active Directory 31
Request Manager Roles 35
Connecting to Multiple Instances of VMware vCloud Director 37
Incoming Email Server 44
Workflow Management 47
Cloud Blueprints 57
Defining Providers 59
Polling Service 60
About Software License Management 61
6
Understanding Licenses 61
Create a Software Product 61
Edit a Software Product 62
Delete a Software Product 62
Add License Information to a Software Product 63
VMware, Inc. 3
Request Manager Installation and Configuration Guide
Defining Software Products Options 63
Viewing Software License Allocation
Associating Software Products with vApp Templates 66
Index 69
65
4 VMware, Inc.
About This Book
This manual, the VMware vCloud Request Manager Installation and Configuration Guide, provides information
about installing and configuring vCloud Request Manager.
Intended Audience
This manual is intended for anyone who needs to install and configure vCloud Request Manager
information in this manual is written for experienced Windows or Linux system administrators who are
familiar with virtual machine technology and datacenter operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
Technical Support and Education Resources
The following technical support resources are available to you. To access the current version of this book and
other books, go to http://www.vmware.com/support/pubs.
Online and Telephone
Support
Support Offerings
VMware Professional
Services
To use online support to submit technical support requests, view your product
and contract information, and register your products, go to
http://www.vmware.com/support.Customers with appropriate support
contracts should use telephone support for the fastest response on priority 1
issues. Go to http://www.vmware.com/support/phone_support.html.
To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Education Services courses offer extensive hands-on labs, case study
examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
. The
VMware, Inc. 5
Request Manager Installation and Configuration Guide
6 VMware, Inc.
About vCloud Request Manager 1
vCloud Request Manger is a Web-based application that is an add-on to vCloud Director. Request Manager
identifies the clouds and vApps managed by vCloud Director.
vCloud Request Manager provides enhanced governance and control of private cloud infrastructures based
on vCloud Director. Request Manager:
n
Adds sophisticated approval workflows to provisioning requests
n
Automatically tracks software license usage
n
Enforces standardized settings on cloud partitions
This chapter includes the following topics:
n
“Request Manager Components,” on page 7
n
“How Request Manager Uses Network Ports,” on page 11
n
“Preparing to Use Request Manager,” on page 11
n
“Installation Planning Worksheet,” on page 12
n
“Finding More Information,” on page 13
Request Manager Components
Architecture
vCloud
the vCloud API. In this way, a single instance of vCloud Request Manager can support multiple private clouds
and even public cloud providers, delivering a unified end user portal and request management across a hybrid
cloud.
VMware, Inc. 7
Request Manager layers over the top of vCloud Director and communicates with it primarily through
Request Manager Installation and Configuration Guide
Figure 1-1. High-Level Request Manager Architecture
Figure 1-2. Detailed Request Manager Architecture
8 VMware, Inc.
Users
Request Manager users can include the following.
Chapter 1 About vCloud Request Manager
vCloud Administrator
Blueprint Administrator
Manager
Engineer
Asset Managers
See “Request Manager Roles,” on page 35 for information about Request Manager user roles and permission.
The vCloud Administrator is the administrator responsible for Request
Manager configuration after installation. The administrator is responsible for
assigning
users, troubleshooting workflow tasks that fail to complete because of system
errors, creating or editing workflow tasks to accommodate company-specific
approval processes, and managing integrated sources.
The Blueprint Administrator manages cloud blueprints, including creating and
editing cloud blueprints. The Blueprint Administrator also manages Provider
CIs, including creating and editing Providers and specifying the vCloud
Director source, provider network, and the vCloud Director for that Provider
CI.
The users who create private cloud partitions. Users can include development
managers, QA managers, pre-sales managers, and training managers.
The users who create individual virtual machines and virtual appliances. Users
can include QA Engineers, pre-sales engineers, developers, trainers, etc.
The user responsible for registering the available software licenses.
security roles to cloud Blueprint Administrators and Asset Manager
Software Components
Request Manager requires the following software components.
n
An Oracle database.
n
An Active Directory server.
VMware, Inc. 9
Request Manager Installation and Configuration Guide
n
One or more instances of vCloud Director.
n
A dedicated email account.
Oracle Database
The installation requires access to an Oracle database server that is configured
to meet specific requirements to support Request Manager.
Active Directory Server
Request Manager populates its users by accessing the same Microsoft Active
Directory
domain that is used by vCloud Director. In a default install, Request
Manager's Active Directory server should be located within the same domain
as vCloud Director's. Active Directory integration requires there is an existing
single group or organization unit within the directory to which every user
belongs. For example, Domain Users.
vCloud Director
VMware vCloud Director must be installed (on another server within the
domain) before Request Manager can be configured. An account with vCloud
system administrator privileges must be pre-configured for Request Manager
to use. Request Manager cannot use an account created for a specific vCloud
organization.
Email Server
Request Manager uses an assigned email account on a email server. It connects
to the email server to send emails using SMTP and retrieves emails sent to it
using POP3 or IMAP.
Basic Deployment
The following graphic illustrates the Request Manager, vCloud Director, and Active Directory components
and how they are connected.
Figure 1-3. Request Manager Basic Deployment
10 VMware, Inc.
User Interfaces
Request Manager uses the following interfaces:
Chapter 1 About vCloud Request Manager
Request Manager User
Portal
VMware Service
Manager
The portal used by engineers and cloud owners to request new clouds and
provision new virtual applications.
The administration user interface, used by administrators and asset managers
to
manage workflow, forms, email, and connector mappings. Throughout this
document, this interface will be referred to as the Request Manager Admin
Portal.
VMware vCloud Director
Populates Request Manager cloud data and provides the interface, automation,
and management required by enterprises and service providers to build private
and public clouds.
How Request Manager Uses Network Ports
The Request Manager server uses network ports to communicate with vCloud Director, the Oracle database,
and the email server used for incoming and outgoing traffic.
No configuration is required unless the servers or database is not using a default port. In that case, you will
need
to open the port for Request Manager access. If any of these ports are in use by other applications or are
blocked on your network, you must reconfigure Request Manager to use different ones.
The following table lists the default Request Manager port access connections.
Table 1-1. Request Manager Port Access Requirements
Port Number
Direction of Traffic Description
1521 Outgoing Oracle port
25 Outgoing Outbound E-mail server port for SMTP
110 Outgoing Inbound E-mail server port for POP3
143 Outgoing Inbound E-mail server port for IMAP
80 Incoming Inbound HTTP for Request Manager user
80 Outgoing Outbound REST (HTTP) for VMware vCloud Director
389 (non SSL) Outgoing Outbound Active Directory using LDAP
636 (SSL) Outgoing Outbound Active Directory using LDAP over SSL
Preparing to Use Request Manager
Prepare your environment before you install Request Manager.
An environment that is ready for Request Manager includes the following:
n
An Oracle Database 10g or higher (10.2.0.4+) server that is ready for use.
n
Access to a vCloud Director Server that is populated with at least one published catalog.
n
Access to the same Microsoft Active Directory domain that is used by vCloud Director.
n
Roles and permissions are identified for the administrators and users who will install, configure, and
manage Request Manager.
VMware, Inc. 11
Request Manager Installation and Configuration Guide
Installation Planning Worksheet
Use the deployment planning worksheet to record your choice of server system, database, and optional
components for a production environment.
Component
vCloud Director
vCloud Director Determine the vCloud Director server Request Manager will connect
vCloud Director URL Determine the URL of the vCloud Director instance to which Request
vCloud Director user
name and password
vCloud Director User The vCloud Director user must have system wide privileges. System wide
Database
Database Server Determine the database Request Manager will use. The database server
Configure the database The database must be configured before installing Request Manager.
Database TNS The TNS of the database Request Manager will use. Database TNS?
Database user name and
password
DBA Privileges The database user must have the required privileges. See “Oracle
Active Directory
Active Directory URL The URL of the Active Directory Request Manager will synchronize
Active Directory user
name and password.
Email server
Email server for outgoing
mail
Email server user name
and password
Email server for
incoming mail
Network
Port Number
Assignments
Considerations Decision
Compatible with
to. The vCloud Director server must be compatible with Request
Manager. See Chapter 2, “Request Manager System Requirements,” on
page 15.
Manager will connect.
You must have the administrator user name and password for the
vCloud Director instance to which Request Manager will connect.
vCloud Director requires that the user name must be fully qualified by
vCloud Director organization and that organization must be System.
For example, administrator@system.
must be compatible with Request Manager. See Chapter 2, “Request
Manager System Requirements,” on page 15.
See “Oracle Configuration,” on page 17.
You must have the administrator user name and password for the
Oracle database Request Manager will use.
Configuration,” on page 17.
with.
You must have the administrator user name and password for the
Active Directory Request Manager will use.
Connection information for the email server used for outgoing email. Port number? Host
You must have the user name and password for the email account. User name?
Connection information for the email server used for incoming mail. Port number? Host
Make sure that the default ports used are available for Oracle, vCloud
Director,
Manager Uses Network Ports,” on page 11.
and inbound and outbound email servers. See “How Request
vCloud Director?
URL?
Fully-qualified user
name? Password?
privileges?
Oracle database
version?
Is the database
configured?
User name?
Password?
Correct privileges?
URL?
User name?
Password?
name?
Password?
name? Protocol?
Port numbers used?
12 VMware, Inc.
Component Considerations Decision
Request Manager Roles
Users and Roles Identify the users who will be assigned as vCloud Director Admins,
Blueprint Admins, and Asset Manager. See “Request Manager Roles,”
on page 35.
Finding More Information
You can access all vCloud Request Manager documentation online at
http://www.vmware.com/support/pubs/vrm_pubs.
In addition to this guide, documentation for this product includes the following:
n
The Request Manager 1.0 Release Notes provide product overview and a description of known issues.
Chapter 1 About vCloud Request Manager
Users and roles?
n
The VMware
users.
vCloud Request Manager User's Guide provides a product overview and general tasks for end
VMware, Inc. 13
Request Manager Installation and Configuration Guide
14 VMware, Inc.
Request Manager System
Requirements 2
This section includes information on the System Requirements for Request Manager 1.0.0.
This chapter includes the following topics:
n
“System Requirements,” on page 15
n
“Oracle Configuration,” on page 17
n
“Performance and Scalability,” on page 18
n
“Security,” on page 19
System Requirements
Request Manager is compatible with the following VMware releases, servers, browsers, operating systems,
and databases.
vCloud Director
Request Manager requires vCloud Director 1.0.
The following lists the system requirements for vCloud Director.
n
A vCloud Director installation on another server within the domain.
n
An
pre-configured account within vCloud Director with full system administrator privileges. This account
must not belong to a specific vCloud Director organization.
NOTE VMware recommends that this is a dedicated account. Shared accounts are supported, however
assigning a dedicated account enables Request Manager actions to be more clearly distinguished within
vCloud Director.
n
vCloud
vApp templates.
NOTE If there are no published catalogs, users in new clouds will not be able to create new applications.
Director is configured with at least one published catalog that contains a set of enterprise-approved
Microsoft Active Directory
Request
to the domain that is administered by the Active Directory server.
Manager requires Microsoft Active Directory 2003 or 2008. The Request Manager server must belong
VMware, Inc. 15
Request Manager Installation and Configuration Guide
Request Manager populates its user database by scanning the domain and matching those users to users
defined within vCloud Director. A user must belong to this domain in order to access the Request Manager
User
Portal. Request Manager will only recognize users within vCloud Director who have been imported from
this domain.
The following vCloud Director users will not be recognized by Request Manager:
n
Manually created users; that is users who have not been imported from the domain.
n
Users imported from an alternative domain.
NOTE Request Manager does not support OpenLDAP.
Email Server
Request
Manager requires a dedicated email account. The following lists the system requirements for the email
server.
n
A dedicated email account that is new and not shared with any existing user or application.
n
SMTP to send emails from that account.
n
POP3 or IMAP to receive email notifications sent to that account.
Request Manager Web Server
n
Operating System: Microsoft Server 2008 R2 64-bit
n
Internet Server: IIS 7
n
Hardware: 2.8 GHz CPU and 4 GB RAM
n
Miscellaneous: Microsoft .NET Framework 3.5 SP1
NOTE You can install Request Manager on a physical machine or a virtual machine, as long as it meets these
system requirements.
Request Manager Admin Portal
The Request Manager Admin Portal supports the following operating systems and browsers.
Table 2-1. Request Manager Admin Portal Support
Operating System Browsers
Windows XP SP3 Internet Explorer 7 and 8
Windows Vista Internet Explorer 7 and 8
Windows 7 Internet Explorer 7 and 8
Request Manager User Portal
The Request Manager User Portal supports the following operating systems and browsers.
Table 2-2. Request Manager User Portal Support
Operating System Browsers
Windows XP Internet Explorer 7 and above, Mozilla Firefox 3 and above,
and Chrome 4.0 and above
Windows 7 Internet Explorer 7 and above, Mozilla Firefox 3 and above,
and Chrome 4.0 and above
16 VMware, Inc.
Chapter 2 Request Manager System Requirements
Table 2-2. Request Manager User Portal Support
Operating System
Mac OS 10 Safari 4.0 and above
iPad Safari 4.0 and above
(Continued)
Browsers
Supported Database Software
Request
the Request Manager database. See “Oracle Configuration,” on page 17 for more information on database
configuration requirements.
n
n
The following lists the Oracle databases supported for use as the Request Manager database.
Table 2-3. Oracle Database Support
Oracle Server Version
Oracle 10g Standard edition, release 2, version 10.2.0.4+, 32bit and 64-bit
Oracle 10g Enterprise edition, release 2, version 10.2.0.4+, 32bit and 64-bit
Oracle 11g Standard edition, release 1, version 11.1.0.7+, 32bit and 64-bit
Oracle 11g Enterprise edition, release 1, version 11.1.0.7+, 32bit and 64-bit
Manager 1.0.0 supports only Oracle Server databases. The following lists the system requirements for
2 CPUs
At least 50 GB of available disk space
Oracle Client Version
10.2.0.4+, 32-bit
10.2.0.4+, 32-bit
11.1.0.7+, 32-bit
11.1.0.7+, 32-bit
Oracle Configuration
An Oracle Server and Oracle Client must meet specific requirements to support Request Manager.
Oracle Server Configuration
Oracle Server has the following configuration requirements when used as the Request Manager database.
n
Request Manager requires access to an Oracle database server.
n
The character set of that server must be set to UTF-8 to support Unicode (i18n) characters.
n
The Oracle and Request Manager servers must be configured to operate in the same time zone and have
the same server time.
n
Request Manager can share an existing Oracle database server, provided that:
n
The existing server's pre-requisites must meet those of Request Manager.
n
Other applications using the database support the same configuration.
n
Applications must be configured with adequate resources.
NOTE Multiple applications sharing a single Oracle server can compete for server resources. The
Oracle DBA must configure applications to have the resources they need (For example, increase the
connection limit; move databases to separate servers). During heavy loads, some resources may not
be available (For example, the max number of connections may be exceeded) and can result in
application errors.
VMware, Inc. 17
Request Manager Installation and Configuration Guide
n
The Oracle DBA must configure a new Oracle user with a dedicated schema for Request Manager with
the following minimum privileges:
n
CONNECT
n
CREATE TABLE
n
CREATE PROCEDURE
n
CREATE TRIGGER
n
CREATE TYPE
n
CREATE VIEW
n
The Oracle DBA must set up a TNS configuration to the database on the Request Manager server.
Oracle Client Configuration
installation requires the 32-bit edition of the Oracle client software to be present on the Request Manager
The
server. The 32-bit edition should be used even if the operating system is 64-bit. Request Manager may
experience problems on servers where the 64-bit edition of the client software is installed or has been previously
installed.
Performance and Scalability
This section provides scalability information for sizing.
Scanning LDAP
Scanning large sites can take a long time. The following test data provides some idea of how long scans can
take.
n
First time scans of an Active Directory server with 60,000 users completed in approximately 8 hours.
n
Subsequent scans of the same server (updating only changed records) completed in less than half an hour.
n
Subsequent scans of the same server (updating all records) completed in approximately 8 hours.
LDAP updates are reflected when the next scheduled scan is run.
See “Active Directory,” on page 31 for more information about configuring and synchronizing Active
Directory.
Scanning vCloud Director
Scanning a large number of vApps and resources can take a long time. The following test data provides some
idea of how long scans can take.
Table 2-4. Average Scan Times for vCloud Director Scans
Typical Extreme Time Taken (Extreme)
Organizations per Private Cloud 5 100 3.7 sec/resource
Members per Organization 20 500 0.3 sec/resource
Catalogs per Organization 2 10 0.8 sec/resource
Catalog Items per Catalog 50 100 1.0 sec/resource
Total Running vApp Instances per vCloud Director
Instance
Running vApp Instances per Organization 50 500 2.1 sec/resource
100 5000 2.1 sec/resource
18 VMware, Inc.
Chapter 2 Request Manager System Requirements
Based on these average scan times, scanning 100 vApps can take 4 minutes. Scanning 5000 vApps can take 3
hours.
Scan updates are reflected when the next scheduled scan is run. By default, scans are set to run hourly. See
“Create or Modify a vCloud Director Synchronization Schedule,” on page 40.
Request
cache is populated by scheduled scans and is only as current as the latest scan. An exception is the status display
of each vApp, which is retrieved live from vCloud Director.
NOTE vCloud Director permits consumers of the vCloud API to be logged in for maximum period of 24 hours.
If a scheduled scan of vCloud Director by Request Manager were to take longer than 24 hours, Request
Manager's session would expire and the scan would abort without completing. However, a new scan would
begin shortly after and resume where the previous scan had completed.
Manager maintains a cached copy of the data within vCloud Director for better responsiveness. This
Database Sizing
Running
test data provides some idea of how much space.
n
n
a scan on a large number of vApps and resources can consume a lot of database space. The following
Scanning 30,000 resources consumes approximately 270 MB, or 9.21 KB/resource.
A scan of 100 vApps can consume 1 MB. A scan of 5000 vApps can consume 45 MB.
Security
Security certificates must be manually installed.
Security Certificates
Request Manager communicates with vCloud Director over a secure connection with SSL. Optionally, Request
Manager can communicate with the Active Directory server using SSL. Communication over SSL can only
succeed if the Request Manager server is able to trust the certificates utilized by those servers.
A server's certificate will be trusted by the Request Manager server if it meets the following prerequisites:
n
The certificate or the certificate of its issuer must be installed to the Trusted Root Certificate Authorities
store for the local machine. See “Installing a Security Certificate,” on page 20 for directions on how and
where the certificate should be installed.
n
The certificate must be issued to either the host name (fully qualified by domain) of the remote server or
the domain to which it belongs. For example, server1.mydomain.com or mydomain.com. Furthermore, when
connecting via SSL the same fully qualified host name must be specified in the Active Directory Connection
String or the vCloud Director server URL.
n
The certificate be valid and must not have expired.
NOTE If either of the Active Directory or vCloud Director server certificates have not been issued to fully
qualified host name, these certificates will need to be re-issued on those servers by the administrator of those
servers. Please consult the documentation for these products for instructions on how to re-issue these
certificates.
VMware, Inc. 19
Request Manager Installation and Configuration Guide
Installing a Security Certificate
Request Manager requires a security certificate to connect to VMware vCloud Director. Optionally, Request
Manager
certificate to ensure successful communication.
Prerequisites
See “Security,” on page 19.
Procedure
1 Open the Control Panel and select Internet Options.
2 Open Internet Options and select Content.
3 Click Certificates.
4 Select Trusted Root Certification Authorities and click Import.
5 Click through the Certificate Import Wizard.
6 At the Certificate Store screen, select Place all certificates in the following store and click Browse.
7 Click Show physical stores.
can communicate with the Active Directory server over SSL. In these cases, you must install a security
8 Expand the certificates store and select Local Computer.
9 Click OK.
This closes the window.
10 Complete the wizard.
The security certificate is installed.
What to do next
Continue with the installation of VMware Request Manager.
Security Certificate Warnings
During installation, the Configuration Wizard will attempt to test whether it can establish a connection over
SSL with the specified connection parameters.
If a connection fails, a dialog will be displayed detailing the reasons why the connection could not be trusted
and suggest actions that could be taken to resolve those issues. In addition, the dialog provides options to
inspect and install the certificates issued by the server.
It is strongly advised that you consult with the relevant system administrators before directly installing a
certificate with this dialog to avoid the server trusting compromised connections. It always best practice for
the certificate of a remote server to be manually provided by that server’s administrator rather than
downloaded from the server.
Cookies
The Request Manager portal identifies the existing cookie security settings configured for the Request Manager
server.
The portal stores the transient session ID, but no client sensitive information is stored. The Request Manager
portal does not require a cookie to work. It only provides a mechanism to confirm a user does not attempt to
impersonate another user by borrowing their session ID.
20 VMware, Inc.
Installing Request Manager 3
Installation includes running the vCloud Request Manager installation executable, configuring the database,
and configuring the vCloud Director, Active Directory, and email server settings.
This chapter includes the following topics:
n
“Installation Process Overview,” on page 21
n
“Install Request Manager,” on page 21
n
“Configure Request Manager,” on page 22
Installation Process Overview
Understand
of the initial setup steps required to install vCloud Request Manager includes the following.
Complete the Installation Planning Worksheet. See “Installation Planning Worksheet,” on page 12.
Download and run the installation executable. See “Install Request Manager,” on page 21.
Use the configuration wizard to configure the database, vCloud Director, Active Directory, and email server
settings. See “Configure Request Manager,” on page 22.
Open a browser and log in to Request Manager with the URL: http://<hostname>/portal. See “Access the
Request Manager User Portal,” on page 28.
the deployment process before you install and configure vCloud Request Manager. An overview
Install Request Manager
VMware vCloud Request Manager software is distributed as an executable file named
vmware-vcloud-request-manager-
the build number.
Prerequisites
You must understand the installation process and the system requirements before you install Request Manager.
Procedure
1 Right-click the installation file, vmware-vcloud-request-manager-
administrator.
x.x.x-nn
.exe, where x.x.x represents the version number and nn represents
x.x.x-nn
.exe, and select Run as
The User Account Control window displays.
2 Click Yes to authorize the Request Manager application to make changes to your computer.
The InstallShield Wizard window displays and lists the items that are required to be installed on your
computer.
VMware, Inc. 21
Loading...