VMware vFabric Data Director - 2.5 Administrator’s Guide

VMware vFabric Data Director

Administrator and User Guide

vFabric Data Director 2.5

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN- 001078-00

VMware vFabric Data Director Administrator and User Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

About VMware vFabric Data Director Administrator and User Guide 7

VMware vFabric Data Director Overview 9

Data Director System Architecture 9

VMware Data Director Components 10

Data Director User Management Modes 10

About Data Director Administration 11

Data Director Supported Databases 12

Managing Data Director Resources 15

Resource Management Overview 15

Resource Bundles and Resource Pools 16

System Resource Bundle 17

Resource Assignment 17

vSphere Resource Pools and Data Director 18

Viewing Resource Information 20

Create the System Resource Pool 21

Create the System Resource Bundle 22

Monitor Resource Usage 22

Create a Resource Pool 23

Create a Resource Bundle 24

Assign a Resource Bundle to an Organization 25

Perform Advanced Cluster Configuration 26

VMware, Inc.

Managing Users and Roles 27

User Management Overview 27

Authenticating Users 28

Role-Based Access Control 29

Predefined Roles 30

Privileges 31

Propagation of Permissions and Roles 32

Organization Privileges and Permissions 32

Add Users to Your Organization 33

Add Roles to an Organization 33

Grant a Permission to a User 34

Modify Organization Security Settings 34

Building DBVMs and Base DB Templates 37

Database Virtual Machine OVA Files 39

Deploy a DBVM OVA File 39

Build a SLES and Oracle Base Database Virtual Machine 40

VMware vFabric Data Director Administrator and User Guide

Build a Custom RHEL and Oracle Database Template 44

Install the Operating System and Database Software in a Blank DBVM 49

Requirements for the Kickstart File 49

Database Update Configuration 52

Configure a vFabric Postgres Update Chain 53

Update an Oracle Database 54

Managing Organizations 61

Organization Structure 61

Operating Organizations 62

Managing Resources For Organizations 63

Managing Organization Users 64

Create a Data Director Organization 64

Bind a vCloud Director Organization to Data Director 65

IP Whitelists 67

Create an Organization IP Whitelist 67

Apply IP Whitelists to Databases 68

Create Custom IP Whitelists 68

Managing Database Groups 71

Database Group Management Overview 71

Managing Resources for Database Groups 72

Storage Reservation 73

Database Groups and Security 73

Create a Database Group 73

Managing Database Templates 75

Introduction to Database Templates 75

Enable a Base DB Template 76

Create a DB Parameter Group 77

Create a Resource Template 77

Modify a Resource Template 78

Create a Backup Template 79

Modify a Backup Template 80

Managing Databases 83

Database Lifecycle 83

Requirements for Creating Databases 85

Database Creation 86

Using Tags 96

Managing the Organization Catalog 97

Batch Operations and Scheduled Tasks 99

Updating Databases 100

Database Administration 101

Cloning Databases 107

Clone Types 107

4 VMware, Inc.

Cloning Customizations 109

Clone a Database 109

Managing Post-Clone Scripts 113

Managing a Cloned Database Refresh 117

Contents

Managing Database Entities 121

Database Entity Management 121

SQL Management 126

Safeguarding Data 129

Backup Strategies 130

Backup Types 130

Backup Template Settings 132

Preconfigured Backup Templates 133

Select a Database Backup Template 133

Schedule Regular Database Backups 134

Recover a Database 135

Import Backups 136

Use VMware Data Recovery to Back Up Data Director 136

Database End of Life and Backups 138

Perform Point-in-time Recovery of Management Server Database 139

Add Pre-Action and Post-Action Scripts to the DBVM for Selected Agents 139

Monitoring the Data Director Environment 141

Explore Monitoring Customization and Filtering 141

Monitoring for System Administrators 142

Monitoring for Organization Administrators 146

Explore Database Monitoring 150

Working with Alarms 151

About aurora_mon Configuration 153

aurora_mon Configuration Parameters 154

Managing Licenses 159

License Management Overview 159

Counting Data Director Licenses 161

About Evaluation Licenses 161

Add License Keys 162

View License Information 162

View License Usage Information 163

Change the vFabric Postgres Database Usage Type 163

Remove License Keys 164

IP Pool Management 165

Add an IP Pool 165

Edit IP Pool 166

Delete an IP Pool 166

VMware, Inc. 5

VMware vFabric Data Director Administrator and User Guide

VMware vCloud Director Integration 169

Enable vCloud Director Integration in Setup 170

Enable vCloud Director Integration after Setup 170

Edit or Disable vCloud Director Integration 171

Add a vCloud Director Organization Administrator 171

Reconfiguring Data Director Networks 173

Change the vCenter IP Address 173

Reconfigure the Web Console Network Mapping or Network Adapter 174

Reconfigure the vCenter Network Mapping 175

Reconfigure the vCenter Network Adapter Settings 175

Reconfigure the DB Name Service Network or DB Name Service Network Adapter 176

Reconfigure the Internal Network or Internal Network Adapter Mapping 177

Verify Network Settings in Data Director 178

Reconfigure the Database Access Network Used by a Database Group 178

Modify IP Pool Settings 179

Managing SSL Keys and Certificates 181

Regenerate Management Server Key and Certificate 181

Import Management Server Key and Certificate 182

Edit Management Server Certificate 183

Regenerate DB Name Server Key and Certificate 183

Import DB Name Server Key and Certificate 184

Edit DB Name Server Certificate 184

Regenerate DBVM Key and Certificate 185

Import DBVM Key and Certificate 185

Edit DBVM Certificate 186

Data Director Troubleshooting 187

vCenter Server Stops Responding 187

Resource Bundles Become Unusable Because DRS Is Disabled 188

Missing Resource Pool 188

Troubleshooting for SSL Communication 189

Database Cannot Be Connected Using the JDBC Connection String 189

Index 191

6 VMware, Inc.

About VMware vFabric Data Director Administrator and User Guide

The VMware vFabric Data Director Administrator and User Guide describes the features of VMware® vFabric Data Director.

VMware vFabric Data Director is an enterprise class database-as-a-service (DBaaS) solution on VMware vSphere that provides self-service lifecycle management for heterogeneous databases. The solution includes the following features.

Database creation, cloning, backup, and restore.

Flexible, policy-based resource management.

Resource isolation within organizations and within databases.

Security policy implementation through role-based access control.

Database ingestion.

Self-service database lifecycle management enables administrators to create databases, manage schemas, configure backups, perform restores, clone databases for testing and development, scale up database sizes, and decommission databases. Administrators can assign permissions to perform these functions to others, such as application developers, QA (test), and production engineers.

Customizable templates for database configuration and backups simplifies database creation and resource allocation, enabling administrators to control database parameters and enforce resource allocation policies.

Administrators perform the following types of tasks.

Create organizations and database groups.

Allocate resources.

Create database templates.

Create, clone, backup and restore databases.

Monitor the Data Director environment.

Administrators also manage users and roles by assigning various permissions to enable users to perform specific database management tasks.

Intended Audience

This document is for administrators any user to whom an administrator might grant database permissions.

System administrators use this document to learn how to manage and monitor a Data Director environment.

Organization administrators use this document to learn how to manage and monitor database groups and databases.

VMware, Inc.

VMware vFabric Data Director Administrator and User Guide

Application developers use this document to learn how to create, manage and monitor databases.

Application developers, QA and production engineers, and others use this document to learn how to perform functions for which they have been granted permissions.

8 VMware, Inc.

VMware vFabric Data Director

Overview 1

VMware vFabric Data Director is a software solution that powers Database-as-a-service in your cloud. It enables you to implement database-aware virtualization on vSphere and provides self-service lifecycle management for heterogeneous databases.

This chapter includes the following topics:

“Data Director System Architecture,” on page 9

“VMware Data Director Components,” on page 10

“Data Director User Management Modes,” on page 10

“About Data Director Administration,” on page 11

“Data Director Supported Databases,” on page 12

Data Director System Architecture

vFabric Data Director automates deployment, management, and governance of thousands of databases and enables policy-based self-service database management for application developers.

Data Director supports the following databases.

Oracle 11gR2 Enterprise and Standard editions.

Oracle 10gR2 Enterprise and Standard editions.

Microsoft SQL Server 2012 Enterprise and Standard editions.

Microsoft SQL Server 2008 R2 Enterprise and Standard editions.

vFabric Postgres 9.0 and 9.1, a VMware vSphere optimized relational database based on PostgreSQL.

Data Director provides flexible, policy-based resource management at the system level, and isolation at the organization and database level. Data Director system administrators can implement security policies through role-based access control to restrict system access to authorized users. System administrators use database templates to guarantee corporate compliance to standardization, and carry out important database lifecycle management tasks such as provisioning, backup, snapshots, point-in-time recovery, cloning, updating, monitoring, and so on.

Database administrators and authorized users can configure databases by using customizable parameters. Resource and backup templates simplify database creation. After an administrator assigns appropriate permissions, users can create databases and allocate resources to them. Users can schedule backups, perform restores, and clone databases to use in testing and development environments. They can scale up databases according to system needs, and decommission databases when they are no longer required.

VMware, Inc.

VMware vFabric Data Director Administrator and User Guide

VMware Data Director Components

The Data Director hierarchy consists of organizations, each with its own discrete database groups and databases. Currently supported databases include vFabric Postgres, Microsoft SQL Server, and Oracle.

System administrators perform management tasks at the system level, which is the top level of the hierarchy. To edit system-level settings you must have system privileges, but having system privileges does not automatically allow you to make changes at the other levels.

A system can contain multiple organizations, each with multiple database groups. A database group can contain multiple databases. You can create database groups only within organizations. Databases can exist only within database groups.

Figure 1-1. Data Director System Hierarchy

System administrators manage Data Director resources at the system and organization levels. System administrators create resource bundles from vSphere resource pools (CPU and memory resources) and storage and network resources, and allocate one or more resource bundles to each organization.

Organization administrators assign resources from the given resource bundles to database groups for consumption by databases.

Data Director User Management Modes

Data Director user management modes control how users are assigned and managed among different organizations. Data Director has two user management modes: Global mode (for enterprises) and By Organization mode (for service providers). Global user management mode is the default.

User management mode must be set to By Organization for VMware vCloud Director integration. See

“Organization Structure,” on page 61.

By Organization user management mode has the following characteristics.

Organizations are set up as separate, isolated enterprises with no visibility into other organizations.

The Data Director system user list is not visible to organizations.

No organization can see another organization's user list.

Organization administrators send email to invite users to join their organization, or register users directly.

Users can navigate to the Data Director web console URL and register for an account, pending approval from the organization administrator.

10 VMware, Inc.

Global user management mode has the following characteristics.

Organizations are set up as separate departments, business units, or groups within one enterprise, such as a corporation's HR and Finance departments.

All Data Director users are visible to all organizations within Data Director.

Organization administrators grant access to users to the organization or grant access directly from the system user list.

Users can navigate to the Data Director web console URL and register for an account, pending approval from the organization administrator.

About Data Director Administration

Data Director system administrators perform Data Director administration on the system level. Organization administrators perform Data Director administration on the organization level.

You create the initial account for the Data Director system administrator during Data Director setup. That system administrator creates the system resource bundle, base database virtual machines (base DBVMs), and base database templates.

By default, users do not have roles or permissions and cannot access any organizations. Organization administrators assign roles and permissions to users and grant them access to specific organizations.

Chapter 1 VMware vFabric Data Director Overview

System administrators perform system-level operations for Data Director or for an entire organization. System administrators perform the following tasks.

Table 1-1. System-Level Operations

Operation Type Examples

Resource management operations

User and organization management operations

Creating and managing the system resource bundle.

Creating and managing resource bundles.

Creating and managing database virtual machines (DBVMs).

Managing base database templates.

Assigning base database templates to resource bundles.

Assigning resource bundles to organizations.

Creating and managing resource templates.

Creating and managing backup templates.

Creating system users.

Creating system administrators.

Creating organizations.

Creating organization administrators.

Designating existing users as organization administrators.

Organization administrators perform organization-level operations within their organizations. Organization administrators perform the following tasks.

VMware, Inc. 11

VMware vFabric Data Director Administrator and User Guide

Table 1-2. Organization-Level Operations

Operation Type Examples

Resource management operations

User management operations

By default, Data Director system administrators do not have access to organizations. Organization administrators have access to only their own organization. They can create organization users and can grant access to existing Data Director users.

Data Director system administrators can create users, but only organization administrators can grant those users access to organizations.

Creating database groups.

Enabling base database templates in resource bundles.

Creating resource templates.

Creating backup templates.

Allocating resources to database groups within the organization.

Creating and managing organization users.

Granting organization access to existing Data Director users.

Assigning organization roles to users in the organization.

Creating and managing organization roles and granting roles to organization user.

Defining organization permissions and granting permissions to organization users.

Data Director Supported Databases

Data Director supports self-service database provisioning and automation through a web interface and compatible client tools and drivers.

Data Director supports the following databases.

“VMware vFabric Postgres databases,” on page 13

“Oracle databases,” on page 13

“Microsoft SQL Server databases,” on page 13

Database administrators and application developers administer databases within their organizations. Database administration includes the following tasks.

Creating databases and allocating resources to them.

Cloning databases.

Managing database users, roles, privileges, and permissions.

Maintenance such as performing backups and restores.

Scaling up databases.

Updating databases.

Monitoring database usage and performance.

Monitoring database alarms.

Decommissioning databases.

12 VMware, Inc.

Chapter 1 VMware vFabric Data Director Overview

Oracle databases

As a system administrator, you upload, test, and manage the Oracle base database templates that organization administrators, DBAs, and application developers use to create Oracle databases.

The recommended practice for using Oracle with Data Director is to set up a dedicated vSphere ESXi cluster for hosting Oracle resources, including operating system, Oracle database server, and client tools. You create Oracle base database virtual machines (DBVMs) using the dedicated Oracle resources in vSphere, then upload the DBVMs to Data Director to use as database templates.

Data Director supports the following Oracle versions.

Oracle 11gR2 on SUSE, RHEL, or Oracle Linux.

Oracle 10gR2 on SUSE, RHEL, or Oracle Linux.

VMware vFabric Postgres databases

Data Director provides self-service database provisioning and automation with vFabric Postgres databases. vFabric Postgres is built on the open source Postgres database.

vFabric Postgres is compatible with pSQL and the PostgreSQL tools and client drivers. vFabric Postgres databases are fully compliant with ACID and ANSI SQL. The ACID properties, Atomicity, Consistency, Isolation, and Durability, guarantee that database transactions are processed reliably.

For information about the Postgres database features for Data Director, see the Using VMware vFabric Postgres for Data Director.

Microsoft SQL Server databases

As a Data Director system administrator you upload and manage the SQL Server base database templates that organization administrators, DBAs, and application developers use to provision SQL Server databases.

Use SQL Server with Data Director to set up a dedicated vSphere ESXi cluster for hosting SQL Server resources, including operating system, SQL Server database server, and client tools. You create SQL Server base database virtual machines (DBVMs) using the dedicated SQL Server resources in vSphere, and upload the DBVMs to Data Director to use as database templates from which you can provision SQL Server databases.

Data Director supports the following SQL Server versions.

SQL Server 2012 Enterprise and Standard editions.

SQL Server 2008 R2 Enterprise and Standard editions.

Provisioning Support for SQL Server

Data Director supports the creation of a stand-alone SQL Server instance using the default (unnamed) instance name. The default instance name is the same as the host name. You can have only one default instance per virtual machine.

NOTE A SQL Server instance is either a default, unnamed instance, or it is a named instance. When SQL Server is installed as a default instance, it does not require a client to specify the name of the instance to make a connection. The client only has to know the server name.

The Data Director provisioning process prepares and configures the SQL Server software as described in the following list.

The SQL Server DBVM can join an existing Windows domain during provisioning. You must provide a Windows Active Directory credential with sufficient privileges to join the domain. If a SQL Server DBVM joins a domain, Windows authentication is the authentication method. The user-supplied domain account is added to the sysadmin role of the SQL Server instance.

VMware, Inc. 13

VMware vFabric Data Director Administrator and User Guide

If the DBVM does not join a domain, Data Director uses mixed authentication, and prompts for the SQL Server System Administrator (SA) password.

No user databases are created when provisioning within Data Director.

Data Director Support for SQL Server

Data Director supports the creation of new, empty SQL Server databases. To learn more about creating a SQL Server database, see “Create an Empty SQL Server Database,” on page 88.

The following Data Director features are not currently supported.

Database backup and recovery.

Database cloning.

Adding databases to the organization catalog.

Database ingestion.

Use of IP whitelists.

Changing disk size.

DBVM reporting.

Editing database resources.

Adding database owners.

Base DB template validation.

High availability (HA).

Upgrading.

NOTE When using Data Director to monitor and manage SQL Server databases, the user interface controls for the above listed features are not visible in the administration console.

14 VMware, Inc.

Managing Data Director Resources 2

System administrators manage CPU, memory, storage, and networking resources, as well as system-wide database and backup configuration templates. Organization administrators manage resources for database groups and for databases and enable database templates for their organizations.

This chapter includes the following topics:

“Resource Management Overview,” on page 15

“Resource Bundles and Resource Pools,” on page 16

“System Resource Bundle,” on page 17

“Resource Assignment,” on page 17

“vSphere Resource Pools and Data Director,” on page 18

“Viewing Resource Information,” on page 20

“Create the System Resource Pool,” on page 21

“Create the System Resource Bundle,” on page 22

“Monitor Resource Usage,” on page 22

“Create a Resource Pool,” on page 23

“Create a Resource Bundle,” on page 24

“Assign a Resource Bundle to an Organization,” on page 25

“Perform Advanced Cluster Configuration,” on page 26

Resource Management Overview

System administrators allocate resources to organizations. These virtual resources come directly from the physical resources of the cluster on which Data Director runs. Organization administrators assign organization resources to database groups and databases.

A vSphere cluster consists of several ESXi hosts that provide the physical CPU and memory resources for the databases managed by Data Director. As part of installation, you create the cluster and enable vSphere High Availability (HA) and vSphere Distributed Resource Management (DRS) for the cluster. Data Director can take advantage of the vSphere HA and vSphere DRS functionality because Data Director runs on top of the cluster. See the vSphere Availability and the vSphere Resource Management documentation for details.

A Data Director resource bundle includes CPU, memory, storage, and networking resources. The CPU and memory resources come from a resource pool in the vSphere cluster. The storage and networking resources are assigned to Data Director during installation or at a later time. Data Director includes a set of VLANs to carry different types of network traffic.

VMware, Inc.

VMware vFabric Data Director Administrator and User Guide

Data Director provides the following types of resource bundles.

System resource bundle. Data Director system administrators create one system resource bundle at the Data Director system level. In addition to providing virtual resources, the system resource bundle contains the database virtual machines (DBVMs) and base database templates that support creating and provisioning databases. See “System Resource Bundle,” on page 17.

Resource bundle. Data Director system administrators create one or more resource bundles to provide operating resources to organizations.

When system administrators create an organization, they can assign virtual resources to the organization as resource bundles. When organization administrators create a database group, they assign virtual resources to the database group. These virtual resources are backed by the physical resources of one or more clusters. vSphere clusters provide failover protection and support efficient use of physical resources.

System administrators can assign resources when they create an organization (see “Create a Data Director

Organization,” on page 64) or assign resources to an existing organization (see “Assign a Resource Bundle to an Organization,” on page 25). Organization administrators can assign resources when they create a

database group or assign resources to existing database groups.

If you chose the Express installation in the Data Director Setup wizard and enabled Create defaults, a system resource bundle and Default resource bundle is already created. A Default organization and Default database group is also created, and the Default resource bundle is assigned to the Default organization.

To help you specify the resources associated with a database template, Data Director includes a calculator that computes the optimum resource configuration based on the anticipated usage patterns. When you create databases from the template, the specified resources are allocated.

Resource Bundles and Resource Pools

A resource bundle is a set of compatible IT resources for provisioning databases. To assign the appropriate amount of resources to each organization, system administrators create resource bundles and assign them to organizations. System administrators specify a resource pool and storage and networking resources when they create a resource bundle. If Create defaults was selected in Express installation, a Default resource bundle is created and assigned to a Default organization.

Resource Pool

Storage Resources

DB Access Networks

All CPU and memory resources of a resource bundle come from a vSphere resource pool that is created in the vSphere Client with reservation equal to limit. See “Create a Resource Pool,” on page 23.

Each resource bundle includes storage resources for data and storage resources for backup. The storage resources must be visible to all hosts that use the resource bundle.

DB Access Networks provide communication for databases. A DB Access Network corresponds to a vSphere port group. Each network must be visible to all hosts that use the resource bundle. DHCP or IP Pool is required. See

Chapter 15, “IP Pool Management,” on page 165

Selecting one or more DB Access Networks allows you to isolate different database groups from one another, for example, to isolate a QA database group from a Production database group. When no DB Access Networks have been assigned in the environment, select the network that is mapped to the Web Console Network. Do not select internal networks for DB Access Network traffic.

The figure shows how Data Director resources come from vSphere resource pools, datastores, and port groups. When administrators create a resource bundle, the resources are always coming from the underlying vSphere environment.

16 VMware, Inc.

Figure 2-1. Resources in vSphere and Data Director

vSphere

source RPs

source datastores

source port groups

CPU & memory

database

storage

network

backup storage

resource bundle

CPU & memory

database

storage

network

backup storage

Data Director

resource bundle

Chapter 2 Managing Data Director Resources

“Resource Assignment,” on page 17 explains how resource assignment differs for the different levels of the

hierarchy.

System Resource Bundle

The system resource bundle provides CPU, memory, network, and storage resources for the base database virtual machines (base DBVMs) and base database templates that you use to create and provision databases. Each Data Director installation must have one system resource bundle. If you chose Create defaults in the Express installation, a system resource bunde is created automatically.

Data Director system administrators create the system resource bundle before setting up other Data Director entities and populate it with base database templates and base DBVMs.

The Data Director system administrator creates the system resource bundle at the system level. This ensures that the CPU, memory, storage, and networking resources, base database templates, and base DBVMs apply to the entire Data Director platform. The system administrator creates resource bundles and assigns base database templates to them, and assigns the resource bundles to organizations. The organization administrator enables base database templates for use in that organization.

See “Create the System Resource Bundle,” on page 22.

Resource Assignment

Resource assignment differs for organizations, database groups, and databases.

Resource Assignment for Organizations

VMware, Inc. 17

System administrators can assign multiple resource bundles to each organization. System administrators can assign a particular base database template to multiple resource bundles. Organization administrators allocate the resource bundles to database groups and enable base DB templates. When you create databases, they draw on the resources assigned to the database group and the base database templates enabled in the organization. This resource isolation guarantees that different organizations and different database groups have control over their resources.

VMware vFabric Data Director Administrator and User Guide

If you chose the Express installation and enabled Create defaults in the Data Director Setup wizard, a system resource bundle and Default resource bundle are created during setup. A Default organization with a Default database group within that organization is also created, and the Default resource bundle is assigned to the Default organization.

Resource Assignment for Database Groups

When you create a database group, you assign a resource bundle that specifies the resources for that group. You cannot assign more than one resource bundle to one database group. Multiple database groups can share one resource bundle.

When you assign a resource bundle to a database group, you can specify how to allocate each resource.

CPU priority or reservation.

Memory priority or reservation.

Storage allocation.

Storage reservation percentage.

A network for the database group. You cannot divide the network. You can select only one network when you create a database group even if several networks are associated with the resource bundle.

If you do not specify the CPU or memory allocation, Data Director sets the reservation to zero but sets expandable reservations to true. If expandable reservations is set to true, the CPU or memory can expand beyond the specified value.

Resource Assignment for Databases

A database consumes the resources assigned to its database group.

You can specify the number of virtual CPUs, the memory size, and CPU and memory priority for each database that you create.

You cannot specify storage allocation. All databases consume the data and the backup storage allocated to their parent database group. You can specify the size of data or PITR disk of each database.

Each database uses the network assigned to the database group as the DB access network.

vSphere Resource Pools and Data Director

A vSphere resource pool is a logical abstraction for flexible management of CPU and memory resources.You add CPU and memory resources to Data Director resource bundles by adding a vSphere resource pool to the bundle.

Data Director has the following types of resource pools.

Resource Pools for Databases

System Resource Pool

vSphere administrators create one or more resource pools to enable Data Director users to create databases. Resource pools for databases require configuration settings such as DRS and HA enabled, and CPU and memory limits equal to reservation.

There is one system resource pool for one Data Director instance. vSphere administrators can deploy database virtual machine (DBVM) OVA files into the system resource pool at any time. The configuration settings for the system resource pool are different from the configuration settings for database resource pools. You do not have to enable HA, and CPU, and memory limits do not have to equal reservations. The reservation must be greater than 0.

18 VMware, Inc.

Chapter 2 Managing Data Director Resources

You can also enable expandable CPU and memory. See “Create the System

Resource Pool,” on page 21.

CAUTION Data Director can use only resource pools for creating databases if the corresponding cluster is enabled for DRS and HA. Do not disable DRS. If you do, Data Director cannot use the resource pools even if you reenable DRS. See “Resource Bundles Become Unusable Because DRS Is Disabled,” on page 188.

Resource pools allow you to group available CPU and memory resources. You can allocate resources explicitly, or use the resource pool share mechanism. You can hierarchically partition available CPU and memory resources by grouping resource pools into hierarchies. You can allow different organizations access to different resource pools. For example, a QA department might need large amounts of CPU and memory for running tests while the marketing department might require smaller amounts.

Data Director expects you to group the hosts that provide the CPU and memory resources into clusters. Each cluster owns the resources of all hosts. You can create one or more resource pools for the cluster, which has an invisible root resource pool. Each resource pool owns some of the cluster's resources. If necessary, you can create child resource pools. Child resource pools represent successively smaller amounts of CPU and memory.

CAUTION To use Oracle with Data Director, create a cluster specifically for Oracle use. To avoid licensing issues, assign only resources from your dedicated Oracle cluster to organizations that create and provision Oracle databases and DBVMs.

How you allocate CPU and memory resources to database groups differs from how you allocate those resources to databases.

Creating Resource Pools for Databases

You create resource pools for databases by using a vSphere Client connected to a vCenter Server system. Specify the following resource pool settings to ensure that Data Director always receives all of its allocated resources and does not have different amounts of CPU and memory available if the cluster is experiencing a light or a heavy load.

NOTE If you do not configure your resource pool with these settings, problems with resource bundle creation or other Data Director tasks might result. Resource pools with incorrect settings do not appear in the list of available resource pools when you create a resource bundle.

Set the Limit equal to the Reservation.

Set Expandable Reservation to checked or unchecked.

Set Unlimited to unchecked.

After you create the resource pool, you create resource bundles. Each resource bundle uses one resource pool.

If the system never allocates more resources than you reserved, you do not experience resource fluctuations.

If the system does not attempt to allocate more resources than you reserved, you do not experience resource fluctuations.

Data Director requires this setting to avoid a resource bundle taking more than its share of the resource pool.

See “Create a Resource Pool,” on page 23 and “Create a Resource Bundle,” on page 24.

VMware, Inc. 19

VMware vFabric Data Director Administrator and User Guide

Allocating CPU and Memory Resources to Database Groups

When you create a database group and set its CPU and memory allocation, Data Director creates a child resource pool of the resource pool that you select. Data Director configures the resource pool with the allocation that you specify. Having a different resource pool for each database group isolates the database group's allocation and makes different groups independent.

If you specify the CPU and memory allocation, Data Director uses the following settings for the resource pool it creates.

Reservation is set to the value you specify.

Expandable reservation is set to False.

Limit is set to unlimited.

If you do not specify CPU or memory allocation, Data Director uses the following settings for the resource pool it creates.

Reservation is set to 0.

Expandable reservation is set to True, allowing the database group to consume resources as they are available.

Limit is set to unlimited.

Allocating CPU and Memory Resources to Databases

In the Data Director environment, a database is a virtual machine that consumes resources from the database group. You can specify the CPU and memory allocation for the database. Data Director always sets the limit to unlimited.

Viewing Resource Information

Data Director system administrators can view resource usage information for an organization from the Data Director Manage & Monitor tab.

When you log in to Data Director as a system administrator, you can view information about the resource usage of the different organizations and about the resource bundle or resource bundles that are being used by each organization.

The Organizations pane allows you to manage organizations. You can view organization information, assign and unassign resource bundles, delete the organization, and view the organization's properties.

The Resource Bundles pane allows you to view all resource bundles currently created for this instance of Data Director. You can display either allocation information or vCenter Server Object information.

You can click on an item in the heading, such as Organization, to re-sort the table based on that column. Right-click any resource bundle name and choose Properties to see detailed information about each resource bundle.

If you select vCenter Server Objects, Data Director displays the names of resource pools, datastores, and networks that you see in the vSphere Client UI.

The Datastore Usage pane shows datastore usage for the main datastore and the backup datastore. You can see how resource bundles map to datastores and examine storage allocation information for each datastore.

See Chapter 13, “Monitoring the Data Director Environment,” on page 141 for details on using the monitoring interface.

20 VMware, Inc.

Create the System Resource Pool

vSphere administrators create one system resource pool from a vSphere Client connected to a vCenter Server system. vSphere Administrators deploy the Data Director database virtual machine (DBVM) OVAs to the system resource pool.

Prerequisites

Connect to the vCenter Server system by using a vSphere Client. You cannot create resource pools if the client is connected directly to a host.

Verify that you have permissions sufficient to create a resource pool.

Choose a location for the resource pool. Data Director cannot use resource pools at the top level.

See vSphere Resource Management for information about resource pools.

Before you create any resource pools, you must prepare a cluster. You must have at least one host in the cluster. See the vFabric Data Director Installation Guide for information.

Procedure

1 In the vSphere Client, select Home > Inventory > Hosts and Clusters.

2 Select the cluster to which all Data Director hosts have been assigned.

Chapter 2 Managing Data Director Resources

3 Specify the settings for the system resource pool.

Option Description

Name

CPU Shares

CPU Reservation

Expandable Reservation

CPU Limit

Unlimited

Memory Shares

Memory Reservation

Expandable Reservation

Memory Limit

Unlimited

Name of the resource pool.

Leave CPU shares set to Normal.

CPU resources to allocate to this resource pool. Set CPU reservation equal to CPU limit value. Must be greater than 0.

Can be checked or unchecked.

Maximum CPU resources available to this resource pool. Set CPU limit equal to CPU reservation value.

Leave unchecked.

Leave memory shares set to Normal.

Memory resources to allocate to this resource pool. Must be greater than 0.

Can be checked or Unchecked.

Maximum memory resources available to this resource pool. Because this is the system resource pool, limit does not have to equal reservation.

Unchecked.

After the system resource pool is set up, you can deploy Data Director OVA files and point to the system resource pool when you create the Data Director system resource bundle.

What to do next

Create the system resource bundle. See “Create the System Resource Bundle,” on page 22.

VMware, Inc. 21

VMware vFabric Data Director Administrator and User Guide

Create the System Resource Bundle

The system resource bundle resides at the Data Director system level, and enables you to create, test, and run base database virtual machines.

Prerequisites

Create a resource pool to use for allocating CPU and memory resources. See “Create a Resource Pool,” on page 23.

Determine the storage resources that you want to include in the system resource bundle. Plan for storage resources for database storage and resources for backup storage.

Determine the networking resource that you want to include in the system resource bundle. You can assign only one network to the system resource bundle. The networking resource is used by the base DBVMs for building base database templates.

NOTE If you do not configure your resource pool with these settings, you might have problems with system resource bundle creation or other Data Director tasks.

Procedure

1 Log in to Data Director with system administrator privileges.

2 Select System, and click System Settings.

3 ClickSystem Resource Bundle in the left pane.

4 ClickCreate System Resource Bundle

5 Specify the following information about the resource bundle in the wizard.

Wizard screen Action

Name and Description

CPU and Memory

Storage

Networks

Type a name and optional description and click Next.

Select the resource pool from which you want to assign CPU and memory resources and click Next.

Click Edit to select a datastore, and allocate the number of gigabytes to use with Data Director, or allocate all unallocated space. Repeat the process for backup storage.

NOTE Do not select a datastore that is in a datastore cluster.

Select the networks that you want to have available to this resource bundle. These networks provide the public network for the organization's databases. Resource bundles must use a database network when available.

The resource bundle is created.

What to do next

Create a base DBVM. See Chapter 4, “Building DBVMs and Base DB Templates,” on page 37.

Monitor Resource Usage

System administrators can view usage information for resource bundles and datastores and can reassign resource bundles from the Manage & Monitor tab.

The focus of this task is on monitoring, not on changing current settings.

Prerequisites

22 VMware, Inc.

Chapter 2 Managing Data Director Resources

Verify that one or more organizations exist in your environment.

Verify that resource bundles and datastores have been assigned to the organizations.

Procedure

1 In Data Director, click the System tab, and click the Manage & Monitor tab.

The Organizations panel displays resource allocation information about each organization.

2 Click one of the columns, for example Total Memory, to reorder the rows of the table.

3 Click one of the organizations to display resource bundle information for the selected organization.

4 Click Resource Bundles to display the Resource Bundles pane.

5 Click Datastore Usage to display information about available datastores, their capacity, and the allocated

and unallocated storage for each.

6 Click one of the datastores to display the associated resource bundles and their storage allocation.

What to do next

You can change the resource bundle information by clicking the Actions icon and selecting Properties. If properties are dimmed, you do not have permissions to change them.

Create a Resource Pool

You allocate CPU and memory resources to Data Director by creating one or more resource pools from a vSphere Client connected to a vCenter Server system. From the Data Director user interface, you can then assign the resources from those resource pools to database groups and databases.

Before you create the resource pools, you must prepare a cluster. Enable the cluster for HA and DRS, and add all Data Director hosts to the cluster. See the vFabric Data Director Installation Guide for information.

Prerequisites

Connect to the vCenter Server system by using a vSphere Client. You cannot create resource pools if the client is connected directly to a host.

Verify that you have permissions sufficient to create a resource pool.

Choose a location for the resource pool. Data Director cannot use resource pools at the vApp top level. For information about resource pools, see the vSphere Resource Management documentation .

Procedure

1 In the vSphere Client, select Home > Inventory > Hosts and Clusters.

2 Select the cluster to which all Data Director hosts were assigned.

3 Configure the resource pool.

Option Description

Name

CPU Shares

CPU Reservation

Expandable Reservation

CPU Limit

Unlimited

Memory Shares

Memory Reservation

Name of the resource pool.

Do not specify CPU shares. Instead, specify the CPU reservation.

CPU resources to allocate to this resource pool. Must be greater than 0.

Checked or unchecked.

Maximum CPU resources available to this resource pool. Set Limit to be equal to CPU Reservation.

Unchecked.

Do not specify memory shares. Instead, specify a memory reservation.

Memory resources to allocate to this resource pool. Must be greater than 0.

VMware, Inc. 23

VMware vFabric Data Director Administrator and User Guide

Option Description

Expandable Reservation

Memory Limit

Unlimited

After you create and configure the resource pool, you can point to the resource pool when you create the Data Director resource bundle.

What to do next

Create a resource bundle. See “Create a Resource Bundle,” on page 24.

Create a Resource Bundle

Resource bundles allow you to bundle CPU, memory, storage, database template, and networking resources. You create resource bundles using the Data Director user interface.

When you create a resource bundle, the wizard displays only resource pools with a parent cluster that meets the following requirements.

vSphere DRS and vSphere HA are enabled.

Checked or Unchecked.

Maximum memory resources available to this resource pool. Set Limit to be equal to Memory Reservation.

Unchecked.

VM Monitoring is set to VM and Application Monitoring.

VM Restart Priority is not disabled for any of the virtual machines.

Host monitoring and admission control are enabled.

See “Perform Advanced Cluster Configuration,” on page 26 for details on recommended settings.

Prerequisites

Create a resource pool to use for allocating CPU and memory resources. See “Create a Resource Pool,” on page 23.

Decide on the storage resources that you want to include in the resource bundle. Plan for storage resources for database storage and resources for backup storage.

Decide on the database templates (base DB templates) that you want to assign to the resource bundle. Organization users can create and provision databases only when base DB templates are assigned to, and enabled in, an organization's resource bundle(s). You can assign additional base DB templates to resource bundles at any time.

Decide on the networking resources that you want to include in the resource bundle. The resource bundle's networking resources are used for the DB access network for databases in an organization.

NOTE If you do not configure your resource pool with these settings, you might have problems with resource bundle creation or other Data Director tasks.

Procedure

1 Log in to Data Director with system administrator privileges.

2 Select System, and click Manage & Monitor.

3 Click Resource Bundles.

4 Click the plus (+) icon.

24 VMware, Inc.

Chapter 2 Managing Data Director Resources

5 Specify the following information about the resource bundle in the wizard.

Wizard Screen Action

Name and Description

Resource Pool

Storage

Base Database Templates

DB Access Networks

Type a name and optional description and click Next.

Select the resource pool from which you want to assign CPU and memory resources and click Next.

a Click Edit to select a Datastore, and allocate the number of gigabytes to

use with Data Director, or allocate all unallocated space. Repeat the process for backup storage.

NOTE Do not select a datastore that is in a datastore cluster.

b Specify the storage reservation. The default is 100%. The minimum

storage reservation is the lower bound of the storage reservations of database groups created under the resource bundle. System administrators typically use this reserve to control how much storage over allocation can be allotted by organization administrators with this resource bundle. See Chapter 7, “Managing Database Groups,” on page 71 for more information about storage reservation.

Select the base Database templates available in this resource bundle. Users create and provision databases using these templates. You can assign base database templates to resource bundles at any time.

What to do next

System administrators can assign additional base database templates to resource bundles, and allocate the resource bundles to organizations. Organization administrators can assign resources to their database groups.

Assign a Resource Bundle to an Organization

System administrators can assign a resource bundle to an organization when they create an organization. You can also assign a resource bundle to an organization at a later time.

Prerequisites

Procedure

1 Click the Manage & Monitor tab and, click Organizations.

2 Right-click the organization that you want to assign a resource bundle to, and select Assign Resource

Bundle.

3 Select the resource bundle that you want to assign from the list of resource bundles and click OK.

What to do next

System administrators can assign additional base DB templates to the resource bundle. Organization administrators can enable base DB templates for their organizations and create one or more database groups and databases. See Chapter 9, “Managing Databases,” on page 83 and “Create a Database Group,” on page 73.

VMware, Inc. 25

VMware vFabric Data Director Administrator and User Guide

Perform Advanced Cluster Configuration

During installation, you configure the Data Director cluster with vSphere DRS and vSphere HA enabled, and with certain monitoring settings. You can later edit the Data Director cluster configuration to change the monitoring sensitivity for virtual machines.

As part of the installation process, you configure the Data Director cluster. See the vFabric Data Director

Installation Guide. After installation, you can customize the cluster to work in your environment. See the vSphere Availability documentation and the vSphere Resource Management documentation for background information.

Not all changes that you can make to a vSphere cluster are compatible with Data Director. You must make sure that the cluster settings remain compatible with Data Director. Data Director checks the following settings.

DRS must be enabled. DRS automation level can be any of the supported options. Partially automated works best with Data Director in most situations.

HA, host monitoring, and admission control must be enabled.

VM Monitoring is set to VM and Application Monitoring.

If cluster settings are not compatible with Data Director, and if you create a resource pool in the cluster, you cannot import the resource pool to a Data Director resource bundle.

If you change cluster settings from Data Director compatible to Data director incompatible, Data Director displays alerts but does not revert the settings. You must revert the settings to make the cluster compatible again.

CAUTION Do not disable DRS, because you lose all resource pools. Reenabling DRS does not restore the resource pools. See “Resource Bundles Become Unusable Because DRS Is Disabled,” on page 188.

If you customize the HA settings for a virtual machine, and if those settings are not compatible with Data Director, an alert appears. You must make the cluster compatible again.

Prerequisites

Verify that you have log-in privileges and privileges for cluster modification for the vCenter Server system on which the Data Director cluster runs.

Procedure

1 Log in to a vSphere Client that is connected to the vCenter Server on which the Data Director cluster runs.

2 Right-click the cluster and click Edit Settings.

3 Click VM Monitoring.

4 Select the Custom check box and specify custom settings.

These are the lowest acceptable settings. Values can be higher.

Option Description

Failure interval

Minimum uptime

Maximum Per-VM resets

Maximum resets time window

30 seconds

120 seconds

Within 1 hour

5 Click OK.

26 VMware, Inc.

Managing Users and Roles 3

User management controls the users that can log in to Data Director and what they can see and do after they log in.

This chapter includes the following topics:

“User Management Overview,” on page 27

“Authenticating Users,” on page 28

“Role-Based Access Control,” on page 29

“Predefined Roles,” on page 30

“Privileges,” on page 31

“Propagation of Permissions and Roles,” on page 32

“Organization Privileges and Permissions,” on page 32

“Add Users to Your Organization,” on page 33

“Add Roles to an Organization,” on page 33

“Grant a Permission to a User,” on page 34

“Modify Organization Security Settings,” on page 34

User Management Overview

System and organization administrators use a combination of user logins, privileges, permissions, and roles (role-based access control) to manage Data Director users. Role-based access control provides management of users and the tasks that they can perform on objects. You can grant and revoke roles and permissions at the system level, on organizations, and on database groups, databases, and templates within organizations.

Roles are sets of permissions required to perform particular jobs. Jobs are sets of tasks that a user with a particular role is responsible for performing, such as the set of tasks that are the responsibility of a database administrator. System and organization administrators define roles as part of defining security policies, and grant the roles to users. To change the permissions and tasks associated with a particular job, the system or organization administrator updates the role settings. The updated settings take effect for all users associated with the role.

To add a user to a job, the system or organization administrator grants the role to the user.

To remove a user from a job, the system or organization administrator revokes the role from the user. Changes are effective immediately.

VMware, Inc.

User Namespace

Bob

role domain

System

(user) Alliance

DBG DBGDBGDBG

role domain role domain

(user) Benefits

DBAdmin

SysAdmin

DBAdmin

Organization

VMware vFabric Data Director Administrator and User Guide

Roles apply only to the organization in which they are created. For example, an organization administrator creates a database administrator role that includes permission to add and remove database users, start and stop databases, and perform backups for a specific database in that organization. Users that are granted the database administrator role in that organization can perform database administrator tasks only within that organization.

Organization administrators usually manage role and permission assignments for their organizations. However, any user that has the permission to grant and revoke permissions on an object can grant all permissions on that object to any user or any role. Organization administrators can also grant permissions directly to users.

Each user's login account is unique in the system. Managing access, roles, and permissions for each user is based on their user login account. The organization administrator can grant users access to one or more organizations. Within those organizations, each user can be granted multiple roles and permissions.

Users who cannot view or access certain objects or cannot perform certain operations were not granted the permissions to do so.

The following figure illustrates the scope of users and roles in Data Director.

Figure 3-1. Scope of users and roles in Data Director

In the figure, user Bob is logged in to Data Director and has been granted access to the system and to the organization Alliance. Bob is also granted the SysAdmin role at the system level, and the DBAdmin role in the organization Alliance. Bob's SysAdmin role applies to the system level. The SysAdmin role does not propagate to any organizations. The role DBAdmin in organization Alliance and the role DBAdmin in organization Benefits are separate roles that apply only within their organizations. Bob has the DBAdmin role in the Alliance organization but does not have access to the Benefits organization.

Authenticating Users

28 VMware, Inc.

User authentication is based on user login and password.

User login accounts and credentials are unique in Data Director. This enables managing credentials, roles, permissions, and privileges for each user based on the user login account.

Create users and passwords in the following ways.

A system or organization administrator creates the user account and assigns a password.

A user registers for a Data Director account and specifies a password as part of the registration request.

Data Director encrypts the password and stores it with the user information. When the user logs in, that user's credentials are stored in an HTTP session. Data Director uses the credentials to validate that the user is authorized to view organization objects (database groups and databases) and to perform tasks.

Role-Based Access Control

Role-based access control enables system and organization administrators to control user access to Data Director and to control what users can do after they log in. To implement role-based access control, system and organization administrators associate (or revoke) privileges, permissions, and roles with (or from) user login accounts.

Chapter 3 Managing Users and Roles

Users

Privileges

Permissions

Roles

User logins (users) are unique accounts that enable users to access Data Director. They include a password and identifying information such as name, email address, and phone number. Because user login accounts are unique, system and organization administrators can control each user's access and actions by granting or revoking privileges, permissions, and roles to or from the user's login account.

Users can be active or inactive. Inactive users cannot log in.

Privileges control all actions in Data Director. They define the allowable actions within an organization. Privileges apply to particular types of Data Director objects. For example, you can apply the Stop Database privilege to organizations, database groups, and databases and apply the Create Database privilege to organizations and database groups. Privileges by themselves are not associated with specific objects within an organization.

Permissions associate a user and privilege pair with an object in Data Director. Examples are granting a user permission to start or stop a specific database, to modify an organization's backup templates, or to create other users in an organization.

You can grant permissions to users by assigning a role to a user, or by granting permissions directly to the user.

Roles are collections of permissions that can be associated with or granted to users. Roles provide a convenient way to package all the permissions required to perform a job, such as that of database administrator. Roles apply only to the entity in which they are created. If you create a role at the system level, it applies only to the system. If you create a role in an organization, it applies only to the organization. Organizations have no visibility into each others' roles. If two organizations in the same Data Director data cloud each have a role that has the same name, those roles are distinct within each organization.

One user can have multiple roles within an organization. Users can have access to multiple organizations and can have multiple roles in each organization.

A user can have different roles for different objects. For example, if you have two database groups in your organization, DBG1 and DBG2, you can grant the Database Admin role to a particular user on DBG1 and grant that user the DB User role on DBG2. These assignments might allow the user to perform administrative tasks in DBG1, but not in DBG2.

VMware, Inc. 29

VMware vFabric Data Director Administrator and User Guide

Predefined Roles

Data Director provides the predefined roles of system administrator, user administrator, and organization administrator. Predefined roles provide a starting point for administering Data Director users and roles and for defining custom roles. You can also create custom roles.

Organization administrator role

Organization adminstrators manage their organizations. They control which users can access the organizations, how users request access to the organizations, and what those users can see and do within the organization. This role has all privileges on the organization for which it is created. Organization administrators invite users to join the organization, grant access, roles, and permissions to users in the organization, create database groups, and can create databases. You can choose to create an administrator user when you create a new organization, or you can select an existing user as the new organization administrator.

Organization administrators perform all user management tasks within their organizations, including the following.

Add users to organizations, database groups, and databases.

Modify user settings.

Remove users from organizations, database groups, and databases.

Create roles.

Grant privileges and permissions to roles and to individual users.

View users, roles, and permissions granted to users and roles.

Organization administrators can view, grant, and revoke privileges on all objects within their organizations, including database groups, databases, and templates. Privileges include Create Database Groups and Modify Database Configuration Templates.

System administrator role

Template user role

User administrator role

System administrators operate Data Director. The first system administrator user is created during Data Director installation. This role has all system-level privileges, including managing resources for the system and for organizations. System administrators can see, grant, and revoke permissions at the system level. The first system administrator configures Data Director, creates other system administrators and system-level users, and creates initial organizations. System administrators manage users at the system level. By default they do not have access to organizations unless an organization administrator grants access to them.

Template users can use any resource templates and backup templates when creating databases.

The User administrator role manages users at the system level, including creating, editing settings for, and deleting system users.

30 VMware, Inc.

+ 166 hidden pages

VMware vFabric Data Director - 2.5 Administrator’s Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

About VMware vFabric Data Director Administrator and User Guide

Data Director System Architecture

VMware Data Director Components

Data Director User Management Modes

About Data Director Administration

Data Director Supported Databases

Oracle databases

VMware vFabric Postgres databases

Microsoft SQL Server databases

Managing Data Director Resources 2

Resource Management Overview

Resource Bundles and Resource Pools

System Resource Bundle

Resource Assignment

vSphere Resource Pools and Data Director

Viewing Resource Information

Create the System Resource Pool

Create the System Resource Bundle

Monitor Resource Usage

Create a Resource Pool

Create a Resource Bundle

Assign a Resource Bundle to an Organization

Perform Advanced Cluster Configuration

Managing Users and Roles 3

User Management Overview

Authenticating Users

Role-Based Access Control

Predefined Roles