This document supports the version of each product listed and supports all
subsequent versions until the document is replaced by a new edition. To
check for more recent editions of this document, see
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All
other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2
VMware, Inc.
Contents
About This Book9
Getting Started with VCM11
Understanding User Access11
Running VCM as Administrator on the Collector12
Supported Browsers12
Log In to VCM12
Getting Familiar with the Portal13
General Information Bar14
Toolbar14
Navigation Sliders15
Customizing VCM for your Environment16
Installing and Getting Started with VCM Tools19
Install the VCM Tools Only19
VCM Import/Export and Content Wizard Tools20
Run the Import/Export Tool20
Run the Content Wizard to Access Additional Compliance Content21
Run the Deployment Utility21
Package Studio21
Foundation Checker22
Configuring VMware Cloud Infrastructure23
Virtual Environments Configuration23
Managing Agents Virtual Environments24
Managing vCenter Server Instances, Hosts, and Guest Virtual Machines24
Managing Instances of vCloud Director and vApp Virtual Machines25
Scoring Badges for vRealize Operations Manager Standards Compliance82
Auditing Security Changes in Your Environment87
Configuring Windows Machines89
Configure Windows Machines89
Verify Available Domains90
Check the Network Authority91
Assign Network Authority Accounts91
Discover Windows Machines92
License Windows Machines92
Install the VCM Windows Agent on Your Windows Machines93
Collect Windows Data95
Windows Collection Results96
Getting Started with Windows Custom Information97
Prerequisites to Collect Windows Custom Information98
Using PowerShell Scripts for WCI Collections99
4
VMware, Inc.
Contents
Guidelines in PowerShell Scripting for WCI100
Challenges in PowerShell Scripting for WCI100
PowerShell Script Signing Policies103
Create an Example PowerShell Script for Scheduled Tasks104
Windows Custom Information Change Management109
Collecting Windows Custom Information110
Create Your Own WCI PowerShell Collection Script110
Verify that Your Custom PowerShell Script is Valid111
Install PowerShell112
Collect Windows Custom Information Data112
Run the Script-Based Collection Filter113
View Windows Custom Information Job Status Details114
Windows Custom Information Collection Results115
Run Windows Custom Information Reports116
Troubleshooting Custom PowerShell Scripts117
Configuring Linux, UNIX, and Mac OS X Machines119
Linux, UNIX, and Mac OS X Machine Management119
Linux, UNIX, or Mac OS X Installation Credentials121
Configure Collections from Linux, UNIX, and Mac OS X Machines122
Configure Installation Delegate Machines to Install Linux, UNIX, and Mac OS X Agents123
Configure the HTTPS Bypass Setting for Linux Agent Installations125
Enable Linux, UNIX, and Mac OS X Agent Installation125
Add and License Linux, UNIX, and Mac OS X Machines for Agent Installation126
Install the VCM Agent on Linux, UNIX, and Mac OS X Operating Systems127
Collect Linux, UNIX, and Mac OS X Data134
Linux, UNIX, and Mac OS X Collection Results135
Configure Scheduled Linux, UNIX, and Mac OS X Collections135
Create a Dynamic Machine Group for Linux, UNIX, or Mac OS X Machines136
Schedule Linux, UNIX, and Mac OS X Collections137
Using Linux and UNIX Custom Information Types138
File Types that VCM can Parse138
Parsers for Supported File Types138
Identification Expressions139
Parser Directives140
Parser Directives for Linux, UNIX, and Mac OS X140
Creating Custom Information Types for Linux and UNIX145
Custom Information Types for Linux, UNIX, and Mac OS X149
Add, Edit, or Clone Custom Information Types for Linux and UNIX152
UNIX Custom Information Data View in the Console153
Path Panel in the VCM Collection Filter154
Patching Managed Machines157
Patch Assessment and Deployment157
Prerequisite Tasks and Requirements158
General Requirements158
Requirements to Patch Solaris Machines in Single-User Mode160
Requirements to Patch Managed Machines Without Changing the Run Level160
Requirements to Patch AIX Machines161
Manually Patching Managed Machines161
Getting Started with VCM Manual Patching163
Getting Started with VCM Manual Patching for Linux and UNIX Managed Machines163
Getting Started with VCM Manual Patching for Windows Managed Machines170
Configuring An Automated Patch Deployment Environment176
Configuring the Patching Repository Machine178
(Optional) Configuring the Alternate Location Patch Repository Machines181
Configuring VCM to Work with the Patching Repository and Alternate Locations182
Deploying Patches with Automated Patch Assessment and Deployment189
Configure VCMfor Automatic Event-Driven Patch Assessment and Deployment190
Generate a Patch Assessment Template191
Run a Patch Assessment on Managed Machines192
Add Exceptions for Patching Managed Machines192
Configure the VCMAdministration Settings193
Generate a Patch Deployment Mapping195
Configure VCM for Automatic Scheduled Patch Assessment and Deployment196
How the Linux and UNIX Patch Staging Works197
How the Linux and UNIX Patching Job Chain Works198
How the Deploy Action Works198
Patch Deployment Wizards199
Running Patching Reports200
Running and Enforcing Compliance201
Running Machine Group Compliance201
Getting Started with SCAP Compliance214
Conduct SCAP Compliance Assessments215
Configuring Active Directory Environments219
Configure Domain Controllers219
Verify Available Domains220
Check the Network Authority Account220
Assign Network Authority Accounts221
Discover Domain Controllers221
License Domain Controllers222
Install the VCM Windows Agent on Your Domain Controllers223
Collect Domain Controller Data224
Configure VCM for Active Directory as an Additional Product225
Install VCM for Active Directory on the Domain Controllers226
Run the Determine Forest Action226
Run the Domain Controller Setup Action227
Collect Active Directory Data228
Active Directory Collection Results228
Configuring Remote Machines231
VCM Remote Management Workflow231
Configuring VCMRemote Connection Types231
Using Certificates With VCM Remote232
Configure and Install the VCM Remote Client232
Configure the VCM Remote Settings232
Install the VCM Remote Client235
Connect VCM Remote Client Machines to the Network242
VCM Remote Collection Results243
Tracking Unmanaged Hardware and Software Asset Data245
Configure Asset Data Fields245
Review Available Asset Data Fields246
Add an Asset Data Field246
Edit an Asset Data Field247
Delete a VCM for Assets Data Field248
Change the Order of Asset Data Columns248
Refresh Dynamic Asset Data Fields249
Configure Asset Data Values for VCM Machines250
Configure Asset Data for Other Hardware Devices250
Add Other Hardware Devices251
Add Multiple Similar Other Hardware Devices251
6
VMware, Inc.
Contents
Edit Asset Data for Other Hardware Devices251
Edit Asset Data Values for Other Hardware Devices252
Delete Other Hardware Devices252
Configure Asset Data for Software253
Add Software Assets253
Add Multiple Similar Software Assets254
Edit Asset Data for Software255
Edit Asset Data Values for Software256
Delete Software Data256
Managing Changes with Service Desk Integration257
Configure Service Desk Integration257
View Service Desk Integration in the Console257
View Service Desk Integration in Job Manager258
The VCM Administration Guide describes the steps required to configure VCM to collect and manage data
from your virtual and physical environment.
Read this document and complete the associated procedures to prepare for a successful implementation of
the components.
Intended Audience
This information is written for experienced Windows, Linux, UNIX, or Mac OS X, and virtual
environments system administrators who are familiar with managing network users and resources and
with performing system maintenance.
To use this information effectively, you must have a basic understanding of how to configure network
resources, install software, and administer operating systems. You also need to fully understand your
network topology and resource naming conventions.
Document Feedback
VMware welcomes your suggestions for improving our documentation. If you have comments, send
your feedback to docfeedback@vmware.com.
VMware VCM Documentation
The vCenter Configuration Manager (VCM) documentation consists of the VCM Installation Guide, VCM
Troubleshooting Guide, VCM online Help, and other associated documentation.
The following technical support resources are available to you. To access the current version of this book
and other books, go to http://www.vmware.com/support/pubs.
Online and Telephone
Support
To use online support to submit technical support requests, view your
product and contract information, and register your products, go to
http://www.vmware.com/support.
Customers with appropriate support contracts should use telephone support
for priority 1 issues. Go to
http://www.vmware.com/support/phone_support.html.
Support OfferingsTo find out how VMware support offerings can help meet your business
needs, go to http://www.vmware.com/support/services.
VMware Professional
Services
VMware Education Services courses offer extensive hands-on labs, case study
examples, and course materials designed to be used as on-the-job reference
tools. Courses are available onsite, in the classroom, and live online. For
onsite pilot programs and implementation best practices, VMware Consulting
Services provides offerings to help you assess, plan, build, and manage your
virtual environment. To access information about education classes,
certification programs, and consulting services, go to
http://www.vmware.com/services.
10
VMware, Inc.
Getting Started with VCM
When you use VCM, you must understand user access and how to start VCM from any physical or virtual
machine. You must also familiarize yourself with the VCM Web Console features.
This chapter includes the following topics:
Understanding User Access11
Supported Browsers12
Log In to VCM12
Getting Familiar with the Portal13
Customizing VCM for your Environment16
Understanding User Access
User access determines who has access to VCM and with what roles. To manage your user access, create
rules that are assigned to roles. VCM assigns the roles to each user login you create. User access is
managed in the Administration User Manager node.
The user account that was used to install VCM is automatically granted access to VCM, placed in the roles
of ADMIN and USER, and placed into the Admin role. This user can log in to VCM using the Admin role.
The AD_Admin role allows full administration access to AD objects only.
1
VMware, Inc.
When a user is added to the Admin role in VCM or granted access to the Administration User Manager
node, that user is placed in the fixed machine roles Security Administrators and Bulk Insert Administrators
Groups. They are also added to the database roles of public, ADMIN, and User in the VCM Database.
Users who will not have access to the Administration User Manager node will be assigned to public.
Depending on the functions granted to a user, they might need additional or fewer privileges for their role
to function properly.
VCM provides a role named Change Restricted to limit users from making certain changes in your
environment. With this role, users can discover machines, collect data from machines, assess machines,
display bulletin and template details, check for updates, and view history. Users can add, edit, and delete
reports, compliance rules and rule groups, and compliance and patch assessment templates.Users with the
Change Restricted role can also install the VCM Agent, upgrade VCM, and uninstall VCM.
When you apply the Change Restricted role to a user’s VCM login, they cannot perform the following
actions.
All VCM user accounts must have the following rights on the VCM Collector machine.
n Ability to log on locally to access IIS
n Read access to the System32 folder
n Write access to the CMFiles$\Exported_Reports folder to export reports
n If default permissions have been changed, read access to the C:\Program Files (x86)
\VMware\VCM\WebConsole directory and all subdirectories and files
Users who add machines to VCM using a file or the Available Machines Add Machines action must
have write access to CMFiles$\Discovery_Files.
Running VCM as Administrator on the Collector
By default for localhost, Internet Explorer on Windows Server 2008 R2, 2012, or 2012 R2 runs with
Protected Mode enabled. If you are logged in to VCM as an Administrator, because Protected Mode is
enabled, problems can occur with the SQLServer Reporting Service (SSRS) Web service interface
components such as dashboards and node summaries.
CAUTION Although you should not access VCM on the Collector using a Web console, to restore
the SSRS functionality you can run Internet Explorer as administrator or disable Protected Mode for
the zone of the Collector (localhost). If you perform this action, you must take additional precautions
to protect the Collector because of the increased exposure to attacks on the Collector through the
Web browser, such as cross-site scripting.
Supported Browsers
Verify that the target VCM Collector machine, and any other machines that will access the VCM Web
console interface on the VCM Collector, have a compatible Web browser installed.
VCM supports the following browsers.
n Internet Explorer version 8 and 9.
n Internet Explorer version 10 in compatibility mode.
n Internet Explorer version 11 in compatibility mode.
n Mozilla Firefox version 34 or later with the Internet Explorer IE Tab add-on. This add-on requires
supported Internet Explorer to be installed on the machine.
Log In to VCM
Access VCM from any physical or virtual machine in your network. The level of access is determined by
your VCM administrator.
12
VMware, Inc.
Getting Started with VCM
Prerequisites
n Verify that the physical or virtual machines from which you are accessing VCM have a supported
version of Internet Explorer installed. For supported platforms, see the VCM Installation Guide.
n Configure the Internet Explorer Pop-up Blocker settings to add your Collector to your list of allowed
Web sites, or disable Pop-up Blocker. Click Internet Explorer and select Tools > Pop-up Blocker > Popup Blocker Settings and then add the path for your Collector in the allowable address field.
Procedure
1. To connect to VCM from a physical or virtual machine on your network, open Internet Explorer and
type http://<name-or-IP-address-of-Collector-machine>/VCM.
2. Type your user network credentials.
3. (Optional) Select Automatically log on using this role to have VCM log you in.
4. Click Log On.
Your VCM user account can have multiple roles. If you selected the Automatically log on using this role
option, VCM will automatically log you on as the User Role displayed on the Logon screen. To change
roles, you must use the Logoff button in the top right corner of the Console. This action will return you to
the Logon screen so that you can use the drop-down menu to select a different role.
Getting Familiar with the Portal
The VCM Web Console provides access to all VCM features to manage your environment.
The Web Console uses a browser-based interface to run from any Windows machine that has access to the
server on which VCM is installed. The Windows machine must be running Internet Explorer or Mozilla
Firefox with the Internet Explorer tab plug-in installed.
The Web Console includes several major areas and controls.
The general information bar displays the VCM Collector’s active SQL Server name, your VCM user name
and active Role, and the following buttons.
n Log Out: Exits the Web Console. The Web Console closes and the VCM Logon screen appears.
n About: Displays information about how to contact VMware Technical Support and version information
for VCM and all of its components. This information may be important when you contact VMware
Technical Support.
n Help: Opens the online Help for the currently-active display.
Toolbar
The global toolbar provides you with easily-accessible options to enhance control of your environment
and data.
The left and right arrow buttons navigate to the previous or next page in the data
area.
The Jobs button opens the Jobs Running status window. This button provides
access to the Collector status and allows you to stop and restart the Collector
service.
The Collect button opens a wizard that allows you to define and initiate data
collections.
The Remote Commands button allows you to invoke the Remote Commands wizard
from the toolbar without having to access the node.
The Refresh data grid view button refreshes the data grid. Press F5 on the keyboard
as an alternative action.
The View row cells button displays a vertically scrolling view of a single row of
data, rather than the table-based data grid view in a separate window, and allows
you to move between records.
The Select all displayed data rows button selects all the rows in the data grid.
The Copy button copies information from the selected rows in the data grid to the
clipboard.
The Copy link to clipboard button copies the link of the content on-screen to the
clipboard.
The View data grid in separate window button displays the data grid in a separate
window.
The Export displayed data button exports data to a CSV formatted file. This file is
exported to
Reports
The Options button opens the User Options window. These settings pertain to the
User who is logged in to VCM. All VCM users can configure these settings to their
individual preferences.
\\<name_of_Collector_machine>\CMfiles$\Exported
.
14
VMware, Inc.
Getting Started with VCM
Navigation Sliders
The navigation sliders on the left side of the Web Console include the items listed and described in the
following table. The individual items that you see in VCM vary depending on the components that you
have licensed.
n Active Directory and AD objects based on your role.
n Patching options are available based on your role.
n Administration is visible only to users who have Administrative rights to VCM as part of their VCM
role.
For detailed instructions about any of these features, see the online Help.
SliderActio n
Consolen View, export, or print enterprise-wide, summary information.
n Review or acknowledge current alert notifications.
n Manage VCM discovered and non-VCM discovered hardware and software
assets.
n Review changes that occurred from one collection to the next.
n Create, edit, or run remote commands on a VCM managed Windows or UNIX
machine.
n View information about VCM discovered domains.
n Navigate and manage integrated service desk events.
n Manage virtual machines.
n View your Windows NT Domain and Active Directory related data.
n View information for enterprise-level applications.
n Review non-security related UNIX machine-specific information.
n Review UNIX security data to ensure consistent security configurations across
your environment.
Compliancen Create and manage Compliance rule groups and templates based on AD
n View, export, or print enterprise-wide, summary information for Active
Directory objects.
n Review alert notifications for the selected AD location.
n Review Active Directory-related changes that occurred from one collection to
the next.
n View collected information about Active Directory objects such as Users,
Groups, Contacts, Computers, Printers, Shares, and Organizational Units.
n Review Active Directory site lists, including Site Links, Site Link Bridges,
Subnets, Intersite Transports, Servers, Connections and Licensing.
n View Active Directory Group Policy Container Settings.
n View information about Active Directory Domains, DCs, and Trusts.
n Track and display access control entries and security descriptor data on all
collected objects.
n View Active Directory Schema information.
Reportsn Run out-of-the-box reports against your collected data.
n Write your own SQL and SSRS reports using VCM’s report wizard.
Patchingn Review a list of bulletins available to VCM.
n Create, run, or import VCM Patching templates to display the machines that
require the patches described in each bulletin.
n Monitor VCM Patching jobs.
n Deploy patches.
Administration n Manage basic configuration options for VCM.
n Establish filters to limit the data you collect from machines in your
environment.
n Review how your VCM licenses are being used.
n Identify and manage your physical and virtual machines.
n Manage VCM Logins and Roles.
n Set options for assessment and deployment.
n View the status of jobs that are currently running, scheduled to run, or
completed.
n Configure VCM to notify you of certain conditions in your environment.
Customizing VCM for your Environment
Customization of your environment is essential to fine-tune the visibility of configuration information so
that the policies you develop and the actions you take are appropriate for your IT infrastructure.
16
VMware, Inc.
Getting Started with VCM
Create a machine group structure that matches the organization of the machines in your environment.
With these machine groups, you can manage specific machines in your environment such as all SQL
Servers in a particular location. You can apply specific changes or create roles and rules for those machines
independently from other machines in your environment. This approach ensures that you can restrict
access to critical machines to the appropriate users with rights to VCM.
You can customize the following options for your environment.
n Alerts: Define the objects and types of changes that you are alerted to when they are detected in VCM.
For example, you can set an alert to notify you if a registry setting changes in your environment.
n Collection Filters and Filter Sets: Use collection filters to specify the data to collect from the VCM
managed machines. A default collection filter is provided for each data type. You can add custom
collection filters that are specific to your enterprise. You can apply filters during instant collections and
scheduled collections if the filters are included in a filter set. After you create collection filters, organize
them into filter sets. You can create specific filter sets or filter set groups for different machine groups.
You can apply filter sets during instant collections or scheduled collections.
n Compliance Templates and Rule Groups: Use compliance templates and rule groups to define specific
settings and verify whether the machines match those criteria. VCM provides prepackaged templates
and rules to check the compliance of your machines with regulatory, industry, and vendor standards.
VMware provides additional compliance packages that you can import into VCM.
n Reports: Create and print tailored reports of information that does not appear in VCM. VCM provides
prepackaged reports that you can run after you collect data from your VCM managed machines.
n Roles and Rules: VCM roles and access rules work together to control user access to VCM. For
example, you can create a role that allows a user to view all data, but not make changes to the
environment. You can create a role to run certain reports or a role that allows unlimited access to a
single machine group.
The VCM Change Restricted role limits users from making certain changes in your environment. See
VCM Installation Manager installs several VCM components and tools on the Collector machine during
the installation.
This chapter includes the following topics:
Install the VCM Tools Only19
VCM Import/Export and Content Wizard Tools20
Run the Deployment Utility21
Package Studio21
Foundation Checker22
Install the VCM Tools Only
You can install the VCM tools on a non-Collector Windows machine.
If you plan to install VCMon the non-Collector Windows machine later, you must uninstall the tools and
then install VCM.
Prerequisites
2
Perform the installation requirements for each tool in the Advanced Installation selection. For example,
you can install Import/Export (I/E) and Content Wizard only on a machine that is running VCM.
Procedure
1. On the non-Collector Windows machine on which you want to install the tools, insert the installation
CD.
2. In Installation Manager, click Run Installation Manager.
During the installation, follow the installation requirements that Installation Manager reports when
Foundation Checker runs.
3. Complete the initial installation pages, and click Next on subsequent pages to access the Select
Installation Type page.
a. Clear the VMware vRealize Configuration Manager check box.
c. To install a subset of tools, clear the Tools check box and select only the individual tools to install.
4. Click Next.
5. Complete the remaining instructions and click Next.
6. On the Installation Complete page, click Finish.
7. On the Installation Manager page, click Exit.
VCM Import/Export and Content Wizard Tools
Use the Import/Export Tool and the Content Wizard Tool to move or update VCM business objects. These
tools support the migration of any VCM Management Extension for Asset data that was added to VCM
manually, but does not import or export any collected data.
The Import/Export Tool supports the following scenarios.
n Back up (export) and restore (import) business objects to the same machine.
n Back up (export) and import (if needed) business objects during a VCM upgrade.
n Export and migrate (import) business objects to additional machines in a multi-Collector environment
during setup or to move custom content.
n Use the Content Wizard to download current Compliance Content from VMware and import it into an
existing database.
n Using the Command Line Interface, automate the propagation of content to other machines in a multi-
collector environment with a “golden machine”.
n Aid in disaster recovery by using the Command Line Interface to automate and schedule the backup of
VCM content and configuration parameters.
The Command Line Interface (CLI) is a powerful extension of the Import/Export graphic user interface
(GUI). In addition to supporting the scenarios noted above, the CLI allows content to be overwritten, as
opposed to “rename only”, and provides for automation through scripting suitable for customizations.
IMPORTANT Use of the CLI should be restricted to advanced users who exercise caution when testing
their scripts.
The Import/Export Tool and Content Wizard Tool were installed on your Collector machine during your
VCM installation.
Run the Import/Export Tool
Use the Import/Export Tool to back up your VCM database business objects and import them into a new
VCM database or into a recovered VCM database. This tool also supports the migration of any VCM
Management Extension for Asset data that was manually added to VCM.
Prerequisites
Install the Import/Export Tool. See "Installing and Getting Started with VCM Tools" on page 19.
3. For importing and exporting procedures, click Help > Contents and use the online help.
20
VMware, Inc.
Installing and Getting Started with VCM Tools
Run the Content Wizard to Access Additional Compliance Content
Use the Content Wizard to import additional VMware content such as VCM Compliance Content
Packages. These packages are not available in VCM until you download and import them. Check the VCM
Compliance Content Packages to determine if you need to import them.
Prerequisites
Install the Content Wizard. See "Installing and Getting Started with VCM Tools" on page 19.
3. In the Content Wizard, select Get Updates from the Internet and click Next.
4. After the wizard identifies available content, click Next.
5. Select the updates to install on your Collector and click Install.
When the installation is finished, the Event Log Results window appears.
6. On the Event Log Results window, click Save and specify a location to save the logs.
7. Click Close.
8. On the Content Wizard page, click Exit.
What to do next
View the imported data in VCM. For example, click Compliance and select Machine Group Compliance >
Templates. You can now run any imported compliance template against your collected data.
Run the Deployment Utility
The Deployment Utility for UNIX/Linux and ESX/vSphere copies files to multiple target machines when
you configure Linux, UNIX, and ESX/vSphere machines for management in VCM.
Procedure
1. On the Collector, navigate to C:\Program Files (x86)\VMware\VCM\Tools.
2. Copy the DeployUtility-<version>.zip file from the Collector to your Windows machine.
3. Extract the files.
4. Double-click DeployUtil.exe to start the application.
What to do next
In the Deployment Utility, click Help and review the procedure for the type of machine you are
configuring.
Package Studio
Use Package Studio to create software packages that can be installed by VCM. It is one component of
VCM Software Provisioning that includes the Software Repository for Windows and the Package
Manager.
For procedures to run the Package Studio, see the Software Provisioning Components Installation and User'sGuide.
Use the Foundation Checker tool to verify that a Windows machine designated as a VCM Collector meets
all of the prerequisites necessary to install VCM.
Installation Manager uses VCM Foundation Checker to check a machine’s viability for a successful VCM
deployment. Foundation Checker runs system checks that determine various conditions, settings, and
requirements, and displays a results file that displays the system checks that passed, failed, or generated
warnings.
If the checks run without error, you can install VCM. If the checks identify missing components or
incorrect configurations, Foundation Checker instructs you where to verify the component or
configuration and how to remedy the errors.
To run the Foundation Checker on a Windows machine on which you will install another instance of
VCM, see the Foundation Checker User's Guide.
22
VMware, Inc.
Configuring VMware Cloud
Infrastructure
VCM collects information from your instances of vCenter Server, vCloud Director, and vShield Manager
so that you can then use the information to manage and maintain your virtual environment.
The collected data appears in the Console under the Virtual Environments node. The information is
organized in logical groupings based on the information sources, including vCenter Server, vCloud
Director, and vShield Manager.
Based on the collected virtual environments data, you can manage the objects and data at an enterprise
and individual level, including running compliance rules and reports; running actions, such as changing
settings and taking virtual machine snapshots; and managing the guest operating systems as fully
managed VCM machines.
This chapter includes the following topics:
Virtual Environments Configuration23
Configure Virtual Environments Collections25
Configure Managing Agent Machines for Virtual Environment
Management26
Obtain the SSL Certificate Thumbprint29
Configure vCenter Server Data Collections29
Configure vCenter Server Virtual Machine Collections36
Configure vCloud Director Collections38
Configure vCloud Director vApp Virtual Machines Collections42
Configure vShield Manager Collections48
Configure ESX Service Console OS Collections51
Configure the vSphere Client VCM Plug-In57
3
Virtual Environments Configuration
To manage your virtual environments, you collect vCenter Server, vCloud Director, and vShield Manager
data. To collect the data, you use one or more Managing Agent machines.
After configuring your Managing Agent machines, you add and configure your vCenter Server, vCloud
Director, and vShield Manager instances in VCMto use the Managing Agent for communication. For a
diagram illustrating how the components are configured together, see Figure 3–1. Virtual Environments
The Managing Agent machines must have the 5.5 Agent or later installed. They must also be configured to
manage the secure communication between the vCenter Server, vCloud Director, and vShield Manager
instances and the Collector. Depending on the size of your Cloud Infrastructure environment, you can use
your Collector as a Managing Agent or you can use another Windows machine. If your individual vCenter
Server instances manage no more than 1–30 hosts and a maximum of 1000 guests, then you can use the
Collector as your Managing Agent. If any of your vCenter Server instances exceed this amount, you must
use a Windows machine that is not your Collector as a Managing Agent.
CAUTION Do not use the Windows machines on which your vCenter Server instances are running
as Managing Agent machines.
Managing vCenter Server Instances, Hosts, and Guest Virtual Machines
You collect data from vCenter Server instances regarding resources managed by the vCenter Server, and
to identify and manage the host and guest machines. The host and guest machines are managed based on
configured vCenter Server instances. From VCM, you can run vCenter Server actions such as configuring
settings, turning the power on and off, or taking a snapshot. To fully manage the guest machines, install
the VCM Agent on the virtual machines and manage their operating system.
24
VMware, Inc.
Managing Instances of vCloud Director and vApp Virtual Machines
You collect data from vCloud Director instances regarding their configurations, resources managed by
vCloud Director, and to identify and manage the vApp virtual machine guest operating systems. To fully
manage the guest machines, you install the VCM Agent on the virtual machines and manage their
operating system.
Managing vShield Manager Instances
You collect from vShield Manager instances to gather data regarding vShield App security groups. You
can run reports on the collected data.
Configure Virtual Environments Collections
To manage your virtual environments, configure your Managing Agent and then implement the
procedures that suit your environment.
Procedure
1. "Configure Managing Agent Machines for Virtual Environment Management" on page 26
The Managing Agents are one or more physical or virtual machines running a supported Windows
operating system that manages the communication between the Collector and your instances of
vCenter Server, vCloud Director, and vShield Manager.
Configuring VMware CloudInfrastructure
2. "Obtain the SSL Certificate Thumbprint" on page 29
When configuring the settings for your virtual environments systems, you can use an SSL certificate
thumbprint file to ensure secure communication between the Collector and your instances of vCenter
Server, vCloud Director, and vShield Manager.
3. "Configure vCenter Server Data Collections" on page 29
Collect data from your vCenter Server so that you can identify and manage your virtual
environments, including ESX and ESXi hosts, and guest virtual machines.
4. "Configure vCenter Server Virtual Machine Collections" on page 36
Configure virtual machine collections so that you can identify and manage the guest operating
systems on the vCenter Server virtual machines.
5. "Configure vCloud Director Collections" on page 38
Configure collections from your vCloud Director instances so that you can run compliance and
reports, and identify your vApp virtual machines.
6. "Configure vCloud Director vApp Virtual Machines Collections" on page 42
Collect vCloud Director data so that you can identify and manage the guest operating systems of the
vApp virtual machines.
7. "Configure vShield Manager Collections" on page 48
Configure collections from your vShield Manager instances so that you can run reports on the
collected data.
VMware, Inc.
8. "Configure ESX Service Console OS Collections" on page 51
The ESX Service Console OS Linux data type data and the ESXlogs are collected directly from the ESX
operating systems, not from vCenter Server. Configure the ESX servers so that you can collect the
Linux data type and ESX log data from the ESX service console operating system.
9. "Configure the vSphere Client VCM Plug-In" on page 57
The vSphere Client VCM Plug-In provides contextual access to VCM change, compliance, and
management functions. It also provides direct access to collected vCenter Server, virtual machine host,
and virtual machine guest data.
Configure Managing Agent Machines for Virtual Environment
Management
The Managing Agents are one or more physical or virtual machines running a supported Windows
operating system that manages the communication between the Collector and your instances of vCenter
Server, vCloud Director, and vShield Manager.
The Managing Agent machines must have the 5.5 Agent or later installed. They must also be configured to
manage the secure communication between the vCenter Server, vCloud Director, and vShield Manager
instances and the Collector. Depending on the size of your Cloud Infrastructure environment, you can use
your Collector as a Managing Agent or you can use another Windows machine. If your individual vCenter
Server instances manage no more than 1–30 hosts and a maximum of 1000 guests, then you can use the
Collector as your Managing Agent. If any of your vCenter Server instances exceed this amount, you must
use a Windows machine that is not your Collector as a Managing Agent.
CAUTION Do not use the Windows machines on which your vCenter Server instances are running
as Managing Agent machines.
Procedure
1. "Collect Machines Data From the Managing Agent Machines" on page 26
Collect data from your Managing Agent machines to ensure that VCM identifies the Windows
machines as licensed and that the 5.5 Agent or later is installed.
2. "Set the Trust Status for Managing Agent Machines" on page 27
You can set the trusted status on machines where you have verified that the connection is legitimate.
When you set the trust status, you are marking the Agent certificate as trusted.
3. "Configure HTTPS Bypass Setting for Virtual Environments " on page 28
If your Collector is not configured to use HTTPS, you must configure the Collector to allow HTTP
communication when entering sensitive parameter values.
4. "Enable Managing Agent Machines for Virtual Environments" on page 28
Managing Agent machines must be enabled to perform the necessary communication with your
instances of vCenter Server, vCloud Director, and vShield Manager.
Collect Machines Data From the Managing Agent Machines
Collect data from your Managing Agent machines to ensure that VCM identifies the Windows machines
as licensed and that the 5.5 Agent or later is installed.
The Managing Agent is the Agent used to collect data from your instances of vCenter Server, vCloud
Director and vShield Manager.
26
VMware, Inc.
Configuring VMware CloudInfrastructure
Prerequisites
Verify that the Windows machine that you designated as the Managing Agent is licensed and that it has
the VCM Agent 5.6 or later installed. See "Configure Windows Machines" on page 89.
3. Select the target machines and click Collect on the VCM toolbar.
4. Select Machine Data and click OK.
5. Verify that the Selected list includes the target machines and click Next.
6. Expand the Windows tree, select Machines, and click Next.
7. Resolve any conflicts and click Finish.
What to do next
n When the job is finished, verify that the Agent Version value in the data grid is 5.6 or later.
n Configure the trust status for the Managing Agents. See "Set the Trust Status for Managing Agent
Machines" on page 27.
Set the Trust Status for Managing Agent Machines
You can set the trusted status on machines where you have verified that the connection is legitimate.
When you set the trust status, you are marking the Agent certificate as trusted.
When you transmit sensitive information, such as credentials, between the Collector and virtual or
physical machines on which the Managing Agent is installed, the Agent certificate, including the Agent
certificate on the Collector, must be trusted.
If you do not use this level of security, you can set the Allow sensitive parameters to be passedto agents not verified as Trusted option to Yes. To override the setting, click Administration
and select Settings > General Settings > Collector.
Prerequisites
Ensure that you collected the Machines data type from the Windows machines you are using as Managing
Agents. See "Collect Machines Data From the Managing Agent Machines" on page 26.
Procedure
1. Click Administration.
2. Select Certificates.
3. Select the target machines and click Change Trust Status.
4. Add any additional machines to trust to the lower data grid.
5. Select Check to trust or uncheck to untrust the selected machines and click Next.
VMware, Inc.
6. Review the number of machines affected and click Finish.
n If your Collector is not configured to use HTTPS, set the HTTPS bypass. See "Configure HTTPS Bypass
Setting for Virtual Environments " on page 28.
n Identify the Windows machines as Managing Agents. See "Enable Managing Agent Machines for
Virtual Environments" on page 28.
Configure HTTPS Bypass Setting for Virtual Environments
If your Collector is not configured to use HTTPS, you must configure the Collector to allow HTTP
communication when entering sensitive parameter values.
If your Collector is configured to use HTTPS, you do not need to modify this setting.
Procedure
1. Click Administration.
2. Select Settings > General Settings > Collector.
3. Select Allow HTTP communication (HTTPS bypass) when entering sensitive parameter values and
click Edit Settings.
4. Select Yes and click Next.
5. Review the summary and click Finish.
What to do next
Identify the Windows machines as Managing Agents. See "Enable Managing Agent Machines for Virtual
Environments" on page 28.
Enable Managing Agent Machines for Virtual Environments
Managing Agent machines must be enabled to perform the necessary communication with your instances
of vCenter Server, vCloud Director, and vShield Manager.
Prerequisites
n Ensure that the Managing Agent machines are trusted machines. See "Set the Trust Status for Managing
Agent Machines" on page 27.
n If your Collector is not configured to use HTTPS, set the HTTPS bypass. See "Configure HTTPS Bypass
3. Select the Managing Agent machines and click Change Managing Agent Status.
4. Add any additional machines to the lower data grid.
5. Select Enable - allow the selected machines to be used as managing agents and click Next.
6. Review the number of machines affected and click Finish.
28
VMware, Inc.
What to do next
n To maintain secure communication, you need the SSLcertificates from your instances of vCenter
Server, vCloud Director, and vShield Manager. See "Obtain the SSL Certificate Thumbprint" on page 29.
n Configure the collections from your instances of vCenter Server, vCloud Director, and vShield
Manager.
n See "Configure vCenter Server Data Collections" on page 29.
n See "Configure vCloud Director Collections" on page 38.
n See "Configure vShield Manager Collections" on page 48.
Obtain the SSL Certificate Thumbprint
When configuring the settings for your virtual environments systems, you can use an SSL certificate
thumbprint file to ensure secure communication between the Collector and your instances of vCenter
Server, vCloud Director, and vShield Manager.
You can use this procedure to copy and save the thumbprint in advance of configuring the settings, or you
can follow the process while you are using the wizard.
This procedure applies when your certificates are not properly trusted. If your certificates are configured
and trusted, you must log onto the target machine to retrieve the thumbprint from the certificate store.
Configuring VMware CloudInfrastructure
Prerequisites
Ensure that you have network access to the target instances of vCenter Server, vCloud Director, and
vShield Manager from which you need the thumbprint string.
Procedure
1. Open Internet Explorer.
2. In the address bar, type https://<your vcenter server, vcloud director, or vshieldmanager instance>.
3. On the certificate error page, click Continue to this website.
4. On the address bar, click Certificate Error and select View Certificates.
5. Click the Details tab.
6. In the list, select Thumbprint.
7. Copy the thumbprint string to your clipboard or to a file so that you can access it when needed.
Configure vCenter Server Data Collections
Collect data from your vCenter Server so that you can identify and manage your virtual environments,
including ESX and ESXi hosts, and guest virtual machines.
Prerequisites
VMware, Inc.
n Configure your Managing Agent machines. See "Configure Managing Agent Machines for Virtual
Environment Management" on page 26.
n To maintain secure communication, you need the SSLcertificates from your instances of vCenter
Server. See "Obtain the SSL Certificate Thumbprint" on page 29.
Add the vCenter Server instances to VCM so that you can license and collect vCenter Server data
using the Managing Agent.
2. "Configure the vCenter Server Settings" on page 31
Configure the Managing Agent, communication, and vCenter Server access options so that VCM can
collect host and guest data from the vCenter Server instances.
3. "Collect vCenter Server Data" on page 32
Collect the vCenter Server, host, and guest data from the vCenter Server instances. The data is
displayed by detailed data type and appears in the VCM Console.
The collectedvCenter Server data appears in the Console in the Virtual Environments node. The collected
vCenter Server data helps you identify and manage vCenter Server, host, and guest objects. See " vCenter
Server Collection Results" on page 34.
Add vCenter Server Instances
Add the vCenter Server instances to VCM so that you can license and collect vCenter Server data using
the Managing Agent.
In addition to adding the vCenter Server instances, and you can also add the Windows machine on which
the vCenter Server is installed and manage the underlying Windows operating system.
Prerequisites
Know the names and domain information for the vCenter Server instances in your environment.
Procedure
1. Click Administration.
2. Select Machines Manager > Available Machines.
3. Click Add Machines.
4. On the Add Machines page, select Basic: Name, Domain, Type, Automatically license machines, and
click Next.
5. On the Manually Add Machines - Basic page, configure these options to identify the vCenter Server
instances.
OptionDescription
MachineName of the vCenter Server.
DomainDomain to which the vCenter Server belongs.
TypeDomain type.
Machine TypeSelect vCenter (Windows).
6. Click Add.
30
VMware, Inc.
Loading...
+ 236 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.