VMware vRealize Operations Manager - 6.3 Deployment and Conﬁguration Guide

vRealize Operations Manager vApp

Deployment and Conﬁguration Guide

vRealize Operations Manager 6.3

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-002057-00

vRealize Operations Manager vApp Deployment and Configuration Guide

You can ﬁnd the most up-to-date technical documentation on the VMware Web site at:

hp://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

About vApp Deployment and Conguration 5

Preparing for vRealize Operations Manager Installation 7

About vRealize Operations Manager Virtual Appliance Installation 8

Complexity of Your Environment 9

vRealize Operations Manager Cluster Nodes 11

General vRealize Operations Manager Cluster Node Requirements 12

vRealize Operations Manager Cluster Node Networking Requirements 13

vRealize Operations Manager Cluster Node Best Practices 13

Using IPv6 with vRealize Operations Manager 14

Sizing the vRealize Operations Manager Cluster 15

Add Data Disk Space to a vRealize Operations Manager vApp Node 16

Custom vRealize Operations Manager Certicates 16

Custom vRealize Operations Manager Certicate Requirements 16

Sample Contents of Custom vRealize Operations Manager Certicates 17

Verifying a Custom vRealize Operations Manager Certicate 19

Create a Node by Deploying an OVF 19

Creating the vRealize Operations Manager Master Node 23

About the vRealize Operations Manager Master Node 23

Run the Setup Wizard to Create the Master Node 23

Scaling vRealize Operations Manager Out by Adding a Data Node 25

About vRealize Operations Manager Data Nodes 25

Run the Setup Wizard to Add a Data Node 25

VMware, Inc.

Adding High Availability to vRealize Operations Manager 27

About vRealize Operations Manager High Availability 27

Run the Setup Wizard to Add a Master Replica Node 28

Gathering More Data by Adding a vRealize Operations Manager Remote

Collector Node 31

About vRealize Operations Manager Remote Collector Nodes 31

Run the Setup Wizard to Create a Remote Collector Node 31

Continuing With a New vRealize Operations Manager Installation 33

About New vRealize Operations Manager Installations 33

vRealize Operations Manager vApp Deployment and Configuration Guide

Connecting vRealize Operations Manager to Data Sources 35

VMware vSphere Solution in vRealize Operations Manager 35

Add a vCenter Adapter Instance in vRealize Operations Manager 37

Congure User Access for Actions 38

Endpoint Operations Management Solution in vRealize Operations Manager 39

Endpoint Operations Management Agent Installation and Deployment 39

Roles and Privileges in vRealize Operations Manager 74

Registering Agents on Clusters 75

Manually Create Operating System Objects 75

Managing Objects with Missing Conguration Parameters 76

Mapping Virtual Machines to Operating Systems 77

Endpoint Operations Management Agent Upgrade for vRealize Operations Manager 6.3 77

Installing Optional Solutions in vRealize Operations Manager 78

Managing Solution Credentials 78

Managing Collector Groups 79

Migrate a vCenter Operations Manager Deployment into this Version 79

vRealize Operations Manager Post-Installation Considerations 81

About Logging In to vRealize Operations Manager 81

Secure the vRealize Operations Manager Console 82

The Customer Experience Improvement Program 83

Join or Leave the Customer Experience Improvement Program for

vRealize Operations Manager 83

Updating Your Software 85

Obtain the Software Update PAK File 85

Create a Snapshot as Part of an Update 86

Install a Software Update 86

Index 89

4 VMware, Inc.

About vApp Deployment and Configuration

The vRealize Operations Manager vApp Deployment and Conguration Guide provides information about deploying the VMware® vRealize Operations Manager virtual appliance, including how to create and congure the vRealize Operations Manager cluster.

The vRealize Operations Manager installation process consists of deploying the vRealize Operations Manager virtual appliance once for each cluster node, and accessing the product to nish seing up the application.

Intended Audience

This information is intended for anyone who wants to install and congure vRealize Operations Manager by using a virtual appliance deployment. The information is wrien for experienced virtual machine administrators who are familiar with enterprise management applications and datacenter operations.

VMware Technical Publications Glossary

VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For denitions of terms as they are used in VMware technical documentation, go to

hp://www.vmware.com/support/pubs.

VMware, Inc.

vRealize Operations Manager vApp Deployment and Configuration Guide

6 VMware, Inc.

Preparing for vRealize Operations Manager

Installation 1

You prepare for vRealize Operations Manager installation by evaluating your environment and deploying enough vRealize Operations Manager cluster nodes to support how you want to use the product.

This chapter includes the following topics:

“About vRealize Operations Manager Virtual Appliance Installation,” on page 8

“Complexity of Your Environment,” on page 9

“vRealize Operations Manager Cluster Nodes,” on page 11

“Using IPv6 with vRealize Operations Manager,” on page 14

“Sizing the vRealize Operations Manager Cluster,” on page 15

“Custom vRealize Operations Manager Certicates,” on page 16

“Create a Node by Deploying an OVF,” on page 19

VMware, Inc.

Start

Deploy OVF to create master node.

(optional) Deploy OVFs for master replica, data,

or remote collector nodes

Run master node setup

(optional)

Enable master

replica

(optional)

Run data nodes

setup

(optional)

Run remote collector

nodes setup

First-time login to the product

Monitor your environment

Select, license,

and upload

Customer Experience Improvement Program

(optional) Add more solutions

Configure solutions

Configure monitoring policies

Licensing

vRealize Operations Manager vApp Deployment and Configuration Guide

About vRealize Operations Manager Virtual Appliance Installation

The vRealize Operations Manager virtual appliance installation process consists of deploying the vRealize Operations Manager OVF once for each cluster node, accessing the product to set up cluster nodes according to their role, and logging in to congure the installation.

Figure 1‑1. vRealize Operations Manager Installation

8 VMware, Inc.

Complexity of Your Environment

When you deploy vRealize Operations Manager, the number and nature of the objects that you want to monitor might be complex enough to recommend a Professional Services engagement.

Complexity Levels

Every enterprise is dierent in terms of the systems that are present and the level of experience of deployment personnel. The following table presents a color-coded guide to help you determine where you are on the complexity scale.

Green

Your installation only includes conditions that most users can understand and work with, without assistance. Continue your deployment.

Yellow

Your installation includes conditions that might justify help with your deployment, depending on your level of experience. Consult your account representative before proceeding, and discuss using Professional Services.

Red

Chapter 1 Preparing for vRealize Operations Manager Installation

Your installation includes conditions that strongly recommend a Professional Services engagement. Consult your account representative before proceeding, and discuss using Professional Services.

Note that these color-coded levels are not rm rules. Your product experience, which increases as you work with vRealize Operations Manager and in partnership with Professional Services, must be taken into account when deploying vRealize Operations Manager.

Table 1‑1. Effect of Deployment Conditions on Complexity

Current or New Deployment

Complexity Level

Green You run only one

Green Your deployment includes a

Yellow You run multiple instances of

Condition Additional Notes

Lone instances are usually easy to vRealize Operations Manager deployment.

management pack that is listed as Green according to the compatibility guide on the VMware Solutions

Exchange Web site.

vRealize Operations Manager.

create in

vRealize Operations Manager.

The compatibility guide indicates

whether the supported management

pack for vRealize Operations Manager

is a compatible 5.x one or a new one

designed for this release. In some

cases, both might work but produce

dierent results. Regardless, users

might need help in adjusting their

conguration so that associated data,

dashboards, alerts, and so on appear as

expected.

Note that the terms solution,

management pack, adapter, and plug-in

are used somewhat interchangeably.

Multiple instances are typically used to

address scaling or operator use

paerns.

VMware, Inc. 9

vRealize Operations Manager vApp Deployment and Configuration Guide

Table 1‑1. Effect of Deployment Conditions on Complexity (Continued)

Current or New Deployment

Complexity Level

Yellow Your deployment includes a

Yellow You are deploying

Yellow You are deploying a multiple-node

Yellow Your new

Yellow Your vRealize Operations Manager

Yellow You want help in understanding the

Red You run multiple instances of

Red Your deployment includes a

Red You are deploying multiple

Condition Additional Notes

management pack that is listed as Yellow according to the compatibility guide on the VMware Solutions

Exchange Web site.

vRealize Operations Manager remote collector nodes.

vRealize Operations Manager cluster.

vRealize Operations Manager instance will include a Linux or Windows based deployment.

instance will use high availability (HA).

new or changed features in vRealize Operations Manager and how to use them in your environment.

vRealize Operations Manager, where at least one includes virtual desktop infrastructure (VDI).

management pack that is listed as Red according to the compatibility guide on the VMware Solutions

Exchange Web site.

vRealize Operations Manager clusters.

The compatibility guide indicates

whether the supported management

pack for vRealize Operations Manager

is a compatible 5.x one or a new one

designed for this release. In some

cases, both might work but produce

dierent results. Regardless, users

might need help in adjusting their

conguration so that associated data,

dashboards, alerts, and so on appear as

expected.

Remote collector nodes gather data but

leave the storage and processing of the

data to the analytics cluster.

Multiple nodes are typically used for

scaling out the monitoring capability

of vRealize Operations Manager.

Linux and Windows deployments are

not as common as vApp deployments

and often need special consideration.

High availability and its node failover

capability is a unique multiple-node

feature that you might want additional

help in understanding.

vRealize Operations Manager is

dierent than vCenter Operations

Manager in areas such as policies,

alerts, compliance, custom reporting,

or badges. In addition,

vRealize Operations Manager uses one

consolidated interface.

Multiple instances are typically used to

address scaling, operator use paerns,

or because separate VDI (V4V

monitoring) and non-VDI instances are

needed.

The compatibility guide indicates

whether the supported management

pack for vRealize Operations Manager

is a compatible 5.x one or a new one

designed for this release. In some

cases, both might work but produce

dierent results. Regardless, users

might need help in adjusting their

conguration so that associated data,

dashboards, alerts, and so on appear as

expected.

Multiple clusters are typically used to

isolate business operations or

functions.

10 VMware, Inc.

Chapter 1 Preparing for vRealize Operations Manager Installation

Table 1‑1. Effect of Deployment Conditions on Complexity (Continued)

Current or New Deployment

Complexity Level

Red Your current

Red Professional Services customized

Condition Additional Notes

vRealize Operations Manager deployment required a Professional Services engagement to install it.

your vRealize Operations Manager deployment. Examples of customization include special integrations, scripting, nonstandard congurations, multiple level alerting, or custom reporting.

vRealize Operations Manager Cluster Nodes

All vRealize Operations Manager clusters consist of a master node, an optional replica node for high availability, optional data nodes, and optional remote collector nodes.

If your environment was complex

enough to justify a Professional

Services engagement in the previous

version, it is possible that the same

conditions still apply and might

warrant a similar engagement for this

version.

If your environment was complex

enough to justify a Professional

Services engagement in the previous

version, it is possible that the same

conditions still apply and might

warrant a similar engagement for this

version.

When you install vRealize Operations Manager, you use a vRealize Operations Manager vApp deployment, Linux installer, or Windows installer to create role-less nodes. After the nodes are created and have their names and IP addresses, you use an administration interface to congure them according to their role.

You can create role-less nodes all at once or as needed. A common as-needed practice might be to add nodes to scale out vRealize Operations Manager to monitor an environment as the environment grows larger.

The following node types make up the vRealize Operations Manager analytics cluster:

Master Node

The initial, required node in vRealize Operations Manager. All other nodes are managed by the master node.

In a single-node installation, the master node manages itself, has adapters installed on it, and performs all data collection and analysis.

Data Node

In larger deployments, additional data nodes have adapters installed and perform collection and analysis.

Larger deployments usually include adapters only on the data nodes so that master and replica node resources can be dedicated to cluster management.

Replica Node

To use vRealize Operations Manager high availability (HA), the cluster requires that you convert a data node into a replica of the master node.

The following node type is a member of the vRealize Operations Manager cluster but not part of the analytics cluster:

Remote Collector Node

Distributed deployments might require a remote collector node that can navigate rewalls, interface with a remote data source, reduce bandwidth across data centers, or reduce the load on the vRealize Operations Manager analytics cluster. Remote collectors only gather objects for the inventory, without storing data or performing analysis. In addition, remote collector nodes may be installed on a dierent operating system than the rest of the cluster.

VMware, Inc. 11

vRealize Operations Manager vApp Deployment and Configuration Guide

General vRealize Operations Manager Cluster Node Requirements

When you create the cluster nodes that make up vRealize Operations Manager, you have general requirements that you must meet.

General Requirements

vRealize Operations Manager Version. All nodes must run the same vRealize Operations Manager

version.

For example, do not add a version 6.1 data node to a cluster of vRealize Operations Manager 6.2 nodes.

Analytics Cluster Deployment Type. In the analytics cluster, all nodes must be the same kind of

deployment: vApp, Linux, or Windows.

Do not mix vApp, Linux, and Windows nodes in the same analytics cluster.

Remote Collector Deployment Type. A remote collector node does not need to be the same deployment

type as the analytics cluster nodes.

When you add a remote collector of a dierent deployment type, the following combinations are supported:

vApp analytics cluster and Windows remote collector

Linux analytics cluster and Windows remote collector

Analytics Cluster Node Sizing. In the analytics cluster, CPU, memory, and disk size must be identical

for all nodes.

Master, replica, and data nodes must be uniform in sizing.

Remote Collector Node Sizing. Remote collector nodes may be of dierent sizes from each other or

from the uniform analytics cluster node size.

Geographical Proximity. You may place analytics cluster nodes in dierent vSphere clusters, but the

nodes must reside in the same geographical location.

Dierent geographical locations are not supported.

Virtual Machine Maintenance. When any node is a virtual machine, you may only update the virtual

machine software by directly updating the vRealize Operations Manager software.

For example, going outside of vRealize Operations Manager to access vSphere to update VMware Tools is not supported.

Redundancy and Isolation. If you expect to enable HA, place analytics cluster nodes on separate hosts.

See “About vRealize Operations Manager High Availability,” on page 27.

Requirements for Solutions

Be aware that solutions might have requirements beyond those for vRealize Operations Manager itself. For example, vRealize Operations Manager for Horizon View has specic sizing guidelines for its remote collectors.

See your solution documentation, and verify any additional requirements before installing solutions. Note that the terms solution, management pack, adapter, and plug-in are used somewhat interchangeably.

12 VMware, Inc.

Chapter 1 Preparing for vRealize Operations Manager Installation

vRealize Operations Manager Cluster Node Networking Requirements

When you create the cluster nodes that make up vRealize Operations Manager, the associated setup within your network environment is critical to inter-node communication and proper operation.

Networking Requirements

I vRealize Operations Manager analytics cluster nodes need frequent communication with one another. In general, your underlying vSphere architecture might create conditions where some vSphere actions aect that communication. Examples include, but are not limited to, vMotions, storage vMotions, HA events, and DRS events.

The master and replica nodes must be addressed by static IP address, or fully qualied domain name

(FQDN) with a static IP address.

Data and remote collector nodes may use dynamic host control protocol (DHCP).

You must be able to successfully reverse-DNS all nodes, including remote collectors, to their FQDN,

currently the node hostname.

Nodes deployed by OVF have their hostnames set to the retrieved FQDN by default.

All nodes, including remote collectors, must be bidirectionally routable by IP address or FQDN.

Analytics cluster nodes must not be separated by network address translation (NAT), load balancer,

rewall, or a proxy that inhibits bidirectional communication by IP address or FQDN.

Analytics cluster nodes must not have the same hostname.

Place analytics cluster nodes within the same data center and connect them to the same local area

network (LAN).

Place analytics cluster nodes on same Layer 2 network and IP subnet.

A stretched Layer 2 or routed Layer 3 network is not supported.

Do not span the Layer 2 network across sites, which might create network partitions or network

performance issues.

One-way latency between analytics cluster nodes must be 5 ms or lower.

Network bandwidth between analytics cluster nodes must be 1 gbps or higher.

Do not distribute analytics cluster nodes over a wide area network (WAN).

To collect data from a WAN, a remote or separate data center, or a dierent geographic location, use remote collectors.

Remote collectors are supported through a routed network but not through NAT.

vRealize Operations Manager Cluster Node Best Practices

When you create the cluster nodes that make up vRealize Operations Manager, additional best practices improve performance and reliability in vRealize Operations Manager.

Best Practices

Deploy vRealize Operations Manager analytics cluster nodes in the same vSphere cluster.

VMware, Inc. 13

vRealize Operations Manager vApp Deployment and Configuration Guide

If you deploy analytics cluster nodes in a highly consolidated vSphere cluster, you might need resource

reservations for optimal performance.

Determine whether the virtual to physical CPU ratio is aecting performance by reviewing CPU ready time and co-stop.

Deploy analytics cluster nodes on the same type of storage tier.

To continue to meet analytics cluster node size and performance requirements, apply storage DRS anti-

anity rules so that nodes are on separate datastores.

To prevent unintentional migration of nodes, set storage DRS to manual.

To ensure balanced performance from analytics cluster nodes, use ESXi hosts with the same processor

frequencies. Mixed frequencies and physical core counts might aect analytics cluster performance.

To avoid a performance decrease, vRealize Operations Manager analytics cluster nodes need

guaranteed resources when running at scale. The vRealize Operations Manager Knowledge Base includes sizing spreadsheets that calculate resources based on the number of objects and metrics that you expect to monitor, use of HA, and so on. When sizing, it is beer to over-allocate than underallocate resources.

See Knowledge Base article 2093783.

Because nodes might change roles, avoid machine names such as Master, Data, Replica, and so on.

Examples of changed roles might include making a data node into a replica for HA, or having a replica take over the master node role.

The NUMA placement is removed in the vRealize Operations Manager 6.3 and later. Procedures related

to NUMA seings from the OVA le follow:

Table 1‑2. NUMA Setting

Action Description

Set the vRealize Operations Manager cluster status to

oine

Remove the NUMA seing 1 From the Conguration Parameters, remove the

1 Shut down the vRealize Operations Manager cluster.

2 Right-click the cluster and click Edit  >

Options > Advanced General.

3 Click  Parameters. In the vSphere

Client, repeat these steps for each VM.

seing numa.vcpu.preferHT and click OK.

2 Click OK.

3 Repeat these steps for all the VMs in the vRealize

Operations cluster.

4 Power on the cluster.

N To ensure the availability of adequate resources and continued product performance, monitor vRealize Operations performance by checking its CPU usage, CPU ready and CPU contention time.

Using IPv6 with vRealize Operations Manager

vRealize Operations Manager supports Internet Protocol version 6 (IPv6), the network addressing convention that will eventually replace IPv4. Use of IPv6 with vRealize Operations Manager requires that certain limitations be observed.

Using IPv6

All vRealize Operations Manager cluster nodes, including remote collectors, must have IPv6 addresses.

Do not mix IPv6 and IPv4.

14 VMware, Inc.

Chapter 1 Preparing for vRealize Operations Manager Installation

All vRealize Operations Manager cluster nodes, including remote collectors, must be vApp or Linux

based. vRealize Operations Manager for Windows does not support IPv6.

Use global IPv6 addresses only. Link-local addresses are not supported.

If any nodes use DHCP, your DHCP server must be congured to support IPv6.

DHCP is only supported on data nodes and remote collectors. Master nodes and replica nodes still

require xed addresses, which is true for IPv4 as well.

Your DNS server must be congured to support IPv6.

When adding nodes to the cluster, remember to enter the IPv6 address of the master node.

When registering a VMware vCenter® instance within vRealize Operations Manager, place square

brackets around the IPv6 address of your VMware vCenter Server® system if vCenter is also using IPv6.

For example: [2015:0db8:85a3:0042:1000:8a2e:0360:7334]

Note that, even when vRealize Operations Manager is using IPv6, vCenter Server may still have an IPv4 address. In that case, vRealize Operations Manager does not need the square brackets.

You cannot register an Endpoint Operations Management agent in an environment that supports both

IPv4 and IPv6. In the event that you aempt to do so, the following error appears:

Connection failed. Server may be down (or wrong IP/port were used). Waiting for 10 seconds

before retrying.

Sizing the vRealize Operations Manager Cluster

The resources needed for vRealize Operations Manager depend on how large of an environment you expect to monitor and analyze, how many metrics you plan to collect, and how long you need to store the data.

It is dicult to broadly predict the CPU, memory, and disk requirements that will meet the needs of a particular environment. There are many variables, such as the number and type of objects collected, which includes the number and type of adapters installed, the presence of HA, the duration of data retention, and the quantity of specic data points of interest, such as symptoms, changes, and so on.

VMware expects vRealize Operations Manager sizing information to evolve, and maintains Knowledge Base articles so that sizing calculations can be adjusted to adapt to usage data and changes in versions of vRealize Operations Manager.

Knowledge Base article 2093783

The Knowledge Base articles include overall maximums, plus spreadsheet calculators in which you enter the number of objects and metrics that you expect to monitor. To obtain the numbers, some users take the following high-level approach, which uses vRealize Operations Manager itself.

1 Review this guide to understand how to deploy and congure a vRealize Operations Manager node.

2 Deploy a temporary vRealize Operations Manager node.

3 Congure one or more adapters, and allow the temporary node to collect overnight.

4 Access the Cluster Management page on the temporary node.

5 Using the Adapter Instances list in the lower portion of the display as a reference, enter object and

metric totals of the dierent adapter types into the appropriate sizing spreadsheet from Knowledge

Base article 2093783.

6 Deploy the vRealize Operations Manager cluster based on the spreadsheet sizing recommendation. You

can build the cluster by adding resources and data nodes to the temporary node or by starting over.

If you have a large number of adapters, you might need to reset and repeat the process on the temporary node until you have all the totals you need. The temporary node will not have enough capacity to simultaneously run every connection from a large enterprise.

VMware, Inc. 15

vRealize Operations Manager vApp Deployment and Configuration Guide

Another approach to sizing is through self monitoring. Deploy the cluster based on your best estimate, but create an alert for when capacity falls below a threshold, one that allows enough time to add nodes or disk to the cluster. You also have the option to create an email notication when thresholds are passed.

During internal testing, a single-node vApp deployment of vRealize Operations Manager that monitored 8,000 virtual machines ran out of disk storage within one week.

Add Data Disk Space to a vRealize Operations Manager vApp Node

You add to the data disk of vRealize Operations Manager vApp nodes when space for storing the collected data runs low.

Prerequisites

Note the disk size of the analytics cluster nodes. When adding disk, you must maintain uniform size

across analytics cluster nodes.

Use the vRealize Operations Manager administration interface to take the node oine.

Verify that you are connected to a vCenter Server system with a vSphere client, and log in to the

vSphere client.

Procedure

1 Shut down the virtual machine for the node.

2 Edit the hardware seings of the virtual machine, and do one of the following:

Increase the size of Hard Disk 2.

You cannot increase the size when the virtual machine has snapshots.

Add another disk.

3 Power on the virtual machine for the node.

During the power-on process, the virtual machine expands the vRealize Operations Manager data partition.

Custom vRealize Operations Manager Certificates

By default, vRealize Operations Manager includes its own authentication certicates. The default certicates cause the browser to display a warning when you connect to the vRealize Operations Manager user interface.

Your site security policies might require that you use another certicate, or you might want to avoid the warnings caused by the default certicates. In either case, vRealize Operations Manager supports the use of your own custom certicate. You can upload your custom certicate during initial master node conguration or later.

Custom vRealize Operations Manager Certificate Requirements

A certicate used with vRealize Operations Manager must conform to certain requirements. Using a custom certicate is optional and does not aect vRealize Operations Manager features.

Requirements for Custom Certificates

Custom vRealize Operations Manager certicates must meet the following requirements.

The certicate le must include the terminal (leaf) server certicate, a private key, and all issuing

certicates if the certicate is signed by a chain of other certicates.

In the le, the leaf certicate must be rst in the order of certicates. After the leaf certicate, the order

does not maer.

16 VMware, Inc.

Chapter 1 Preparing for vRealize Operations Manager Installation

In the le, all certicates and the private key must be in PEM format. vRealize Operations Manager

does not support certicates in PFX, PKCS12, PKCS7, or other formats.

In the le, all certicates and the private key must be PEM-encoded. vRealize Operations Manager does

not support DER-encoded certicates or private keys.

PEM-encoding is base-64 ASCII and contains legible BEGIN and END markers, while DER is a binary format. Also, le extension might not match encoding. For example, a generic .cer extension might be used with PEM or DER. To verify encoding format, examine a certicate le using a text editor.

The le extension must be .pem.

The private key must be generated by the RSA or DSA algorithm.

The private key must not be encrypted by a pass phrase if you use the master node conguration

wizard or the administration interface to upload the certicate.

The REST API in this vRealize Operations Manager release supports private keys that are encrypted by

a pass phrase. Contact VMware Technical Support for details.

The vRealize Operations Manager Web server on all nodes will have the same certicate le, so it must

be valid for all nodes. One way to make the certicate valid for multiple addresses is with multiple Subject Alternative Name (SAN) entries.

SHA1 certicates creates browser compatibility issues. Therefore, ensure that all certicates that are

created and being uploaded to vRealize Operations Manager are signed using SHA2 or newer.

Sample Contents of Custom vRealize Operations Manager Certificates

For troubleshooting purposes, you can open a custom certicate le in a text editor and inspect its contents.

PEM Format Certificate Files

A typical PEM format certicate le resembles the following sample.

-----BEGIN CERTIFICATE-----

MIIF1DCCBLygAwIBAgIKFYXYUwAAAAAAGTANBgkqhkiG9w0BAQ0FADBhMRMwEQYK

CZImiZPyLGQBGRYDY29tMRUwEwYKCZImiZPyLGQBGRYFdm13Y3MxGDAWBgoJkiaJ

<snip>

vKStQJNr7z2+pTy92M6FgJz3y+daL+9ddbaMNp9fVXjHBoDLGGaLOvyD+KJ8+xba

aGJfGf9ELXM=

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEA4l5ffX694riI1RmdRLJwL6sOWa+Wf70HRoLtx21kZzbXbUQN

mQhTRiidJ3Ro2gRbj/btSsI+OMUzotz5VRT/yeyoTC5l2uJEapld45RroUDHQwWJ

<snip>

DAN9hQus3832xMkAuVP/jt76dHDYyviyIYbmxzMalX7LZy1MCQVg4hCH0vLsHtLh

M1rOAsz62Eht/iB61AsVCCiN3gLrX7MKsYdxZcRVruGXSIh33ynA

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

MIIDnTCCAoWgAwIBAgIQY+j29InmdYNCs2cK1H4kPzANBgkqhkiG9w0BAQ0FADBh

MRMwEQYKCZImiZPyLGQBGRYDY29tMRUwEwYKCZImiZPyLGQBGRYFdm13Y3MxGDAW

<snip>

ukzUuqX7wEhc+QgJWgl41mWZBZ09gfsA9XuXBL0k17IpVHpEgwwrjQz8X68m4I99

dD5Pflf/nLRJvR9jwXl62yk=

-----END CERTIFICATE-----

Private Keys

Private keys can appear in dierent formats but are enclosed with clear BEGIN and END markers.

VMware, Inc. 17

vRealize Operations Manager vApp Deployment and Configuration Guide

Valid PEM sections begin with one of the following markers.

-----BEGIN RSA PRIVATE KEY-----

-----BEGIN PRIVATE KEY-----

Encrypted private keys begin with the following marker.

-----BEGIN ENCRYPTED PRIVATE KEY-----

Bag Attributes

Microsoft certicate tools sometimes add Bag Aributes sections to certicate les. vRealize Operations Manager safely ignores content outside of BEGIN and END markers, including Bag Aributes sections.

Bag Attributes

Microsoft Local Key set: <No Values>

localKeyID: 01 00 00 00

Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider

friendlyName: le-WebServer-8dea65d4-c331-40f4-aa0b-205c3c323f62

Key Attributes

X509v3 Key Usage: 10

-----BEGIN PRIVATE KEY-----

MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKHqyfc+qcQK4yxJ

om3PuB8dYZm34Qlt81GAAnBPYe3B4Q/0ba6PV8GtWG2svIpcl/eflwGHgTU3zJxR

gkKh7I3K5tGESn81ipyKTkPbYebh+aBMqPKrNNUEKlr0M9sa3WSc0o3350tCc1ew

5ZkNYZ4BRUVYWm0HogeGhOthRn2fAgMBAAECgYABhPmGN3FSZKPDG6HJlARvTlBH

KAGVnBGHd0MOmMAbghFBnBKXa8LwD1dgGBng1oOakEXTftkIjdB+uwkU5P4aRrO7

vGujUtRyRCU/4fjLBDuxQL/KpQfruAQaof9uWUwh5W9fEeW3g26fzVL8AFZnbXS0

7Z0AL1H3LNcLd5rpOQJBANnI7vFu06bFxVF+kq6ZOJFMx7x3K4VGxgg+PfFEBEPS

UJ2LuDH5/Rc63BaxFzM/q3B3Jhehvgw61mMyxU7QSSUCQQC+VDuW3XEWJjSiU6KD

gEGpCyJ5SBePbLSukljpGidKkDNlkLgbWVytCVkTAmuoAz33kMWfqIiNcqQbUgVV

UnpzAkB7d0CPO0deSsy8kMdTmKXLKf4qSF0x55epYK/5MZhBYuA1ENrR6mmjW8ke

TDNc6IGm9sVvrFBz2n9kKYpWThrJAkEAk5R69DtW0cbkLy5MqEzOHQauP36gDi1L

WMXPvUfzSYTQ5aM2rrY2/1FtSSkqUwfYh9sw8eDbqVpIV4rc6dDfcwJBALiiDPT0

tz86wySJNeOiUkQm36iXVF8AckPKT9TrbC3Ho7nC8OzL7gEllETa4Zc86Z3wpcGF

BHhEDMHaihyuVgI=

-----END PRIVATE KEY-----

Bag Attributes

localKeyID: 01 00 00 00

1.3.6.1.4.1.311.17.3.92: 00 04 00 00

1.3.6.1.4.1.311.17.3.20: 7F 95 38 07 CB 0C 99 DD 41 23 26 15 8B E8

D8 4B 0A C8 7D 93

friendlyName: cos-oc-vcops

1.3.6.1.4.1.311.17.3.71: 43 00 4F 00 53 00 2D 00 4F 00 43 00 2D 00

56 00 43 00 4D 00 35 00 37 00 31 00 2E 00 76 00 6D 00 77 00 61 00

72 00 65 00 2E 00 63 00 6F 00 6D 00 00 00

1.3.6.1.4.1.311.17.3.87: 00 00 00 00 00 00 00 00 02 00 00 00 20 00

00 00 02 00 00 00 6C 00 64 00 61 00 70 00 3A 00 00 00 7B 00 41 00

45 00 35 00 44 00 44 00 33 00 44 00 30 00 2D 00 36 00 45 00 37 00

30 00 2D 00 34 00 42 00 44 00 42 00 2D 00 39 00 43 00 34 00 31 00

2D 00 31 00 43 00 34 00 41 00 38 00 44 00 43 00 42 00 30 00 38 00

42 00 46 00 7D 00 00 00 70 00 61 00 2D 00 61 00 64 00 63 00 33 00

2E 00 76 00 6D 00 77 00 61 00 72 00 65 00 2E 00 63 00 6F 00 6D 00

5C 00 56 00 4D 00 77 00 61 00 72 00 65 00 20 00 43 00 41 00 00 00

31 00 32 00 33 00 33 00 30 00 00 00

subject=/CN=cos-oc-vcops.eng.vmware.com

18 VMware, Inc.

Chapter 1 Preparing for vRealize Operations Manager Installation

issuer=/DC=com/DC=vmware/CN=VMware CA

-----BEGIN CERTIFICATE-----

MIIFWTCCBEGgAwIBAgIKSJGT5gACAAAwKjANBgkqhkiG9w0BAQUFADBBMRMwEQYK

CZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGdm13YXJlMRIwEAYDVQQD

EwlWTXdhcmUgQ0EwHhcNMTQwMjA1MTg1OTM2WhcNMTYwMjA1MTg1OTM2WjAmMSQw

Verifying a Custom vRealize Operations Manager Certificate

When you upload a custom certicate le, the vRealize Operations Manager interface displays summary information for all certicates in the le.

For a valid custom certicate le, you should be able to match issuer to subject, issuer to subject, back to a self-signed certicate where the issuer and subject are the same.

In the following example, OU=MBU,O=VMware\, Inc.,CN=vc-ops-slice-32 is issued by OU=MBU,O=VMware\,

Inc.,CN=vc-ops-intermediate-32, which is issued by OU=MBU,O=VMware\, Inc.,CN=vc-ops-clusterca_33717ac0-ad81-4a15-ac4e-e1806f0d3f84, which is issued by itself.

Thumbprint: 80:C4:84:B9:11:5B:9F:70:9F:54:99:9E:71:46:69:D3:67:31:2B:9C

Issuer Distinguished Name: OU=MBU,O=VMware\, Inc.,CN=vc-ops-intermediate-32

Subject Distinguished Name: OU=MBU,O=VMware\, Inc.,CN=vc-ops-slice-32

Subject Alternate Name:

PublicKey Algorithm: RSA

Valid From: 2015-05-07T16:25:24.000Z

Valid To: 2020-05-06T16:25:24.000Z

Thumbprint: 72:FE:95:F2:90:7C:86:24:D9:4E:12:EC:FB:10:38:7A:DA:EC:00:3A

Issuer Distinguished Name: OU=MBU,O=VMware\, Inc.,CN=vc-ops-cluster-ca_33717ac0-ad81-4a15-ac4e-

e1806f0d3f84

Subject Distinguished Name: OU=MBU,O=VMware\, Inc.,CN=vc-ops-intermediate-32

Subject Alternate Name: localhost,127.0.0.1

PublicKey Algorithm: RSA

Valid From: 2015-05-07T16:25:19.000Z

Valid To: 2020-05-06T16:25:19.000Z

Thumbprint: FA:AD:FD:91:AD:E4:F1:00:EC:4A:D4:73:81:DB:B2:D1:20:35:DB:F2

Issuer Distinguished Name: OU=MBU,O=VMware\, Inc.,CN=vc-ops-cluster-ca_33717ac0-ad81-4a15-ac4e-

e1806f0d3f84

Subject Distinguished Name: OU=MBU,O=VMware\, Inc.,CN=vc-ops-cluster-ca_33717ac0-ad81-4a15-ac4e-

e1806f0d3f84

Subject Alternate Name: localhost,127.0.0.1

PublicKey Algorithm: RSA

Valid From: 2015-05-07T16:24:45.000Z

Valid To: 2020-05-06T16:24:45.000Z

Create a Node by Deploying an OVF

vRealize Operations Manager consists of one or more nodes, in a cluster. To create nodes, you use the vSphere client to download and deploy the vRealize Operations Manager virtual machine, once for each cluster node.

Prerequisites

Verify that you have permissions to deploy OVF templates to the inventory.

If the ESXi host is part of a cluster, enable DRS in the cluster. If an ESXi host belongs to a non-DRS

cluster, all resource pool functions are disabled.

VMware, Inc. 19

vRealize Operations Manager vApp Deployment and Configuration Guide

If this node is to be the master node, reserve a static IP address for the virtual machine, and know the

associated domain name server, default gateway, and network mask values.

Plan to keep the IP address because it is dicult to change the address after installation.

If this node is to be a data node that will become the HA replica node, reserve a static IP address for the

virtual machine, and know the associated domain name server, default gateway, and network mask values.

Plan to keep the IP address because it is dicult to change the address after installation.

In addition, familiarize yourself with HA node placement as described in “About vRealize Operations

Manager High Availability,” on page 27.

Preplan your domain and machine naming so that the deployed virtual machine name will begin and

end with alphabet (a–z) or digit (0–9) characters, and will only contain alphabet, digit, or hyphen (-) characters. The underscore character (_) must not appear in the host name or anywhere in the fully qualied domain name (FQDN).

Plan to keep the name because it is dicult to change the name after installation.

For more information, review the host name specications from the Internet Engineering Task Force. See www.ietf.org.

Preplan node placement and networking to meet the requirements described in “General vRealize

Operations Manager Cluster Node Requirements,” on page 12 and “vRealize Operations Manager Cluster Node Networking Requirements,” on page 13.

If you expect the vRealize Operations Manager cluster to use IPv6 addresses, review the IPv6

limitations described in “Using IPv6 with vRealize Operations Manager,” on page 14.

Download the vRealize Operations Manager .ova le to a location that is accessible to the vSphere

client.

If you download the virtual machine and the le extension is .tar, change the le extension to .ova.

Verify that you are connected to a vCenter Server system with a vSphere client, and log in to the

vSphere client.

Do not deploy vRealize Operations Manager from an ESXi host. Deploy only from vCenter Server.

Procedure

1 Select the vSphere Deploy OVF Template option.

2 Enter the path to the vRealize Operations Manager .ova le.

3 Follow the prompts until you are asked to enter a name for the node.

4 Enter a node name. Examples might include Ops1, Ops2 or Ops-A, Ops-B.

Do not include nonstandard characters such as underscores (_) in node names.

Use a dierent name for each vRealize Operations Manager node.

5 Follow the prompts until you are asked to select a conguration size.

6 Select the size conguration that you need. Your selection does not aect disk size.

Default disk space is allocated regardless of which size you select. If you need additional space to accommodate the expected data, add more disk after deploying the vApp.

20 VMware, Inc.

Chapter 1 Preparing for vRealize Operations Manager Installation

7 Follow the prompts until you are asked to select the disk format.

Option Description

Thick Provision Lazy Zeroed

Thick Provision Eager Zeroed

Thin Provision

Creates a virtual disk in a default thick format.

Creates a type of thick virtual disk that supports clustering features such as Fault Tolerance. Thick provisioned eager-zeroed format can improve performance depending on the underlying storage subsystem.

Select the thick provisioned eager-zero option when possible.

Creates a disk in thin format. Use this format to save storage space.

Snapshots can negatively aect the performance of a virtual machine and typically result in a 25–30 percent degradation for the vRealize Operations Manager workload. Do not use snapshots.

8 Click Next.

9 From the drop-down menu, select a Destination Network, for example, Network 1 = TEST, and click

Next.

10 In Properties, under Application, Timezone Seing, leave the default of UTC or select a time zone.

The preferred approach is to standardize on UTC. Alternatively, congure all nodes to the same time zone.

11 (Optional) Select the option for IPv6.

12 Under Networking Properties, leave the entries blank for DHCP, or ll in the default gateway, domain

name server, static IP address, and network mask values.

The master node and replica node require a static IP. A data node or remote collector node may use DHCP or static IP.

13 Click Next.

14 Review the seings and click Finish.

15 If you are creating a multiple-node vRealize Operations Manager cluster, repeat Step 1 through Step 14

to deploy each node.

What to do next

Use a Web browser client to congure a newly added node as the vRealize Operations Manager master node, a data node, a high availability master replica node, or a remote collector node. The master node is required rst.

C For security, do not access vRealize Operations Manager from untrusted or unpatched clients, or from clients using browser extensions.

VMware, Inc. 21

vRealize Operations Manager vApp Deployment and Configuration Guide

22 VMware, Inc.

Creating the vRealize Operations Manager Master

Node 2

All vRealize Operations Manager installations require a master node.

This chapter includes the following topics:

“About the vRealize Operations Manager Master Node,” on page 23

“Run the Setup Wizard to Create the Master Node,” on page 23

About the vRealize Operations Manager Master Node

The master node is the required, initial node in your vRealize Operations Manager cluster.

In single-node clusters, administration and data are on the same master node. A multiple-node cluster includes one master node and one or more data nodes. In addition, there might be remote collector nodes, and there might be one replica node used for high availability.

The master node performs administration for the cluster and must be online before you congure any new nodes. In addition, the master node must be online before other nodes are brought online. If the master node and replica node go oine together, bring them back online separately. Bring the master node completely online rst, and then bring the replica node online. For example, if the entire cluster were oine for any reason, you would bring the master node online rst.

Creating the Master Node (hp://link.brightcove.com/services/player/bcpid2296383276001?

bctid=ref:video_vrops_create_master_node)

Run the Setup Wizard to Create the Master Node

All vRealize Operations Manager installations require a master node. With a single node cluster, administration and data functions are on the same master node. A multiple-node vRealize Operations Manager cluster contains one master node and one or more nodes for handling additional data.

Prerequisites

Create a node by deploying the vRealize Operations Manager vApp.

After it is deployed, note the fully qualied domain name (FQDN) or IP address of the node.

If you plan to use a custom authentication certicate, verify that your certicate le meets the

requirements for vRealize Operations Manager. See “Custom vRealize Operations Manager

Certicates,” on page 16.

VMware, Inc.

vRealize Operations Manager vApp Deployment and Configuration Guide

Procedure

1 Navigate to the name or IP address of the node that will be the master node of

vRealize Operations Manager.

The setup wizard appears, and you do not need to log in to vRealize Operations Manager.

2 Click New Installation.

3 Click Next.

4 Enter and conrm a password for the admin user account, and click Next.

Passwords require a minimum of 8 characters, one uppercase leer, one lowercase leer, one digit, and one special character.

The user account name is admin by default and cannot be changed.

5 Select whether to use the certicate included with vRealize Operations Manager or to install one of your

own.

a To use your own certicate, click Browse, locate the certicate le, and click Open to load the le in

the Certicate Information text box.

b Review the information detected from your certicate to verify that it meets the requirements for

vRealize Operations Manager.

6 Click Next.

7 Enter a name for the master node.

For example: Ops-Master

8 Enter the URL or IP address for the Network Time Protocol (NTP) server with which the cluster will

synchronize.

For example: time.nist.gov

9 Click Add.

Leave the NTP blank to have vRealize Operations Manager manage its own synchronization by having all nodes synchronize with the master node and replica node.

10 Click Next, and click Finish.

The administration interface appears, and it takes a moment for vRealize Operations Manager to nish adding the master node.

What to do next

After creating the master node, you have the following options.

Create and add data nodes to the unstarted cluster.

Create and add remote collector nodes to the unstarted cluster.

Click Start vRealize Operations Manager to start the single-node cluster, and log in to nish

conguring the product.

The cluster might take from 10 to 30 minutes to start, depending on the size of your cluster and nodes. Do not make changes or perform any actions on cluster nodes while the cluster is starting.

24 VMware, Inc.

Scaling vRealize Operations Manager

Out by Adding a Data Node 3

You can deploy and congure additional nodes so that vRealize Operations Manager can support larger environments.

This chapter includes the following topics:

“About vRealize Operations Manager Data Nodes,” on page 25

“Run the Setup Wizard to Add a Data Node,” on page 25

About vRealize Operations Manager Data Nodes

Data nodes are the additional cluster nodes that allow you to scale out vRealize Operations Manager to monitor larger environments.

A data node always shares the load of performing vRealize Operations Manager analysis and might also have a solution adapter installed to perform collection and data storage from the environment. You must have a master node before you add data nodes.

You can dynamically scale out vRealize Operations Manager by adding data nodes without stopping the vRealize Operations Manager cluster. When you scale out the cluster by 25% or more, you should restart the cluster to allow vRealize Operations Manager to update its storage size, and you might notice a decrease in performance until you restart. A maintenance interval provides a good opportunity to restart the vRealize Operations Manager cluster.

In addition, the product administration options include an option to re-balance the cluster, which can be done without restarting. Rebalancing adjusts the vRealize Operations Manager workload across the cluster nodes.

N Do not shut down online cluster nodes externally or by using any means other than the vRealize Operations Manager interface. Shut down a node externally only after taking it oine in the vRealize Operations Manager interface.

Creating a Data Node (hp://link.brightcove.com/services/player/bcpid2296383276001?

bctid=ref:video_vrops_create_data_node)

Run the Setup Wizard to Add a Data Node

Larger environments with multiple-node vRealize Operations Manager clusters contain one master node and one or more data nodes for additional data collection, storage, processing, and analysis.

Prerequisites

Create nodes by deploying the vRealize Operations Manager vApp.

VMware, Inc.

vRealize Operations Manager vApp Deployment and Configuration Guide

Create and congure the master node.

Note the fully qualied domain name (FQDN) or IP address of the master node.

Procedure

1 In a Web browser, navigate to the name or IP address of the node that will become the data node.

The setup wizard appears, and you do not need to log in to vRealize Operations Manager.

2 Click Expand an Existing Installation.

3 Click Next.

4 Enter a name for the node (for example, Data-1).

5 From the Node Type drop-down, select Data.

6 Enter the FQDN or IP address of the master node and click Validate.

7 Select Accept this  and click Next.

If necessary, locate the certicate on the master node and verify the thumbprint.

8 Verify the vRealize Operations Manager administrator username of admin.

9 Enter the vRealize Operations Manager administrator password.

Alternatively, instead of a password, type a pass-phrase that you were given by your vRealize Operations Manager administrator.

10 Click Next, and click Finish.

The administration interface appears, and it takes a moment for vRealize Operations Manager to nish adding the data node.

What to do next

After creating a data node, you have the following options.

New, unstarted clusters:

Create and add more data nodes.

Create and add remote collector nodes.

Create a high availability master replica node.

Click Start vRealize Operations Manager to start the cluster, and log in to nish conguring the

product.

The cluster might take from 10 to 30 minutes to start, depending on the size of your cluster and nodes. Do not make changes or perform any actions on cluster nodes while the cluster is starting.

Established, running clusters:

Create and add more data nodes.

Create and add remote collector nodes.

Create a high availability master replica node, which requires a cluster restart.

26 VMware, Inc.

Adding High Availability to

vRealize Operations Manager 4

You can dedicate one vRealize Operations Manager cluster node to serve as a replica node for the vRealize Operations Manager master node.

This chapter includes the following topics:

“About vRealize Operations Manager High Availability,” on page 27

“Run the Setup Wizard to Add a Master Replica Node,” on page 28

About vRealize Operations Manager High Availability

vRealize Operations Manager supports high availability (HA). HA creates a replica for the vRealize Operations Manager master node and protects the analytics cluster against the loss of a node.

With HA, data stored on the master node is always 100% backed up on the replica node. To enable HA, you must have at least one data node deployed, in addition to the master node.

HA is not a disaster recovery mechanism. HA protects the analytics cluster against the loss of only one

node, and because only one loss is supported, you cannot stretch nodes across vSphere clusters in an aempt to isolate nodes or build failure zones.

When HA is enabled, the replica can take over all functions that the master provides, were the master to

fail for any reason. If the master fails, failover to the replica is automatic and requires only two to three minutes of vRealize Operations Manager downtime to resume operations and restart data collection.

When a master node problem causes failover, the replica node becomes the master node, and the cluster runs in degraded mode. To get out of degraded mode, take one of the following steps.

Return to HA mode by correcting the problem with the master node, which allows

vRealize Operations Manager to congure the node as the new replica node.

Return to HA mode by converting a data node into a new replica node and then removing the old,

failed master node. Removed master nodes cannot be repaired and re-added to vRealize Operations Manager.

Change to non-HA operation by disabling HA and then removing the old, failed master node.

Removed master nodes cannot be repaired and re-added to vRealize Operations Manager.

In the administration interface, after an HA replica node takes over and becomes the new master node,

you cannot remove the previous, oine master node from the cluster. In addition, the previous node continues to be listed as a master node. To refresh the display and enable removal of the node, refresh the browser.

VMware, Inc.

vRealize Operations Manager vApp Deployment and Configuration Guide

When HA is enabled, the cluster can survive the loss of one data node without losing any data.

However, HA protects against the loss of only one node at a time, of any kind, so simultaneously losing data and master/replica nodes, or two or more data nodes, is not supported. Instead, vRealize Operations Manager HA provides additional application level data protection to ensure application level availability.

When HA is enabled, it lowers vRealize Operations Manager capacity and processing by half, because

HA creates a redundant copy of data throughout the cluster, as well as the replica backup of the master node. Consider your potential use of HA when planning the number and size of your vRealize Operations Manager cluster nodes. See “Sizing the vRealize Operations Manager Cluster,” on page 15.

When HA is enabled, deploy analytics cluster nodes on separate hosts for redundancy and isolation.

One option is to use anti-anity rules that keep nodes on specic hosts in the vSphere cluster.

If you cannot keep the nodes separate, you should not enable HA. A host fault would cause the loss of more than one node, which is not supported, and all of vRealize Operations Manager would become unavailable.

The opposite is also true. Without HA, you could keep nodes on the same host, and it would not make a dierence. Without HA, the loss of even one node would make all of vRealize Operations Manager unavailable.

When you power o the data node and change the network seings of the VM, this aects the IP

address of the data node. After this point, the HA cluster is no longer accessible and all the nodes have a status of "Waiting for analytics". Verify that you have used a static IP address.

Creating a Replica Node for High Availability (hp://link.brightcove.com/services/player/bcpid2296383276001?

bctid=ref:video_vrops_create_replica_node_ha)

Run the Setup Wizard to Add a Master Replica Node

You can convert a vRealize Operations Manager data node to a replica of the master node, which adds high availability (HA) for vRealize Operations Manager.

N If the cluster is running, enabling HA restarts the cluster.

If you convert a data node that is already in use for data collection and analysis, adapters and data connections that were provided through that data node fail over to other data nodes.

You may add HA to the vRealize Operations Manager cluster at installation time or after vRealize Operations Manager is up and running. Adding HA at installation is less intrusive because the cluster has not yet started.

Prerequisites

Create nodes by deploying the vRealize Operations Manager vApp.

Create and congure the master node.

Create and congure a data node with a static IP address.

Note the fully qualied domain name (FQDN) or IP address of the master node.

Procedure

1 In a Web browser, navigate to the master node administration interface.

https://master-node-name-or-ip-address/admin

2 Enter the vRealize Operations Manager administrator username of admin.

28 VMware, Inc.

Chapter 4 Adding High Availability to vRealize Operations Manager

3 Enter the vRealize Operations Manager administrator password and click Log In.

4 Under High Availability, click Enable.

5 Select a data node to serve as the replica for the master node.

6 Select the Enable High Availability for this cluster option, and click OK.

If the cluster was online, the administration interface displays progress as vRealize Operations Manager congures, synchronizes, and rebalances the cluster for HA.

7 If the master node and replica node go oine, and the master remains oine for any reason while the

replica goes online, the replica node does not take over the master role, take the entire cluster oine, including data nodes and log in to the replica node command line console as a root.

8 Open $ALIVE_BASE/persistence/persistence.properties in a text editor.

9 Locate and set the following properties:

db.role=MASTER

db.driver=/data/vcops/xdb/vcops.bootstrap

10 Save and close persistence.properties.

11 In the administration interface, bring the replica node online, and verify that it becomes the master

node and bring the remaining cluster nodes online.

What to do next

After creating a master replica node, you have the following options.

New, unstarted clusters:

Create and add data nodes.

Create and add remote collector nodes.

Click Start vRealize Operations Manager to start the cluster, and log in to nish conguring the

product.

The cluster might take from 10 to 30 minutes to start, depending on the size of your cluster and nodes. Do not make changes or perform any actions on cluster nodes while the cluster is starting.

Established, running clusters:

Create and add data nodes.

Create and add remote collector nodes.

VMware, Inc. 29

vRealize Operations Manager vApp Deployment and Configuration Guide

30 VMware, Inc.

Gathering More Data by Adding a vRealize Operations Manager Remote

Collector Node 5

You deploy and congure remote collector nodes so that vRealize Operations Manager can add to its inventory of objects to monitor without increasing the processing load on vRealize Operations Manager analytics.

This chapter includes the following topics:

“About vRealize Operations Manager Remote Collector Nodes,” on page 31

“Run the Setup Wizard to Create a Remote Collector Node,” on page 31

About vRealize Operations Manager Remote Collector Nodes

A remote collector node is an additional cluster node that allows vRealize Operations Manager to gather more objects into its inventory for monitoring. Unlike data nodes, remote collector nodes only include the collector role of vRealize Operations Manager, without storing data or processing any analytics functions.

A remote collector node is usually deployed to navigate rewalls, reduce bandwidth across data centers, connect to remote data sources, or reduce the load on the vRealize Operations Manager analytics cluster.

Remote collectors do not buer data while the network is experiencing a problem. If the connection between remote collector and analytics cluster is lost, the remote collector does not store data points that occur during that time. In turn, and after the connection is restored, vRealize Operations Manager does not retroactively incorporate associated events from that time into any monitoring or analysis.

You must have at least a master node before adding remote collector nodes.

Run the Setup Wizard to Create a Remote Collector Node

In distributed vRealize Operations Manager environments, remote collector nodes increase the inventory of objects that you can monitor without increasing the load on vRealize Operations Manager in terms of data storage, processing, or analysis.

Prerequisites

Create nodes by deploying the vRealize Operations Manager vApp.

During vApp deployment, select a remote collector size option.

Create and congure the master node.

Note the fully qualied domain name (FQDN) or IP address of the master node.

VMware, Inc.

vRealize Operations Manager vApp Deployment and Configuration Guide

Procedure

1 In a Web browser, navigate to the name or IP address of the deployed OVF that will become the remote

collector node.

The setup wizard appears, and you do not need to log in to vRealize Operations Manager.

2 Click Expand an Existing Installation.

3 Click Next.

4 Enter a name for the node, for example, Remote-1.

5 From the Node Type drop-down menu, select Remote Collector.

6 Enter the FQDN or IP address of the master node and click Validate.

7 Select Accept this  and click Next.

If necessary, locate the certicate on the master node and verify the thumbprint.

8 Verify the vRealize Operations Manager administrator username of admin.

9 Enter the vRealize Operations Manager administrator password.

Alternatively, instead of a password, type a passphrase that you were given by the vRealize Operations Manager administrator.

10 Click Next, and click Finish.

The administration interface appears, and it takes several minutes for vRealize Operations Manager to nish adding the remote collector node.

What to do next

After creating a remote collector node, you have the following options.

New, unstarted clusters:

Create and add data nodes.

Create and add more remote collector nodes.

Create a high availability master replica node.

Click Start vRealize Operations Manager to start the cluster, and log in to nish conguring the

product.

The cluster might take from 10 to 30 minutes to start, depending on the size of your cluster and nodes. Do not make changes or perform any actions on cluster nodes while the cluster is starting.

Established, running clusters:

Create and add data nodes.

Create and add more remote collector nodes.

Create a high availability master replica node, which requires a cluster restart.

32 VMware, Inc.

Continuing With a New vRealize Operations Manager

Installation 6

After you deploy the vRealize Operations Manager nodes and complete the initial setup, you continue with installation by logging in for the rst time and conguring a few seings.

This chapter includes the following topics:

“About New vRealize Operations Manager Installations,” on page 33

“Log In and Continue with a New Installation,” on page 33

About New vRealize Operations Manager Installations

A new vRealize Operations Manager installation requires that you deploy and congure nodes. Then, you add solutions for the kinds of objects to monitor and manage.

After you add solutions, you congure them in the product and add monitoring policies that gather the kind of data that you want.

Logging In for the First Time (hp://link.brightcove.com/services/player/bcpid2296383276001?

bctid=ref:video_vrops_rst_time_login)

Log In and Continue with a New Installation

To nish a new vRealize Operations Manager installation, you log in and complete a one-time process to license the product and congure solutions for the kinds of objects that you want to monitor.

Prerequisites

Create the new cluster of vRealize Operations Manager nodes.

Verify that the cluster has enough capacity to monitor your environment. See “Sizing the vRealize

Operations Manager Cluster,” on page 15.

Procedure

1 In a Web browser, navigate to the IP address or fully qualied domain name of the master node.

2 Enter the username admin and the password that you dened when you congured the master node,

and click Login.

Because this is the rst time you are logging in, the administration interface appears.

3 To start the cluster, click Start vRealize Operations Manager.

4 Click Yes.

The cluster might take from 10 to 30 minutes to start, depending on your environment. Do not make changes or perform any actions on cluster nodes while the cluster is starting.

VMware, Inc.

vRealize Operations Manager vApp Deployment and Configuration Guide

5 When the cluster nishes starting and the product login page appears, enter the admin username and

password again, and click Login.

A one-time licensing wizard appears.

6 Click Next.

7 Read and accept the End User License Agreement, and click Next.

8 Enter your product key, or select the option to run vRealize Operations Manager in evaluation mode.

Your level of product license determines what solutions you may install to monitor and manage objects.

Standard. vCenter only

Advanced. vCenter plus other infrastructure solutions

Enterprise. All solutions

vRealize Operations Manager does not license managed objects in the same way that vSphere does, so there is no object count when you license the product.

N When you transition to the Standard edition, you no longer have the Advanced and Enterprise features. After the transition, delete any content that you created in the other versions to ensure that you comply with EULA and verify the license key which supports the Advanced and Enterprise features.

9 If you entered a product key, click Validate License Key.

10 Click Next.

11 Select whether or not to return usage statistics to VMware, and click Next.

12 Click Finish.

The one-time wizard nishes, and the vRealize Operations Manager interface appears.

What to do next

Use the vRealize Operations Manager interface to congure the solutions that are included with the

product.

Use the vRealize Operations Manager interface to add more solutions.

Use the vRealize Operations Manager interface to add monitoring policies.

34 VMware, Inc.

Connecting vRealize Operations Manager to Data

Sources 7

Congure solutions in vRealize Operations Manager to connect to and analyze data from external data sources in your environment. Once connected, you use vRealize Operations Manager to monitor and manage objects in your environment.

A solution might be only a connection to a data source, or it might include predened dashboards, widgets, alerts, and views.

vRealize Operations Manager includes the VMware vSphere and Endpoint Operations Management solutions. These solutions are installed when you install vRealize Operations Manager.

Other solutions can be added to vRealize Operations Manager as management packs, such as the VMware Management Pack for NSX for vSphere. To download VMware management packs and other third-party solutions, visit the VMware Solution Exchange.

This chapter includes the following topics:

“VMware vSphere Solution in vRealize Operations Manager,” on page 35

“Endpoint Operations Management Solution in vRealize Operations Manager,” on page 39

“Installing Optional Solutions in vRealize Operations Manager,” on page 78

“Migrate a vCenter Operations Manager Deployment into this Version,” on page 79

VMware vSphere Solution in vRealize Operations Manager

The VMware vSphere solution connects vRealize Operations Manager to vCenter Server instances. You collect data and metrics from those instances, monitor them, and run actions in them.

vRealize Operations Manager evaluates the data in your environment, identifying trends in object behavior, calculating possible problems and future capacity for objects in your system based on those trends, and alerting you when an object exhibits dened symptoms. The vSphere solution includes actions that you can run on the vCenter Server from vRealize Operations Manager to manage those objects as you respond to problems and alerts. Actions are run from toolbars in vRealize Operations Manager.

VMware, Inc.

Configure and manage

vCenter adapter instances in

one central workplace

Configure user access so that

users can run actions on objects

in vCenter Server from vRealize

Operations Manager

Enable/disable actions

Update the default monitoring policy

Add vCenter adapter instances

Configure the vSphere Solution to

connect vRealize Operations Manager

to one or more vCenter instances

To begin, access Administration > Solutions

Create roles with permissions to determine who can access actions

Create user groups, and assign them action-specific roles and access to adapter instances

vRealize Operations Manager vApp Deployment and Configuration Guide

Configuring the vSphere Solution

The vSphere solution is provided with vRealize Operations Manager. It includes the vCenter Server adapter. To congure the vSphere solution, you congure one or more vCenter Server adapter instances, and congure user access so that users can run actions.

How Adapter Credentials Work

The vCenter Server credentials that you use to connect vRealize Operations Manager to a vCenter Server instance, determines what objects vRealize Operations Manager monitors. Understand how these adapter credentials and user privileges interact to ensure that you congure adapters and users correctly, and to avoid some of the following issues.

If you congure the adapter to connect to a vCenter Server instance with credentials that have

permission to access only one of your three hosts, every user who logs in to vRealize Operations Manager sees only the one host, even when an individual user has privileges on all three of the hosts in the vCenter Server.

If the provided credentials have limited access to objects in the vCenter Server, even

vRealize Operations Manager administrative users can run actions only on the objects for which the vCenter Server credentials have permission.

If the provided credentials have access to all the objects in the vCenter Server, any

vRealize Operations Manager user who runs actions is using this account.

Controlling User Access to Actions

You control user access for local users based on how you congure user privileges in vRealize Operations Manager. If users log in using their vCenter Server account, then the way their account is congured in vCenter Server determines their privileges.

36 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

For example, you might have a vCenter Server user with a read-only role in vCenter Server. If you give this user the vRealize Operations Manager Power User role in vCenter Server rather than a more restrictive role, the user can run actions on objects because the adapter is congured with credentials that has privileges to change objects. To avoid this type of unexpected result, congure local vRealize Operations Manager users and vCenter Server users with the privileges you want them to have in your environment.

Add a vCenter Adapter Instance in vRealize Operations Manager

To manage your vCenter Server instances in vRealize Operations Manager, you must congure an adapter instance for each vCenter Server instance. The adapter requires the credentials that are used for communication with the target vCenter Server.

C Any adapter credentials you add are shared with other adapter administrators and vRealize Operations Manager collector hosts. Other administrators might use these credentials to congure a new adapter instance or to move an adapter instance to a new host.

Congure the vSphere Solution (hp://link.brightcove.com/services/player/bcpid2296383276001?

bctid=ref:video_cong_vsphere_solution)

Prerequisites

Verify that you know the vCenter Server credentials that have sucient privileges to connect and collect data. If the provided credentials have limited access to objects in vCenter Server, all users, regardless of their vCenter Server privileges see only the objects that the provided credentials can access. At a minimum, the user account must have Read privileges and the Read privileges must be assigned at the data center or vCenter Server level.

Procedure

1 In the left pane of vRealize Operations Manager, click the Administration icon and click Solutions.

2 On the Solutions tab, select VMware vSphere and click the  buon on the toolbar.

3 Enter a display name and description for the adapter instance.

4 In the vCenter Server text box, enter the FQDN or IP address of the vCenter Server instance to which

you are connecting.

The vCenter Server FQDN or IP address must be reachable from all nodes in the vRealize Operations Manager cluster.

5 To add credentials for the vCenter Server instance, click the Add icon, and enter the required

credentials.

6 The adapter is congured to run actions on objects in the vCenter Server from

vRealize Operations Manager. If you do not want to run actions, select Disable.

The credentials provided for the vCenter Server instance are also used to run actions. If you do not want to use these credentials, you can provide alternative credentials by expanding Alternate Action Credentials, and clicking the Add icon.

7 Click Test Connection to validate the connection with your vCenter Server instance.

8 In the Review and Accept Certicate dialog box, review the certicate information.

If the certicate presented in the dialog box matches the certicate for your target vCenter Server,

click OK.

If you do not recognize the certicate as valid, click Cancel. The test fails and the connection to

vCenter Server is not completed. You must provide a valid vCenter Server URL or verify the certicate on the vCenter Server is valid before completing the adapter conguration.

VMware, Inc. 37

vRealize Operations Manager vApp Deployment and Configuration Guide

9 To modify the advanced options regarding collectors, object discovery, or change events, expand the

Advanced .

10 To adjust the default monitoring policy that vRealize Operations Manager uses to analyze and display

information about the objects in your environment, click  Monitoring Goals.

If you want to customize this policy, access the policy in the Policies page.

11 To manage the registration of vCenter instances, click Manage Registration.

You can provide alternative credentials, or select the Use collection credentials check box to use the credentials specied when conguring this vCenter Server adapter instance.

12 Click Save .

The adapter instance is added to the list.

vRealize Operations Manager begins collecting data from the vCenter Server instance. Depending on the number of managed objects, the initial collection can take more than one collection cycle. A standard collection cycle begins every ve minutes.

What to do next

If you congured the adapter to run actions, congure user access for the actions by creating action roles and user groups.

Configure User Access for Actions

To ensure that users can run actions in vRealize Operations Manager, you must congure user access to the actions.

You use role permissions to control who can run actions. You can create multiple roles. Each role can give users permissions to run dierent subsets of actions. Users who hold the Administrator role or the default super user role already have the required permissions to run actions.

You can create user groups to add action-specic roles to a group rather than conguring individual user privileges.

Procedure

1 In the left pane of vRealize Operations Manager, click Administration > Access Control.

2 To create a role:

a Click the Roles tab.

b Click the Add icon, and enter a name and description for the role.

3 To apply permissions to the role, select the role, and in the Permissions pane, click the Edit icon.

a Expand Environment, and then expand Action.

b Select one or more of the actions, and click Update.

4 To create a user group:

a Click the User Groups tab, and click the Add icon.

b Enter a name for the group and a description, and click Next.

c Assign users to the group, and click the Objects tab.

d Select a role that has been created with permissions to run actions, and select the Assign this role

to the user check box.

38 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

e Congure the object privileges by selecting each adapter instance to which the group needs access

to run actions.

f Click Finish.

What to do next

Test the users that you assigned to the group. Log out, and log back in as one of the users. Verify that this user can run the expected actions on the selected adapter.

Endpoint Operations Management Solution in vRealize Operations Manager

You congure Endpoint Operations Management to gather operating system metrics and to monitor availability of remote platforms and applications. This solution is installed with vRealize Operations Manager.

Endpoint Operations Management Agent Installation and Deployment

Use the information in these links to help you to install and deploy Endpoint Operations Management agents in your environment.

Prepare to Install the Endpoint Operations Management Agent

Before you can install the Endpoint Operations Management agent, you must perform preparatory tasks.

Prerequisites

To congure the agent to use a keystore that you manage yourself for SSL communication, set up a JKS-

format keystore for the agent on its host and import its SSL certicate. Make a note of the full path to the keystore, and its password. You must specify this data in the agent's agent.properties le.

Verify that the agent keystore password and the private key password are identical.

Dene the agent HQ_JAVA_HOME location.

vRealize Operations Manager platform-specic installers include JRE 1.8.x . Depending on your environment and the installer you use, you may need to dene the location of the JRE to ensure that the agent can nd the JRE to use. See “Conguring JRE Locations for Endpoint Operations Management

Components,” on page 46.

Supported Operating Systems for the Endpoint Operations Management Agent

These tables describe the supported operating systems for Endpoint Operations Management agent deployments.

These congurations are supported for the agent in both development and production environments.

Table 7‑1. Supported Operating Systems for the Endpoint Operations Management Agent

Operating System Processor Architecture JVM

RedHat Enterprise Linux (RHEL) 5.x,

6.x, 7.x

CentOS 5.x, 6.x, 7.x x86_64, x86_32 Oracle Java SE8

SUSE Enterprise Linux (SLES) 11.x,

12.x

Windows 2008 Server, 2008 Server R2 x86_64, x86_32 Oracle Java SE8

Windows 2012 Server, 2012 Server R2 x86_64 Oracle Java SE8

x86_64, x86_32 Oracle Java SE8

x86_64 Oracle Java SE8

VMware, Inc. 39

vRealize Operations Manager vApp Deployment and Configuration Guide

Table 7‑1. Supported Operating Systems for the Endpoint Operations Management Agent (Continued)

Operating System Processor Architecture JVM

Solaris 10, 11 x86_64, SPARC Oracle Java SE7

AIX 6.1, 7.1 Power PC IBM Java SE7

VMware Photon Linux 1. 0 x86_64 Open JDK 1.8.0_72-BLFS

Oracle Linux versions 5, 6, 7 x86_64, x86_32 Open JDK Runtime Environment 1.7

Selecting an Agent Installer Package

The Endpoint Operations Management agent installation les are included in the vRealize Operations Manager installation package.

You can install the Endpoint Operations Management agent from a tar.gz or .zip archive, or from an operating system-specic installer for Windows or for Linux-like systems that support RPM.

Note that when you install a non-JRE version of Endpoint Operations Management agent, to avoid being exposed to security risks related to earlier versions of Java, VMware recommends that you only use the latest Java version.

Install the Agent on a Linux Platform from an RPM Package on page 40

You can install the Endpoint Operations Management agent from a RedHat Package Manager (RPM) package. The agent in the noarchpackage does not include a JRE.

Install the Agent on a Linux Platform from an Archive on page 42

You can install an Endpoint Operations Management agent on a Linux platform from a tar.gz archive.

Install the Agent on a Windows Platform from an Archive on page 43

You can install an Endpoint Operations Management agent on a Windows platform from a .zip le.

Install the Agent on a Windows Platform Using the Windows Installer on page 43

You can install the Endpoint Operations Management agent on a Windows platform using a Windows installer.

Installing an Endpoint Operations Management Agent Silently on a Windows Machine on page 44

You can install an Endpoint Operations Management agent on a Windows machine using silent or very silent installation.

Install the Agent on a Linux Platform from an RPM Package

You can install the Endpoint Operations Management agent from a RedHat Package Manager (RPM) package. The agent in the noarchpackage does not include a JRE.

Agent-only archives are useful when you deploy agents to a large number of platforms with various operating systems and architectures. Agent archives are available for Windows and UNIX-like environments, with and without built-in JREs.

The RPM performs the following actions:

Creates a user and group named epops if they do not exist. The user is a service account that is locked

and you cannot log into it.

Installs the agent les into /opt/vmware/epops-agent.

Installs an init script to /etc/init.d/epops-agent.

Adds the init script to chkconfig and sets it to on for run levels 2, 3, 4, and 5.

If you have multiple agents to install, see “Install Multiple Endpoint Operations Management Agents

Simultaneously,” on page 71.

40 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Prerequisites

Verify that you have sucient privileges to deploy an Endpoint Operations Management agent. You

must have vRealize Operations Manager user credentials that include a role that allows you to install Endpoint Operations Management agents. See “Roles and Privileges in vRealize Operations Manager,” on page 74.

If you plan to run ICMP checks, you must install the Endpoint Operations Management agent with root

privileges.

To congure the agent to use a keystore that you manage yourself for SSL communication, set up a JKS-

format keystore for the agent on its host and congure the agent to use its SSL certicate. Note the full path to the keystore, and its password. You must specify this data in the agent agent.properties le.

Verify that the agent keystore password and the private key password are identical.

If you are installing a non-JRE package, dene the agent HQ_JAVA_HOME location.

Endpoint Operations Management platform-specic installers include JRE 1.8.x. Platform-independent installers do not. Depending on your environment and the installer you use, you might need to dene the location of the JRE to ensure that the agent can nd the JRE to use. See “Conguring JRE Locations

for Endpoint Operations Management Components,” on page 46.

If you are installing a non-JRE package, verify that you are using the latest Java version. You might be

exposed to security risks with earlier versions of Java.

Verify that the installation directory for the Endpoint Operations Management agent does not contain a

vRealize Hyperic agent installation.

If you are using the noarch installation, verify that a JDK or JRE is installed on the platform.

Verify that you use only ASCII characters when specifying the agent installation path. If you want to

use non-ASCII characters, you must set the encoding of the Linux machine and SSH client application to UTF-8.

Procedure

1 Download the appropriate RPM bundle to the target machine.

Operating System RPM Bundle to Download

64bit Operating System

32bit Operating System

No Arch

epops-agent-x86-64-linux-version.rpm

epops-agent-x86-linux-version.rpm

epops-agent-noarch-linux-version.rpm

2 Open an SSH connection using root credentials.

3 Run rpm -i epops-agent-Arch-linux-version.rpm to install the agent on the platform that the agent

will monitor, where Arch is the name of the archive and version is the version number.

The Endpoint Operations Management agent is installed, and the service is congured to start at boot.

What to do next

Before you start the service, verify that the epops user credentials include any permissions that are required to enable your plug-ins to discover and monitor their applications, then perform one of the following processes.

Run service epops-agent start to start the epops-agent service.

If you installed the Endpoint Operations Management agent on a machine running SuSE 12.x, start the

Endpoint Operations Management agent by running the [EP Ops Home]/bin/ep-agent.sh start command.

VMware, Inc. 41

vRealize Operations Manager vApp Deployment and Configuration Guide

When you aempt to start an Endpoint Operations Management agent you might receive a message

that the agent is already running. Run ./bin/ep-agent.sh stop before starting the agent.

Congure the agent in the agent.properties le, then start the service. See “Activate Endpoint

Operations Management Agent to vRealize Operations Manager Server Setup Properties,” on page 48.

Install the Agent on a Linux Platform from an Archive

You can install an Endpoint Operations Management agent on a Linux platform from a tar.gz archive.

By default, during installation, the setup process prompts you to provide conguration values. You can automate this process by specifying the values in the agent properties le. If the installer detects values in the properties le, it applies those values. Subsequent deployments also use the values specied in the agent properties le.

Prerequisites

Verify that you have sucient privileges to deploy an Endpoint Operations Management agent. You

If you plan to run ICMP checks, you must install the Endpoint Operations Management agent with root

privileges.

Verify that the installation directory for the Endpoint Operations Management agent does not contain a

vRealize Hyperic agent installation.

Verify that you use only ASCII characters when specifying the agent installation path. If you want to

use non-ASCII characters, you must set the encoding of the Linux machine and SSH client application to UTF-8.

Procedure

1 Download and extract the Endpoint Operations Management agent installation tar.gz le that is

appropriate for your Linux operating system.

Operating System

64bit Operating System

32bit Operating System

No Arch

tar.gz Bundle to Download

epops-agent-x86-64-linux-version.tar.gz

epops-agent-x86-linux-version.tar.gz

epops-agent-noJRE-version.tar.gz

2 Run cd agent name/bin to open the bin directory for the agent.

3 Run ep-agent.sh start.

The rst time that you install the agent, the command launches the setup process, unless you already specied all the required conguration values in the agent properties le.

4 (Optional) Run ep-agent.sh status to view the current status of the agent, including the IP address

and port.

What to do next

42 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Install the Agent on a Windows Platform from an Archive

You can install an Endpoint Operations Management agent on a Windows platform from a .zip le.

Prerequisites

Verify that you have sucient privileges to deploy a Endpoint Operations Management agent. You

Verify that the installation directory for the Endpoint Operations Management agent does not contain a

vRealize Hyperic agent installation.

Verify that you do not have any Endpoint Operations Management or vRealize Hyperic agent installed

on your environment before running the agent Windows installer.

Procedure

1 Download and extract the Endpoint Operations Management agent installation .zip le that is

appropriate for your Windows operating system.

Operating System

64bit Operating System

32bit Operating System

No Arch

ZIP Bundle to Download

epops-agent-x86-64-win-version.zip

epops-agent-win32-version.zip

epops-agent-noJRE-version.zip

2 Run cd agent name\bin to open the bin directory for the agent.

3 Run ep-agent.bat install.

4 Run ep-agent.bat start.

The rst time that you install the agent, the command starts the setup process, unless you already specied the conguration values in the agent properties le.

What to do next

Generate the client certicate for the agent. See “Regenerate an Agent Client Certicate,” on page 66.

Install the Agent on a Windows Platform Using the Windows Installer

You can install the Endpoint Operations Management agent on a Windows platform using a Windows installer.

You can perform a silent installation of the agent. See “Installing an Endpoint Operations Management

Agent Silently on a Windows Machine,” on page 44.

Prerequisites

Verify that you have sucient privileges to deploy an Endpoint Operations Management agent. You

Verify that the installation directory for the Endpoint Operations Management agent does not contain a

vRealize Hyperic agent installation.

VMware, Inc. 43

vRealize Operations Manager vApp Deployment and Configuration Guide

If you already have an Endpoint Operations Management agent installed on the machine, verify that it

is not running.

Verify that you do not have any Endpoint Operations Management or vRealize Hyperic agent installed

on your environment before running the agent Windows installer.

You must know the user name and password for the vRealize Operations Manager, the

vRealize Operations Manager server address (FQDN), and the server certicate thumbprint value. You can see additional information about the certicate thumbprint in the procedure.

Procedure

1 Download the Windows installation EXE le that is appropriate for your Windows platform.

Operating System RPM Bundle to Download

64bit Operating System

32bit Operating System

epops-agent-x86-64-win-version.exe

epops-agent-x86-win-version.exe

2 Double-click the le to open the installation wizard.

3 Complete the steps in the installation wizard.

Verify that the user and system locales are identical, and that the installation path contains only characters that are part of the system locale's code page. You can set user and system locales in the Regional Options or Regional Seings control panel.

Note the following information related to dening the server certicate thumbprint.

The server certicate thumbprint is required to run a silent installation.

Either the SHA1 or SHA256 algorithm can be used for the thumbprint.

By default, the vRealize Operations Manager server generates a self-signed CA certicate that is

used to sign the certicate of all the nodes in the cluster. In this case, the thumbprint must be the thumbprint of the CA certicate, to allow for the agent to communicate with all nodes.

As a vRealize Operations Manager administrator, you can import a custom certicate instead of

using the default. In this instance, you must specify a thumbprint corresponding to that certicate as the value of this property.

To view the certicate thumbprint value, log into the vRealize Operations Manager Administration

interface at https://IP Address/admin and click the SSL  icon located on the right of the menu bar. Unless you replaced the original certicate with a custom certicate, the second thumbprint in the list is the correct one. If you did upload a custom certicate, the rst thumbprint in the list is the correct one.

4 (Optional) Run ep-agent.bat query to verify if the agent is installed and running.

The agent begins running on the Windows platform.

C The agent will run even if some of the parameters that you provided in the installation wizard are missing or invalid. Check the wrapper.log and agent.log les in the product installation path/log directory to verify that there are no installation errors.

Installing an Endpoint Operations Management Agent Silently on a Windows Machine

You can install an Endpoint Operations Management agent on a Windows machine using silent or very silent installation.

Silent and very silent installations are performed from a command line interface using a setup installer executable le.

44 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Verify that you do not have any Endpoint Operations Management or vRealize Hyperic agent installed on your environment before running the agent Windows installer.

Use the following parameters to set up the installation process. For more information about these parameters, see “Specify the Endpoint Operations Management Agent Setup Properties,” on page 49.

C The parameters that you specify for the Windows installer are passed to the agent conguration without validation. If you provide an incorrect IP address or user credentials, the Endpoint Operations Management agent cannot start.

Table 7‑2. Silent Command Line Installer Parameters

Mandator

Parameter Value

-serverAddress

-username

-securePort

-password

-serverCertificateThumbprint

FQDN/iP address

string Mandatory

number Optional

string Mandatory

string Mandatory The vRealize Operations Manager server certicate

y/Optional Comments

Mandatory FQDN or IP address of the

vRealize Operations Manager server.

Default is 443

thumbprint. You must enclose the certicate thumbprint in opening and closing quotation marks, for example, -serverCertificateThumbprint

"31:32:FA:1F:FD:78:1E:D8:9A:15:32:85:D7:FE: 54:49:0A:1D:9F:6D" .

Parameters are available to dene various other aributes for the installation process.

Table 7‑3. Additional Silent Command Line Installer Parameters

Default

Parameter

/DIR

/SILENT

/VERYSILENT

Value Comments

C:\ep-agent Species the installation path. You cannot use spaces in the

installation path, and you must connect the /DIR command and the installation path with an equal sign, for example, /DIR=C:\ep-agent.

none Species that the installation is to be silent. In a silent

installation, only the progress window appears.

none Species that the installation is to be very silent. In a very

silent installation, the progress window does not appear, however installation error messages are displayed, as is the startup prompt if you did not disable it.

Java Prerequisites for the Endpoint Operations Management Agent

All Endpoint Operations Management agents require Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction policy les be included as part of the Java package.

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction policy les are included in the JRE Endpoint Operations Management agent installation options.

You can install an Endpoint Operations Management agent package that does not contain JRE les, or choose to add JRE later.

VMware, Inc. 45

vRealize Operations Manager vApp Deployment and Configuration Guide

If you select a non-JRE installation option, you must ensure that your Java package includes Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction policy les to enable registration of the Endpoint Operations Management agent. If you select a non-JRE option and your Java package does not include Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction policy les, you receive these error messages Server might be down (or wrong IP/port were used) and Cannot support

TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers.

Configuring JRE Locations for Endpoint Operations Management Components

Endpoint Operations Management agents require a JRE. The platform-specic Endpoint Operations Management agent installers include a JRE. Platform-independent Endpoint Operations Management agent installers do not include a JRE.

Operations Management Agent,” on page 45.

Depending on your environment and the installation package that you use, you might need to dene the location of the JRE for your agents. The following environments require JRE location conguration.

Platform-specic agent installation on a machine that has its own JRE that you want to use

Platform-independent agent installation

How the Agent Resolves its JRE

The agent resolves its JRE based on platform type.

UNIX-like Platforms

On UNIX-like platforms, the agent determines which JRE to use in the following order:

1 HQ_JAVA_HOME environment variable

2 Embedded JRE

3 JAVA_HOME environment variable

Linux Platforms

Windows Platforms

On Linux platforms, you use export HQ_JAVA_HOME=

path_to_current_java_directory to dene a system variable.

On Windows platforms, the agent resolves the JRE to use in the following order:

1 HQ_JAVA_HOME environment variable

The path dened in the variable must not contain spaces. Consider using a shortened version of the path, using the tild (~) character. For example,c:\Program Files\Java\jre7 can become

c:\Progra~1\Java\jre7. The number after the tild depends on the

alphabetical order (where a = 1, b =2, and so on) of les whose name begins with progra in that directory.

2 Embedded JRE

You dene a system variable from the My Computer menu. Select Properties > Advanced > Environment Variables > System Variables > New.

46 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Because of a known issue with Windows, on Windows Server 2008 R2 and 2012 R2, Windows services might keep old values of system variables, even though they have been updated or removed. As a result, updates or removal of the HQ_JAVA_HOME system variable might not be propagated to the Endpoint Operations Management Agent service. In this event, the Endpoint Operations Management agent might use an obsolete value for HQ_JAVA_HOME, which will cause it to use the wrong JRE version.

System Prerequisites for the Endpoint Operations Management Agent

If you do not dene localhost as the loopback address, the Endpoint Operations Management agent does not register and the following error appears: Connection failed. Server may be down (or wrong IP/port

were used). Waiting for 10 seconds before retrying.

As a workaround, complete the following steps:

Procedure

1 Open the hosts le /etc/hosts on Linux or C:\Windows\System32\Drivers\etc\hosts on Windows.

2 Modify the le to include a localhost mapping to the IPv4 127.0.0.1 loopback address, using

127.0.0.1 localhost.

3 Save the le.

Configure the Endpoint Operations Management Agent to vRealize Operations Manager Server Communication Properties

Before rst agent startup, you can dene the properties that enable the agent to communicate with the vRealize Operations Manager server, and other agent properties, in the agent.properties le of an agent. When you congure the agent in the properties le you can streamline the deployment for multiple agents.

If a properties le exists, back it up before you make conguration changes. If the agent does not have a properties le, create one.

An agent looks for its properties le in AgentHome/conf. This is the default location of agent.properties.

If the agent does not nd the required properties for establishing communications with the vRealize Operations Manager server in either of these locations, it prompts for the property values at initial start up of the agent.

A number of steps are required to complete the conguration.

You can dene some agent properties before or after the initial startup. You must always congure properties that control the following behaviors before initial startup.

When the agent must use an SSL keystore that you manage, rather than a keystore that

vRealize Operations Manager generates.

When the agent must connect to the vRealize Operations Manager server through a proxy server.

Prerequisites

Verify that the vRealize Operations Manager server is running.

Procedure

1 Activate Endpoint Operations Management Agent to vRealize Operations Manager Server Setup

Properties on page 48

In the agent.properties le, properties relating to communication between the Endpoint Operations Management agent and the vRealize Operations Manager server are inactive by default. You must activate them.

2 Specify the Endpoint Operations Management Agent Setup Properties on page 49

The agent.properties le contains properties that you can congure to manage communication.

VMware, Inc. 47

vRealize Operations Manager vApp Deployment and Configuration Guide

3 Congure an Endpoint Operations Management Agent Keystore on page 50

The agent uses a self-signed certicate for internal communication, and a second certicate that is signed by the server during the agent registration process. By default, the certicates are stored in a keystore that is generated in the data folder. You can congure your own keystore for the agent to use.

4 Congure the Endpoint Operations Management Agent by Using the Conguration Dialog on

page 50

The Endpoint Operations Management agent conguration dialog appears in the shell when you start an agent that does not have conguration values that specify the location of the vRealize Operations Manager server. The dialog prompts you to provide the address and port of the vRealize Operations Manager server, and other connection-related data.

5 Overriding Agent Conguration Properties on page 51

You can specify that vRealize Operations Manager override default agent properties when they dier from custom properties that you have dened.

6 Endpoint Operations Management Agent Properties on page 51

Multiple properties are supported in the agent.properties le for an Endpoint Operations Management agent. Not all supported properties are included by default in the

agent.properties le.

What to do next

Start the Endpoint Operations Management agent.

Activate Endpoint Operations Management Agent to vRealize Operations Manager Server Setup Properties

Procedure

1 In the agent.properties le, locate the following section.

## Use the following to automate agent setup

## using these properties.

## If any properties do not have values specified, the setup

## process prompts for their values.

## If the value to use during automatic setup is the default, use the string *default* as

the value for the option.

2 Remove the hash tag at the beginning of each line to activate the properties.

#agent.setup.serverIP=localhost

#agent.setup.serverSSLPort=443

#agent.setup.serverLogin=username

#agent.setup.serverPword=password

The rst time that you start the Endpoint Operations Management agent, if agent.setup.serverPword is inactive, and has a plain text value, the agent encrypts the value.

3 (Optional) Remove the hash tag at the beginning of the line

#agent.setup.serverCertificateThumbprint= and provide a thumbprint value to activate pre-approval

of the server certicate.

48 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Specify the Endpoint Operations Management Agent Setup Properties

The agent.properties le contains properties that you can congure to manage communication.

Agent-server setup requires a minimum set of properties.

Procedure

1 Specify the location and credentials the agent must use to contact the vRealize Operations Manager

server.

Property Property Definition

agent.setup.serverIP

agent.setup.serverSSLPort

agent.setup.serverLogin

agent.setup.serverPword

Specify the address or hostname of the vRealize Operations Manager server.

The default value is the standard SSL vRealize Operations Manager server listen port. If your server is congured for a dierent listen port, specify the port number.

Specify the user name for the agent to use when connecting to the vRealize Operations Managerserver. If you change the value from the username default value, verify that the user account is correctly congured on the vRealize Operations Manager server.

Specify the password for the agent to use, together with the user name specied in agent.setup.camLogin, when connecting to thevRealize Operations Manager server. Verify that the password is the one congured in vRealize Operations Manager for the user account.

2 (Optional) Specify the vRealize Operations Manager server certicate thumbprint.

Property Property Definition

agent.setup.serverCertificateTh umbprint

Provides details about the server certicate to trust.

This parameter is required to run a silent installation.

Either the SHA1 or SHA256 algorithm can be used for the thumbprint.

By default, the vRealize Operations Manager server generates a self-signed CA certicate that is used to sign the certicate of all the nodes in the cluster. In this case, the thumbprint must be the thumbprint of the CA certicate, to allow for the agent to communicate with all nodes.

As a vRealize Operations Manager administrator, you can import a custom certicate instead of using the default. In this instance, you must specify a thumbprint corresponding to that certicate as the value of this property.

To view the certicate thumbprint value, log into the vRealize Operations Manager Administration interface at https://IP Address/admin and click the SSL  icon located on the right of the menu bar. Unless you replaced the original certicate with a custom certicate, the second thumbprint in the list is the correct one. If you did upload a custom certicate, the rst thumbprint in the list is the correct one.

3 (Optional) Specify the location and le name of the platform token le.

This le is created by the agent during installation and contains the identity token for the platform object.

Property Property Definition

Windows:

agent.setup.tokenFileWindows

Linux:

agent.setup.tokenFileLinux

Provides details about the location and name of the platform token le.

The value cannot include backslash (\) or percentage(%) characters, or environment variables.

Ensure that you use forward slashes (/) when specifying the Windows path.

VMware, Inc. 49

vRealize Operations Manager vApp Deployment and Configuration Guide

4 (Optional) Specify any other required properties by running the appropriate command.

Operating System Command

Linux

Windows

./bin/ep-agent.sh set-property PropertyKey PropertyValue

./bin/ep-agent.bat set-property PropertyKey PropertyValue

The properties are encrypted in the agent.properties le.

Configure an Endpoint Operations Management Agent Keystore

I To use your own keystore, you must perform this task before the rst agent activation.

Procedure

1 In the agent.properties le, activate the # agent.keystore.path= and # agent.keystore.password=

properties.

Dene the full path to the keystore with agent.keystore.path and the keystore password with

agent.keystore.password.

2 Add the [agent.keystore.alias] property to the properties le, and set it to the alias of the primary

certicate or private key entry of the keystore primary certicate.

Configure the Endpoint Operations Management Agent by Using the Configuration Dialog

The agent conguration dialog appears in these cases:

The rst time that you start an agent, if you did not supply one or more of the relevant properties in the

agent.properties le.

When you start an agent for which saved server connection data is corrupt or was removed.

You can also run the agent launcher to rerun the conguration dialog.

Prerequisites

Verify that the server is running.

Procedure

1 Open a terminal window on the platform on which the agent is installed.

2 Navigate to the AgentHome/bin directory.

50 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

3 Run the agent launcher using the start or setup option.

Platform Command

UNIX-like

Windows

ep-agent.sh start

Install the Windows service for the agent, then run the it: ep-agent.bat install ep-agent.bat start command.

When you congure an Endpoint Operations Management agent as a Windows service, make sure that the credentials that you specify are sucient for the service to connect to the monitored technology. For example, if you have anEndpoint Operations Management agent that is running on Microsoft SQL Server, and only a specic user can log in to that server, the Windows service login must also be for that specic user.

4 Respond to the prompts, noting the following as you move through the process.

Prompt Description

Enter the server hostname or IP address

Enter the server SSL port

The server has presented an untrusted certificate

Enter your server username

Enter your server password

If the server is on the same machine as the agent, you can enter localhost. If a rewall is blocking trac from the agent to the server, specify the address of the rewall.

Specify the SSL port on the vRealize Operations Manager server to which the agent must connect. The default port is 443.

If this warning appears, but your server is signed by a trusted certicate or you have updated the thumbprint property to contain the thumbprint, this agent might be subject to a man-in-the-middle aack. Review the displayed certicate thumbprint details carefully.

Enter the name of a vRealize Operations Manager user with agentManager permissions.

Enter the password for the specied vRealize Operations Manager. Do not store the password in the agent.properties le.

The agent initiates a connection to the vRealize Operations Manager server and the server veries that the agent is authenticated to communicate with it.

The server generates a client certicate that includes the agent token. The message The agent has been

successfully registered appears. The agent starts discovering the platform and supported products

running on it.

Overriding Agent Configuration Properties

You can specify that vRealize Operations Manager override default agent properties when they dier from custom properties that you have dened.

In the Advanced section of the Edit Object dialog, if you set the Override agent  data to false, default agent conguration data is applied. If you set Override agent  data to true, the default agent parameter values are ignored if you have set alternative values, and the values that you set are applied.

If you set the value of Override agent  data to true when editing an MSSQL object (MSSQL, MSSQL Database, MSSQL Reporting Services, MSSQL Analysis Service, or MSSQL Agent) that runs in a cluster, it might result in inconsistent behavior.

Endpoint Operations Management Agent Properties

Multiple properties are supported in the agent.properties le for an Endpoint Operations Management agent. Not all supported properties are included by default in the agent.properties le.

You must add any properties that you want to use that are not included in the default agent.properties le.

You can encrypt properties in the agent.properties le to enable silent installation.

VMware, Inc. 51

vRealize Operations Manager vApp Deployment and Configuration Guide

Encrypt Endpoint Operations Management Agent Property Values

After you have installed anEndpoint Operations Management agent, you can use it to add encrypted values to the agent.properties le to enable silent installation.

For example, to specify the user password, you can run ./bin/ep-agent.sh set-property

agent.setup.serverPword serverPasswordValue to add the following line to the agent.properties le.

agent.setup.serverPword = ENC(4FyUf6m/c5i+RriaNpSEQ1WKGb4y

+Dhp7213XQiyvtwI4tMlbGJfZMBPG23KnsUWu3OKrW35gB+Ms20snM4TDg==)

The key that was used to encrypt the value is saved in AgentHome/conf/agent.scu. If you encrypt other values, the key that was used to encrypt the rst value is used.

Prerequisites

Verify that the Endpoint Operations Management agent can access AgentHome/conf/agent.scu. Following the encryption of any agent-to-server connection properties, the agent must be able to access this le to start.

Procedure

Open a command prompt and run ./bin/ep-agent.sh set-property agent.setup.propertyName

propertyValue.

The key that was used to encrypt the value is saved in AgentHome/conf/agent.scu.

What to do next

If your agent deployment strategy involves distributing a standard agent.properties le to all agents, you must also distribute agent.scu. See “Install Multiple Endpoint Operations Management Agents

Simultaneously,” on page 71.

Adding Properties to the agent.properties File

You must add any properties that you want to use that are not included in the default agent.properties le.

Following is a list of the available properties.

agent.keystore.alias Property on page 55

This property congures the name of the user-managed keystore for the agent for agents congured for unidirectional communication with the vRealize Operations Manager server.

agent.keystore.password Property on page 55

This property congures the password for an Endpoint Operations Management agent's SSL keystore.

agent.keystore.path Property on page 55

This property congures the location of a Endpoint Operations Management agent's SSL keystore.

agent.listenPort Property on page 56

This property species the port where the Endpoint Operations Management agent listens to receive communication from the vRealize Operations Manager server.

agent.logDir Property on page 56

You can add this property to the agent.properties le to specify the directory where the Endpoint Operations Management agent writes its log le. If you do not specify a fully qualied path,

agent.logDir is evaluated relative to the agent installation directory.

agent.logFile Property on page 56

The path and name of the agent log le.

agent.logLevel Property on page 56

The level of detail of the messages the agent writes to the log le.

52 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

agent.logLevel.SystemErr Property on page 56

Redirects System.err to the agent.log le.

agent.logLevel.SystemOut Property on page 57

Redirects System.out to the agent.log le.

agent.proxyHost Property on page 57

The host name or IP address of the proxy server that the Endpoint Operations Management agent must connect to rst when establishing a connection to the vRealize Operations Manager server.

agent.proxyPort Property on page 57

The port number of the proxy server that the Endpoint Operations Management agent must connect to

rst when establishing a connection to the vRealize Operations Manager server.

agent.setup.acceptUnveriedCerticate Property on page 57

This property controls whether an Endpoint Operations Management agent issues a warning when the vRealize Operations Manager server presents an SSL certicate that is not in the agent's keystore, and is either self-signed or signed by a dierent certicate authority than the one that signed the agent's SSL certicate.

agent.setup.camIP Property on page 57

Use this property to dene the IP address of the vRealize Operations Manager server for the agent. The Endpoint Operations Management agent reads this value only in the event that it cannot nd connection conguration in its data directory.

agent.setup.camLogin Property on page 58

At rst startup after installation, use this property to dene the Endpoint Operations Management agent user name to use when the agent is registering itself with the server.

agent.setup.camPort Property on page 58

At rst startup after installation, use this property to dene the Endpoint Operations Management agent server port to use for non-secure communications with the server.

agent.setup.camPword Property on page 58

Use this property to dene the password that the Endpoint Operations Management agent uses when connecting to the vRealize Operations Manager server, so that the agent does not prompt a user to supply the password interactively at rst startup.

agent.setup.camSecure on page 59

This property is used when you are registering the Endpoint Operations Management with the vRealize Operations Manager server to communicate using encryption.

agent.setup.camSSLPort Property on page 59

At rst startup after installation, use this property to dene the Endpoint Operations Management agent server port to use for SSL communications with the server.

agent.setup.resetupToken Property on page 59

Use this property to congure an Endpoint Operations Management agent to create a new token to use for authentication with the server at startup. Regenerating a token is useful if the agent cannot connect to the server because the token has been deleted or corrupted.

agent.setup.unidirectional Property on page 59

Enables unidirectional communications between the Endpoint Operations Management agent and vRealize Operations Manager server.

VMware, Inc. 53

vRealize Operations Manager vApp Deployment and Configuration Guide

agent.startupTimeOut Property on page 59

The number of seconds that the Endpoint Operations Management agent startup script waits before determining that the agent has not started up successfully. If the agent is found to not be listening for requests within this period, an error is logged, and the startup script times out.

autoinventory.defaultScan.interval.millis Property on page 60

Species how frequently the Endpoint Operations Management agent performs a default autoinventory scan.

autoinventory.runtimeScan.interval.millis Property on page 60

Species how frequently an Endpoint Operations Management agent performs a runtime scan.

hp.useragent Property on page 60

Denes the value for the user-agent request header in HTTP requests issued by the Endpoint Operations Management agent.

log4j Properties on page 60

The log4j properties for the Endpoint Operations Management agent are described here.

platform.log_track.eventfmt Property on page 61

Species the content and format of the Windows event aributes that an Endpoint Operations Management agent includes when logging a Windows event as an event in vRealize Operations Manager.

plugins.exclude Property on page 62

Species plug-ins that the Endpoint Operations Management agent does not load at startup. This is useful for reducing an agent's memory footprint.

plugins.include Property on page 62

Species plug-ins that the Endpoint Operations Management agent loads at startup. This is useful for reducing the agent's memory footprint.

postgresql.database.name.format Property on page 63

This property species the format of the name that the PostgreSQL plug-in assigns to auto-discovered

PostgreSQL Database and vPostgreSQL Database database types.

postgresql.index.name.format Property on page 63

This property species the format of the name that the PostgreSQL plug-in assigns to auto-discovered

PostgreSQL Index and vPostgreSQL Index index types.

postgresql.server.name.format Property on page 63

This property species the format of the name that the PostgreSQL plug-in assigns to auto-discovered

PostgreSQL and vPostgreSQL server types.

postgresql.table.name.format Property on page 64

This property species the format of the name that the PostgreSQL plug-in assigns to auto-discovered

PostgreSQL Table and vPostgreSQL Table table types.

scheduleThread.cancelTimeout Property on page 65

This property species the maximum time, in milliseconds, that the ScheduleThread allows a metric collection process to run before aempting to interrupt it.

scheduleThread.fetchLogTimeout Property on page 65

This property controls when a warning message is issued for a long-running metric collection process.

scheduleThread.poolsize Property on page 65

This property enables a plug-in to use multiple threads for metric collection. The property can increase metric throughput for plug-ins known to be thread-safe.

54 VMware, Inc.

scheduleThread.queuesize Property on page 65

Use this property to limit the metric collection queue size (the number of metrics) for a plug-in.

sigar.mirror.procnet Property on page 66

mirror /proc/net/tcp on Linux.

sigar.pdh.enableTranslation Property on page 66

Use this property to enable translation based on the detected locale of the operating system.

snmpTrapReceiver.listenAddress Property on page 66

Species the port on which the Endpoint Operations Management agent listens for SNMP traps

agent.keystore.alias Property

This property congures the name of the user-managed keystore for the agent for agents congured for unidirectional communication with the vRealize Operations Manager server.

Example: Defining the Name of a Keystore

Given this user-managed keystore for a unidirectional agent

hq self-signed cert), Jul 27, 2011, trustedCertEntry,

Certificate fingerprint (MD5): 98:FF:B8:3D:25:74:23:68:6A:CB:0B:9C:20:88:74:CE

hq-agent, Jul 27, 2011, PrivateKeyEntry,

Certificate fingerprint (MD5): 03:09:C4:BC:20:9E:9A:32:DC:B2:E8:29:C0:3C:FE:38

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Default

you dene the name of the keystore like this

agent.keystore.alias=hq-agent

If the value of this property does not match the keystore name, agent-server communication fails.

The default behavior of the agent is to look for the hq keystore.

For unidirectional agents with user-managed keystores, you must dene the keystore name using this property.

agent.keystore.password Property

This property congures the password for an Endpoint Operations Management agent's SSL keystore.

Dene the location of the keystore using the “agent.keystore.path Property,” on page 55 property.

By default, the rst time you start the Endpoint Operations Management agent following installation, if

agent.keystore.password is uncommented and has a plain text value, the agent automatically encrypts the

property value. You can encrypt this property value yourself, prior to starting the agent.

It is good practice to specify the same password for the agent keystore as for the agent private key.

By default, the agent.properties le does not include this property.

agent.keystore.path Property

This property congures the location of a Endpoint Operations Management agent's SSL keystore.

Specify the full path to the keystore. Dene the password for the keystore using the

agent.keystore.password property. See “agent.keystore.password Property,” on page 55.

Specifying the Keystore Path on Windows

On Windows platforms, specify the path to the keystore in this format.

C:/Documents and Settings/Desktop/keystore

VMware, Inc. 55

vRealize Operations Manager vApp Deployment and Configuration Guide

Default

AgentHome/data/keystore.

agent.listenPort Property

This property species the port where the Endpoint Operations Management agent listens to receive communication from the vRealize Operations Manager server.

The property is not required for unidirectional communication.

agent.logDir Property

You can add this property to the agent.properties le to specify the directory where the Endpoint Operations Management agent writes its log le. If you do not specify a fully qualied path,

agent.logDir is evaluated relative to the agent installation directory.

To change the location for the agent log le, enter a path relative to the agent installation directory, or a fully qualied path.

Note that the name of the agent log le is congured with the agent.logFile property.

Default

By default, the agent.properties le does not include this property.

The default behavior is agent.logDir=log, resulting in the agent log le being wrien to the AgentHome/log directory.

Default

agent.logFile Property

The path and name of the agent log le.

In the agent.properties le, the default seing for the agent.LogFile property is made up of a variable and a string

agent.logFile=${agent.logDir}\agent.log

where

agent.logDir is a variable that supplies the value of an identically named agent property. By default, the

value of agent.logDir is log, interpreted relative to the agent installation directory.

agent.log is the name for the agent log le.

By default, the agent log le is named agent.log, and is wrien to the AgentHome/log directory.

agent.logLevel Property

The level of detail of the messages the agent writes to the log le.

Permied values are INFO and DEBUG.

INFO

agent.logLevel.SystemErr Property

Redirects System.err to the agent.log le.

Commenting out this seing causes System.err to be directed to agent.log.startup.

Default

ERROR

56 VMware, Inc.

Default

Chapter 7 Connecting vRealize Operations Manager to Data Sources

agent.logLevel.SystemOut Property

Redirects System.out to the agent.log le.

Commenting out this seing causes System.out to be directed to agent.log.startup.

INFO

agent.proxyHost Property

The host name or IP address of the proxy server that the Endpoint Operations Management agent must connect to rst when establishing a connection to the vRealize Operations Manager server.

This property is supported for agents congured for unidirectional communication.

Use this property in conjunction with agent.proxyPort and agent.setup.unidirectional.

None

agent.proxyPort Property

The port number of the proxy server that the Endpoint Operations Management agent must connect to rst when establishing a connection to the vRealize Operations Manager server.

Default

This property is supported for agents congured for unidirectional communication.

Use this property in conjunction with agent.proxyPort and agent.setup.unidirectional.

None

agent.setup.acceptUnverifiedCertificate Property

certicate.

When the default is used, the agent issues the warning

The authenticity of host 'localhost' can't be established.

Are you sure you want to continue connecting? [default=no]:

If you respond yes, the agent imports the server's certicate and will continue to trust the certicate from this point on.

agent.setup.acceptUnverifiedCertificate=no

agent.setup.camIP Property

You can specify this and other agent.setup.* properties to reduce the user interaction required to congure an agent to communicate with the server.

The value can be provided as an IP address or a fully qualied domain name. To identify an server on the same host as the server, set the value to 127.0.0.1.

VMware, Inc. 57

vRealize Operations Manager vApp Deployment and Configuration Guide

If there is a rewall between the agent and server, specify the address of the rewall, and congure the rewall to forward trac on port 7080, or 7443 if you use the SSL port, to the vRealize Operations Manager

server.

Default

Commented out, localhost.

agent.setup.camLogin Property

At rst startup after installation, use this property to dene the Endpoint Operations Management agent user name to use when the agent is registering itself with the server.

The permission required on the server for this initialization is Create, for platforms.

The agent reads this value only in the event that it cannot nd connection conguration in its data directory.

You can specify this and other agent.setup.* properties to reduce the user interaction required to congure an agent to communicate with the server.

Default

Commented our hqadmin.

agent.setup.camPort Property

Default

At rst startup after installation, use this property to dene the Endpoint Operations Management agent server port to use for non-secure communications with the server.

The agent reads this value only in the event that it cannot nd connection conguration in its data directory.

You can specify this and other agent.setup.* properties to reduce the user interaction required to congure an agent to communicate with the server.

Commented out 7080.

agent.setup.camPword Property

The password for the user is that specied by agent.setup.camLogin.

The agent reads this value only in the event that it cannot nd connection conguration in its data directory.

You can specify this and other agent.setup.* properties to reduce the user interaction required to congure an agent to communicate with the server.

The rst time you start the Endpoint Operations Management agent after installation, if

agent.keystore.password is uncommented and has a plain text value, the agent automatically encrypts the

property value. You can encrypt these property values prior to starting the agent.

Commented our hqadmin.

58 VMware, Inc.

Default

Chapter 7 Connecting vRealize Operations Manager to Data Sources

agent.setup.camSecure

This property is used when you are registering the Endpoint Operations Management with the vRealize Operations Manager server to communicate using encryption.

Use yes=secure, encrypted, or SSL, as appropriate, to encrypt communication.

Use no=unencrypted for unencrypted communication.

agent.setup.camSSLPort Property

At rst startup after installation, use this property to dene the Endpoint Operations Management agent server port to use for SSL communications with the server.

The agent reads this value only in the event that it cannot nd connection conguration in its data directory.

You can specify this and other agent.setup.* properties to reduce the user interaction required to congure an agent to communicate with the server.

Commented out 7443.

agent.setup.resetupToken Property

Default

The agent reads this value only in the event that it cannot nd connection conguration in its data directory.

Regardless of the value of this property, an agent generates a token the rst time it is started after installation.

Commented out no.

agent.setup.unidirectional Property

Enables unidirectional communications between the Endpoint Operations Management agent and vRealize Operations Manager server.

If you congure an agent for unidirectional communication, all communication with the server is initiated by the agent.

For a unidirectional agent with a user-managed keystore, you must congure the keystore name in the

agent.properties le.

Commented out no.

agent.startupTimeOut Property

Default

By default, the agent.properties le does not include this property.

The default behavior of the agent is to timeout after 300 seconds.

VMware, Inc. 59

vRealize Operations Manager vApp Deployment and Configuration Guide

autoinventory.defaultScan.interval.millis Property

Species how frequently the Endpoint Operations Management agent performs a default autoinventory scan.

The default scan detects server and platform services objects, typically using the process table or the Windows registry. Default scans are less resource-intensive than runtime scans.

Default

The agent performs the default scan at startup and every 15 minutes thereafter.

Commented out 86,400,000 milliseconds, or one day.

autoinventory.runtimeScan.interval.millis Property

Species how frequently an Endpoint Operations Management agent performs a runtime scan.

A runtime scan may use more resource-intensive methods to detect services than a default scan. For example, a runtime scan might involve issuing an SQL query or looking up an MBean.

Default

86,400,000 milliseconds, or one day.

http.useragent Property

Default

Denes the value for the user-agent request header in HTTP requests issued by the Endpoint Operations Management agent.

You can use http.useragent to dene a user-agent value that is consistent across upgrades.

By default, the agent.properties le does not include this property.

By default, the user-agent in agent requests includes the Endpoint Operations Management agent version, so changes when the agent is upgraded. If a target HTTP server is congured to block requests with an unknown user-agent, agent requests fail after an agent upgrade.

Hyperic-HQ-Agent/Version, for example, Hyperic-HQ-Agent/4.1.2-EE.

log4j Properties

The log4j properties for the Endpoint Operations Management agent are described here.

log4j.rootLogger=${agent.logLevel}, R

log4j.appender.R.File=${agent.logFile}

log4j.appender.R.MaxBackupIndex=1

log4j.appender.R.MaxFileSize=5000KB

log4j.appender.R.layout.ConversionPattern=%d{dd-MM-yyyy HH:mm:ss,SSS z} %-5p [%t] [%c{1}@%L] %m%n

log4j.appender.R.layout=org.apache.log4j.PatternLayout

log4j.appender.R=org.apache.log4j.RollingFileAppender

## Disable overly verbose logging

log4j.logger.org.apache.http=ERROR

log4j.logger.org.springframework.web.client.RestTemplate=ERROR

log4j.logger.org.hyperic.hq.measurement.agent.server.SenderThread=INFO

log4j.logger.org.hyperic.hq.agent.server.AgentDListProvider=INFO

log4j.logger.org.hyperic.hq.agent.server.MeasurementSchedule=INFO

log4j.logger.org.hyperic.util.units=INFO

60 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

log4j.logger.org.hyperic.hq.product.pluginxml=INFO

# Only log errors from naming context

log4j.category.org.jnp.interfaces.NamingContext=ERROR

log4j.category.org.apache.axis=ERROR

#Agent Subsystems: Uncomment individual subsystems to see debug messages.

#-----------------------------------------------------------------------

#log4j.logger.org.hyperic.hq.autoinventory=DEBUG

#log4j.logger.org.hyperic.hq.livedata=DEBUG

#log4j.logger.org.hyperic.hq.measurement=DEBUG

#log4j.logger.org.hyperic.hq.control=DEBUG

#Agent Plugin Implementations

#log4j.logger.org.hyperic.hq.product=DEBUG

#Server Communication

#log4j.logger.org.hyperic.hq.bizapp.client.AgentCallbackClient=DEBUG

#Server Realtime commands dispatcher

#log4j.logger.org.hyperic.hq.agent.server.CommandDispatcher=DEBUG

Default

#Agent Configuration parser

#log4j.logger.org.hyperic.hq.agent.AgentConfig=DEBUG

#Agent plugins loader

#log4j.logger.org.hyperic.util.PluginLoader=DEBUG

#Agent Metrics Scheduler (Scheduling tasks definitions & executions)

#log4j.logger.org.hyperic.hq.agent.server.session.AgentSynchronizer.SchedulerThread=DEBUG

#Agent Plugin Managers

#log4j.logger.org.hyperic.hq.product.MeasurementPluginManager=DEBUG

#log4j.logger.org.hyperic.hq.product.AutoinventoryPluginManager=DEBUG

#log4j.logger.org.hyperic.hq.product.ConfigTrackPluginManager=DEBUG

#log4j.logger.org.hyperic.hq.product.LogTrackPluginManager=DEBUG

#log4j.logger.org.hyperic.hq.product.LiveDataPluginManager=DEBUG

#log4j.logger.org.hyperic.hq.product.ControlPluginManager=DEBUG

platform.log_track.eventfmt Property

Species the content and format of the Windows event aributes that an Endpoint Operations Management agent includes when logging a Windows event as an event in vRealize Operations Manager.

By default, the agent.properties le does not include this property.

When Windows log tracking is enabled, an entry in the form [Timestamp] Log Message

(EventLogName):EventLogName:EventAttributes is logged for events that match the criteria you specied on

the resource's Conguration Properties page.

Attribute Description

Timestamp

Log Message

VMware, Inc. 61

When the event occurred

A text string

vRealize Operations Manager vApp Deployment and Configuration Guide

Attribute Description

EventLogName The Windows event log type System, Security, or Application

EventAttributes

A colon delimited string made of the Windows event Source and Message

aributes

For example, the log entry: 04/19/2010 06:06 AM Log Message (SYSTEM): SYSTEM: Print: Printer HP

LaserJet 6P was paused. is for a Windows event wrien to the Windows System event log at 6:06 AM on

04/19/2010. The Windows event Source and Message aributes, are "Print" and "Printer HP LaserJet 6P

was paused.", respectively.

Conguration

Use the following parameters to congure the Windows event aributes that the agent writes for a Windows event. Each parameter maps to Windows event aribute of the same name.

Parameter Description

%user%

%computer%

%source%

%event%

%message%

%category%

The name of the user on whose behalf the event occurred.

The name of the computer on which the event occurred.

The software that logged the Windows event.

A number identifying the particular event type.

The event message.

An application-specic value used for grouping events.

Usage

For example, with the property seing platform.log_track.eventfmt=%user%@%computer% %source%:%event

%:%message%, the Endpoint Operations Management agent writes the following data when logging the

Windows event 04/19/2010 06:06 AM Log Message (SYSTEM): SYSTEM: HP_Admistrator@Office Print:

7:Printer HP LaserJet 6P was paused.. This entry is for a Windows event wrien to the Windows system

event log at 6:06 AM on 04/19/2010. The software associated with the event was running as "HP_Administrator" on the host "Oce". The Windows event's Source, Event, and Message aributes, are "Print", "7", and "Printer HP LaserJet 6P was paused.", respectively.

plugins.exclude Property

Species plug-ins that the Endpoint Operations Management agent does not load at startup. This is useful for reducing an agent's memory footprint.

Supply a comma-separated list of plug-ins to exclude. For example,

plugins.exclude=jboss,apache,mysql

plugins.include Property

Species plug-ins that the Endpoint Operations Management agent loads at startup. This is useful for reducing the agent's memory footprint.

Supply a comma-separated list of plug-ins to include. For example,

plugins.include=weblogic,apache

62 VMware, Inc.

Default

Chapter 7 Connecting vRealize Operations Manager to Data Sources

postgresql.database.name.format Property

This property species the format of the name that the PostgreSQL plug-in assigns to auto-discovered

PostgreSQL Database and vPostgreSQL Database database types.

By default, the name of a PostgreSQL or vPostgreSQL database is Database DatabaseName, where DatabaseName is the auto-discovered name of the database.

To use a dierent naming convention, dene postgresql.database.name.format. The variable data you use must be available from the PostgreSQL plug-in.

Use the following syntax to specify the default table name assigned by the plug-in,

Database ${db}

where

postgresql.db is the auto-discovered name of the PostgreSQL or vPostgreSQL database.

By default, the agent.properties le does not include this property.

postgresql.index.name.format Property

This property species the format of the name that the PostgreSQL plug-in assigns to auto-discovered

PostgreSQL Index and vPostgreSQL Index index types.

Default

By default, the name of a PostgreSQL or vPostgreSQL index is Index DatabaseName.Schema.Index, comprising the following variables

Variable Description

DatabaseName

Schema

Index

The auto-discovered name of the database.

The auto-discovered schema for the database.

The auto-discovered name of the index.

To use a dierent naming convention, dene postgresql.index.name.format. The variable data you use must be available from the PostgreSQL plug-in.

Use the following syntax to specify the default index name assigned by the plug-in,

Index ${db}.${schema}.${index}

where

Attribute Description

schema

index

Identies the platform that hosts the PostgreSQL or vPostgreSQL server.

Identies the schema associated with the table.

The index name in PostgreSQL.

By default, the agent.properties le does not include this property.

postgresql.server.name.format Property

This property species the format of the name that the PostgreSQL plug-in assigns to auto-discovered

PostgreSQL and vPostgreSQL server types.

By default, the name of a PostgreSQL or vPostgreSQL server is Host:Port, comprising the following variables

VMware, Inc. 63

vRealize Operations Manager vApp Deployment and Configuration Guide

Variable Description

Host

Port

The FQDN of the platform that hosts the server.

The PostgreSQL listen port.

To use a dierent naming convention, dene postgresql.server.name.format. The variable data you use must be available from the PostgreSQL plug-in.

Use the following syntax to specify the default server name assigned by the plug-in,

${postgresql.host}:${postgresql.port}

where

Attribute Description

postgresql.host

postgresql.port

Identies the FQDN of the hosting platform.

Identies the database listen port.

Default

By default, the agent.properties le does not include this property.

postgresql.table.name.format Property

This property species the format of the name that the PostgreSQL plug-in assigns to auto-discovered

PostgreSQL Table and vPostgreSQL Table table types.

By default, the name of a PostgreSQL or vPostgreSQL table is Table DatabaseName.Schema.Table, comprising the following variables

Variable Description

DatabaseName

Schema

Table

The auto-discovered name of the database.

The auto-discovered schema for the database.

The auto-discovered name of the table.

To use a dierent naming convention, dene postgresql.table.name.format. The variable data you use must be available from the PostgreSQL plug-in.

Use the following syntax to specify the default table name assigned by the plug-in,

Table ${db}.${schema}.${table}

where

Attribute Description

schema

table

Identies the platform that hosts the PostgreSQL or vPostgreSQL server.

Identies the schema associated with the table.

The table name in PostgreSQL.

Default

By default, the agent.properties le does not include this property.

64 VMware, Inc.

Usage

Default

Usage

Default

Chapter 7 Connecting vRealize Operations Manager to Data Sources

scheduleThread.cancelTimeout Property

This property species the maximum time, in milliseconds, that the ScheduleThread allows a metric collection process to run before aempting to interrupt it.

When the timeout is exceeded, collection of the metric is interrupted, if it is in a wait(), sleep() or nonblocking read() state.

scheduleThread.cancelTimeout=5000

5000 milliseconds.

scheduleThread.fetchLogTimeout Property

This property controls when a warning message is issued for a long-running metric collection process.

If a metric collection process exceeds the value of this property, which is measured in milliseconds, the agent writes a warning message to the agent.log le.

scheduleThread.fetchLogTimeout=2000

Usage

Default

Usage

2000 milliseconds.

scheduleThread.poolsize Property

This property enables a plug-in to use multiple threads for metric collection. The property can increase metric throughput for plug-ins known to be thread-safe.

Specify the plug-in by name and the number of threads to allocate for metric collection

scheduleThread.poolsize.PluginName=2

where PluginName is the name of the plug-in to which you are allocating threads. For example,

scheduleThread.poolsize.vsphere=2

scheduleThread.queuesize Property

Use this property to limit the metric collection queue size (the number of metrics) for a plug-in.

Specify the plug-in by name and the maximum metric queue length number:

scheduleThread.queuesize.PluginName=15000

where PluginName is the name of the plug-in on which you are imposing a metric limit.

For example,

scheduleThread.queuesize.vsphere=15000

Default

1000

VMware, Inc. 65

vRealize Operations Manager vApp Deployment and Configuration Guide

sigar.mirror.procnet Property

mirror /proc/net/tcp on Linux.

Default

true

sigar.pdh.enableTranslation Property

Use this property to enable translation based on the detected locale of the operating system.

snmpTrapReceiver.listenAddress Property

Species the port on which the Endpoint Operations Management agent listens for SNMP traps

By default, the agent.properties le does not include this property.

Typically SNMP uses the UDP port 162 for trap messages. This port is in the privileged range, so an agent listening for trap messages on it must run as root, or as an administrative user on Windows.

You can run the agent in the context of a non-administrative user, by conguring the agent to listen for trap messages on an unprivileged port.

Usage

Specify an IP address (or 0.0.0.0 to specify all interfaces on the platform) and the port for UDP communications in the format

snmpTrapReceiver.listenAddress=udp:IP_address/port

To enable the Endpoint Operations Management agent to receive SNMP traps on an unprivileged port, specify port 1024 or higher. The following seing allows the agent to receive traps on any interface on the platform, on UDP port 1620.

snmpTrapReceiver.listenAddress=udp:0.0.0.0/1620

Managing Agent Registration on vRealize Operations Manager Servers

The Endpoint Operations Management agents identify themselves to the server using client certicates. The agent registration process generates the client certicate.

The client certicate includes a token that is used as the unique identier. If you suspect that a client certicate was stolen or compromised, you must replace the certicate.

You must have AgentManager credentials to perform the agent registration process.

If you remove and reinstall an agent by removing the data directory, the agent token is retained to enable data continuity. See “Understanding Agent Uninstallation and Reinstallation Implications,” on page 69.

Regenerate an Agent Client Certificate

An Endpoint Operations Management agent client certicate might expire and need to be replaced. For example, you would replace a certicate that you suspected was corrupt or compromised.

Prerequisites

Verify that you have sucient privileges to deploy an Endpoint Operations Management agent. You must have vRealize Operations Manager user credentials that include a role that allows you to install Endpoint Operations Management agents. See “Roles and Privileges in vRealize Operations Manager,” on page 74.

66 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Procedure

Start the registration process by running the setup command that is appropriate for the operating

system on which the agent is running.

Operating System Run Command

Linux

Windows

ep-agent.sh setup

ep-agent.bat setup

The agent installer runs the setup, requests a new certicate from the server, and imports the new certicate to the keystore.

Securing Communications with the Server

Communication from an Endpoint Operations Management agent to the vRealize Operations Manager server is unidirectional, however both parties must be authenticated. Communication is always secured using transport layer security (TLS).

The rst time an agent initiates a connection to the vRealize Operations Manager server following installation, the server presents its SSL certicate to the agent.

If the agent trusts the certicate that the server presented, the agent imports the server's certicate to its own keystore.

The agent trusts a server certicate if that certicate, or one of its issuers (CA) already exists in the agent's keystore.

By default, if the agent does not trust the certicate that the server presents, the agent issues a warning. You can choose to trust the certicate, or to terminate the conguration process. The vRealize Operations Manager server and the agent do not import untrusted certicates unless you respond

yes to the warning prompt.

You can congure the agent to accept a specic thumb print without warning by specifying the thumb print of the certicate for the vRealize Operations Manager server.

By default, the vRealize Operations Manager server generates a self-signed CA certicate that is used to sign the certicate of all the nodes in the cluster. In this case, the thumbprint must be the thumbprint of the issuer, to allow for the agent to communicate with all nodes.

Either the SHA1 or SHA256 algorithm can be used for the thumbprint.

Launching Agents from a Command Line

You can launch agents from a command line on both Linux and Windows operating systems.

Use the appropriate process for your operating system.

If you are deleting the data directory, do not use Windows Services to stop and start an Endpoint Operations Management agent. Stop the agent using epops-agent.bat stop. Delete the data directory, then start the agent using epops-agent.bat start.

VMware, Inc. 67

vRealize Operations Manager vApp Deployment and Configuration Guide

Run the Agent Launcher from a Linux Command Line

You can initiate the agent launcher and agent lifecycle commands with the epops-agent.sh script in the

AgentHome/bin directory.

Procedure

1 Open a command shell or terminal window.

2 Enter the required command, using the format sh epops-agent.sh command, where command is one of the

following.

Option Description

start

stop

restart

status

dump

ping

setup

Starts the agent as a daemon process.

Stops the agent's JVM process.

Stops and then starts the agent's JVM process.

Queries the status of the agent's JVM process.

Runs a thread dump for the agent process, and writes the result to the agent.log le in AgentHome/log.

Pings the agent process.

Re-registers the certicate using the existing token.

Run the Agent Launcher from a Windows Command Line

You can initiate the agent launcher and agent lifecycle commands with the epops-agent.bat script in the

AgentHome/bin directory.

Procedure

1 Open a terminal window.

2 Enter the required command, using the format epops-agent.bat command, where command is one of the

following.

Option Description

install Installs the agent NT service. You must run start after running install.

start

stop

remove

query

dump

ping

setup

Starts the agent as an NT service.

Stops the agent as an NT service.

Removes the agent's service from the NT service table.

Queries the current status of the agent NT service (status).

Runs a thread dump for the agent process, and writes the result to the agent.log le in AgentHome/log.

Pings the agent process.

Re-registers the certicate using the existing token.

68 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Managing an Endpoint Operations Management Agent on a Cloned Virtual Machine

When you clone a virtual machine that is running an Endpoint Operations Management agent that is collecting data, there are processes that you must complete related to data continuity to ensure data continuity.

Cloning a Virtual Machine to Delete the Original Virtual Machine

If you are cloning the virtual machine so that you can delete the original virtual machine, you need to verify that the original machine is deleted from thevCenter Server and from vRealize Operations Manager so that the new operating system to virtual machine relationship can be created.

Cloning a Virtual Machine to Run Independently of the Original Machine

If you a cloning the virtual machine so that you can run the two machines independently of the other, the cloned machine requires a new agent because an agent can only monitor a single machine.

Procedure

On the cloned machine, delete the Endpoint Operations Management token and the data folder,

according to the operating system of the machine.

Operating System Process

Linux Delete the Endpoint Operations Management token and

the data folder.

Windows 1

Run epops-agent remove.

Remove the agent token and the data folder.

Run epops-agent install.

Run epops-agent start.

Moving Virtual Machines between vCenter Server Instances

When you move a virtual machine from one vCenter Server to another, you must delete the original machine from vRealize Operations Manager to enable the new operating system relationship with the virtual machine to be created.

Understanding Agent Uninstallation and Reinstallation Implications

When you uninstall or reinstall an Endpoint Operations Management agent, various elements are aected, including existing metrics that the agent has collected, and the identication token that enables a reinstalled agent to report on the previously discovered objects on the server. To ensure that you maintain data continuity, it is important that you aware of the implications of uninstalling and reinstalling an agent.

There are two key locations related to the agent that are preserved when you uninstall an agent. Before reinstalling the agent, you must decide whether to retain or delete the les.

The /data folder is created during agent installation. It contains the keystore, unless you chose a

dierent location for it, and other data related to the currently installed agent.

The epops-token platform token le is created before agent registration and is stored as follows:

Linux: /etc/vmware/epops-token

Windows: %PROGRAMDATA%/VMware/EP Ops Agent/epops-token

When you uninstall an agent, you must delete the /data folder. This does not aect data continuity.

VMware, Inc. 69

vRealize Operations Manager vApp Deployment and Configuration Guide

However, to enable data continuity it is important that you do not delete the epops-token le. This le contains the identity token for the platform object. Following agent reinstallation, the token enables the agent to be synchronized with the previously discovered objects on the server.

When you reinstall the agent, the system noties you whether it found an existing token, and provides its identier. If a token is found, the system uses that token. If a token in not found, the system creates a new one. In the case of an error, the system prompts you to provide either a location and le name for the existing token le, or a location and le name for a new one.

The method that you use to uninstall an agent depends on how it was installed.

Uninstall an Agent that was Installed from an Archive on page 70

You can use this procedure to uninstall agents that you installed on virtual machines in your environment from an archive.

Uninstall an Agent that was Installed Using an RPM Package on page 71

You can use this procedure to uninstall agents that you installed on virtual machines in your environment using an RPM package.

Uninstall an Agent that was Installed Using a Windows Executable on page 71

You can use this procedure to uninstall agents that you installed on virtual machines in your environment from a Windows EXE le.

Reinstall an Agent on page 71

If you change the IP address, hostname or port number of the vRealize Operations Manager server, you need to uninstall and reinstall your agents.

Uninstall an Agent that was Installed from an Archive

You can use this procedure to uninstall agents that you installed on virtual machines in your environment from an archive.

Prerequisites

Verify that the agent is stopped.

Procedure

1 (Optional) If you have a Windows operating system, run ep-agent.bat remove to remove the agent

service.

2 Select the uninstall option that is appropriate to your situation.

If you do not intend to reinstall the agent after you have uninstalled it, delete the agent directory.

The default name of the directory is epops-agent-version.

If you are reinstalling the agent after you have uninstalled it, delete the /data directory.

3 (Optional) If you do not intend to reinstall the agent after you have uninstalled it, or you do not need to

maintain data continuity, delete the epops-token platform token le.

Depending on your operating system, the le to delete is one of the following, unless otherwise dened in the properties le.

Linux: /etc/epops/epops-token

Windows: %PROGRAMDATA%/VMware/EP Ops Agent/epops-token

70 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Uninstall an Agent that was Installed Using an RPM Package

You can use this procedure to uninstall agents that you installed on virtual machines in your environment using an RPM package.

When you are uninstalling an Endpoint Operations Management agent, it is good practice to stop the agent running, to reduce unnecessary load on the server.

Procedure

On the virtual machine from which you are removing the agent, open a command line and run rpm -e

epops-agent.

The agent is uninstalled from the virtual machine.

Uninstall an Agent that was Installed Using a Windows Executable

You can use this procedure to uninstall agents that you installed on virtual machines in your environment from a Windows EXE le.

When you are uninstalling an Endpoint Operations Management agent, it is good practice to stop the agent running, to reduce unnecessary load on the server.

Procedure

Double-click unins000.exe in the installation destination directory for the agent.

The agent is uninstalled from the virtual machine.

Reinstall an Agent

If you change the IP address, hostname or port number of the vRealize Operations Manager server, you need to uninstall and reinstall your agents.

Prerequisites

To maintain data continuity, you must have retained the epops-token platform token le when you uninstalled your agent. See “Uninstall an Agent that was Installed from an Archive,” on page 70.

When you reinstall an Endpoint Operations Management agent on a virtual machine, objects that had previously been detected are no longer monitored. To avoid this situation, do not restart the Endpoint Operations Management agent until the plug-in synchronization is complete.

Procedure

Run the agent install procedure that is relevant to your operating system.

See “Selecting an Agent Installer Package,” on page 40.

What to do next

After you reinstall an agent, MSSQL resources might stop receiving data. If this happens, edit the problematic resources and click OK.

Install Multiple Endpoint Operations Management Agents Simultaneously

If you have multiple Endpoint Operations Management agents to install at one time, you can create a single standardized agent.properties le that all the agents can use.

Installing multiple agents entails a number of steps. Perform the steps in the order listed.

VMware, Inc. 71

vRealize Operations Manager vApp Deployment and Configuration Guide

Prerequisites

Verify that the following prerequisites are satised.

1 Set up an installation server.

An installation server is a server that can access the target platforms from which to perform remote installation.

The server must be congured with a user account that has permissions to SSH to each target platform without requiring a password.

2 Verify that each target platform on which an Endpoint Operations Management agent will be installed

has the following items.

A user account that is identical to that created on the installation server.

An identically named installation directory, for example /home/epomagent.

A trusted keystore, if required.

Procedure

1 Create a Standard Endpoint Operations Management Agent Properties File on page 72

You can create a single properties le that contains property values that multiple agents use .

2 Deploy and Start Multiple Agents One-By-One on page 73

You can perform remote installations to deploy multiple agents that use a single agent.properties le one-by-one.

3 Deploy and Start Multiple Agents Simultaneously on page 73

You can perform remote installations to simultaneously deploy agents that use a single

agent.properties le.

Create a Standard Endpoint Operations Management Agent Properties File

You can create a single properties le that contains property values that multiple agents use .

To enable multiple agent deployment, you create an agent.properties le that denes the agent properties required for the agent to start up and connect with the vRealize Operations Manager server. If you supply the necessary information in the properties le, each agent locates its setup conguration at startup, rather than prompting you for the location. You can copy the agent properties le to the agent installation directory, or to a location available to the installed agent.

Prerequisites

Verify that the prerequisites in “Install Multiple Endpoint Operations Management Agents Simultaneously,” on page 71 are satised.

Procedure

1 Create an agent.properties le in a directory.

You will copy this le later to other machines.

2 Congure the properties as required.

The minimum conguration is the IP address, user name, password, thumb print, and port of the vRealize Operations Manager installation server.

3 Save your congurations.

The rst time that the agents are started, they read the agent.properties le to identify the server connection information. The agents connect to the server and register themselves.

72 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

What to do next

Perform remote agent installations. See “Deploy and Start Multiple Agents One-By-One,” on page 73 or

“Deploy and Start Multiple Agents Simultaneously,” on page 73.

Deploy and Start Multiple Agents One-By-One

You can perform remote installations to deploy multiple agents that use a single agent.properties le oneby-one.

Prerequisites

Verify that the prerequisites in “Install Multiple Endpoint Operations Management Agents

Simultaneously,” on page 71 are satised.

Verify that you congured a standard agent properties le and copied it to the agent installation, or to a

location available to the agent installation.

Procedure

1 Log in to the installation server user account that you congured with permissions to use SSH to

connect to each target platform without requiring a password.

2 Use SSH to connect to the remote platform.

3 Copy the agent archive to the agent host.

4 Unpack the agent archive.

5 Copy the agent.properties le to the AgentHome/conf directory of the unpacked agent archive on the

remote platform.

6 Start the new agent.

The agent registers with the vRealize Operations Manager server and the agent runs an autodiscovery scan to discover its host platform and supported managed products that are running on the platform.

Deploy and Start Multiple Agents Simultaneously

You can perform remote installations to simultaneously deploy agents that use a single agent.properties

le.

Prerequisites

Verify that the prerequisites in “Install Multiple Endpoint Operations Management Agents

Simultaneously,” on page 71 are satised.

Verify that you congured a standard agent properties le and copied it to the agent installation, or to a

location available to the agent installation. See “Create a Standard Endpoint Operations Management

Agent Properties File,” on page 72.

Procedure

1 Create a hosts.txt le on your installation server that maps the hostname to the IP address of each

platform on which you are installing an agent.

2 Open a command-line shell on the installation server.

VMware, Inc. 73

vRealize Operations Manager vApp Deployment and Configuration Guide

3 Type the following command in the shell, supplying the correct name for the agent package in the

export command.

$ export AGENT=epops-agent-x86-64-linux-1.0.0.tar.gz

$ export PATH_TO_AGENT_INSTALL=</path/to/agent/install>

$ for host in `cat hosts.txt`; do scp $AGENT $host:$PATH_TO_AGENT_INSTALL && ssh $host "cd

$PATH_TO_AGENT_INSTALL; tar zxfp $AGENT &&

./epops-agent-1.0.0/ep-agent.sh start"; done

4 (Optional) If the target hosts have sequential names, for example host001, host002, host003, and so on,

you can skip the hosts.txt le and use the seq command.

$ export AGENT=epops-agent-x86-64-linux-1.0.0.tar.gz

$ for i in `seq 1 9`; do scp $AGENT host$i: && ssh host$i "tar zxfp $AGENT &&

./epops-agent-1.0.0/ep-agent.sh start"; done

The agents register with the vRealize Operations Manager server and the agents run an autodiscovery scan to discover their host platform and supported managed products that are running on the platform.

Roles and Privileges in vRealize Operations Manager

vRealize Operations Manager provides several predened roles to assign privileges to users. You can also create your own roles.

You must have privileges to access specic features in the vRealize Operations Manager user interface. The roles associated with your user account determine the features you can access and the actions you can perform.

Each predened role includes a set of privileges for users to perform create, read, update, or delete actions on components such as dashboards, reports, administration, capacity, policies, problems, symptoms, alerts, user account management, and adapters.

Administrator

Includes privileges to all features, objects, and actions in vRealize Operations Manager.

ReadOnly

Users have read-only access and can perform read operations, but cannot perform write actions such as create, update, or delete.

PowerUser

Users have privileges to perform the actions of the Administrator role except for privileges to user management and cluster management. vRealize Operations Manager maps vCenter Server users to this role.

PowerUserMinusRemed iation

Users have privileges to perform the actions of the Administrator role except for privileges to user management, cluster management, and remediation actions.

ContentAdmin

Users can manage all content, including views, reports, dashboards, and custom groups in vRealize Operations Manager

GeneralUser-1 through GeneralUser-4

These predened template roles are initially dened as ReadOnly roles. vCenter Server administrators can congure these roles to create combinations of roles to give users multiple types of privileges. Roles are synchronized to vCenter Server once during registration.

AgentManager

74 VMware, Inc.

Users can deploy and congure Endpoint Operations Management agents.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Registering Agents on Clusters

You can streamline the process of registering agents on clusters by dening a DNS name for a cluster and conguring that cluster so that the metrics are shared sequentially in a loop.

You only need to register the agent on the DNS, not on the IP address of each individual machine in the cluster. If you do register the agent on each node in the cluster, it aects the scale of your environment.

When you have congured the cluster so that the received metrics are shared in a sequential loop, each time that the agent queries the DNS server for an IP address, the returned address is for one of the virtual machines in the cluster. The next time the agent queries the DNS, it sequentially supplies the IP address of the next virtual machine in the cluster, and so on. The clustered machines are set up in a loop conguration so that each machine receives metrics in turn, ensuring a balanced load.

After you congure the DNS, it is important to maintain it, ensuring that when machines are added or removed from the cluster, their IP address information is updated accordingly.

Manually Create Operating System Objects

The agent automatically discovers some of the objects to monitor. You can manually add other objects, such as les, scripts or processes, and specify the details so that the agent can monitor them.

The Monitor OS Object action only appears in the Actions menu of a object that can be a parent object.

Procedure

1 In the left pane of vRealize Operations Manager, select the agent adapter object that is to be the parent

under which you are creating an OS object.

2 Select Actions > Monitor OS Object.

A list of parent object context-sensitive objects appear in the menu.

3 Choose one of the following options.

Click an object type from the list to open the Monitor OS Object dialog for that object type.

The three most popularly selected object types appear in the list.

If the object type that you want to select is not in the list, click More to open the Monitor OS Object

dialog, and select the object type from the complete list of objects that are available for selection in the Object Type menu.

4 Specify a display name for the OS object.

5 Enter the appropriate values in the other text boxes.

The options in the menu are ltered according to the OS object type that you select.

Some text boxes might display default values, which you can overwrite if necessary. Note the following information about default values.

VMware, Inc. 75

vRealize Operations Manager vApp Deployment and Configuration Guide

Option Value

Process

Windows Service

Script Congure vRealize Operations Manager to periodically run a script that collects a system or

Supply the PTQL query in the form: Class.Attribute.operator=value.

For example, Pid.PidFile.eq=/var/run/sshd.pid.

Where:

Class is the name of the Sigar class without the Proc prex.

Attribute is an aribute of the given Class, index into an array or key in a Map class.

operator is one of the following (for String values):

eq Equal to value

ne Not Equal to value

ew Ends with value

sw Starts with value

ct Contains value (substring)

re Regular expression value matches

Delimit queries with a comma.

Monitor an application that runs as a service under Windows.

To congure it, you supply its Service Name in Windows.

To determine the Service Name:

1 Select Run from the Windows Start menu.

Type services.msc in the run dialog and click OK.

3 In the list of services displayed, right-click the service to monitor and choose Properties.

4 Locate the Service Name on the General tab.

application metric.

6 Click OK.

You cannot click OK until you enter values for all the mandatory text boxes.

The OS object appears under its parent object and monitoring begins.

C If you enter invalid details when you create an OS object, the object is created but the agent cannot discover it, and metrics are not collected.

Managing Objects with Missing Configuration Parameters

Sometimes when an object is discovered by vRealize Operations Manager for the rst time, the absence of values for some mandatory conguration parameters is detected. You can edit the object's parameters to supply the missing values.

If you select Custom Groups > Objects with Missing  (EP Ops) in the Environment Overview view of vRealize Operations Manager, you can see the list of all objects that have missing mandatory conguration parameters. In addition, objects with such missing parameters return an error in the Collection Status data.

If you select an object in the vRealize Operations Manager user interface that has missing conguration parameters, the red Missing Conguration State icon appears on the menu bar. When you point to the icon, details about the specic issue appear.

You can add the missing parameter values through the Action > Edit Object menu.

76 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Mapping Virtual Machines to Operating Systems

You can map your virtual machines to an operating system to provide additional information to assist you to determine the root cause of why an alert was triggered for a virtual machine.

vRealize Operations Manager monitors your ESXi hosts and the virtual machines located on them. When you deploy an Endpoint Operations Management agent, it discovers the virtual machines and the objects that are running on them. By correlating the virtual machines discovered by the Endpoint Operations Management agent with the operating systems monitored by vRealize Operations Manager you have more details to determine the exact cause of an alert being triggered.

Verify that you have the vCenter Adapter congured with the vCenter Server that manages the virtual machines. You also need to ensure that you have VMware Tools that are compatible with the vCenter Server installed on each of the virtual machines.

User Scenario

vRealize Operations Manager is running but you have not yet deployed the Endpoint Operations Management agent in your environment. You congured vRealize Operations Manager to send you alerts when CPU problems occur. You see an alert on your dashboard because insucient CPU capacity is available on one of your virtual machines that is running a Linux operating system. You deploy another two virtual CPUs but the alert remains. You struggle to determine what is causing the problem.

In the same situation, if you deployed the Endpoint Operations Management agent, you can see the objects on your virtual machines, and determine that an application-type object is using all available CPU capacity. When you add more CPU capacity, it also uses that. You disable the object and your CPU availability is no longer a problem.

Viewing Objects on Virtual Machines

After you deploy an Endpoint Operations Management agent on a virtual machine, the machine is mapped to the operating system and you can see the objects on that machine.

All the actions and the views that are available to other objects in your vRealize Operations Manager environment are also available for newly discovered server, service, and application objects, and for the deployed agent.

You can see the objects on a virtual machine in the inventory when you select the machine in the Environment > vSphere Hosts and Clusters view. You can see the objects and the deployed agent under the operating system.

When you select an object, the center pane of the user interface displays data relevant to that objects.

Endpoint Operations Management Agent Upgrade for vRealize Operations Manager 6.3

The Endpoint Operations Management agent for vRealize Operations Manager 6.3 is not backward compatible. vRealize Operations Manager 6.3 works only with the Endpoint Operations Management agent

6.3 and does not work with the previous versions. The Endpoint Operations Management agent 6.3 does not work with previous versions of vRealize Operations Manager.

Upgrade the Endpoint Operations Management agents in the following order:

1 Upgrade Endpoint Operations Management agents 6.2 and above to 6.3.

2 Upgrade vRealize Operations Manager 6.2 and above to vRealize Operations Manager 6.3.

VMware, Inc. 77

vRealize Operations Manager vApp Deployment and Configuration Guide

Follow this order to avoid errors during communication with the Endpoint Operations Management agent.

N You cannot upgrade Endpoint Operations Management agents from 6.1 to 6.3.

Installing Optional Solutions in vRealize Operations Manager

You can extend the monitoring capabilities of vRealize Operations Manager by installing optional solutions from VMware or third parties.

VMware solutions include adapters for Storage Devices, Log Insight, NSX for vSphere, Network Devices, and VCM. Third-party solutions include AWS, SCOM, EMC Smarts, and many others. To download software and documentation for optional solutions, visit the VMware Solution Exchange.

Solutions can include dashboards, reports, alerts and other content, and adapters. Adapters are how vRealize Operations Manager manages communication and integration with other products, applications, and functions. When a management pack is installed and the solution adapters are congured, you can use the vRealize Operations Manager analytics and alerting tools to manage the objects in your environment.

If you upgrade from an earlier version of vRealize Operations Manager, your management pack les are copied to the /usr/lib/vmware-vcops/user/plugins/.backup le in a folder with a date and time as the folder name. Before migrating your data to your new vRealize Operations Manager instance, you must congure the new adapters in the Administration > Solutions workspace. If you have customized the adapter, your adapter customizations are not included in the migration, and you must recongure them.

If you update a management pack in vRealize Operations Manager to a newer version, and you have customized the adapter, your adapter customizations are not included in the upgrade, and you must recongure them.

Managing Solution Credentials

Credentials are the user accounts that vRealize Operations Manager uses to enable one or more solutions and associated adapters, and to establish communication with the target data sources. The credentials are supplied when you congure each adapter. You use the credential option to add or modify the seings outside the adapter conguration process, accommodating changes to your environment.

If you are modifying existing credentials, for example, to accommodate changes based on your password policy, the adapters congured with these credentials begin using the new user name and password for communication between the vRealize Operations Manager and the target system.

Another use of credential management is to remove miscongured credentials. If you delete valid credentials that were in active use by an adapter, you disable the communication between the two systems.

If you need to change the congured credential to accommodate changes in your environment, you can edit seings, for example, name, user name and password, or pass code and key phrase, without being required to congure a new adapter instance for the target system. You can edit credential seings by clicking Administration and then clicking Credentials.

Any adapter credential you add are shared with other adapter administrators and vRealize Operations Manager collector hosts. Other administrators might use these credential to congure a new adapter instance or to move an adapter instance to a new host.

78 VMware, Inc.

Chapter 7 Connecting vRealize Operations Manager to Data Sources

Manage Credentials

To congure or recongure credentials that you use to enable an adapter instance, you must provide the collection conguration seings, for example, user name and password, that are valid on the target system. You can also modify the connection seings for an existing credential instance.

Where You Find Manage Credentials

In the left pane, click the Administration icon and click Credentials. Click the plus sign to add a new credential or the pencil to edit the selected credential.

Manage Credentials Options

The Manage Credentials dialog box is used to add new or modies existing adapter credentials. The dialog box varies depending on the type of adapter and whether you are adding or editing. The following options describe the basic options. Depending on the solution, the options other than the basic ones vary.

Table 7‑4. Manage Credential Add or Edit Options

Option Description

Adapter Type Adapter type for which you are conguring the credentials.

Credential Kind Credentials associated with the adapter. The combination

of adapter and credential type aects the additional conguration options.

Credential Name Descriptive name by which you are managing the

credentials.

User Name User account credentials that are used in the adapter

conguration to connect vRealize Operations Manager to the target system.

Password Password for the provided credentials.

Managing Collector Groups

vRealize Operations Manager uses collectors to manage adapter processes such as gathering metrics from objects. You can select a collector or a collector group when conguring an adapter instance.

If there are remote collectors in your environment, you can create a new collector group, and add remote collectors to the group. When you assign an adapter to a collector group, the adapter can use any collector in the group. Use collector groups to achieve adapter resiliency in cases where the collector experiences network interruption or becomes unavailable. If this occurs, and the collector is part of a group, the total workload is redistributed among all the collectors in the group, reducing the workload on each collector.

Migrate a vCenter Operations Manager Deployment into this Version

By importing data, an established or production version of vRealize Operations Manager can assume the monitoring of a vCenter Operations Manager deployment.

You cannot migrate vCenter Operations Manager directly to this version of vRealize Operations Manager. Instead, you follow a two-step process:

1 Migrate and import vCenter Operations Manager 5.8.x into vRealize Operations Manager 6.0.x as

described in the version 6.0.x documentation.

VMware, Inc. 79

vRealize Operations Manager vApp Deployment and Configuration Guide

2 Use the vRealize Operations Manager Software Update option to update vRealize Operations Manager

6.0.x to this version.

N Make sure your vCenter Operations Manager 5.8.x and vRealize Operations Manager 6.0.x instances are on the same physical network. Otherwise the data import may not work.

80 VMware, Inc.

vRealize Operations Manager Post-

Installation Considerations 8

After you install vRealize Operations Manager, there are post-installation tasks that might need your

aention.

This chapter includes the following topics:

“About Logging In to vRealize Operations Manager,” on page 81

“Secure the vRealize Operations Manager Console,” on page 82

“Log in to a Remote vRealize Operations Manager Console Session,” on page 82

“The Customer Experience Improvement Program,” on page 83

About Logging In to vRealize Operations Manager

Logging in to vRealize Operations Manager requires that you point a Web browser to the fully qualied domain name (FQDN) or IP address of a node in the vRealize Operations Manager cluster.

When you log in to vRealize Operations Manager, there are a few things to keep in mind.

After initial conguration, the product interface URL is:

hps://node-FQDN-or-IP-address

Before initial conguration, the product URL opens the administration interface instead.

After initial conguration, the administration interface URL is:

hps://node-FQDN-or-IP-address/admin

The administrator account name is admin. The account name cannot be changed.

The admin account is dierent from the root account used to log in to the console, and does not need to

have the same password.

When logged in to the administration interface, avoid taking the node that you are logged into oine

and shuing it down. Otherwise, the interface closes.

The number of simultaneous login sessions before a performance decrease depends on factors such as

the number of nodes in the analytics cluster, the size of those nodes, and the load that each user session expects to put on the system. Heavy users might engage in signicant administrative activity, multiple simultaneous dashboards, cluster management tasks, and so on. Light users are more common and often require only one or two dashboards.

The sizing spreadsheet for your version of vRealize Operations Manager contains further detail about simultaneous login support. See Knowledge Base article 2093783.

You cannot log in to a vRealize Operations Manager interface with user accounts that are internal to

vRealize Operations Manager, such as the maintenanceAdmin account.

VMware, Inc.

vRealize Operations Manager vApp Deployment and Configuration Guide

You cannot open the product interface from a remote collector node, but you can open the

administration interface.

For supported Web browsers, see the vRealize Operations Manager Release Notes for your version.

Secure the vRealize Operations Manager Console

After you install vRealize Operations Manager, you secure the console of each node in the cluster by logging in for the rst time.

Procedure

1 Locate the node console in vCenter or by direct access. In vCenter, use Alt+F1 to access the login

prompt.

For security, vRealize Operations Manager remote terminal sessions are disabled by default.

2 Log in as root.

vRealize Operations Manager prevents you from accessing the command prompt until you create a root password.

3 When prompted for a password, press Enter.

4 When prompted for the old password, press Enter.

5 When prompted for the new password, enter the root password that you want, and note it for future

reference.

6 Re-enter the root password.

7 Log out of the console.

As part of managing or maintaining the nodes in your vRealize Operations Manager cluster, you might need to log in to a vRealize Operations Manager node through a remote console.

For security, remote login is disabled in vRealize Operations Manager by default. To enable remote login, take the following steps.

Procedure

1 Locate the node console in vCenter or by direct access. In vCenter, use Alt+F1 to access the login

prompt.

2 Log in as root. If this is the rst time logging in, you must set a root password.

a When prompted for a password, press Enter.

b When prompted for the old password, press Enter.

c When prompted for the new password, enter the root password that you want, and note it for

future reference.

d Re-enter the root password.

3 To enable remote login, enter the following command:

service sshd start

82 VMware, Inc.

Chapter 8 vRealize Operations Manager Post-Installation Considerations

The Customer Experience Improvement Program

This product participates in VMware's Customer Experience Improvement Program (CEIP). The CEIP provides VMware with information that enables VMware to improve its products and services, to x problems, and to advise you on how best to deploy and use our products. You can choose to join or leave the CEIP for vRealize Operations Manager at any time.

Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set forth at the Trust & Assurance Center at hp://www.vmware.com/trustvmware/ceip.html .

Join or Leave the Customer Experience Improvement Program for vRealize Operations Manager

You can join or leave the Customer Experience Improvement Program (CEIP) for vRealize Operations Manager at any time.

vRealize Operations Manager gives you the opportunity to join the Customer Experience Improvement Program (CEIP) when you initially install and congure the product. After installation, you can join or leave the CEIP by following these steps.

Procedure

1 In vRealize Operations Manager, click Administration.

2 Select Global .

3 From the toolbar, click the Edit icon.

4 Select or clear the Customer Experience Improvement Program option.

When selected, the option activates the Program and sends data to hps://vmware.com.

5 Click OK.

VMware, Inc. 83

vRealize Operations Manager vApp Deployment and Configuration Guide

84 VMware, Inc.

Updating Your Software 9

You can update your existing vRealize Operations Manager deployments to a newly released version.

When you perform a software update, you need to make sure you use the correct PAK le for your cluster. A good practice is to take a snapshot of the cluster before you update the software, but you must remember to delete the snapshot once the update is complete.

If you have customized the content that vRealize Operations Manager provides such as alerts, symptoms, recommendations, and policies, and you want to install content updates, clone the content before performing the update. In this way, you can select the option to reset out-of-the-box content when you install the software update, and the update can provide new content without overwriting customized content.

This chapter includes the following topics:

“Obtain the Software Update PAK File,” on page 85

“Create a Snapshot as Part of an Update,” on page 86

“Install a Software Update,” on page 86

Obtain the Software Update PAK File

Each type of cluster update requires a specic PAK le. Make sure you are using the correct one.

Download the Correct PAK files

To update your vRealize Operations Manager environment, you need to download the right PAK le for the clusters you wish to upgrade. Notice that only the Virtual Appliance clusters use an OS Update PAK le. Host name entries in the /etc/hosts of each node might be reset when applying the OS update PAK le for an update from vRealize Operations 6.0.x to version 6.1. You can manually update the hosts le after completing the software update.

Table 9‑1. Specific PAK Files for Different Cluster Types

Cluster Type OS Update Product Update

Virtual Appliance clusters.

Use both the OS and the product update PAK les.

Virtual Appliance heterogeneous clusters.

Use both the OS and the product update PAK les.

RHEL standalone clusters.

VMware, Inc. 85

vRealize_Operations_ManagerVA-OS-xxx.pak

vRealize_Operations_Manager-VA-

xxx.pak

vRealize_Operations_Manager-VA-

WIN-xxx.pak

vRealize_Operations_Manager-

RHEL-xxx.pak

vRealize Operations Manager vApp Deployment and Configuration Guide

Table 9‑1. Specific PAK Files for Different Cluster Types (Continued)

Cluster Type OS Update Product Update

RHEL heterogeneous clusters.

Use this le if you have a heterogeneous cluster that has RHEL nodes and Windows Remote Collectors.

Windows clusters

Create a Snapshot as Part of an Update

It's a good practice to create a snapshot of each node in a cluster before you update a vRealize Operations Manager cluster. Once the update is complete, you must delete the snapshot to avoid performance degradation.

For more information about snapshots, see the vSphere Virtual Machine Administration documentation.

Procedure

1 Log into the vRealize Operations Manager Administrator interface at https://<master-node-FQDN-or-

IP-address>/admin.

vRealize_Operations_Manager-

RHEL-WIN-xxx.pak

vRealize_Operations_Manager-

WIN-xxx.pak

2 Select a node in the cluster.

3 Click Take .

Repeat for each node.

4 When all nodes are oine, open the vSphere client.

5 Right-click a vRealize Operations Manager virtual machine.

6 Click Snapshot and then click Take Snapshot.

a Name the snapshot. Use a meaningful name such as "Pre-Update."

b Uncheck the Snapshot the Virtual Machine Memory check box.

c Uncheck the Ensure Quiesce Guest File System (Needs VMware Tools installed) check box.

d Click OK.

7 Repeat these steps for each node in the cluster.

What to do next

Start the update process as described in “Install a Software Update,” on page 86.

Install a Software Update

If you have already installed vRealize Operations Manager, you can update your software when a newer version becomes available.

N Installation might take several minutes or even a couple hours depending on the size and type of your clusters and nodes.

Prerequisites

Create a snapshot of each node in your cluster. For information about how to perform this task, see the

vRealize Operations Manager Information Center.

86 VMware, Inc.

Chapter 9 Updating Your Software

Obtain the PAK le for your cluster. For information about which le to use, see the

vRealize Operations Manager Information Center.

Before you install the PAK le, or upgrade your vRealize Operations Manager instance, clone any

customized content to preserve it. Customized content can include alert denitions, symptom denitions, recommendations, and views. Then, during the software update, you select the options

named Install the PAK  even if it is already installed and Reset out-of-the-box content.

The version 6.2.1 vRealize Operations Manager update operation has a validation process that identies

issues before you start to update your software. Although it is good practice to run the pre-update check and resolve any issues found, users who have environmental constraints can disable this validation check.

To disable the pre-update validation check, perform the following steps:

Edit the update le

to/storage/db/pakRepoLocal/bypass_prechecks_vRealizeOperationsManagerEnterprise-

buildnumberofupdate.json.

Change the value to TRUE and run the update.

N If you disable the validation, you might encounter blocking failures during the update itself.

Procedure

1 Log into the master node vRealize Operations Manager Administrator interface of your cluster at

https://master-node-FQDN-or-IP-address/admin.

2 Click Software Update in the left panel.

3 Click Install a Software Update in the main panel.

4 Follow the steps in the wizard to locate and install your PAK le.

a If you are updating a Virtual Appliance deployment, perform the OS update.

This updates the OS on the virtual appliance and restarts each virtual machine.

b Install the product update PAK le.

Wait for the software update to complete. When it does, the Administrator interface logs you out.

5 Log back into the master node Administrator interface.

The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online buon, but do not click it.

6 If the browser page does not refresh automatically, refresh the page.

The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.

N If a cluster fails and the status changes to oine during the installation process of a PAK le update then some nodes become unavailable. To x this, you can access the Administrator interface and manually take the cluster oine and click Finish Installation to continue the installation process.

7 Click Software Update to check that the update is done.

A message indicating that the update completed successfully appears in the main pane.

VMware, Inc. 87

vRealize Operations Manager vApp Deployment and Configuration Guide

What to do next

Delete the snapshots you made before the software update.

N Multiple snapshots can degrade performance, so delete your pre-update snapshots after the software update completes.

88 VMware, Inc.

Index

actions, user access 38 adapter, credentials 79 adapters

collector group 79 credentials 78

vCenter Server 37 adding, disk 16 agent

client certificate 66

installation and deployment 39

run launcher from Linux command line 68

run launcher from Windows command line 68 agent properties

activate communication properties 48

agent.keystore.alias 55

agent.listenPort 56

agent.setup.camSecure property 59

agent.setup.resetupToken 59

configure 47

configure for agent initiated communication 49

configure for server initiated

communication 49 for multiple agents 71, 72 sigar.mirror.procnet 66 sigar.pdh.enableTranslation 66 silent installation 49

agents

agent.properties file 51, 52 client certificate 66 install multiple simultaneously 71 install silently on Windows platform 44 install on Linux platform 40, 42 install on Windows platform 43 launching from a command line 67 override properties 51 properties 51, 52 register 66 registering on clusters 75 reinstall 69 reinstalling 71 silent installation 52 uninstall 69 uninstalling 70, 71

best practices, cluster nodes 13

certificates

content samples 17 custom 16 requirements 16

verifying 19 cloning virtual machines, manage agents 69 cluster

best practices 13

general requirements 12

networking requirements 13 cluster, size 15 clusters, registering the agent 75

collector groups, adapter instances 79 communication, SSL 67 communication properties, activate 48 communications

CA certificate 67

secure 67

thumbprint 67 configuration

missing parameters for objects 76

of agent using config dialog 50 connect, data sources 35

console, password 82 console, remote 82 credentials, adapter 78, 79 custom certificates 16 customer experience improvement program

joining 83

leaving 83

data node, creating 25 data sources, connect 35 data collector, joining 83 disk, adding 16

End Point Operations Management 39 Endpoint Operations Manager agent, installation

and deployment 39 endpoint operations agent upgrade 6.3 77 EP Ops agent, installation and deployment 39

VMware, Inc. 89

vRealize Operations Manager vApp Deployment and Configuration Guide

glossary 5

HA 27, 28 high availability 27, 28

initial setup 33 install agent, Java prerequisites 45

installation

agent 40 agent installer 40 configure agent in properties file 47 new 33 new deployment 33 of agent from archive 42, 43 of agent from RPM 40 of agent using Windows installer 43, 44 post-installation 81 preparing for 7, 9

VA 8 intended audience 5 IPv6 14

Java prerequisites for agent 45 JREs, configure locations 46

keystore, configure 50

Linux platform, install agent 40, 42 log in 81 loopback addresslocalhost 47

management pack 78 mapping, virtual machines to operating

systems 77

master node, creating 23 migration 79 moving virtual machines between vCenter

Servers 69

multiple agents

create standard properties file 72

install individually 73

install simultaneously 71, 73

new deployment, installation 33 new installation 33

node

data 11, 25 master 11, 23 overview 11 remote collector 11, 31 replica 11, 28 virtual appliance 19

nodes

best practices 13 general requirements 12 networking requirements 13 replica 27

objects

create OS objects 75

missing configuration parameters 76 override agent properties 51 OVF 19

parameters, missing for objects 76 password, console 82 platforms

Linux 40, 42

Windows 43, 44 post-installation 81 preinstallation 7 prerequisites

Java for agent 45

Realize Operations Manager installation 39 privileges 74 properties

agent.keystore.password 55

agent.keystore.path 55

agent.logDir 56

agent.logFile 56

agent.logLevel 56

agent.logLevel.SystemErr 56

agent.logLevel.SystemOut 57

agent.proxyHost 57

agent.proxyPort 57

agent.setup.acceptUnverifiedCertificate 57

agent.setup.camIP 57

agent.setup.camLogin 58

agent.setup.camPort 58

agent.setup.camPword 58

agent.setup.camSSLPort 59

agent.setup.unidirectional 59

agent.startupTimeOut 59

autoinventory.defaultScan.interval.millis 60

autoinventory.runtimeScan.interval.millis 60

configure agent 47

90 VMware, Inc.

Index

encrypt values 52 http.useragent 60 log4j 60 platform.log_track.eventfmt 61 plugins.exclude 62 plugins.include 62 postgresql.database.name.format 63 postgresql.index.name.format 63 postgresql.server.name.format 63 postgresql.table.name.format 64 scheduleThread.cancelTimeout 65 scheduleThread.fetchLogTimeout 65 scheduleThread.poolsize 65 scheduleThread.queuesize 65 snmpTrapReceiver.listenAddress 66

Realize Operations Manager, agent

prerequisites 39 reinstalling agents 71 remote collector node, creating 31 remote console 82 remote collector node 31 replica node, creating 28

requirements

certificates 16 cluster nodes 12, 13

roles 74

VA installation 8 vCenter Server

solution 35

solutions 37 vCenter adapter, add instance 37 vCenter Server actions, user access 38 verifying, certificates 19

virtual appliance 19 virtual machine, cloning 69

virtual machines, mapping to operating

systems 77

vMotion, delete virtual machine in vRealize

Operations Manager 69 vRealize Operations Manager, installation 39 vSphere, solution 35

Windows platform

install agent 43 install agent silently 44

samples, certificate contents 17 size, cluster 15 software update 86 solution, vCenter Server 35

solution adapter, credentials 79 solution adapters, credentials 78 solutions, vCenter Server 37 SSL, configuring 67 supported configurations, Hyperic 39 system requirements, Hyperic 39

uninstalling agents 70, 71 update software 86 upgrade 79, 85 upgradeupgrade 85 user access

actions 38 vCenter Server actions 38

VMware, Inc. 91

vRealize Operations Manager vApp Deployment and Configuration Guide

92 VMware, Inc.

VMware vRealize Operations Manager - 6.3 Deployment and Conﬁguration Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

About vApp Deployment and Configuration

Complexity of Your Environment

Create a Node by Deploying an OVF

Run the Setup Wizard to Create the Master Node

Run the Setup Wizard to Add a Data Node

Run the Setup Wizard to Add a Master Replica Node

Run the Setup Wizard to Create a Remote Collector Node

Log In and Continue with a New Installation

Configure User Access for Actions

Endpoint Operations Management Agent Installation and Deployment

Prepare to Install the Endpoint Operations Management Agent

Supported Operating Systems for the Endpoint Operations Management Agent

Selecting an Agent Installer Package

Install the Agent on a Linux Platform from an RPM Package

Install the Agent on a Linux Platform from an Archive

Install the Agent on a Windows Platform from an Archive

Install the Agent on a Windows Platform Using the Windows Installer

Installing an Endpoint Operations Management Agent Silently on a Windows Machine

Java Prerequisites for the Endpoint Operations Management Agent

Configuring JRE Locations for Endpoint Operations Management Components

System Prerequisites for the Endpoint Operations Management Agent

Configure the Endpoint Operations Management Agent to vRealize Operations Manager Server Communication Properties

Activate Endpoint Operations Management Agent to vRealize Operations Manager Server Setup Properties

Specify the Endpoint Operations Management Agent Setup Properties

Configure an Endpoint Operations Management Agent Keystore

Configure the Endpoint Operations Management Agent by Using the Configuration Dialog

Overriding Agent Configuration Properties

Endpoint Operations Management Agent Properties

Encrypt Endpoint Operations Management Agent Property Values

Adding Properties to the agent.properties File

agent.keystore.alias Property

agent.keystore.password Property

agent.keystore.path Property

agent.listenPort Property

agent.logDir Property

agent.logFile Property

agent.logLevel Property

agent.logLevel.SystemErr Property

agent.logLevel.SystemOut Property

agent.proxyHost Property

agent.proxyPort Property

agent.setup.acceptUnverifiedCertificate Property

agent.setup.camIP Property

agent.setup.camLogin Property

agent.setup.camPort Property

agent.setup.camPword Property

agent.setup.camSecure

agent.setup.camSSLPort Property

agent.setup.resetupToken Property

agent.setup.unidirectional Property

agent.startupTimeOut Property

autoinventory.defaultScan.interval.millis Property

autoinventory.runtimeScan.interval.millis Property

http.useragent Property

log4j Properties

platform.log_track.eventfmt Property

plugins.exclude Property

plugins.include Property

postgresql.database.name.format Property

postgresql.index.name.format Property

postgresql.server.name.format Property

postgresql.table.name.format Property

scheduleThread.cancelTimeout Property

scheduleThread.fetchLogTimeout Property

scheduleThread.poolsize Property

scheduleThread.queuesize Property

sigar.mirror.procnet Property

sigar.pdh.enableTranslation Property

snmpTrapReceiver.listenAddress Property

Managing Agent Registration on vRealize Operations Manager Servers

Regenerate an Agent Client Certificate

Securing Communications with the Server

Launching Agents from a Command Line

Run the Agent Launcher from a Linux Command Line

Run the Agent Launcher from a Windows Command Line