Request Manager Installation and
Configuration Guide
vCloud Request Manager 1.0.0
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs
.
EN-000475-00
Request Manager Installation and Configuration Guide
2 VMware, Inc.
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual
property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Contents
About This Book
5
1
About vCloud Request Manager 7
Request Manager Components 7
How Request Manager Uses Network Ports
11
Preparing to Use Request Manager 11
Installation Planning Worksheet 12
Finding More Information 13
2
Request Manager System Requirements 15
System Requirements 15
Oracle Configuration 17
Performance and Scalability 18
Security 19
3
Installing Request Manager 21
Installation Process Overview 21
Install Request Manager 21
Configure Request Manager 22
4
Accessing Request Manager 27
Access the Request Manager Admin Portal 27
Access the Request Manager Admin Portal without Active Directory 28
Access the Request Manager User Portal 28
5
Administration Overview 31
Active Directory 31
Request Manager Roles 35
Connecting to Multiple Instances of VMware vCloud Director 37
Incoming Email Server 44
Workflow Management 47
Cloud Blueprints 57
Defining Providers 59
Polling Service 60
6
About Software License Management 61
Understanding Licenses 61
Create a Software Product 61
Edit a Software Product 62
Delete a Software Product 62
Add License Information to a Software Product 63
VMware, Inc. 3
Defining Software Products Options 63
Viewing Software License Allocation
65
Associating Software Products with vApp Templates 66
Index 69
Request Manager Installation and Configuration Guide
4 VMware, Inc.
About This Book
This manual, the VMware vCloud Request Manager Installation and Configuration Guide, provides information
about installing and configuring vCloud Request Manager.
Intended Audience
This manual is intended for anyone who needs to install and configure vCloud Request Manager
. The
information in this manual is written for experienced Windows or Linux system administrators who are
familiar with virtual machine technology and datacenter operations.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send your
feedback to docfeedback@vmware.com.
Technical Support and Education Resources
The following technical support resources are available to you. To access the current version of this book and
other books, go to http://www.vmware.com/support/pubs.
Online and Telephone
Support
To use online support to submit technical support requests, view your product
and contract information, and register your products, go to
http://www.vmware.com/support.Customers with appropriate support
contracts should use telephone support for the fastest response on priority 1
issues. Go to http://www.vmware.com/support/phone_support.html.
Support Offerings
To find out how VMware support offerings can help meet your business needs,
go to http://www.vmware.com/support/services.
VMware Professional
Services
VMware Education Services courses offer extensive hands-on labs, case study
examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For onsite
pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
VMware, Inc. 5
Request Manager Installation and Configuration Guide
6 VMware, Inc.
About vCloud Request Manager 1
vCloud Request Manger is a Web-based application that is an add-on to vCloud Director. Request Manager
identifies the clouds and vApps managed by vCloud Director.
vCloud Request Manager provides enhanced governance and control of private cloud infrastructures based
on vCloud Director. Request Manager:
n
Adds sophisticated approval workflows to provisioning requests
n
Automatically tracks software license usage
n
Enforces standardized settings on cloud partitions
This chapter includes the following topics:
n
“Request Manager Components,” on page 7
n
“How Request Manager Uses Network Ports,” on page 11
n
“Preparing to Use Request Manager,” on page 11
n
“Installation Planning Worksheet,” on page 12
n
“Finding More Information,” on page 13
Request Manager Components
Architecture
vCloud
Request Manager layers over the top of vCloud Director and communicates with it primarily through
the vCloud API. In this way, a single instance of vCloud Request Manager can support multiple private clouds
and even public cloud providers, delivering a unified end user portal and request management across a hybrid
cloud.
VMware, Inc. 7
Figure 1-1. High-Level Request Manager Architecture
Figure 1-2. Detailed Request Manager Architecture
Request Manager Installation and Configuration Guide
8 VMware, Inc.
Users
Request Manager users can include the following.
vCloud Administrator
The vCloud Administrator is the administrator responsible for Request
Manager configuration after installation. The administrator is responsible for
assigning
security roles to cloud Blueprint Administrators and Asset Manager
users, troubleshooting workflow tasks that fail to complete because of system
errors, creating or editing workflow tasks to accommodate company-specific
approval processes, and managing integrated sources.
Blueprint Administrator
The Blueprint Administrator manages cloud blueprints, including creating and
editing cloud blueprints. The Blueprint Administrator also manages Provider
CIs, including creating and editing Providers and specifying the vCloud
Director source, provider network, and the vCloud Director for that Provider
CI.
Manager
The users who create private cloud partitions. Users can include development
managers, QA managers, pre-sales managers, and training managers.
Engineer
The users who create individual virtual machines and virtual appliances. Users
can include QA Engineers, pre-sales engineers, developers, trainers, etc.
Asset Managers
The user responsible for registering the available software licenses.
See “Request Manager Roles,” on page 35 for information about Request Manager user roles and permission.
Software Components
Request Manager requires the following software components.
n
An Oracle database.
n
An Active Directory server.
Chapter 1 About vCloud Request Manager
VMware, Inc. 9
n
One or more instances of vCloud Director.
n
A dedicated email account.
Oracle Database
The installation requires access to an Oracle database server that is configured
to meet specific requirements to support Request Manager.
Active Directory Server
Request Manager populates its users by accessing the same Microsoft Active
Directory
domain that is used by vCloud Director. In a default install, Request
Manager's Active Directory server should be located within the same domain
as vCloud Director's. Active Directory integration requires there is an existing
single group or organization unit within the directory to which every user
belongs. For example, Domain Users.
vCloud Director
VMware vCloud Director must be installed (on another server within the
domain) before Request Manager can be configured. An account with vCloud
system administrator privileges must be pre-configured for Request Manager
to use. Request Manager cannot use an account created for a specific vCloud
organization.
Email Server
Request Manager uses an assigned email account on a email server. It connects
to the email server to send emails using SMTP and retrieves emails sent to it
using POP3 or IMAP.
Basic Deployment
The following graphic illustrates the Request Manager, vCloud Director, and Active Directory components
and how they are connected.
Figure 1-3. Request Manager Basic Deployment
Request Manager Installation and Configuration Guide
10 VMware, Inc.
User Interfaces
Request Manager uses the following interfaces:
Request Manager User
Portal
The portal used by engineers and cloud owners to request new clouds and
provision new virtual applications.
VMware Service
Manager
The administration user interface, used by administrators and asset managers
to
manage workflow, forms, email, and connector mappings. Throughout this
document, this interface will be referred to as the Request Manager Admin
Portal.
VMware vCloud Director
Populates Request Manager cloud data and provides the interface, automation,
and management required by enterprises and service providers to build private
and public clouds.
How Request Manager Uses Network Ports
The Request Manager server uses network ports to communicate with vCloud Director, the Oracle database,
and the email server used for incoming and outgoing traffic.
No configuration is required unless the servers or database is not using a default port. In that case, you will
need
to open the port for Request Manager access. If any of these ports are in use by other applications or are
blocked on your network, you must reconfigure Request Manager to use different ones.
The following table lists the default Request Manager port access connections.
Table 1-1. Request Manager Port Access Requirements
Port Number
Direction of Traffic Description
1521 Outgoing Oracle port
25 Outgoing Outbound E-mail server port for SMTP
110 Outgoing Inbound E-mail server port for POP3
143 Outgoing Inbound E-mail server port for IMAP
80 Incoming Inbound HTTP for Request Manager user
80 Outgoing Outbound REST (HTTP) for VMware vCloud Director
389 (non SSL) Outgoing Outbound Active Directory using LDAP
636 (SSL) Outgoing Outbound Active Directory using LDAP over SSL
Preparing to Use Request Manager
Prepare your environment before you install Request Manager.
An environment that is ready for Request Manager includes the following:
n
An Oracle Database 10g or higher (10.2.0.4+) server that is ready for use.
n
Access to a vCloud Director Server that is populated with at least one published catalog.
n
Access to the same Microsoft Active Directory domain that is used by vCloud Director.
n
Roles and permissions are identified for the administrators and users who will install, configure, and
manage Request Manager.
Chapter 1 About vCloud Request Manager
VMware, Inc. 11
Installation Planning Worksheet
Use the deployment planning worksheet to record your choice of server system, database, and optional
components for a production environment.
Component
Considerations Decision
vCloud Director
vCloud Director Determine the vCloud Director server Request Manager will connect
to. The vCloud Director server must be compatible with Request
Manager. See Chapter 2, “Request Manager System Requirements,” on
page 15.
Compatible with
vCloud Director?
vCloud Director URL Determine the URL of the vCloud Director instance to which Request
Manager will connect.
URL?
vCloud Director user
name and password
You must have the administrator user name and password for the
vCloud Director instance to which Request Manager will connect.
vCloud Director requires that the user name must be fully qualified by
vCloud Director organization and that organization must be System.
For example, administrator@system.
Fully-qualified user
name? Password?
vCloud Director User The vCloud Director user must have system wide privileges. System wide
privileges?
Database
Database Server Determine the database Request Manager will use. The database server
must be compatible with Request Manager. See Chapter 2, “Request
Manager System Requirements,” on page 15.
Oracle database
version?
Configure the database The database must be configured before installing Request Manager.
See “Oracle Configuration,” on page 17.
Is the database
configured?
Database TNS The TNS of the database Request Manager will use. Database TNS?
Database user name and
password
You must have the administrator user name and password for the
Oracle database Request Manager will use.
User name?
Password?
DBA Privileges The database user must have the required privileges. See “Oracle
Configuration,” on page 17.
Correct privileges?
Active Directory
Active Directory URL The URL of the Active Directory Request Manager will synchronize
with.
URL?
Active Directory user
name and password.
You must have the administrator user name and password for the
Active Directory Request Manager will use.
User name?
Password?
Email server
Email server for outgoing
mail
Connection information for the email server used for outgoing email. Port number? Host
name?
Email server user name
and password
You must have the user name and password for the email account. User name?
Password?
Email server for
incoming mail
Connection information for the email server used for incoming mail. Port number? Host
name? Protocol?
Network
Port Number
Assignments
Make sure that the default ports used are available for Oracle, vCloud
Director,
and inbound and outbound email servers. See “How Request
Manager Uses Network Ports,” on page 11.
Port numbers used?
Request Manager Installation and Configuration Guide
12 VMware, Inc.
Component Considerations Decision
Request Manager Roles
Users and Roles Identify the users who will be assigned as vCloud Director Admins,
Blueprint Admins, and Asset Manager. See “Request Manager Roles,”
on page 35.
Users and roles?
Finding More Information
You can access all vCloud Request Manager documentation online at
http://www.vmware.com/support/pubs/vrm_pubs.
In addition to this guide, documentation for this product includes the following:
n
The Request Manager 1.0 Release Notes provide product overview and a description of known issues.
n
The VMware
vCloud Request Manager User's Guide provides a product overview and general tasks for end
users.
Chapter 1 About vCloud Request Manager
VMware, Inc. 13
Request Manager Installation and Configuration Guide
14 VMware, Inc.
Request Manager System
Requirements 2
This section includes information on the System Requirements for Request Manager 1.0.0.
This chapter includes the following topics:
n
“System Requirements,” on page 15
n
“Oracle Configuration,” on page 17
n
“Performance and Scalability,” on page 18
n
“Security,” on page 19
System Requirements
Request Manager is compatible with the following VMware releases, servers, browsers, operating systems,
and databases.
vCloud Director
Request Manager requires vCloud Director 1.0.
The following lists the system requirements for vCloud Director.
n
A vCloud Director installation on another server within the domain.
n
An
pre-configured account within vCloud Director with full system administrator privileges. This account
must not belong to a specific vCloud Director organization.
NOTE VMware recommends that this is a dedicated account. Shared accounts are supported, however
assigning a dedicated account enables Request Manager actions to be more clearly distinguished within
vCloud Director.
n
vCloud
Director is configured with at least one published catalog that contains a set of enterprise-approved
vApp templates.
NOTE If there are no published catalogs, users in new clouds will not be able to create new applications.
Microsoft Active Directory
Request
Manager requires Microsoft Active Directory 2003 or 2008. The Request Manager server must belong
to the domain that is administered by the Active Directory server.
VMware, Inc. 15
Request Manager populates its user database by scanning the domain and matching those users to users
defined within vCloud Director. A user must belong to this domain in order to access the Request Manager
User
Portal. Request Manager will only recognize users within vCloud Director who have been imported from
this domain.
The following vCloud Director users will not be recognized by Request Manager:
n
Manually created users; that is users who have not been imported from the domain.
n
Users imported from an alternative domain.
NOTE Request Manager does not support OpenLDAP.
Email Server
Request
Manager requires a dedicated email account. The following lists the system requirements for the email
server.
n
A dedicated email account that is new and not shared with any existing user or application.
n
SMTP to send emails from that account.
n
POP3 or IMAP to receive email notifications sent to that account.
Request Manager Web Server
n
Operating System: Microsoft Server 2008 R2 64-bit
n
Internet Server: IIS 7
n
Hardware: 2.8 GHz CPU and 4 GB RAM
n
Miscellaneous: Microsoft .NET Framework 3.5 SP1
NOTE You can install Request Manager on a physical machine or a virtual machine, as long as it meets these
system requirements.
Request Manager Admin Portal
The Request Manager Admin Portal supports the following operating systems and browsers.
Table 2-1. Request Manager Admin Portal Support
Operating System Browsers
Windows XP SP3 Internet Explorer 7 and 8
Windows Vista Internet Explorer 7 and 8
Windows 7 Internet Explorer 7 and 8
Request Manager User Portal
The Request Manager User Portal supports the following operating systems and browsers.
Table 2-2. Request Manager User Portal Support
Operating System Browsers
Windows XP Internet Explorer 7 and above, Mozilla Firefox 3 and above,
and Chrome 4.0 and above
Windows 7 Internet Explorer 7 and above, Mozilla Firefox 3 and above,
and Chrome 4.0 and above
Request Manager Installation and Configuration Guide
16 VMware, Inc.
Table 2-2. Request Manager User Portal Support
(Continued)
Operating System
Browsers
Mac OS 10 Safari 4.0 and above
iPad Safari 4.0 and above
Supported Database Software
Request
Manager 1.0.0 supports only Oracle Server databases. The following lists the system requirements for
the Request Manager database. See “Oracle Configuration,” on page 17 for more information on database
configuration requirements.
n
2 CPUs
n
At least 50 GB of available disk space
The following lists the Oracle databases supported for use as the Request Manager database.
Table 2-3. Oracle Database Support
Oracle Server Version
Oracle Client Version
Oracle 10g Standard edition, release 2, version 10.2.0.4+, 32bit and 64-bit
10.2.0.4+, 32-bit
Oracle 10g Enterprise edition, release 2, version 10.2.0.4+, 32bit and 64-bit
10.2.0.4+, 32-bit
Oracle 11g Standard edition, release 1, version 11.1.0.7+, 32bit and 64-bit
11.1.0.7+, 32-bit
Oracle 11g Enterprise edition, release 1, version 11.1.0.7+, 32bit and 64-bit
11.1.0.7+, 32-bit
Oracle Configuration
An Oracle Server and Oracle Client must meet specific requirements to support Request Manager.
Oracle Server Configuration
Oracle Server has the following configuration requirements when used as the Request Manager database.
n
Request Manager requires access to an Oracle database server.
n
The character set of that server must be set to UTF-8 to support Unicode (i18n) characters.
n
The Oracle and Request Manager servers must be configured to operate in the same time zone and have
the same server time.
n
Request Manager can share an existing Oracle database server, provided that:
n
The existing server's pre-requisites must meet those of Request Manager.
n
Other applications using the database support the same configuration.
n
Applications must be configured with adequate resources.
NOTE Multiple applications sharing a single Oracle server can compete for server resources. The
Oracle DBA must configure applications to have the resources they need (For example, increase the
connection limit; move databases to separate servers). During heavy loads, some resources may not
be available (For example, the max number of connections may be exceeded) and can result in
application errors.
Chapter 2 Request Manager System Requirements
VMware, Inc. 17
n
The Oracle DBA must configure a new Oracle user with a dedicated schema for Request Manager with
the following minimum privileges:
n
CONNECT
n
CREATE TABLE
n
CREATE PROCEDURE
n
CREATE TRIGGER
n
CREATE TYPE
n
CREATE VIEW
n
The Oracle DBA must set up a TNS configuration to the database on the Request Manager server.
Oracle Client Configuration
The
installation requires the 32-bit edition of the Oracle client software to be present on the Request Manager
server. The 32-bit edition should be used even if the operating system is 64-bit. Request Manager may
experience problems on servers where the 64-bit edition of the client software is installed or has been previously
installed.
Performance and Scalability
This section provides scalability information for sizing.
Scanning LDAP
Scanning large sites can take a long time. The following test data provides some idea of how long scans can
take.
n
First time scans of an Active Directory server with 60,000 users completed in approximately 8 hours.
n
Subsequent scans of the same server (updating only changed records) completed in less than half an hour.
n
Subsequent scans of the same server (updating all records) completed in approximately 8 hours.
LDAP updates are reflected when the next scheduled scan is run.
See “Active Directory,” on page 31 for more information about configuring and synchronizing Active
Directory.
Scanning vCloud Director
Scanning a large number of vApps and resources can take a long time. The following test data provides some
idea of how long scans can take.
Table 2-4. Average Scan Times for vCloud Director Scans
Typical Extreme Time Taken (Extreme)
Organizations per Private Cloud 5 100 3.7 sec/resource
Members per Organization 20 500 0.3 sec/resource
Catalogs per Organization 2 10 0.8 sec/resource
Catalog Items per Catalog 50 100 1.0 sec/resource
Total Running vApp Instances per vCloud Director
Instance
100 5000 2.1 sec/resource
Running vApp Instances per Organization 50 500 2.1 sec/resource
Request Manager Installation and Configuration Guide
18 VMware, Inc.
Based on these average scan times, scanning 100 vApps can take 4 minutes. Scanning 5000 vApps can take 3
hours.
Scan updates are reflected when the next scheduled scan is run. By default, scans are set to run hourly. See
“Create or Modify a vCloud Director Synchronization Schedule,” on page 40.
Request
Manager maintains a cached copy of the data within vCloud Director for better responsiveness. This
cache is populated by scheduled scans and is only as current as the latest scan. An exception is the status display
of each vApp, which is retrieved live from vCloud Director.
NOTE vCloud Director permits consumers of the vCloud API to be logged in for maximum period of 24 hours.
If a scheduled scan of vCloud Director by Request Manager were to take longer than 24 hours, Request
Manager's session would expire and the scan would abort without completing. However, a new scan would
begin shortly after and resume where the previous scan had completed.
Database Sizing
Running
a scan on a large number of vApps and resources can consume a lot of database space. The following
test data provides some idea of how much space.
n
Scanning 30,000 resources consumes approximately 270 MB, or 9.21 KB/resource.
n
A scan of 100 vApps can consume 1 MB. A scan of 5000 vApps can consume 45 MB.
Security
Security certificates must be manually installed.
Security Certificates
Request Manager communicates with vCloud Director over a secure connection with SSL. Optionally, Request
Manager can communicate with the Active Directory server using SSL. Communication over SSL can only
succeed if the Request Manager server is able to trust the certificates utilized by those servers.
A server's certificate will be trusted by the Request Manager server if it meets the following prerequisites:
n
The certificate or the certificate of its issuer must be installed to the Trusted Root Certificate Authorities
store for the local machine. See “Installing a Security Certificate,” on page 20 for directions on how and
where the certificate should be installed.
n
The certificate must be issued to either the host name (fully qualified by domain) of the remote server or
the domain to which it belongs. For example, server1.mydomain.com or mydomain.com. Furthermore, when
connecting via SSL the same fully qualified host name must be specified in the Active Directory Connection
String or the vCloud Director server URL.
n
The certificate be valid and must not have expired.
NOTE If either of the Active Directory or vCloud Director server certificates have not been issued to fully
qualified host name, these certificates will need to be re-issued on those servers by the administrator of those
servers. Please consult the documentation for these products for instructions on how to re-issue these
certificates.
Chapter 2 Request Manager System Requirements
VMware, Inc. 19
Installing a Security Certificate
Request Manager requires a security certificate to connect to VMware vCloud Director. Optionally, Request
Manager
can communicate with the Active Directory server over SSL. In these cases, you must install a security
certificate to ensure successful communication.
Prerequisites
See “Security,” on page 19.
Procedure
1 Open the Control Panel and select Internet Options.
2 Open Internet Options and select Content.
3 Click Certificates.
4 Select Trusted Root Certification Authorities and click Import.
5 Click through the Certificate Import Wizard.
6 At the Certificate Store screen, select Place all certificates in the following store and click Browse.
7 Click Show physical stores.
8 Expand the certificates store and select Local Computer.
9 Click OK.
This closes the window.
10 Complete the wizard.
The security certificate is installed.
What to do next
Continue with the installation of VMware Request Manager.
Security Certificate Warnings
During installation, the Configuration Wizard will attempt to test whether it can establish a connection over
SSL with the specified connection parameters.
If a connection fails, a dialog will be displayed detailing the reasons why the connection could not be trusted
and suggest actions that could be taken to resolve those issues. In addition, the dialog provides options to
inspect and install the certificates issued by the server.
It is strongly advised that you consult with the relevant system administrators before directly installing a
certificate with this dialog to avoid the server trusting compromised connections. It always best practice for
the certificate of a remote server to be manually provided by that server’s administrator rather than
downloaded from the server.
Cookies
The Request Manager portal identifies the existing cookie security settings configured for the Request Manager
server.
The portal stores the transient session ID, but no client sensitive information is stored. The Request Manager
portal does not require a cookie to work. It only provides a mechanism to confirm a user does not attempt to
impersonate another user by borrowing their session ID.
Request Manager Installation and Configuration Guide
20 VMware, Inc.
Installing Request Manager 3
Installation includes running the vCloud Request Manager installation executable, configuring the database,
and configuring the vCloud Director, Active Directory, and email server settings.
This chapter includes the following topics:
n
“Installation Process Overview,” on page 21
n
“Install Request Manager,” on page 21
n
“Configure Request Manager,” on page 22
Installation Process Overview
Understand
the deployment process before you install and configure vCloud Request Manager. An overview
of the initial setup steps required to install vCloud Request Manager includes the following.
Complete the Installation Planning Worksheet. See “Installation Planning Worksheet,” on page 12.
Download and run the installation executable. See “Install Request Manager,” on page 21.
Use the configuration wizard to configure the database, vCloud Director, Active Directory, and email server
settings. See “Configure Request Manager,” on page 22.
Open a browser and log in to Request Manager with the URL: http://<hostname>/portal. See “Access the
Request Manager User Portal,” on page 28.
Install Request Manager
VMware vCloud Request Manager software is distributed as an executable file named
vmware-vcloud-request-manager-
x.x.x-nn
.exe, where x.x.x represents the version number and nn represents
the build number.
Prerequisites
You must understand the installation process and the system requirements before you install Request Manager.
Procedure
1 Right-click the installation file, vmware-vcloud-request-manager-
x.x.x-nn
.exe, and select Run as
administrator.
The User Account Control window displays.
2 Click Yes to authorize the Request Manager application to make changes to your computer.
The InstallShield Wizard window displays and lists the items that are required to be installed on your
computer.
VMware, Inc. 21
Loading...