VMware vFabric Data Director - 2.7 Administrator’s Guide

VMware vFabric Data Director

Administrator and User Guide

vFabric Data Director 2.7

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN- 001185-00

VMware vFabric Data Director Administrator and User Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

About VMware vFabric Data Director Administrator and User Guide 9

VMware vFabric Data Director Overview 11

Data Director System Architecture 11

VMware Data Director Components 12

Data Director User Management Modes 12

About Data Director Administration 13

Data Director Supported Databases 14

Managing Data Director Resources 19

Resource Management Overview 19

Resource Bundles and Resource Pools 20

Storage Resources and Data Director 21

System Resource Bundle 22

Resource Assignment 23

vSphere Resource Pools and Data Director 24

Viewing Resource Information 26

Create the System Resource Pool 26

Create the System Resource Bundle 27

Monitor Resource Usage 28

Create a Resource Pool 28

Create a Resource Bundle 29

Assign a Resource Bundle to an Organization 31

Perform Advanced Cluster Configuration 31

VMware, Inc.

Managing Users and Roles 33

User Management Overview 34

Authenticating Users 35

Role-Based Access Control 35

Predefined Roles 36

Privileges 37

Propagation of Permissions and Roles 38

Organization Privileges and Permissions 38

Add Users to Your Organization 39

Add Roles to an Organization 39

Grant a Permission to a User 40

Modify Organization Security Settings 40

About vCenter Single Sign-On 41

Import vCenter Single Sign-On Service Users 42

Remove vCenter Single Sign-On Registration Before Uninstalling vFabric Data Director 43

VMware vFabric Data Director Administrator and User Guide

Building DBVMs and Base DB Templates 45

Database Virtual Machine OVA Files 48

Deploy a DBVM OVA File 48

Disk Configuration for DBVMs and DB Templates 49

Build an Oracle, SQL Server, or Empty Base DBVM 50

Build a MySQL Base DBVM 51

Build an Oracle and SUSE Linux Base DBVM 56

Build an Oracle DBVM with a Custom Linux Operating System 56

Requirements for the Kickstart File 60

Build a Base DBVM with a Custom Operating System 63

Create and Validate a Base DB Template 65

Database Update Configuration 68

Configure a vFabric Postgres Update Chain 69

Update an Oracle Database 70

Managing Organizations 77

Organization Structure 77

Operating Organizations 78

Managing Resources For Organizations 79

Managing Organization Users 80

Create a Data Director Organization 80

Bind a vCloud Director Organization to Data Director 81

IP Whitelists 83

Create an Organization IP Whitelist 83

Apply IP Whitelists to Databases 84

Create Custom IP Whitelists 84

Managing Database Groups 87

Database Group Management Overview 87

Managing Resources for Database Groups 88

Storage Reservation 89

Database Groups and Security 89

Create a Database Group 89

Managing Database Templates 91

Introduction to Database Templates 91

Enable a Base DB Template 92

Create a DB Parameter Group 93

Create a Resource Template 93

Modify a Resource Template 94

Create a Backup Template 95

Modify a Backup Template 96

Managing Databases 99

Database Lifecycle 99

Requirements for Creating Databases 101

4 VMware, Inc.

Database Creation 102

Using Tags 116

Managing the Organization Catalog 117

Batch Operations and Scheduled Tasks 119

Updating Databases 120

Database Administration 121

Contents

Cloning Databases 127

Clone Types 127

Cloning Customizations 129

Clone a Database 129

Managing Post-Clone Scripts 133

Managing a Cloned Database Refresh 137

Managing Database Entities 141

Database Entity Management 141

SQL Management 146

Safeguarding Data 149

Backup Strategies 150

Backup Types 150

Backup Template Settings 152

Preconfigured Backup Templates 153

Select a Database Backup Template 153

Schedule Regular Database Backups 154

Create a Database Snapshot 155

Recover a Database from Backup 156

Import Backups 156

Recover a Database from Last State 157

Use VMware Data Recovery to Back Up Data Director 158

Database End of Life and Backups 160

Perform Point-in-time Recovery of Management Server Database 160

Add Pre-Action and Post-Action Scripts to the DBVM for Selected Agents 161

High Availability and Replication 163

About High Availability in Data Director 163

vPostgres Database Replication 164

Monitoring the Data Director Environment 167

Explore Monitoring Customization and Filtering 167

Monitoring for System Administrators 168

Monitoring for Organization Administrators 172

Explore Database Monitoring 176

Working with Alarms 177

About aurora_mon Configuration 179

aurora_mon Configuration Parameters 180

VMware, Inc. 5

VMware vFabric Data Director Administrator and User Guide

Managing Licenses 185

License Management Overview 185

Counting Data Director Licenses 187

About Evaluation Licenses 187

Add License Keys 188

View License Information 188

View License Usage Information 189

Change the vFabric Postgres Database Usage Type 189

Remove License Keys 190

IP Pool Management 191

Add an IP Pool 191

Edit IP Pool 192

Delete an IP Pool 192

VMware vCloud Director Integration 195

Enable vCloud Director Integration in Setup 196

Enable vCloud Director Integration after Setup 196

Edit or Disable vCloud Director Integration 197

Add a vCloud Director Organization Administrator 197

Reconfiguring Data Director Networks 199

Change the vCenter IP Address 199

Reconfigure the Web Console Network Mapping or Network Adapter 200

Reconfigure the vCenter Network Mapping 201

Reconfigure the vCenter Network Adapter Settings 201

Reconfigure the DB Name Service Network or DB Name Service Network Adapter 202

Reconfigure the Internal Network or Internal Network Adapter Mapping 203

Verify Network Settings in Data Director 204

Reconfigure the Database Access Network Used by a Database Group 204

Modify IP Pool Settings 205

Managing SSL Keys and Certificates 207

Regenerate Management Server Key and Certificate 207

Import Management Server Key and Certificate 208

Edit Management Server Certificate 209

Regenerate DB Name Server Key and Certificate 209

Import DB Name Server Key and Certificate 210

Edit DB Name Server Certificate 210

Regenerate DBVM Key and Certificate 211

Import DBVM Key and Certificate 211

Edit DBVM Certificate 212

Data Director Troubleshooting 213

vCenter Server Stops Responding 213

Disk Usage Exceeds Acceptable Levels 214

Resource Bundles Become Unusable Because DRS Is Disabled 214

Missing Resource Pool 214

6 VMware, Inc.

Troubleshooting for SSL Communication 215

Database Cannot Be Connected Using the JDBC Connection String 216

Unable to Import or Login Users of the Single Sign-On Service 217

Index 219

Contents

VMware, Inc. 7

VMware vFabric Data Director Administrator and User Guide

8 VMware, Inc.

About VMware vFabric Data Director Administrator and User Guide

The VMware vFabric Data Director Administrator and User Guide describes the features of VMware® vFabric Data Director.

VMware vFabric Data Director is an enterprise class database-as-a-service (DBaaS) solution on VMware vSphere that provides self-service lifecycle management for heterogeneous databases. The solution includes the following features.

Database creation, cloning, backup, and restore.

Flexible, policy-based resource management.

Resource isolation within organizations and within databases.

Security policy implementation through role-based access control.

Database ingestion.

Self-service database lifecycle management enables administrators to create databases, manage schemas, configure backups, perform restores, clone databases for testing and development, scale up database sizes, and decommission databases. Administrators can assign permissions to perform these functions to others, such as application developers, QA (test), and production engineers.

Customizable templates for database configuration and backups simplifies database creation and resource allocation, enabling administrators to control database parameters and enforce resource allocation policies.

Administrators perform the following types of tasks.

Create organizations and database groups.

Allocate resources.

Create database templates.

Create, clone, backup and restore databases.

Monitor the Data Director environment.

Administrators also manage users and roles by assigning various permissions to enable users to perform specific database management tasks.

Intended Audience

This document is for administrators any user to whom an administrator might grant database permissions.

System administrators use this document to learn how to manage and monitor a Data Director environment.

Organization administrators use this document to learn how to manage and monitor database groups and databases.

VMware, Inc.

VMware vFabric Data Director Administrator and User Guide

Application developers use this document to learn how to create, manage and monitor databases.

Application developers, QA and production engineers, and others use this document to learn how to perform functions for which they have been granted permissions.

10 VMware, Inc.

VMware vFabric Data Director

Overview 1

VMware vFabric Data Director is a software solution that powers Database-as-a-service in your cloud. It enables you to implement database-aware virtualization on vSphere and provides self-service lifecycle management for heterogeneous databases.

This chapter includes the following topics:

“Data Director System Architecture,” on page 11

“VMware Data Director Components,” on page 12

“Data Director User Management Modes,” on page 12

“About Data Director Administration,” on page 13

“Data Director Supported Databases,” on page 14

Data Director System Architecture

vFabric Data Director automates deployment, management, and governance of thousands of databases and enables policy-based self-service database management for application developers.

Data Director supports the following databases.

Oracle 11gR2 Enterprise and Standard editions.

Oracle 10gR2 Enterprise and Standard editions.

Microsoft SQL Server 2012 Enterprise and Standard editions.

Microsoft SQL Server 2008 R2 Enterprise and Standard editions.

MySQL 5.5.27

vFabric Postgres 9.1 and 9.2.3 a VMware vSphere optimized relational database based on PostgreSQL.

Data Director provides flexible, policy-based resource management at the system level, and isolation at the organization and database level. Data Director system administrators can implement security policies through role-based access control to restrict system access to authorized users. System administrators use database templates to guarantee corporate compliance to standardization, and carry out important database lifecycle management tasks such as provisioning, backup, snapshots, point-in-time recovery, cloning, updating, monitoring, and so on.

Database administrators and authorized users can configure databases by using customizable parameters. Resource and backup templates simplify database creation. After an administrator assigns appropriate permissions, users can create databases and allocate resources to them. Users can schedule backups, perform restores, and clone databases to use in testing and development environments. They can scale up databases according to system needs, and decommission databases when they are no longer required.

VMware, Inc.

VMware vFabric Data Director Administrator and User Guide

VMware Data Director Components

The Data Director hierarchy consists of organizations, each with its own discrete database groups and databases. Currently supported databases include vFabric Postgres, Microsoft SQL Server, and Oracle.

System administrators perform management tasks at the system level, which is the top level of the hierarchy. To edit system-level settings you must have system privileges, but having system privileges does not automatically allow you to make changes at the other levels.

A system can contain multiple organizations, each with multiple database groups. A database group can contain multiple databases. You can create database groups only within organizations. Databases can exist only within database groups.

Figure 1-1. Data Director System Hierarchy

System administrators manage Data Director resources at the system and organization levels. System administrators create resource bundles from vSphere resource pools (CPU and memory resources) and storage and network resources, and allocate one or more resource bundles to each organization.

Organization administrators assign resources from the given resource bundles to database groups for consumption by databases.

Data Director User Management Modes

Data Director user management modes control how users are assigned and managed among different organizations. Data Director has two user management modes: Global mode (for enterprises) and By Organization mode (for service providers). Global user management mode is the default.

User management mode must be set to By Organization for VMware vCloud Director integration. See

“Organization Structure,” on page 77.

By Organization user management mode has the following characteristics.

Organizations are set up as separate, isolated enterprises with no visibility into other organizations.

The Data Director system user list is not visible to organizations.

No organization can see another organization's user list.

Organization administrators send email to invite users to join their organization, or register users directly.

Users can navigate to the Data Director web console URL and register for an account, pending approval from the organization administrator.

12 VMware, Inc.

Global user management mode has the following characteristics.

Organizations are set up as separate departments, business units, or groups within one enterprise, such as a corporation's HR and Finance departments.

All Data Director users are visible to all organizations within Data Director.

Organization administrators grant access to users to the organization or grant access directly from the system user list.

Users can navigate to the Data Director web console URL and register for an account, pending approval from the organization administrator.

About Data Director Administration

Data Director system administrators perform Data Director administration on the system level. Organization administrators perform Data Director administration on the organization level.

You create the initial account for the Data Director system administrator during Data Director setup. That system administrator creates the system resource bundle, base database virtual machines (base DBVMs), and base database templates.

By default, users do not have roles or permissions and cannot access any organizations. Organization administrators assign roles and permissions to users and grant them access to specific organizations.

Chapter 1 VMware vFabric Data Director Overview

System administrators perform system-level operations for Data Director or for an entire organization. System administrators perform the following tasks.

Table 1-1. System-Level Operations

Operation Type Examples

Resource management operations

User and organization management operations

Creating and managing the system resource bundle.

Creating and managing resource bundles.

Creating and managing database virtual machines (DBVMs).

Managing base database templates.

Assigning base database templates to resource bundles.

Assigning resource bundles to organizations.

Creating and managing resource templates.

Creating and managing backup templates.

Creating system users.

Creating system administrators.

Creating organizations.

Creating organization administrators.

Designating existing users as organization administrators.

Organization administrators perform organization-level operations within their organizations. Organization administrators perform the following tasks.

VMware, Inc. 13

VMware vFabric Data Director Administrator and User Guide

Table 1-2. Organization-Level Operations

Operation Type Examples

Resource management operations

User management operations

By default, Data Director system administrators do not have access to organizations. Organization administrators have access to only their own organization. They can create organization users and can grant access to existing Data Director users.

Data Director system administrators can create users, but only organization administrators can grant those users access to organizations.

Creating database groups.

Enabling base database templates in resource bundles.

Creating resource templates.

Creating backup templates.

Allocating resources to database groups within the organization.

Creating and managing organization users.

Granting organization access to existing Data Director users.

Assigning organization roles to users in the organization.

Creating and managing organization roles and granting roles to organization user.

Defining organization permissions and granting permissions to organization users.

Data Director Supported Databases

Data Director supports self-service database provisioning and automation through a web interface and compatible client tools and drivers.

Data Director supports the following databases.

“VMware vFabric Postgres Databases,” on page 15

“Oracle Databases,” on page 15

“Microsoft SQL Server Databases,” on page 15

“MySQL Databases,” on page 17

Database administrators and application developers administer databases within their organizations. Database administration includes the following tasks.

Creating databases and allocating resources to them.

Cloning databases.

Managing database users, roles, privileges, and permissions.

Maintenance such as performing backups and restores.

Scaling up databases.

Updating databases.

Monitoring database usage and performance.

Monitoring database alarms.

Decommissioning databases.

14 VMware, Inc.

Chapter 1 VMware vFabric Data Director Overview

Oracle Databases

As a system administrator, you upload, test, and manage the Oracle base database templates that organization administrators, DBAs, and application developers use to create Oracle databases.

The recommended practice for using Oracle with Data Director is to set up a dedicated vSphere ESXi cluster for hosting Oracle resources, including operating system, Oracle database server, and client tools. You create Oracle base database virtual machines (DBVMs) using the dedicated Oracle resources in vSphere, then upload the DBVMs to Data Director to use as database templates.

Data Director supports the following Oracle versions.

Oracle 11gR2 on SUSE, RHEL, or Oracle Linux.

Oracle 10gR2 on SUSE, RHEL, or Oracle Linux.

VMware vFabric Postgres Databases

Data Director provides self-service database provisioning and automation with vFabric Postgres databases. vFabric Postgres is built on the open source Postgres database.

vFabric Postgres is compatible with pSQL and the PostgreSQL tools and client drivers. vFabric Postgres databases are fully compliant with ACID and ANSI SQL. The ACID properties, Atomicity, Consistency, Isolation, and Durability, guarantee that database transactions are processed reliably.

For information about the Postgres database features for Data Director, see the Using VMware vFabric Postgres for Data Director.

Microsoft SQL Server Databases

As a Data Director system administrator you upload and manage the SQL Server base database templates that organization administrators, DBAs, and application developers use to provision SQL Server databases.

Use SQL Server with Data Director to set up a dedicated vSphere ESXi cluster for hosting SQL Server resources, including operating system, SQL Server database server, and client tools. You create SQL Server base database virtual machines (DBVMs) using the dedicated SQL Server resources in vSphere, and upload the DBVMs to Data Director to use as database templates from which you can provision SQL Server databases.

Data Director supports the following SQL Server versions.

SQL Server 2012 Enterprise and Standard editions.

SQL Server 2008 R2 Enterprise and Standard editions.

About Provisioning SQL Server Databases

Data Director supports the creation of a stand-alone SQL Server instance using the default (unnamed) instance or a named instance. The default instance name is the same as the host name. You can have only one default instance per virtual machine.

NOTE A SQL Server instance is either an unnamed instance or a named instance. When SQL Server is installed as an unnamed instance, it does not require a client to specify the name of the instance to make a connection. The client only has to know the server name. A named instance is identified by the network name of the computer plus the instance name that you specify during installation. The client must specify both the server name and the instance name when connecting. By default, SQL Server installs as an unnamed instance unless you specify an instance name.

VMware, Inc. 15

VMware vFabric Data Director Administrator and User Guide

The Data Director provisioning process prepares and configures the SQL Server software as described in the following list.

The SQL Server DBVM can join an existing Windows domain during provisioning. You must provide a Windows Active Directory credential with sufficient privileges to join the domain. If a SQL Server DBVM joins a domain, Windows authentication is the authentication method. The user-supplied domain account is added to the sysadmin role of the SQL Server instance.

If the DBVM does not join a domain, Data Director uses mixed authentication, and prompts for the SQL Server System Administrator (SA) password.

No user databases are created when provisioning within Data Director.

About SQL Server Snapshot Backups

Data Director supports manually initiated, snapshot backups with SQL Server DBVMs. You cannot use automatic, external, or point-in-time recovery (PITR) backups when using a SQL Server a DBVM.

If you create a snapshot backup of a SQL Server DBVM, then change the configuration properties of the DBVM and try to recover from the now out-of-date (or un-synchronized) snapshot, the virtual machine may become unstable, or the configuration values displayed in the Data Director interface for the SQL Server DBVM may not be accurate.

Also, snapshot backups may decrease the I/O performance of a SQL Server DBVM.

For these reasons VMware recommends that you only use snapshots as a temporary backup solution, and that you maintain them for a limited amount of time. You can use snapshot backups before performing system maintenance, such as applying patches to the operating system or database software, or performing database operations that may cause a loss of data. When you have successfully completed the maintenance or data changing tasks, delete the snapshot backup.

See “Snapshot Backups,” on page 151 and “Create a Database Snapshot,” on page 155.

Data Director Support for SQL Server

You can provision new, empty SQL Server databases using Data Director. To learn more about creating a SQL Server database, see “Create an Empty SQL Server Database,” on page 105.

The following Data Director features are not available for use with SQL Server. When managing SQL Server databases the user interface controls for these features are not available in the Data Director administration console.

Database cloning.

Adding databases to the organization catalog.

Database ingestion.

Use of IP whitelists.

Changing disk size.

DBVM reporting.

Editing database resources.

Adding database owners.

Base DB template validation.

Upgrading.

16 VMware, Inc.

Chapter 1 VMware vFabric Data Director Overview

MySQL Databases

As a Data Director system administrator you upload and manage MySQL base database templates that organization administrators, DBAs, and application developers use to provision MySQL databases.

Use MySQL with Data Director to set up a dedicated vSphere ESXi cluster for hosting MySQL resources, including operating system, MySQL database server, and client tools. You create MySQL base database virtual machines (DBVMs) using the dedicated resources in vSphere, and upload the DBVMs to Data Director to use as database templates from which you can provision MySQL databases.

Data Director supports MySQL Community Edition 5.5.27.

Data Director Support for MySQL

The following Data Director features are not available for use with MySQL. When managing MySQL databases the user interface controls for these features are not available in the Data Director administration console.

Provision a database by ingestion.

Schema only clone.

Import or regenerate SSL keys.

Connection string to identify a DB Name server.

Performance monitoring and database statistics.

Alarms alerting you to MySQL specific thresholds and problems.

Upgrading and patching.

VMware, Inc. 17

VMware vFabric Data Director Administrator and User Guide

18 VMware, Inc.

Managing Data Director Resources 2

System administrators manage CPU, memory, storage, and networking resources, as well as system-wide database and backup configuration templates. Organization administrators manage resources for database groups and for databases and enable database templates for their organizations.

This chapter includes the following topics:

“Resource Management Overview,” on page 19

“Resource Bundles and Resource Pools,” on page 20

“Storage Resources and Data Director,” on page 21

“System Resource Bundle,” on page 22

“Resource Assignment,” on page 23

“vSphere Resource Pools and Data Director,” on page 24

“Viewing Resource Information,” on page 26

“Create the System Resource Pool,” on page 26

“Create the System Resource Bundle,” on page 27

“Monitor Resource Usage,” on page 28

“Create a Resource Pool,” on page 28

“Create a Resource Bundle,” on page 29

“Assign a Resource Bundle to an Organization,” on page 31

“Perform Advanced Cluster Configuration,” on page 31

Resource Management Overview

System administrators allocate resources to organizations. These virtual resources come directly from the physical resources of the cluster on which Data Director runs. Organization administrators assign organization resources to database groups and databases.

A vSphere cluster consists of several ESXi hosts that provide the physical CPU and memory resources for the databases managed by Data Director. As part of installation, you create the cluster and enable vSphere High Availability (HA) and vSphere Distributed Resource Management (DRS) for the cluster. Data Director can take advantage of the vSphere HA and vSphere DRS functionality because Data Director runs on top of the cluster. See the vSphere Availability and the vSphere Resource Management documentation for details.

VMware, Inc.

VMware vFabric Data Director Administrator and User Guide

A Data Director resource bundle includes CPU, memory, storage, and networking resources. The CPU and memory resources come from a resource pool in the vSphere cluster. The storage and networking resources are assigned to Data Director during installation or at a later time. Data Director includes a set of VLANs to carry different types of network traffic.

Data Director provides the following types of resource bundles.

System resource bundle. Data Director system administrators create one system resource bundle at the Data Director system level. In addition to providing virtual resources, the system resource bundle contains the database virtual machines (DBVMs) and base database templates that support creating and provisioning databases. See “System Resource Bundle,” on page 22.

Resource bundle. Data Director system administrators create one or more resource bundles to provide operating resources to organizations.

When system administrators create an organization, they can assign virtual resources to the organization as resource bundles. When organization administrators create a database group, they assign virtual resources to the database group. These virtual resources are backed by the physical resources of one or more clusters. vSphere clusters provide failover protection and support efficient use of physical resources.

System administrators can assign resources when they create an organization (see “Create a Data Director

Organization,” on page 80) or assign resources to an existing organization (see “Assign a Resource Bundle to an Organization,” on page 31). Organization administrators can assign resources when they create a

database group or assign resources to existing database groups.

NOTE If you chose the Express installation in the Data Director Setup wizard and enabled Create defaults, a system resource bundle and Default resource bundle is already created. A Default organization and Default database group is also created, and the Default resource bundle is assigned to the Default organization.

To help you specify the resources associated with a database template, Data Director includes a calculator that computes the optimum resource configuration based on the anticipated usage patterns. When you create databases from the template, the specified resources are allocated.

Resource Bundles and Resource Pools

A resource bundle is a set of compatible IT resources for provisioning databases. To assign the appropriate amount of resources to each organization, system administrators create resource bundles and assign them to organizations.

System administrators specify a resource pool and storage and networking resources when they create a resource bundle.

NOTE If you deployed Data Director using the Express installation, and selected the Create defaults option to specify resources, a Default resource bundle is created and assigned to a Default organization.

Resource Pool

Storage Resources

All CPU and memory resources of a resource bundle come from a vSphere resource pool that is created in the vSphere Client with reservation equal to limit. See “Create a Resource Pool,” on page 28.

Each resource bundle includes storage resources for the operating system, database binary, data, log, and backup storage needs for each database virtual machine that you create. The storage resources must be visible to all hosts that use the resource bundle.

DB Access Networks

DB Access Networks provide communication for databases. A DB Access Network corresponds to a vSphere port group. Each network must be visible to all hosts that use the resource bundle. DHCP or IP Pool is required. See

Chapter 16, “IP Pool Management,” on page 191

20 VMware, Inc.

vSphere

source RPs

source datastores

source port groups

CPU & memory

network

resource bundle

CPU & memory

network

Data Director

resource bundle

storage

data

storage

backup storage

log

storage

data

storage

backup storage

log

storage

Chapter 2 Managing Data Director Resources

Selecting one or more DB Access Networks allows you to isolate different database groups from one another, for example, to isolate a QA database group from a Production database group. When no DB Access Networks have been assigned in the environment, select the network that is mapped to the Web Console Network. Do not select internal networks for DB Access Network traffic.

The figure shows how Data Director resources come from vSphere resource pools, datastores, and port groups. When administrators create a resource bundle, the resources are always coming from the underlying vSphere environment.

Figure 2-1. Resources in vSphere and Data Director

Storage Resources and Data Director

VMware, Inc. 21

“Resource Assignment,” on page 23 explains how resource assignment differs for the different levels of the

hierarchy.

Storage configuration is essential for any successful database deployment, especially in virtual environments where you can consolidate many different database workloads on a single ESXi host. Your storage subsystem should provide sufficient I/O throughput as well as storage capacity to accommodate the cumulative needs of all database virtual machines (DBVMs) running on your ESXi hosts.

Data Director allows you to define virtual disks to which you can map your DBVM's operating system, data, log, and backup disks. You can then map the virtual disks to different datastores using disk provisioning and storage allocations that you specify to improve disk usage, performance, and redundancy. For example, you can create dedicated datastores to service I/O intensive database workloads.

Storage Virtualization Concepts

VMware storage virtualization can be categorized into three layers of storage technology.

The storage array is the bottom layer, consisting of physical disks presented as logical disks in the form of either storage array volumes or logical unit numbers (LUNs) to the layer above.

The next layer is the virtual environment occupied by vSphere. Storage array LUNs are presented to ESXi hosts as datastores and are formatted as VMFS volumes.

VMware vFabric Data Director Administrator and User Guide

Virtual machines consist of virtual disks that are created in the datastores and presented to the guest operating system as disks that can be partitioned and used in file systems.

VMFS is a cluster file system that provides storage virtualization optimized for virtual machines. Each virtual machine is encapsulated in a set of files and VMFS is the default storage system for these files on physical SCSI disks and partitions. VMFS allows multiple ESXi instances to access shared virtual machine storage concurrently. It also enables virtualization-based distributed infrastructure services such as vMotion, DRS, and VMware HA to operate across a cluster of ESXi hosts.

Consolidated Versus Dedicated Datastores

A generally accepted best practice is to create a dedicated datastore if an application has a demanding I/O profile. Databases fall into this category. The creation of dedicated datastores allows you to define individual service level guarantees for different applications, and is analogous to provisioning dedicated LUNs in a physical server environment.

Partition Alignment

Aligning file system partitions is a well-known storage best practice for database workloads. Partition alignment on both physical machines and VMware VMFS partitions prevents I/O performance degradation caused by I/O crossing track boundaries. Using the vSphere Client to create VMFS partitions avoids this problem since, beginning with ESXi 5.0, it automatically aligns VMFS3 or VMFS5 partitions along the 1MB boundary.

When creating partitions VMware recommends the following best practices:

Create VMFS partitions from within vCenter because they are aligned by default

Align the data disk for heavy I/O workloads using diskpart.

Consult with the storage vendor for recommendations on how best to use their hardware in conjunction with your Data Director deployment.

System Resource Bundle

The system resource bundle provides CPU, memory, network, and storage resources for the base database virtual machines (base DBVMs) and base database templates that you use to create and provision databases. Each Data Director installation must have one system resource bundle. If you chose Create defaults in the Express installation, a system resource bunde is created automatically.

Data Director system administrators create the system resource bundle before setting up other Data Director entities and populate it with base database templates and base DBVMs.

The Data Director system administrator creates the system resource bundle at the system level. This ensures that the CPU, memory, storage, and networking resources, base database templates, and base DBVMs apply to the entire Data Director platform. The system administrator creates resource bundles and assigns base database templates to them, and assigns the resource bundles to organizations. The organization administrator enables base database templates for use in that organization.

See “Create the System Resource Bundle,” on page 27.

22 VMware, Inc.

Resource Assignment

Resource assignment differs for organizations, database groups, and databases.

Resource Assignment for Organizations

System administrators can assign multiple resource bundles to each organization. System administrators can assign a particular base database template to multiple resource bundles. Organization administrators allocate the resource bundles to database groups and enable base DB templates. When you create databases, they draw on the resources assigned to the database group and the base database templates enabled in the organization. This resource isolation guarantees that different organizations and different database groups have control over their resources.

If you chose the Express installation and enabled Create defaults in the Data Director Setup wizard, a system resource bundle and Default resource bundle are created during setup. A Default organization with a Default database group within that organization is also created, and the Default resource bundle is assigned to the Default organization.

Resource Assignment for Database Groups

When you create a database group, you assign a resource bundle that specifies the resources for that group. You cannot assign more than one resource bundle to one database group. Multiple database groups can share one resource bundle.

Chapter 2 Managing Data Director Resources

When you assign a resource bundle to a database group, you can specify how to allocate each resource.

CPU priority or reservation.

Memory priority or reservation.

Storage allocation.

Storage reservation percentage.

A network for the database group. You cannot divide the network. You can select only one network when you create a database group even if several networks are associated with the resource bundle.

If you do not specify the CPU or memory allocation, Data Director sets the reservation to zero but sets expandable reservations to true. If expandable reservations is set to true, the CPU or memory can expand beyond the specified value.

Resource Assignment for Databases

A database consumes the resources assigned to its database group.

You can specify the number of virtual CPUs, the memory size, and CPU and memory priority for each database that you create.

You cannot specify storage allocation. All databases consume the data and the backup storage allocated to their parent database group. You can specify the size of data or PITR disk of each database.

Each database uses the network assigned to the database group as the DB access network.

VMware, Inc. 23

VMware vFabric Data Director Administrator and User Guide

vSphere Resource Pools and Data Director

A vSphere resource pool is a logical abstraction for flexible management of CPU and memory resources.You add CPU and memory resources to Data Director resource bundles by adding a vSphere resource pool to the bundle.

Data Director has the following types of resource pools.

Resource Pools for Databases

System Resource Pool

CAUTION Data Director can use only resource pools for creating databases if the corresponding cluster is enabled for DRS and HA. Do not disable DRS. If you do, Data Director cannot use the resource pools even if you reenable DRS. See “Resource Bundles Become Unusable Because DRS Is Disabled,” on page 214.

Resource pools allow you to group available CPU and memory resources. You can allocate resources explicitly, or use the resource pool share mechanism. You can hierarchically partition available CPU and memory resources by grouping resource pools into hierarchies. You can allow different organizations access to different resource pools. For example, a QA department might need large amounts of CPU and memory for running tests while the marketing department might require smaller amounts.

Data Director expects you to group the hosts that provide the CPU and memory resources into clusters. Each cluster owns the resources of all hosts. You can create one or more resource pools for the cluster, which has an invisible root resource pool. Each resource pool owns some of the cluster's resources. If necessary, you can create child resource pools. Child resource pools represent successively smaller amounts of CPU and memory.

vSphere administrators create one or more resource pools to enable Data Director users to create databases. Resource pools for databases require configuration settings such as DRS and HA enabled, and CPU and memory limits equal to reservation.

There is one system resource pool for one Data Director instance. vSphere administrators can deploy database virtual machine (DBVM) OVA files into the system resource pool at any time. The configuration settings for the system resource pool are different from the configuration settings for database resource pools. You do not have to enable HA, and CPU, and memory limits do not have to equal reservations. The reservation must be greater than 0.

You can also enable expandable CPU and memory. See “Create the System

Resource Pool,” on page 26.

CAUTION To use Oracle with Data Director, create a cluster specifically for Oracle use. To avoid licensing issues, assign only resources from your dedicated Oracle cluster to organizations that create and provision Oracle databases and DBVMs.

How you allocate CPU and memory resources to database groups differs from how you allocate those resources to databases.

24 VMware, Inc.

Chapter 2 Managing Data Director Resources

Creating Resource Pools for Databases

You create resource pools for databases by using a vSphere Client connected to a vCenter Server system. Specify the following resource pool settings to ensure that Data Director always receives all of its allocated resources and does not have different amounts of CPU and memory available if the cluster is experiencing a light or a heavy load.

NOTE If you do not configure your resource pool with these settings, problems with resource bundle creation or other Data Director tasks might result. Resource pools with incorrect settings do not appear in the list of available resource pools when you create a resource bundle.

Set the Limit equal to the Reservation.

Set Expandable Reservation to checked

If the system never allocates more resources than you reserved, you do not experience resource fluctuations.

If the system does not attempt to allocate more resources than you reserved, you do not experience resource fluctuations.

or unchecked.

Set Unlimited to unchecked.

Data Director requires this setting to avoid a resource bundle taking more than its share of the resource pool.

After you create the resource pool, you create resource bundles. Each resource bundle uses one resource pool.

See “Create a Resource Pool,” on page 28 and “Create a Resource Bundle,” on page 29.

Allocating CPU and Memory Resources to Database Groups

When you create a database group and set its CPU and memory allocation, Data Director creates a child resource pool of the resource pool that you select. Data Director configures the resource pool with the allocation that you specify. Having a different resource pool for each database group isolates the database group's allocation and makes different groups independent.

If you specify the CPU and memory allocation, Data Director uses the following settings for the resource pool it creates.

Reservation is set to the value you specify.

Expandable reservation is set to False.

Limit is set to unlimited.

If you do not specify CPU or memory allocation, Data Director uses the following settings for the resource pool it creates.

Reservation is set to 0.

Expandable reservation is set to True, allowing the database group to consume resources as they are available.

Limit is set to unlimited.

Allocating CPU and Memory Resources to Databases

In the Data Director environment, a database is a virtual machine that consumes resources from the database group. You can specify the CPU and memory allocation for the database. Data Director always sets the limit to unlimited.

VMware, Inc. 25

VMware vFabric Data Director Administrator and User Guide

Viewing Resource Information

Data Director system administrators can view resource usage information for an organization from the Data Director Manage & Monitor tab.

When you log in to Data Director as a system administrator, you can view information about the resource usage of the different organizations and about the resource bundle or resource bundles that are being used by each organization.

The Organizations pane allows you to manage organizations. You can view organization information, assign and unassign resource bundles, delete the organization, and view the organization's properties.

The Resource Bundles pane allows you to view all resource bundles currently created for this instance of Data Director. You can display either allocation information or vCenter Server Object information.

You can click on an item in the heading, such as Organization, to re-sort the table based on that column. Right-click any resource bundle name and choose Properties to see detailed information about each resource bundle.

If you select vCenter Server Objects, Data Director displays the names of resource pools, datastores, and networks that you see in the vSphere Client UI.

The Datastore Usage pane shows datastore usage for the main datastore and the backup datastore. You can see how resource bundles map to datastores and examine storage allocation information for each datastore.

See Chapter 14, “Monitoring the Data Director Environment,” on page 167 for details on using the monitoring interface.

Create the System Resource Pool

vSphere administrators create one system resource pool from a vSphere Client connected to a vCenter Server system. vSphere Administrators deploy the Data Director database virtual machine (DBVM) OVAs to the system resource pool.

Prerequisites

Connect to the vCenter Server system by using a vSphere Client. You cannot create resource pools if the client is connected directly to a host.

Verify that you have permissions sufficient to create a resource pool.

Choose a location for the resource pool. Data Director cannot use resource pools at the top level.

See vSphere Resource Management for information about resource pools.

Before you create any resource pools, you must prepare a cluster. You must have at least one host in the cluster. See the vFabric Data Director Installation Guide for information.

Procedure

1 In the vSphere Client, select Home > Inventory > Hosts and Clusters.

2 Select the cluster to which all Data Director hosts have been assigned.

3 Specify the settings for the system resource pool.

Option Description

Name

CPU Shares

CPU Reservation

26 VMware, Inc.

Name of the resource pool.

Leave CPU shares set to Normal.

CPU resources to allocate to this resource pool. Set CPU reservation equal to CPU limit value. Must be greater than 0.

Option Description

Expandable Reservation

CPU Limit

Unlimited

Memory Shares

Memory Reservation

Expandable Reservation

Memory Limit

Unlimited

Can be checked or unchecked.

Maximum CPU resources available to this resource pool. Set CPU limit equal to CPU reservation value.

Leave unchecked.

Leave memory shares set to Normal.

Memory resources to allocate to this resource pool. Must be greater than 0.

Can be checked or Unchecked.

Maximum memory resources available to this resource pool. Because this is the system resource pool, limit does not have to equal reservation.

Unchecked.

After the system resource pool is set up, you can deploy Data Director OVA files and point to the system resource pool when you create the Data Director system resource bundle.

What to do next

Create the system resource bundle. See “Create the System Resource Bundle,” on page 27.

Create the System Resource Bundle

Chapter 2 Managing Data Director Resources

The system resource bundle resides at the Data Director system level, and enables you to create, test, and run base database virtual machines.

Prerequisites

Create a resource pool to use for allocating CPU and memory resources. See “Create a Resource Pool,” on page 28.

Determine the storage resources that you want to include in the system resource bundle. Plan for storage resources for database storage and resources for backup storage.

Determine the networking resource that you want to include in the system resource bundle. You can assign only one network to the system resource bundle. The networking resource is used by the base DBVMs for building base database templates.

NOTE If you do not configure your resource pool with these settings, you might have problems with system resource bundle creation or other Data Director tasks.

Procedure

1 Log in to Data Director with system administrator privileges.

2 Select System, and click System Settings.

3 Click System Resource Bundle in the left pane.

4 Click Create System Resource Bundle

5 Specify the following information about the resource bundle in the wizard.

Wizard screen Action

Name and Description

CPU and Memory

VMware, Inc. 27

Type a name and optional description and click Next.

Select the resource pool from which you want to assign CPU and memory resources and click Next.

VMware vFabric Data Director Administrator and User Guide

Wizard screen Action

Storage

Networks

The resource bundle is created.

What to do next

Create a base DBVM. See Chapter 4, “Building DBVMs and Base DB Templates,” on page 45.

Monitor Resource Usage

System administrators can view usage information for resource bundles and datastores and can reassign resource bundles from the Manage & Monitor tab.

The focus of this task is on monitoring, not on changing current settings.

Prerequisites

Click Edit to select a datastore, and allocate the number of gigabytes to use with Data Director, or allocate all unallocated space. Repeat the process for backup storage.

NOTE Do not select a datastore that is in a datastore cluster.

Select the networks that you want to have available to this resource bundle. These networks provide the public network for the organization's databases. Resource bundles must use a database network when available.

Verify that one or more organizations exist in your environment.

Verify that resource bundles and datastores have been assigned to the organizations.

Procedure

1 In Data Director, click the System tab, and click the Manage & Monitor tab.

The Organizations panel displays resource allocation information about each organization.

2 Click one of the columns, for example Total Memory, to reorder the rows of the table.

3 Click one of the organizations to display resource bundle information for the selected organization.

4 Click Resource Bundles to display the Resource Bundles pane.

5 Click Datastore Usage to display information about available datastores, their capacity, and the allocated

and unallocated storage for each.

6 Click one of the datastores to display the associated resource bundles and their storage allocation.

What to do next

You can change the resource bundle information by clicking the Actions icon and selecting Properties. If properties are dimmed, you do not have permissions to change them.

Create a Resource Pool

You allocate CPU and memory resources to Data Director by creating one or more resource pools from a vSphere Client connected to a vCenter Server system. From the Data Director user interface, you can then assign the resources from those resource pools to database groups and databases.

Before you create the resource pools, you must prepare a cluster. Enable the cluster for HA and DRS, and add all Data Director hosts to the cluster. See the vFabric Data Director Installation Guide for information.

28 VMware, Inc.

Chapter 2 Managing Data Director Resources

Prerequisites

Connect to the vCenter Server system by using a vSphere Client. You cannot create resource pools if the client is connected directly to a host.

Verify that you have permissions sufficient to create a resource pool.

Choose a location for the resource pool. Data Director cannot use resource pools at the vApp top level. For information about resource pools, see the vSphere Resource Management documentation .

Procedure

1 In the vSphere Client, select Home > Inventory > Hosts and Clusters.

2 Select the cluster to which all Data Director hosts were assigned.

3 Configure the resource pool.

Option Description

Name

CPU Shares

CPU Reservation

Expandable Reservation

CPU Limit

Unlimited

Memory Shares

Memory Reservation

Expandable Reservation

Memory Limit

Unlimited

Name of the resource pool.

Do not specify CPU shares. Instead, specify the CPU reservation.

CPU resources to allocate to this resource pool. Must be greater than 0.

Checked or unchecked.

Maximum CPU resources available to this resource pool. Set Limit to be equal to CPU Reservation.

Unchecked.

Do not specify memory shares. Instead, specify a memory reservation.

Memory resources to allocate to this resource pool. Must be greater than 0.

Checked or Unchecked.

Maximum memory resources available to this resource pool. Set Limit to be equal to Memory Reservation.

Unchecked.

After you create and configure the resource pool, you can point to the resource pool when you create the Data Director resource bundle.

What to do next

Create a resource bundle. See “Create a Resource Bundle,” on page 29.

Create a Resource Bundle

Resource bundles allow you to bundle CPU, memory, storage, database template, and networking resources. You create resource bundles using the Data Director user interface.

When you create a resource bundle, the wizard displays only resource pools with a parent cluster that meets the following requirements.

vSphere DRS and vSphere HA are enabled.

VM Monitoring is set to VM and Application Monitoring.

VM Restart Priority is not disabled for any of the virtual machines.

Host monitoring and admission control are enabled.

See “Perform Advanced Cluster Configuration,” on page 31 for details on recommended settings.

VMware, Inc. 29

VMware vFabric Data Director Administrator and User Guide

Prerequisites

Create a resource pool to use for allocating CPU and memory resources. See “Create a Resource Pool,” on page 28.

Decide on the storage resources that you want to include in the resource bundle. Plan storage resources for database storage, backup storage, and log storage. For more information on storage types, and how they relate to the disk mappings you create for the DBVMs and DB templates, see “Disk Configuration

for DBVMs and DB Templates,” on page 49.

Decide on the database templates (base DB templates) that you want to assign to the resource bundle. Organization users can create and provision databases only when base DB templates are assigned to, and enabled in, an organization's resource bundle(s). You can assign additional base DB templates to resource bundles at any time.

Decide on the networking resources that you want to include in the resource bundle. The resource bundle's networking resources are used for the DB access network for databases in an organization.

NOTE If you do not configure your resource pool with these settings, you might have problems with resource bundle creation or other Data Director tasks.

Procedure

1 Log in to Data Director with system administrator privileges.

2 Select System, and click Manage & Monitor.

3 Click Resource Bundles.

4 Click the plus (+) icon.

5 Specify the following information about the resource bundle in the wizard.

Wizard Screen Action

Name and Description

Resource Pool

Storage Allocation

Type a name and optional description.

a Select the resource pool from which you want to assign CPU and

memory resources.

b (Optional) Select the VM DRS Group checkbox, and then select the DRS

Group to assign to the resource bundle from the drop-down menu.

a Click the checkbox next to the name of the datastore whose storage you

want to allocate, and specify the number of gigabytes to use with Data Director, or allocate all unallocated space.

NOTE Do not select a datastore that is in a datastore cluster.

b Select a storage type to assign to the selected datastore. The available

storage types are: OS (operating system), Backup, Data, and Log.

You can only assign the OS and Backup storage types to a single datastore within a given resource bundle. Once you assign the OS and Backup storage types to a datastore, they are not available to assign to another datastore within that resource bundle, and are removed from the list of available storage types.

You can assign the Data and Log storage types to multiple datastores within the same resource bundle.

c Specify the storage reservation. The default is 100%. The minimum

storage reservation is the lower bound of the storage reservations of database groups created under the resource bundle. System administrators typically use this reserve to control how much storage over allocation can be allotted by organization administrators with this resource bundle. See Chapter 7, “Managing Database Groups,” on page 87 for more information about storage reservation.

30 VMware, Inc.

Wizard Screen Action

Base Database Templates

DB Access Networks

Select the base Database templates available in this resource bundle. Users create and provision databases using these templates. You can assign base database templates to resource bundles at any time.

What to do next

System administrators can assign additional base database templates to resource bundles, and allocate the resource bundles to organizations. Organization administrators can assign resources to their database groups.

Assign a Resource Bundle to an Organization

System administrators can assign a resource bundle to an organization when they create an organization. You can also assign a resource bundle to an organization at a later time.

Prerequisites

Procedure

Chapter 2 Managing Data Director Resources

1 Click the Manage & Monitor tab and, click Organizations.

2 Right-click the organization that you want to assign a resource bundle to, and select Assign Resource

Bundle.

3 Select the resource bundle that you want to assign from the list of resource bundles and click OK.

What to do next

System administrators can assign additional base DB templates to the resource bundle. Organization administrators can enable base DB templates for their organizations and create one or more database groups and databases. See Chapter 9, “Managing Databases,” on page 99 and “Create a Database Group,” on page 89.

Perform Advanced Cluster Configuration

During installation, you configure the Data Director cluster with vSphere DRS and vSphere HA enabled, and with certain monitoring settings. You can later edit the Data Director cluster configuration to change the monitoring sensitivity for virtual machines.

As part of the installation process, you configure the Data Director cluster. See the vFabric Data Director

Installation Guide. After installation, you can customize the cluster to work in your environment. See the vSphere Availability documentation and the vSphere Resource Management documentation for background information.

Not all changes that you can make to a vSphere cluster are compatible with Data Director. You must make sure that the cluster settings remain compatible with Data Director. Data Director checks the following settings.

DRS must be enabled. DRS automation level can be any of the supported options. Partially automated works best with Data Director in most situations.

HA, host monitoring, and admission control must be enabled.

VM Monitoring is set to VM and Application Monitoring.

If cluster settings are not compatible with Data Director, and if you create a resource pool in the cluster, you cannot import the resource pool to a Data Director resource bundle.

VMware, Inc. 31

VMware vFabric Data Director Administrator and User Guide

If you change cluster settings from Data Director compatible to Data director incompatible, Data Director displays alerts but does not revert the settings. You must revert the settings to make the cluster compatible again.

CAUTION Do not disable DRS, because you lose all resource pools. Reenabling DRS does not restore the resource pools. See “Resource Bundles Become Unusable Because DRS Is Disabled,” on page 214.

If you customize the HA settings for a virtual machine, and if those settings are not compatible with Data Director, an alert appears. You must make the cluster compatible again.

Prerequisites

Verify that you have log-in privileges and privileges for cluster modification for the vCenter Server system on which the Data Director cluster runs.

Procedure

1 Log in to a vSphere Client that is connected to the vCenter Server on which the Data Director cluster runs.

2 Right-click the cluster and click Edit Settings.

3 Click VM Monitoring.

4 Select the Custom check box and specify custom settings.

These are the lowest acceptable settings. Values can be higher.

Option Description

Failure interval

Minimum uptime

Maximum Per-VM resets

Maximum resets time window

30 seconds

120 seconds

Within 1 hour

5 Click OK.

32 VMware, Inc.

Managing Users and Roles 3

User management controls the users that can log in to Data Director and what they can see and do after they log in.

This chapter includes the following topics:

“User Management Overview,” on page 34

“Authenticating Users,” on page 35

“Role-Based Access Control,” on page 35

“Predefined Roles,” on page 36

“Privileges,” on page 37

“Propagation of Permissions and Roles,” on page 38

“Organization Privileges and Permissions,” on page 38

“Add Users to Your Organization,” on page 39

“Add Roles to an Organization,” on page 39

“Grant a Permission to a User,” on page 40

VMware, Inc.

“Modify Organization Security Settings,” on page 40

“About vCenter Single Sign-On,” on page 41

“Register vFabric Data Director with the vCenter Single Sign-On Service,” on page 41

“Import vCenter Single Sign-On Service Users,” on page 42

“Remove vCenter Single Sign-On Registration Before Uninstalling vFabric Data Director,” on

page 43

User Namespace

Bob

role domain

System

(user) Alliance

DBG DBGDBGDBG

role domain role domain

(user) Benefits

DBAdmin

SysAdmin

DBAdmin

Organization

VMware vFabric Data Director Administrator and User Guide

User Management Overview

System and organization administrators use a combination of user logins, privileges, permissions, and roles (role-based access control) to manage Data Director users. Role-based access control provides management of users and the tasks that they can perform on objects. You can grant and revoke roles and permissions at the system level, on organizations, and on database groups, databases, and templates within organizations.

Roles are sets of permissions required to perform particular jobs. Jobs are sets of tasks that a user with a particular role is responsible for performing, such as the set of tasks that are the responsibility of a database administrator. System and organization administrators define roles as part of defining security policies, and grant the roles to users. To change the permissions and tasks associated with a particular job, the system or organization administrator updates the role settings. The updated settings take effect for all users associated with the role.

To add a user to a job, the system or organization administrator grants the role to the user.

To remove a user from a job, the system or organization administrator revokes the role from the user. Changes are effective immediately.

Roles apply only to the organization in which they are created. For example, an organization administrator creates a database administrator role that includes permission to add and remove database users, start and stop databases, and perform backups for a specific database in that organization. Users that are granted the database administrator role in that organization can perform database administrator tasks only within that organization.

Organization administrators usually manage role and permission assignments for their organizations. However, any user that has the permission to grant and revoke permissions on an object can grant all permissions on that object to any user or any role. Organization administrators can also grant permissions directly to users.

Each user's login account is unique in the system. Managing access, roles, and permissions for each user is based on their user login account. The organization administrator can grant users access to one or more organizations. Within those organizations, each user can be granted multiple roles and permissions.

Users who cannot view or access certain objects or cannot perform certain operations were not granted the permissions to do so.

The following figure illustrates the scope of users and roles in Data Director.

Figure 3-1. Scope of users and roles in Data Director

34 VMware, Inc.

In the figure, user Bob is logged in to Data Director and has been granted access to the system and to the organization Alliance. Bob is also granted the SysAdmin role at the system level, and the DBAdmin role in the organization Alliance. Bob's SysAdmin role applies to the system level. The SysAdmin role does not propagate to any organizations. The role DBAdmin in organization Alliance and the role DBAdmin in organization Benefits are separate roles that apply only within their organizations. Bob has the DBAdmin role in the Alliance organization but does not have access to the Benefits organization.

Authenticating Users

User authentication is based on user login and password.

User login accounts and credentials are unique in Data Director. This enables managing credentials, roles, permissions, and privileges for each user based on the user login account.

Create users and passwords in the following ways.

A system or organization administrator creates the user account and assigns a password.

A user registers for a Data Director account and specifies a password as part of the registration request.

Data Director encrypts the password and stores it with the user information. When the user logs in, that user's credentials are stored in an HTTP session. Data Director uses the credentials to validate that the user is authorized to view organization objects (database groups and databases) and to perform tasks.

Chapter 3 Managing Users and Roles

Role-Based Access Control

Role-based access control enables system and organization administrators to control user access to Data Director and to control what users can do after they log in. To implement role-based access control, system and organization administrators associate (or revoke) privileges, permissions, and roles with (or from) user login accounts.

Users

Privileges

Permissions

User logins (users) are unique accounts that enable users to access Data Director. They include a password and identifying information such as name, email address, and phone number. Because user login accounts are unique, system and organization administrators can control each user's access and actions by granting or revoking privileges, permissions, and roles to or from the user's login account.

Users can be active or inactive. Inactive users cannot log in.

Privileges control all actions in Data Director. They define the allowable actions within an organization. Privileges apply to particular types of Data Director objects. For example, you can apply the Stop Database privilege to organizations, database groups, and databases and apply the Create Database privilege to organizations and database groups. Privileges by themselves are not associated with specific objects within an organization.

Permissions associate a user and privilege pair with an object in Data Director. Examples are granting a user permission to start or stop a specific database, to modify an organization's backup templates, or to create other users in an organization.

You can grant permissions to users by assigning a role to a user, or by granting permissions directly to the user.

Roles

VMware, Inc. 35

Roles are collections of permissions that can be associated with or granted to users. Roles provide a convenient way to package all the permissions required to perform a job, such as that of database administrator. Roles apply only to the entity in which they are created. If you create a role at the system level, it

VMware vFabric Data Director Administrator and User Guide

applies only to the system. If you create a role in an organization, it applies only to the organization. Organizations have no visibility into each others' roles. If two organizations in the same Data Director data cloud each have a role that has the same name, those roles are distinct within each organization.

One user can have multiple roles within an organization. Users can have access to multiple organizations and can have multiple roles in each organization.

A user can have different roles for different objects. For example, if you have two database groups in your organization, DBG1 and DBG2, you can grant the Database Admin role to a particular user on DBG1 and grant that user the DB User role on DBG2. These assignments might allow the user to perform administrative tasks in DBG1, but not in DBG2.

Predefined Roles

Data Director provides the predefined roles of system administrator, user administrator, and organization administrator. Predefined roles provide a starting point for administering Data Director users and roles and for defining custom roles. You can also create custom roles.

Organization administrator role

Organization adminstrators manage their organizations. They control which users can access the organizations, how users request access to the organizations, and what those users can see and do within the organization. This role has all privileges on the organization for which it is created. Organization administrators invite users to join the organization, grant access, roles, and permissions to users in the organization, create database groups, and can create databases. You can choose to create an administrator user when you create a new organization, or you can select an existing user as the new organization administrator.

Organization administrators perform all user management tasks within their organizations, including the following.

Add users to organizations, database groups, and databases.

Modify user settings.

Remove users from organizations, database groups, and databases.

Create roles.

Grant privileges and permissions to roles and to individual users.

View users, roles, and permissions granted to users and roles.

Organization administrators can view, grant, and revoke privileges on all objects within their organizations, including database groups, databases, and templates. Privileges include Create Database Groups and Modify Database Configuration Templates.

System administrator role

System administrators operate Data Director. The first system administrator user is created during Data Director installation. This role has all system-level privileges, including managing resources for the system and for organizations. System administrators can see, grant, and revoke permissions at the system level. The first system administrator configures Data Director, creates other system administrators and system-level users, and creates initial organizations. System administrators manage users at the system level. By default they do not have access to organizations unless an organization administrator grants access to them.

36 VMware, Inc.

Chapter 3 Managing Users and Roles

Template user role

User administrator role

Privileges

Privileges define the allowable actions on objects in vFabric Data Director. You associate privileges with a user login and a Data Director object to define permissions.

For example, the Start and Stop Database privilege indicates that in general, Data Director users can start and stop databases. But the privilege by itself does not indicate which users can start and stop databases, or the databases that they can start and stop. To provide context, you associate the privilege with a user login and a Data Director object. The combination of privilege, user login, and Data Director object is a permission. You can group related permissions into roles to package all the permissions required to perform a job, such as that of database administrator.

System

Organizations

Template users can use any resource templates and backup templates when creating databases.

The User administrator role manages users at the system level, including creating, editing settings for, and deleting system users.

System privileges relate to Data Director management, such as Manage Resources and Manage System Settings. These privileges apply only to the system. System privileges do not propagate to organizations.

Privileges on organizations relate to organization management, such as Manage Organization Settings and Manage Registration. Organization privileges apply only to organizations. They do not propagate beyond organization boundaries.

Database Group

Databases

Resource Templates, Backup Templates, and Base DB Templates

Privileges on database groups relate to database group management, such as Create Databases and Import Backups. Database group privileges apply only within the organization and to the organization's database groups.

Organization administrators and users with database group management privileges grant and revoke privileges on database groups, and enable users to access a database group by adding the database group to the user's account.

Privileges on databases relate to database management, such as Start and Stop Database and Edit Database Info. Database privileges apply only to databases, database groups, and organizations. If a database-related privilege is on a database group, that privilege applies to all databases within that database group. If the database-related privilege is on an organization, it applies to every database group and database in the organization.

Organization administrators and users with database management privileges grant and revoke these privileges and permissions on databases. To gain access to databases, the databases must be added to a user's account.

Privileges on templates relate to template management, such as edit template and view and user template. Edit template applies only to the organization. View and user template applies to individual templates or to the organization. If a template privilege is on an organization, it applies to all templates within that organization.

Organization administrators and users with template management privileges grant and revoke template privileges and permissions. To gain access to templates, the templates must be added to a user's account.

VMware, Inc. 37

VMware vFabric Data Director Administrator and User Guide

Propagation of Permissions and Roles

How permissions and roles propagate through an organization depends on where and on what types of objects they are granted. Understanding how permissions and roles propagate can help you to assign them to users appropriately.

Permission and role propagation stops at the organization boundary. Permissions granted within an organization propagate only within that organization. Permissions granted at the system level do not propagate to organizations.

Permissions (and their associated privileges) that apply to an organization are inherited by that organization's database groups and databases. Users or roles can have permissions on specific database groups, and those permissions propagate to databases within the database groups.

Roles apply only to the organization in which they are defined. If a role is defined at the system level, it applies only to the system and is not visible to organizations. If a role is defined within an organization, it applies only to that organization and is not visible to the system or to other organizations.

You can grant permissions and roles on objects within an organization, such as on a database group, on a database, or on a template. For example, granting the Start/Stop Database permission on a database group means that the user or role has the Start/Stop Database permission on all databases within that database group. If a user is granted the Start/Stop Database permission on a database group, that user can start and stop any databases within that database group. However, permissions that apply only to certain types of objects do not propagate to other objects. For example, granting the database group permission Create Database on a database is meaningless.

Organization Privileges and Permissions

Organization administrators grant privileges and permissions to users and roles in their organizations. Those privileges and permissions propagate to database groups, base DB templates, and databases in the organization.

You can grant the following types of privileges and permissions to users and roles on organizations.

User and permission management, such as manage roles and registration and grant/revoke permissions.

Organization management, such as manage organization settings, database configuration and backup templates, and import databases.

Database group management, such as manage database groups, create databases, and import backups.

Database management, such as edit database information, resource, and backup settings, modify database users, upgrade databases.

Database operations, such as enable/disable databases, delete databases, start and stop databases, and restart databases.

Database backup and recovery, such as create and delete snapshots, create and delete external backups, clone databases, and recover databases.

Templates, such as use templates.

View and monitor, such as viewing reports and monitoring resource usage.

38 VMware, Inc.

Add Users to Your Organization

Users can self-register to login to Data Director, but cannot access Data Director organizations, database groups, or databases until organization administrators grant access to them. You must add the users to your organization to grant them access.

Prerequisites

Verify that you have Manage Registration permission for the organization.

Verify that the system setting Allow Public Registration is on.

Procedure

1 Log in as an organization administrator.

2 Click the Organization Settings tab, expand Users and Roles, and click Users.

3 Click the plus (+) icon.

4 Complete the user information in the Credentials and Contact Information sections.

5 Grant roles and permissions now or choose to grant roles and permissions later.

6 Click OK.

Chapter 3 Managing Users and Roles

If the Email Validation system setting is on, users receive an activation email that contains a link that they click to activate their account. The new users' status is Pending and the users cannot log in until they activate the account.

The new user appears in the Users list.

Add Roles to an Organization

Roles enable you to group the permissions required to perform tasks associated with a job, such as the job of database administrator. You can then grant the role to users rather than granting individual permissions needed for each task. You can add custom roles to your organization and grant them to the users who are responsible for performing particular jobs.

Prerequisites

You are logged in to Data Director.

You have the OrgAdmin role with permissions on all objects in the organization, or permissions for the organization in which to create the role.

You have grant and revoke permissions on objects.

Procedure

1 Click the Organization Settings tab.

2 Expand Users and Roles and click Roles.

The OrgAdmin role appears in the list.

3 Click the plus (+) icon.

4 Type a name for the role.

5 (Optional) Enter a description

VMware, Inc. 39

VMware vFabric Data Director Administrator and User Guide

6 Right-click Status.

Select Enable to activate the role.

Select Disable to deactivate the role.

7 In the Permissions section, select the permissions to grant to this role.

You can grant permissions to the role on the organization, database groups within the organization, databases within the organization's database groups, and on organization templates.

8 Click OK.

The new role appears in the Roles list.

What to do next

Grant this role to organization users.

Create other roles and grant permissions to them.

Grant a Permission to a User

If a user requires only limited privileges in your organization, you can grant just those privileges to the user instead of granting a role to that user.

Prerequisites

You are logged in to a Data Director organization as an organization administrator.

Procedure

1 Click the Organization Settings tab, then click Users.

2 Select a user name.

3 Use one of the following methods to access the Edit Permissions window.

Select the user name, click the gear icon, and select Edit Direct User Permissions.

Right-click the user name and select Edit Direct User Permissions.

Left-click the user name, select Grant direct user permissions now, then click Edit.

4 Grant privileges to the user.

To grant a category of privileges to the user, click the All privileges check box.

To grant a specific privilege to the user, click the privilege's check box.

5 Click OK.

What to do next

Use the Edit Permissions window to grant the user access to database groups, databases, and templates within the organization.

Modify Organization Security Settings

Organization security settings determine whether your organization allows open registration or users must be invited to register, and whether or not the system administrator can access your organization. You can change the security settings at any time.

Prerequisites

40 VMware, Inc.

Procedure

1 Click the Organization Settings tab.

2 Click Settings, then click Security.

3 (By Organization user management mode only) Choose one of the following Allow public registration

settings.

Setting Description

Yes

4 Choose one of the following Allow System Administrator to log into Org settings.

Setting Description

Yes

5 Click Apply to accept the settings.

About vCenter Single Sign-On

Chapter 3 Managing Users and Roles

User registration is by invitation only.

Users can see the organization and register themselves.

Do not allow the system addministrator to log into the organization.

Allow the system administrator to log into the organization.

You use VMware® vCenter™ Single Sign-On to authenticate and manage users of VMware® vFabric™ Data Director. vCenter Single Sign-On is an authentication broker and a security token exchange that provides a secure way to access your vSphere and Data Director environments.

When you use Data Director with vSphere 5.1 and vCenter Single Sign-On, you do not log directly into vFabric Data Director and vCenter Server with a security domain defined only by your vFabric Data Director environment. When you log in to vFabric Data Director, you pass authentication to the vCenter Single SignOn server, which you can configure with multiple identity sources such as Active Directory and OpenLDAP. After authentication, your user name and password are exchanged for a security token which you use to access vFabric Data Director.

Register vFabric Data Director with the vCenter Single Sign-On Service

You register vFabric Data Director with the vCenter Single Sign-On service so that you can give access to users from multiple identity sources such as Active Directory and OpenLDAP.

To register more than one vFabric Data Director instance (individual deployments of vFabric Data Director) with a vCenter Single Sign-On service, you must create a Data Director solution user with a unique certificate on the vCenter Single Sign-On service for each instance of vFabric Data Director that you want to register. To create a unique certificate, import a custom Management Server SSL key and certificate to replace the key and certificate generated by vFabric Data Director for each instance of Data Director that you want to register. Each certificate must have a unique Subject Distinguished Name (subject DN) To create a unique certificate, see

“Import Management Server Key and Certificate,” on page 208.

After you create a unique certificate for each Data Director instance, you can register each instance with the vSphere Single Sign-On service.

Prerequisites

Deploy a vCenter Single Sign-On server.

Ensure clock synchronization between the vFabric Data Director Management Server and the vCenter Single Sign-On server.

Verify that you have the Lookup Service URL of the Single Sign-On service.

VMware, Inc. 41

VMware vFabric Data Director Administrator and User Guide

The Lookup Service URL takes the form https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444 is the default vCenter Single Sign-On HTTPS port number. If your vCenter Single Sign-On deployment uses a different port number, use that port number.

Log into vFabric Data Director as a system administrator.

Procedure

1 In the System tab, click System Settings.

2 Expand Other Settings, and click General.

3 Click Enable Single Sign-On.

4 Accept the default vCenter server Lookup Service URL, or enter the Lookup Service URL of the vCenter

Single Sign-On deployment to authenticate users with vFabric Data Director.

5 Type the user name and password for the Single Sign-On administrator user account.

6 Click OK.

vFabric Data Director registers with the vCenter Single Sign-On service, and displays information about the Administrative service, Security Token Service (STS) and Solution user. STS is an authentication service. A solution user is an instance of vFabric Data Director registered to the vCenter Single Sign-On service.

What to do next

Import vCenter Single Sign-On service users.

Import vCenter Single Sign-On Service Users

After you register vFabric Data Director with the vCenter Single Sign-On service, you can import users from identity sources such as Active Directory, OpenLDAP, or any other identity store configured for use with the the vCenter Single Sign-On service.

Prerequisites

Log into vFabric Data Director as an organization administrator.

Procedure

1 Click the System tab, and click System Settings.

2 Expand Users and Roles, and click All Users.

3 Click theImport User icon.

4 Select a domain.

A list of user names appears.

5 Select users to import.

Select a user name or select several user names.

Type one or more letters of a user name or of the first or last name of a user in the search text box, click the search icon, and select one or more user names from the list of names displayed.

6 Click Add to move the user name or names to the Selected panel.

Right-click a user name to remove it from the panel.

Click OK to import the selected user names.

42 VMware, Inc.

Chapter 3 Managing Users and Roles

The imported user names are added to the vFabric Data Director registry and appear in the All Users table. Users imported from the vCenter Single Sign-On service are identified as being managed by vCenter Single Sign-On. Users added through vFabric Data Director are identified as being managed by Data Director.

What to do next

Assign the user or users to an organization and grant privileges.

Remove vCenter Single Sign-On Registration Before Uninstalling vFabric Data Director

Before you uninstall an instance of vFabric Data Director, you must remove its registration from the vCenter Single Sign-On service. When you uninstall a vFabric Data Director instance, you must remove the Data Director solution user to avoid conflict with certificates from vFabric Data Director instances that you might install later.

Prerequisites

Log into vFabric Data Director as an administrator.

Log into vSphere as an administrator using the vSphere Web client.

Procedure

1 Log into the vFabric Data Director administration console.

2 Click the System tab, and click System Settings.

3 Expand Other Settings and click General.

4 In the vSphere SSO Service section, find the name of the solution user used to register vFabric Data

Director.

5 Log into the vSphere Web client.

6 Select Administration > Access > SSO Users and Groups in the vSphere Web Client.

7 Click the Application Users tab, and select the application user name that matches the solution user name

used to register vFabric Data Director.

8 Click the Delete Application User icon.

9 Click Yes to confirm that you want to remove the solution user.

The application (or solution) no longer has access to vSphere.

What to do next

You can uninstall vFabric Data Director.

VMware, Inc. 43

VMware vFabric Data Director Administrator and User Guide

44 VMware, Inc.

Building DBVMs and Base DB

Templates 4

Data Director enables administrators to quickly provision databases, such as Oracle and vFabric Postgres, using database templates. Administrators prepare templates that let users create databases in Data Director.

Data Director uses base database templates (base DB templates) to create databases. A base DB template is a virtual machine that contains all the required software to create a database. Required software includes the operating system (OS), database, and system software configurations. The base DB template can also contain third-party tools that are required for a particular environment.

You create a base database virtual machine (DBVM) and install the operating system and database software required to create databases.You create a base DB template from a base DBVM. A DBVM is a virtual machine with a disk layout that contains the seven virtual machine disks (VMDK) required for base DBVMs to work in Data Director.

Base DBVMs contain the virtual hardware, structure, and the required files and configuration information necessary to build base DB templates and to create and operate databases. Base DB templates provide the blueprints for creating databases in Data Director.

The DBVM workflow shows the roles for building a DBVM, preparing the base DB template, and creating databases.

VMware, Inc.

Install Data Director

Create System

Resource Pool (SRP)

Download OVA and

deploy into SRP

Install OS and database

Create resource pools

Create system resource bundle

Convert DBVM to

Base DBVM Template

Optionally run validate

Create resource bundle

Create organization

vSphere

System Administrator

Data Director

System Administrator

Data Director

Org Administrator

Create organization

roles and users

Enable Base DBVM Template

Assign Base DBVM Template

to resource bundle

VMware vFabric Data Director Administrator and User Guide

Figure 4-1. DBVM Workflow

To prepare DBVMs for use, vSphere administrators perform the following tasks.

Download the DBVM template OVA files into a directory the vSphere Client can access.

Create a system resource pool to contain the DBVM templates. See “Create the System Resource Pool,” on page 26.

Use vCenter to deploy each DBVM template OVA file into the system resource pool. Deploy the OVA files one at a time. See vSphere Virtual Machine Administration for information about deploying OVA files.

If required for your business environment, install the operating system and database software into a blank DBVM to customize a database template.

To prepare base DB templates for use, Data Director system administrators perform the following tasks.

Create one system resource bundle to contain base DBVM templates. See “System Resource Bundle,” on page 22

Convert the DBVMs to base DB templates.

Assign the base DB templates to the resource bundle for an organization.

Optionally validate the base DB template to ensure it built successfully.

Organization administrators enable base DB templates in their resource bundles. After a base DB template is enabled, organization users can use the base DB template to create databases.

1 Database Virtual Machine OVA Files on page 48

Data Director provides downloadable database virtual machine (DBVM) templates as OVA files.

46 VMware, Inc.

Chapter 4 Building DBVMs and Base DB Templates

2 Deploy a DBVM OVA File on page 48

As a vSphere administrator, you deploy the provided DBVM template OVA files to the system resource pool for Data Director.

3 Disk Configuration for DBVMs and DB Templates on page 49

You can create virtual disks on which to store your database's data and log files to improve performance. You can in turn create these virtual disks on datastores optimized for I/O performance, redundancy, or disk usage depending on the type of data you want to store on them.

4 Build an Oracle, SQL Server, or Empty Base DBVM on page 50

You can create a base DBVM and install the operating system and database software required to provision databases.

5 Build a MySQL Base DBVM on page 51

You can create a base DBVM and DB template using Red Hat Linux with a supported version of the MySQL database.

6 Build an Oracle and SUSE Linux Base DBVM on page 56

Data Director provides a base DBVM with SUSE Linux Enterprise Server (SLES). You can install Oracle into the SLES DBVM to provide an environment for proof-of-concept projects or to allow non-Oracle database administrators to explore Oracle.

7 Build an Oracle DBVM with a Custom Linux Operating System on page 56

You can create a base DBVM and DB template using a customized version of Red Hat or Oracle Linux in combination with a supported version of the Oracle database. This allows you to deploy an operating system with configurations specifc to your IT environment.

8 Requirements for the Kickstart File on page 60

The kickstart installation method is used primarily by Red Hat Enterprise Linux to automatically perform an operating system installation and configuration. To customize a base DB template, the kickstart file must be fully compliant with Data Director and the target database.

9 Build a Base DBVM with a Custom Operating System on page 63

You can create a base DBVM for either Oracle or SQL Server databases using any operating system supported by Data Director with customizations specific to your IT environment. For example, if you want to install a database on a version of Linux with patches and security settings specific to your environment, you can create a base VM using this operating system, and then install the database within this to create a base DBVM using your preferred operating system configuration.

10 Create and Validate a Base DB Template on page 65

Data Director system administrators convert base DBVMs into base DB templates. The base DB template contains all of the software required to provision the operating environment and database for users of the system.

11 Database Update Configuration on page 68

You update databases to take advantage of features in new releases or upgrades of database software. Also, to incorporate enhancements to a database virtual machine (DBVM) or to third party software tools. System administrators manage the base DB template update chain to ensure that users update databases based on templates that comply with defined update policies.

12 Configure a vFabric Postgres Update Chain on page 69

You configure an update chain to enable database users to update databases based on templates the comply with update policies.

13 Update an Oracle Database on page 70

You update an Oracle database to take advantage of features available in the latest release of the database software, or to incorporate enhancements to a database virtual machine (DBVM) or to third party software tools. Updating an Oracle database is referred to as patching.

VMware, Inc. 47

VMware vFabric Data Director Administrator and User Guide

Database Virtual Machine OVA Files

Data Director provides downloadable database virtual machine (DBVM) templates as OVA files.

Downloadable OVA Files

vFabric Data Director vPostgres 9.2 (VMwarevFabric-Data-DirectorSLES11-vPostgres 92Base-DBVM<build#>.ova)

vFabric Data Director vPostgres 9.1 (VMwarevFabric-Data-DirectorSLES11-vPostgres 91Base-DBVM<build#>.ova)

vFabric SUSE Linux operating system (VMware-Data-DirectorSLES11-Base-DBVM<build#>.ova)

Includes virtual hardware and the SUSE Linux Enterprise Server with vFabric Postgres 9.2.4 database software installed with default parameters.

Includes virtual hardware and the SUSE Linux Enterprise Server with vFabric Postgres 9.1 database software installed with default parameters.

Includes virtual hardware and the SUSE Linux Enterprise Server with no database software installed.

Deploy a DBVM OVA File

As a vSphere administrator, you deploy the provided DBVM template OVA files to the system resource pool for Data Director.

Prerequisites

Verify that you have vSphere administrator privileges.

Verify that you can log in to the console as root.

Verify that Data Director is installed.

Verify that the Data Director DBVM template OVA files are downloaded to a directory that you can access from vSphere.

Verify that the system resource pool is created in vSphere.

Verify the network mapping or determine how to map the networks configured for Data Director to the DBVM template's networks. See the vFabric Data Director Installation Guide and the vFabric Data Director Worksheets.

Procedure

1 In the vSphere Client Inventory view, click the system resource pool.

2 Click File, and select Deploy OVF Template.

3 In the Source page, choose the DBVM template OVA file and click Next.

4 Click Next.

5 Type a unique name for the template, select the cluster, and click Next.

6 Choose a datastore that has at least 100GB of available space and click Next.

48 VMware, Inc.

Chapter 4 Building DBVMs and Base DB Templates

7 Map the DBVM template networks listed to the networks configured for Data Director.

8 (Optional) In the Disk Format page, select Thin Provision and click Next.

9 Click Next, review the settings, and click Finish.

The DBVM is deployed in the system resource pool.

What to do next

Deploy another DBVM template OVA file, or install the operating system and database software within the DBVM.

Disk Configuration for DBVMs and DB Templates

Data Director allows you to define virtual disks to which you can map your DBVM's operating system and database, data, log, and backup disks. You can then map the virtual disks to different datastores using disk provisioning and storage allocations that you specify to improve disk usage, performance, and redundancy. For example, you can create dedicated datastores to service I/O intensive database workloads.

As you create DBVMs, DB templates, and databases you have the opportunity to define the storage structure and disk layout that best suits your database deployment's workloads and use cases. The parameters described below are the configuration options you specify to create a disk layout to use with the databases you provision using Data Director. Before you begin creating DBVMs and DB templates, consider the storage capacity and I/O requirements of the databases you intend to provision using Data Director.

Disk Type

Path

When you create a base DB template you can specify which disks to use for data files, and which to use for log files. If you are creating a database for use in production environments you should place data and log files on separate virtual disks so that when the database is performing inserts, updates, and deletes, and both the data and log files are being written to at the same time, you can avoid I/O performance degradation. The virtual disks you specify can in turn be assigned to datastores with appropriate storage capacity and I/O performance for the types of applications and workloads the database will support.

You must specify the path (or location) of the virtual disks you want to assign for each disk type. The path is the mount point for Linux, or the volume name for Windows.

When specifying a virtual disk path for the Windows operating system, the drive letters C: through H: are reserved for use by the base DBVM. You can use the drive letters I: or above to specify volumes for use as data or log disks.

NOTE You must provide a mount point or volume name that does not already exist. If you specify a duplicate mount point that is already in use, Data Director will return the error message Internal address cannot be duplicated or

empty when you attempt to convert the DBVM to a DB template.

VMware, Inc. 49

VMware vFabric Data Director Administrator and User Guide

Virtual Disk Provisioning Types

Minimum Storage Size

Data Director supports the following disk provisioning profiles:

Eager Zeroed Thick Provision

A type of thick virtual disk that supports clustering features such as Fault Tolerance. Space required for the virtual disk is allocated at creation time. In contrast to the flat format, the data remaining on the physical device is zeroed out when the virtual disk is created. Eager Zeroed Thick Provision disks provide superior performance for applications supporting I/O intensive operations.

Thin Provision

Use this format to save storage space. For the thin disk, you provision as much datastore space as the disk would require based on the value that you enter for the disk size. However, the thin disk starts small and at first, uses only as much datastore space as the disk needs for its initial operations.

If the thin disk needs additional space, it can grow to its maximum capacity and occupy the entire datastore space provisioned to it. Also, you can manually convert the thin disk into a thick disk.

You can specify a minimum storage size to use for each disk that you create. Carefully consider how much storage space you have available, and how much you will need for your data and log usage.

NOTE Determining log disk storage requirements depends upon several factors. Refer to your database vendors documentation for information on log storage capacity planning for your particular database.

Table 4-1. Minimum Storage Size for Data Disks

Database Minimum Size of Data Disk

MySQL 1 GB

Oracle 2 GB

SQL Server 1 GB

vPostgres 1 GB

Build an Oracle, SQL Server, or Empty Base DBVM

You can create a base DBVM and install the operating system and database software required to provision databases.

You can create an Oracle, SQL Server, or empty base DBVM which you can then use to create base DB templates.

You can create a base DBVM using either Oracle or SQL Server databases with the standard operating systems supported by Data Director as guest operating systems within a DBVM.

To build a base DBVM with a customized operating system (using a specific set of patches and system configurations configured for use in your IT environment), you must create an empty base DBVM. The empty base DBVM contains the structure for installing an operating system and database software combination not provided by preconfigured base DBVMs. See “Build a Base DBVM with a Custom Operating System,” on page 63.

50 VMware, Inc.

Chapter 4 Building DBVMs and Base DB Templates

Prerequisites

Verify that Data Director is installed and the system resource bundle is set up.

Verify that you have access to the ISO image of the operating system you want to install in your environment.

Verify that you have access to the Oracle or SQL Server ISO installation file. The installation file must be available on an NFS share.

Procedure

1 Log in to Data Director as a system administrator.

2 In the System tab, click Manage and Monitor.

3 Expand Templates and select Base DBVMs.

4 Click the plus (+) icon to start the Create Base DBVM wizard and enter the appropriate information.

Option Description

Name

Database type

Database version

Installer ISO

Operating system

OS installer ISO

Enter a unique name for the base DBVM.

Select a database type, or select Empty to create a blank base DBVM.

Select a version.

Type the path to the ISO file on the datastore in the cluster. The path must be of the form[datastore]folder/DB .iso. Ensure that the database version matches the database type you selected.

Select an operating system from the drop-down menu of supported operating systems.

Type the path to the IOS file on the datastore in the cluster. The path must be of the form[datastore]folder/OS.iso.

Data Director installs the operating system, copies the database files, and installs the virtual machine tools and agents. The base DBVM appears in the Base DBVMs list with the status Creating.

What to do next

Go to “Convert a Base DBVM into a Base DB Template,” on page 66.

Build a MySQL Base DBVM

You can create a base DBVM and DB template using Red Hat Linux with a supported version of the MySQL database.

Prerequisites

Verify that Data Director is installed and the system resource bundle is set up.

Verify that you have access to a supported Red Hat installation ISO image. To build a base DBVM and base DB template that uses the Red Hat operating system and MySQL database, you must meet both the MySQL and Data Director prerequisites for installation.

You have prepared a custom kickstart (KS.cfg) file for the Linux and MySQL installation. See

“Requirements for the Kickstart File,” on page 60.

Verify that you have access to the MySQL installation ISO file. The installation ISO must be available on an NFS share or the local host.

VMware, Inc. 51

VMware vFabric Data Director Administrator and User Guide

Procedure

1 Create an Empty DBVM on page 52

You can create an empty (or blank) DBVM which you can use to build a custom database environment. For example, you can use the empty DBVM to build a DBVM with Red Hat Linux operating system configured for your IT environment and a MySQL database.

2 Deploy the Empty DBVM into the System Resource Pool on page 53

You use a empty (or blank) DBVM to build a custom DB template.

3 Repackage the Red Hat Linux ISO Image on page 53

The original Red Hat Linux ISO image does not include Data Director specific scripts and agents, and is not initially compliant for use with Data Director. For this reason you must repackage the Red Hat ISO image using a kickstart file that you customize to install the OS configured for use with Data Director.

4 Install Linux on a Blank Virtual Machine on page 54

You can install Linux as the operating system on the blank virtual machine.

5 Initialize the Base DBVM on page 54

You must initialize the base DBVM to ensure that the prerequisites for the database software and Data Director are met.

6 Install the MySQL Database Software on page 55

Install the MySQL database software into a base DBVM. You can then create a DB template with which to provision MySQL databases.

Create an Empty DBVM

Prerequisites

Create a system resource bundle for use by the DBVM. See “Create the System Resource Bundle,” on page 27.

Ensure there is adequate free space on the datastore.

Procedure

1 Log in to Data Director as a system administrator.

2 In the System tab, click Manage and Monitor.

3 Expand Templates and select Base DBVMs.

4 Click the plus (+) icon to start the Create Base DBVM wizard and enter the appropriate information.

Option Description

Name

Database type

Enter a unique name to identify the base DBVM within Data Director.

Select Empty to create an empty base DBVM. When you select Empty, all of the other DBVM creation options visible in the wizard will be made unavailable.

Data Director creates an empty DBVM, which appears in the Base DBVMs list. The process can take several minutes to complete.

You can install a Data Director supported operating system configured to meet your IT environment into the empty DBVM, after which you can install a database and create a fully operational base DBVM.

52 VMware, Inc.

Chapter 4 Building DBVMs and Base DB Templates

What to do next

Go to “Deploy the Empty DBVM into the System Resource Pool,” on page 53.

Deploy the Empty DBVM into the System Resource Pool

You use a empty (or blank) DBVM to build a custom DB template.

Prerequisites

Verify that the system resource pool has sufficient resources to run your preferred combination of operating system and database.

Procedure

1 Log in to vSphere Client as a system administrator and connect to the vCenter server.

2 Deploy an empty DBVM into the system resource pool.

When deployment completes, the empty virtual machine appears in the system resource pool. This virtual machine is known as the base DBVM.

3 Power on the base DBVM.

Repackage the Red Hat Linux ISO Image

Prerequisites

The repackage scripts run on a Linux OS with the sed and mkisofs commands.

Procedure

1 Obtain a working Linux environment with sufficient storage to repackage the Linux ISO image.

If you mount the RHEL ISO from an NFS server, 8GB is sufficient. You need 12GB if you upload the ISO to your local disk.

2 Ensure that you have a discoverable path to the working Linux environment for the original RHEL ISO

image, local directory, or NFS path.

3 Download the ISO image from the VMware product download page.

4 Mount the ISO image by typing the following command, substituting your build number for <build#> .

mount –o loop /mnt/Data-Director-Initialize-Base-DBVM-

build#

.iso /tmp/mnt

5 To repackage the RHEL ISO image, mount the NFS manually, then type the following command.

/tmp/mnt/Tools/repack_rhel_iso.sh

REDHAT_ISO_PATH Output_folder

For example, the command

/tmp/mnt/Tools/repack_rhel_iso.sh rhel5.5.iso ./

specifies the original Linux ISO image as the source ISO image. The command repackages the ISO image, which can pick up the kickstart file automatically from the floppy device. REDHAT_ISO_LOCAL_FILE_PATH must be a local path. If the Red Hat ISO is on an NFS volume, mount it to the local directory before using this command.

A RHEL ISO image is created with its own kickstart file.

VMware, Inc. 53

VMware vFabric Data Director Administrator and User Guide

Install Linux on a Blank Virtual Machine

You can install Linux as the operating system on the blank virtual machine.

Prerequisites

Deploy the base database virtual machine into the system resource pool. See “Deploy the Empty DBVM into

the System Resource Pool,” on page 53.

Repackage the Linux ISO image. See “Repackage the Red Hat Linux ISO Image,” on page 53.

A floppy image containing the ks.cfg file (unless you have packaged your own customized ks.cfg file into the ISO.

A CDROM device containing the OS ISO.

A CDROM device containing the database binary ISO.

A CDROM device containing the initialized ISO.

Procedure

1 In the vSphere Client, select the blank virtual machine that you deployed.

2 Click Edit Settings.

3 Click the Hardware tab, and select CD/DVD drive in the hardware list.

4 In the right panel, click Datastore ISO file and click Browse.

5 Enter the path of the repackaged Linux ISO image.

You can alternatively use the client device to connect the local ISO when the virtual machine is running.

6 In the Device Status pane, click Connected and click Connected at Power On.

7 Click Save.

8 Power on the virtual machine if it is not running, and open a console to observe.

The virtual machine will start to bootstrap, and install Linux as specified in the custom kickstart file.

Linux is installed. The kickstart file brings up the installation for the database binary and other required packages from the CDROM.

What to do next

Initialize the same base virtual machine by installing the required software components and scripts, to ensure that it is compliant with the database you are installing and Data Director.

Initialize the Base DBVM

You must initialize the base DBVM to ensure that the prerequisites for the database software and Data Director are met.

Prerequisites

You have installed Linux on the virtual machine you want to make into a base DBVM.

Procedure

1 In vSphere Client, right-click the base DBVM and open the console.

2 Log in as root and type password when prompted for the password.

The password value is defined in the kickstart file, and appears at the top of the virtual machine console.

54 VMware, Inc.

Chapter 4 Building DBVMs and Base DB Templates

3 Click the CD/DVD drive icon, and select the datastore ISO file from the storage disk.

4 Type the following command to mount the CDROM to the local directory.

mount /dev/cdrom /mnt/cdrom

5 As root, type the following command from the local directory.

./install.sh –i

This command installs scripts for database install, VMware Tools, and Python 2.6 runtime.

When the installation completes, the base DBVM is compliant with the system prerequisites for the database software and Data Director.

What to do next

Install the database software in the base DBVM.

Install the MySQL Database Software

Install the MySQL database software into a base DBVM. You can then create a DB template with which to provision MySQL databases.

You install the MySQL database software within a base DBVM in which you have installed and initialized a compatible version of Red Hat Linux. When the MySQL software is installed, you have a fully functional base DBVM from which you can create DB templates that you can assign to resource pools and provision databases.

Prerequisites

Verify that you can log into vSphere as an administrator.

Verify that you have initialized the base DBVM operating system to make it compliant with the MySQL and Data Director prerequisites. See “Initialize the Base DBVM Operating System,” on page 65.

Procedure

1 In vSphere Client, right-click the base DBVM and open the console.

2 Log in to the base DBVM operating system as the root user.

The password value is defined in the kickstart file used to initialize the operating system..

3 Navigate to the following directory path.

cd /opt/aurora/agent2/plugin/vfdd_linux_mysql_5/scripts

4 Type the following command to install the MySQL database software.

./install.sh

NFS_PATH_FOR_MySQL_binary_folder MySQL_version

NFS_PATH_FOR_MySQL_binary_folder is the full path of the NFS server where you store the MySQL installation software components.

MySQL_version is the full version number of the MySQL software. For example, 5.5.27.

What to do next

Convert the base DBVM to a base DB template. See “Convert a Base DBVM into a Base DB Template,” on page 66.

VMware, Inc. 55

VMware vFabric Data Director Administrator and User Guide

Build an Oracle and SUSE Linux Base DBVM

You can provide an SLES and Oracle database environment by installing the Oracle database software in a DBVM (the base DBVM template OVA file) with the SLES operating system already installed.

Prerequisites

Verify that you can log in to vSphere as an administrator.

Verify that the Data Director system resource bundle is set up.

Deploy vFabric Data Director SLES 11 DBVM Template (VMware-Data-Director-SLES11-Base-DBVM<build#>.ova) to the system resource pool.

The base DBVM template OVA must be copied to the system resource bundle to be recognized by Data Director. See “Deploy a DBVM OVA File,” on page 48.

Verify that the deployed DBVM can access the Oracle installation ISO file.

Procedure

1 Log in to the vSphere Client as a administrator.

2 In the Data Director system resource pool, right-click the SLES Base DBVM and click Open Console.

3 Log in to the console as root.

4 Type the following command to run the Oracle installation script.

/opt/aurora/installation/install.sh

NFS PATH FOR Oracle is the full pathname of the NFS server where the Oracle installation files reside.

Oracle version is the full version number of the Oracle installation.

[NFS PATH FOR ORACLE][Oracle version]

When the message Oracle installation finished appears on the console, the installation is complete and your SLES Oracle base DBVM is built on the vSphere Client.

What to do next

Go to “Convert a Base DBVM into a Base DB Template,” on page 66

Build an Oracle DBVM with a Custom Linux Operating System

You can create a base DBVM and DB template using a version of Red Hat or Oracle Linux customized for your IT environment in combination with a supported version of the Oracle database. For example, if you want to install an Oracle database on a version of Linux with patches and security settings specific to your organization, you can create a base DBVM using this operating system, and then install the Oracle database to create a base DBVM using your organization's preferred operating system configuration.

Prerequisites

Verify that Data Director is installed and the system resource bundle is set up.

56 VMware, Inc.

Chapter 4 Building DBVMs and Base DB Templates

Verify that you have access to a supported Red Hat or Oracle Linux installation ISO image. To build a base DBVM and base DB template that uses the Red Hat or Oracle Linux operating system and the Oracle database, you must meet both the Oracle and Data Director prerequisites for installation.

You have prepared a custom KS.cfg file for the Linux and Oracle. See “Requirements for the Kickstart

File,” on page 60.

Verify that you have access to the Oracle installation ISO file. The installation ISO must be available on an NFS share.

Procedure

1 Deploy the Empty DBVM into the System Resource Pool on page 57

You use a empty (or blank) DBVM to build a custom DB template.

2 Repackage the Red Hat Linux ISO Image on page 57

3 Install Linux on a Blank Virtual Machine on page 58

You can install Linux as the operating system on the blank virtual machine.

4 Initialize the Base DBVM on page 59

You must initialize the base DBVM to ensure that the prerequisites for the database software and Data Director are met.

5 Install the Oracle Database Software on page 59

You can use a provided script that will install Oracle Home in the correct disk.

Deploy the Empty DBVM into the System Resource Pool

You use a empty (or blank) DBVM to build a custom DB template.

Prerequisites

Verify that the system resource pool has sufficient resources to run your preferred combination of operating system and database.

Procedure

1 Log in to vSphere Client as a system administrator and connect to the vCenter server.

2 Deploy an empty DBVM into the system resource pool.

When deployment completes, the empty virtual machine appears in the system resource pool. This virtual machine is known as the base DBVM.

3 Power on the base DBVM.