VMware vRealize Operations Manager - 6.7 User Manual

vRealize Operations Manager Conﬁguration Guide

vRealize Operations Manager 6.7

vRealize Operations Manager Configuration Guide

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

If you have comments about this documentation, submit your feedback to

docfeedback@vmware.com

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

VMware, Inc. 2

About Configuration 7

Connecting vRealize Operations Manager to Data Sources 8

VMware vSphere Solution in vRealize Operations Manager 8

Configure a vCenter Adapter Instance in vRealize Operations Manager 10 Configure User Access for Actions 11

End Point Operations Management Solution in vRealize Operations Manager 12

End Point Operations Management Agent Installation and Deployment 12 Roles and Privileges in vRealize Operations Manager 56 Registering Agents on Clusters 56 Manually Create Operating System Objects 57 Managing Objects with Missing Configuration Parameters 58 Mapping Virtual Machines to Operating Systems 59 Customizing How End Point Operations Management Monitors Operating Systems 60

VMware vRealize Application Management Pack 71

View the Configuration Details 71

Log Insight 72

Log Insight Page 72 Logs Tab 73 Configuring vRealize Log Insight with vRealize Operations Manager 73 Log Forwarding 75

Business Management 76

Configure the vRealize Business for Cloud Adapter 76 Cost Settings for Financial Accounting Model 77 Overview of Cost Drivers 79 Editing Cost Drivers 80 Cost Calculation Status Overview 85 Cluster Cost Overview 85

vRealize Automation Solution 85

Supported vRealize Automation Versions 86 Object Types and Relationships 86 vRealize Automation Workload Placement 87 Port Information 87 Security Guidelines 88 Configuring vRealize Automation 88 Alert Definitions 92

vSAN 92

Configure a vSAN Adapter Instance 92

VMware, Inc.

vRealize Operations Manager Configuration Guide

Verify that the Adapter Instance is Connected and Collecting Data 94

Installing Optional Solutions in vRealize Operations Manager 96

Managing Solution Credentials 96 Managing Collector Groups 97

Configuring Alerts and Actions 98

Types of Alerts 98 Configuring Alerts 98

Defining Alerts in vRealize Operations Manager 98 Defining Symptoms for Alerts 99 Defining Recommendations for Alert Definitions 103 Create a New Alert Definition 104 Alert Definition Best Practices 105 Creating and Managing vRealize Operations Manager Alert Notifications 106 Create an Alert Definition for Department Objects 118 Alerts Group 129

Configuring Actions 130

List of vRealize Operations Manager Actions 131 Actions Supported for Automation 132 Integration of Actions with vRealize Automation 134 Working With Actions That Use Power Off Allowed 135

Configuring and Using Workload Optimization 139

Configuring Workload Optimization 139

Workload Policy Settings 141 Tag-Based VM Placement 142 Configuring Workload Optimization Alerts 144

Using Workload Optimization 144

Example: Run Workload Optimization 145 Example: Schedule a Repeating Optimization Action 147 Example: Run Workload Optimization from Recommended Actions 148

Configuring Policies 150

Policies 150

Policy Decisions and Objectives 152 Active Policies Tab for Policies 153

Policy Library Tab for Policies 156 Operational Policies 158 Types of Policies 159

Custom Policies 159

Default Policy in vRealize Operations Manager 161

Policies Provided with vRealize Operations Manager 161

VMware, Inc. 4

vRealize Operations Manager Configuration Guide

Using the Monitoring Policy Workspace to Create and Modify Operational Policies 163

Policy Workspace in vRealize Operations Manager 164

Configuring Super Metrics 181

Create a Super Metric 182 Enhancing Your Super Metrics 184 Exporting and Importing a Super Metric 185

Configuring Objects 187

Object Discovery 187

About Objects 188

Managing Objects in Your Environment 190

Managing Custom Object Groups in VMware vRealize Operations Manager 196

Managing Application Groups 200

Configuring Data Display 202

Widgets 202

Widget Interactions 203

Manage Metric Configuration 203

Add a Resource Interaction XML File 204

Widget Definitions List 205 Dashboards 208

Types Of Dashboards 208

Create and Configure Dashboards 229

Managing Dashboards 232 Views 234

Views Overview 235

Views and Reports Ownership 236

Create and Configure a View 236

Editing, Cloning, and Deleting a View 248

User Scenario: Create, Run, Export, and Import a vRealize Operations Manager View for

Tracking Virtual Machines 249

Reports 251

Report Templates Tab 252

Generated Reports Tab 252

Create and Modify a Report Template 253

Add a Network Share Plug-In for vRealize Operations Manager Reports 256

User Scenario: Handling Reports to Monitor Virtual Machines 257

Configuring Application Monitoring with Wavefront 262

Configure Wavefront Account Tab 263

Configure the Wavefront Account 263

VMware, Inc. 5

vRealize Operations Manager Configuration Guide

Create a Wavefront Trial Account 263 Deploy VMware Application Proxy 264 Configure VMware Application Proxy Tab 266

Add and Configure an Application Proxy 267 Agent Management Tab 268

Install an Agent 270

Manage Application Services 271

Activate and Deactivate an Application Service 272

Uninstall an Agent 272 Monitor Metrics in Wavefront 273

Configuring Administration Settings 274

Managing Users and Access Control in vRealize Operations Manager 274

Users of vRealize Operations Manager 275

Roles and Privileges in vRealize Operations Manager 279

User Scenario: Manage User Access Control 280

Configure a Single Sign-On Source in vRealize Operations Manager 283

Audit Users and the Environment in vRealize Operations Manager 286 vRealize Operations Manager Passwords and Certificates 287

Change the vRealize Operations Manager Administrator Password 287

Generate a vRealize Operations Manager Passphrase 288

Custom vRealize Operations Manager Certificates 288 Modifying Global Settings 292

List of Global Settings 292

Global Settings 295 Create a vRealize Operations Manager Support Bundle 296 Customizing Icons 296

Customize an Object Type Icon 297

Customize an Adapter Type Icon 297

OPS-CLI Command-Line Tool 299

dashboard Command Operations 300 template Command Operations 301 supermetric Command Operations 302 attribute Command Operations 303 reskind Command Operations for Object Types 303 report Command Operations 303 view Command Operations 303 file Command Operations 304

VMware, Inc. 6

About Conﬁguration

The VMware vRealize Operations Manager Configuration Guide describes how to configure and monitor your environment. It shows you how to connect vRealize Operations Manager to external data sources and analyze the data collected from them, ensure that users and their supporting infrastructure are in place, configure resources to determine the behavior of your objects, and format the content that appears in vRealize Operations Manager.

To help you maintain and expand your vRealize Operations Manager installation, this information describes how to manage nodes and clusters, configure NTP, view log files, create support bundles, and add a maintenance schedule. It provides information about license keys and groups, and shows you how to generate a passphrase, review the certificates used for authentication, run the describe process, and perform advanced maintenance functions.

Intended Audience

This information is intended for vRealize Operations Manager administrators, virtual infrastructure administrators, and operations engineers who install, configure, monitor, manage, and maintain the objects in your environment.

For users who want to configure vRealize Operations Manager programmatically, the VMware vRealize Operations Manager REST API documentation is available in HTML format and is installed with your vRealize Operations Manager instance. For example, if the URL of your instance is

https://vrealize.example.com, the API reference is available from https://vrealize.example.com/suite-api/docs/rest/index.html.

VMware Technical Publications Glossary

VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For definitions of terms as they are used in VMware technical documentation, go to

http://www.vmware.com/support/pubs.

VMware, Inc.

Connecting vRealize Operations Manager to

Data Sources 1

Configure solutions in vRealize Operations Manager to connect to and analyze data from external data sources in your environment. Once connected, you use vRealize Operations Manager to monitor and manage objects in your environment.

A solution might be only a connection to a data source, or it might include predefined dashboards, widgets, alerts, and views.

vRealize Operations Manager includes the VMware vSphere and End Point Operations Management solutions. These solutions are installed when you install vRealize Operations Manager.

Other solutions can be added to vRealize Operations Manager as management packs, such as the VMware Management Pack for NSX for vSphere. To download VMware management packs and other third-party solutions, visit the VMware Solution Exchange at https://marketplace.vmware.com/vsx/.

This chapter includes the following topics:

VMware vSphere Solution in vRealize Operations Manager

End Point Operations Management Solution in vRealize Operations Manager

VMware vRealize Application Management Pack

Log Insight

Business Management

vRealize Automation Solution

vSAN

Installing Optional Solutions in vRealize Operations Manager

VMware vSphere Solution in vRealize Operations Manager

The VMware vSphere solution connects vRealize Operations Manager to one or more vCenter Server instances. You collect data and metrics from those instances, monitor them, and run actions in them.

vRealize Operations Manager evaluates the data in your environment, identifying trends in object behavior, calculating possible problems and future capacity for objects in your system based on those trends, and alerting you when an object exhibits defined symptoms.

VMware, Inc.

Configure and manage

vCenter adapter instances in

one central workplace

Configure user access so that

users can run actions on objects

in vCenter Server from vRealize

Operations Manager

Enable/disable actions

Update the default monitoring policy

Add vCenter adapter instances

Configure the vSphere Solution to

connect vRealize Operations Manager

to one or more vCenter instances

To begin, access Administration > Solutions

Create roles with permissions to determine who can access actions

Create user groups, and assign them action-specific roles and access to adapter instances

vRealize Operations Manager Configuration Guide

Conﬁguring the vSphere Solution

The vSphere solution is installed together with vRealize Operations Manager. The solution provides the vCenter Server adapter which you must configure to connect vRealize Operations Manager to your vCenter Server instances.

How Adapter Credentials Work

The vCenter Server credentials that you use to connect vRealize Operations Manager to a vCenter Server instance, determines what objects vRealize Operations Manager monitors. Understand how these adapter credentials and user privileges interact to ensure that you configure adapters and users correctly, and to avoid some of the following issues.

If you configure the adapter to connect to a vCenter Server instance with credentials that have permission to access only one of your three hosts, every user who logs in to vRealize Operations Manager sees only the one host, even when an individual user has privileges on all three of the hosts in the vCenter Server.

If the provided credentials have limited access to objects in the vCenter Server, even vRealize Operations Manager administrative users can run actions only on the objects for which the vCenter Server credentials have permission.

If the provided credentials have access to all the objects in the vCenter Server, any vRealize Operations Manager user who runs actions is using this account.

VMware, Inc. 9

vRealize Operations Manager Configuration Guide

Controlling User Access to Actions

Use the vCenter Server adapter to run actions on the vCenter Server from vRealize Operations Manager. If you choose to run actions, you must control user access to the objects in your vCenter Server environment. You control user access for local users based on how you configure user privileges in vRealize Operations Manager. If users log in using their vCenter Server account, then the way their account is configured in vCenter Server determines their privileges.

For example, you might have a vCenter Server user with a read-only role in vCenter Server. If you give this user the vRealize Operations Manager Power User role in vCenter Server rather than a more restrictive role, the user can run actions on objects because the adapter is configured with credentials that has privileges to change objects. To avoid this type of unexpected result, configure local vRealize Operations Manager users and vCenter Server users with the privileges you want them to have in your environment.

Conﬁgure a vCenter Adapter Instance in vRealize Operations Manager

To manage your vCenter Server instances in vRealize Operations Manager, you must configure an adapter instance for each vCenter Server instance. The adapter requires the credentials that are used for communication with the target vCenter Server.

Caution Any adapter credentials you add are shared with other adapter administrators and

vRealize Operations Manager collector hosts. Other administrators might use these credentials to configure a new adapter instance or to move an adapter instance to a new host.

Prerequisites

Verify that you know the vCenter Server credentials that have sufficient privileges to connect and collect data. If the provided credentials have limited access to objects in vCenter Server, all users, regardless of their vCenter Server privileges see only the objects that the provided credentials can access. At a minimum, the user account must have Read privileges and the Read privileges must be assigned at the data center or vCenter Server level.

Procedure

1 On the menu, click Administration and in the left pane click Solutions.

2 On the Solutions page, select VMware vSphere and click the Configure icon.

3 Enter a display name and description for the adapter instance.

4 In the vCenter Server text box, enter the FQDN or IP address of the vCenter Server instance to

which you are connecting.

The vCenter Server FQDN or IP address must be reachable from all nodes in the vRealize Operations Manager cluster.

VMware, Inc. 10

vRealize Operations Manager Configuration Guide

5 To add credentials for the vCenter Server instance, click the Add icon, and enter the required

credentials.

6 The adapter is configured to run actions on objects in the vCenter Server from

vRealize Operations Manager. If you do not want to run actions, select Disable.

The credentials provided for the vCenter Server instance are also used to run actions. If you do not want to use these credentials, you can provide alternative credentials by expanding Alternate Action

Credentials, and clicking the Add icon.

7 Click Test Connection to validate the connection with your vCenter Server instance.

8 In the Review and Accept Certificate dialog box, review the certificate information.

If the certificate presented in the dialog box matches the certificate for your target vCenter Server, click OK.

If you do not recognize the certificate as valid, click Cancel. The test fails and the connection to vCenter Server is not completed. You must provide a valid vCenter Server URL or verify the certificate on the vCenter Server is valid before completing the adapter configuration.

9 To modify the advanced options regarding collectors, object discovery, or change events, expand the

Advanced Settings.

For information about these advanced settings, search for the VMware vSphere Solution Workspace Options in the Information Center.

10 To adjust the default monitoring policy that vRealize Operations Manager uses to analyze and display

information about the objects in your environment, click Define Monitoring Goals.

For information about monitoring goals, search for the VMware vSphere Solution Workspace Options in the Information Center.

11 Click Save Settings.

The adapter instance is added to the list.

vRealize Operations Manager begins collecting data from the vCenter Server instance. Depending on the number of managed objects, the initial collection can take more than one collection cycle. A standard collection cycle begins every five minutes.

What to do next

If you configured the adapter to run actions, configure user access for the actions by creating action roles and user groups.

Conﬁgure User Access for Actions

To ensure that users can run actions in vRealize Operations Manager, you must configure user access to the actions.

You use role permissions to control who can run actions. You can create multiple roles. Each role can give users permissions to run different subsets of actions. Users who hold the Administrator role or the default super user role already have the required permissions to run actions.

VMware, Inc. 11

vRealize Operations Manager Configuration Guide

You can create user groups to add action-specific roles to a group rather than configuring individual user privileges.

Procedure

1 On the menu, click Administration and in the left pane click Access > Access Control.

2 To create a role:

a Click the Roles tab.

b Click the Add icon, and enter a name and description for the role.

3 To apply permissions to the role, select the role, and in the Permissions pane, click the Edit icon.

a Expand Environment, and then expand Action.

b Select one or more of the actions, and click Update.

4 To create a user group:

a Click the User Groups tab, and click the Add icon.

b Enter a name for the group and a description, and click Next.

c Assign users to the group, and click the Objects tab.

d Select a role that has been created with permissions to run actions, and select the Assign this

role to the user check box.

e Configure the object privileges by selecting each adapter instance to which the group needs

access to run actions.

f Click Finish.

What to do next

Test the users that you assigned to the group. Log out, and log back in as one of the users. Verify that this user can run the expected actions on the selected adapter.

End Point Operations Management Solution in vRealize Operations Manager

You configure End Point Operations Management to gather operating system metrics and to monitor availability of remote platforms and applications. This solution is installed with vRealize Operations Manager.

End Point Operations Management Agent Installation and Deployment

Use the information in these links to help you to install and deploy End Point Operations Management agents in your environment.

VMware, Inc. 12

vRealize Operations Manager Configuration Guide

Prepare to Install the End Point Operations Management Agent

Before you can install the End Point Operations Management agent, you must perform preparatory tasks.

Prerequisites

To configure the agent to use a keystore that you manage yourself for SSL communication, set up a JKS-format keystore for the agent on its host and import its SSL certificate. Make a note of the full path to the keystore, and its password. You must specify this data in the agent's agent.properties file.

Verify that the agent keystore password and the private key password are identical.

Define the agent HQ_JAVA_HOME location.

vRealize Operations Manager platform-specific installers include JRE 1.8.x . Depending on your environment and the installer you use, you may need to define the location of the JRE to ensure that the agent can find the JRE to use. See Configuring JRE Locations for End Point Operations

Management Components.

Supported Operating Systems for the End Point Operations Management Agent

These tables describe the supported operating systems for End Point Operations Management agent deployments.

These configurations are supported for the agent in both development and production environments.

Table 1‑1. Supported Operating Systems for the End Point Operations Management Agent

Operating System Processor Architecture JVM

RedHat Enterprise Linux (RHEL) 5.x, 6.x,

7.x

CentOS 5.x, 6.x, 7.x x86_64, x86_32 Oracle Java SE8

SUSE Enterprise Linux (SLES) 11.x, 12.x x86_64 Oracle Java SE8

Windows 2008 Server, 2008 Server R2 x86_64, x86_32 Oracle Java SE8

Windows 2012 Server, 2012 Server R2 x86_64 Oracle Java SE8

Windows Server 2016 x86_64 Oracle Java SE8

Solaris 10, 11 x86_64, SPARC Oracle Java SE7

AIX 6.1, 7.1 Power PC IBM Java SE7

VMware Photon Linux 1. 0 x86_64 Open JDK 1.8.0_72-BLFS

x86_64, x86_32 Oracle Java SE8

Oracle Linux versions 5, 6, 7 x86_64, x86_32 Open JDK Runtime Environment 1.7

Selecting an Agent Installer Package

The End Point Operations Management agent installation files are included in the vRealize Operations Manager installation package.

VMware, Inc. 13

vRealize Operations Manager Configuration Guide

You can install the End Point Operations Management agent from a tar.gz or .zip archive, or from an operating system-specific installer for Windows or for Linux-like systems that support RPM.

Note that when you install a non-JRE version of End Point Operations Management agent, to avoid being exposed to security risks related to earlier versions of Java, VMware recommends that you only use the latest Java version.

Install the Agent on a Linux Platform from an RPM Package

You can install the End Point Operations Management agent from a RedHat Package Manager (RPM) package. The agent in the noarch package does not include a JRE.

Install the Agent on a Linux Platform from an Archive

You can install an End Point Operations Management agent on a Linux platform from a tar.gz archive.

Install the Agent on a Windows Platform from an Archive

You can install an End Point Operations Management agent on a Windows platform from a .zip file.

Install the Agent on a Windows Platform Using the Windows Installer

You can install the End Point Operations Management agent on a Windows platform using a Windows installer.

Installing an End Point Operations Management Agent Silently on a Windows Machine

You can install an End Point Operations Management agent on a Windows machine using silent or very silent installation.

Install the Agent on an AIX Platform

You can install the End Point Operations Management agent on an AIX platform.

Install the Agent on a Solaris Platform

You can install the End Point Operations Management agent on a Solaris platform.

Install the Agent on a Linux Platform from an RPM Package

You can install the End Point Operations Management agent from a RedHat Package Manager (RPM) package. The agent in the noarch package does not include a JRE.

Agent-only archives are useful when you deploy agents to a large number of platforms with various operating systems and architectures. Agent archives are available for Windows and UNIX-like environments, with and without built-in JREs.

The RPM performs the following actions:

Creates a user and group named epops if they do not exist. The user is a service account that is locked and you cannot log into it.

Installs the agent files into /opt/vmware/epops-agent.

Installs an init script to /etc/init.d/epops-agent.

Adds the init script to chkconfig and sets it to on for run levels 2, 3, 4, and 5.

VMware, Inc. 14

vRealize Operations Manager Configuration Guide

If you have multiple agents to install, see Install Multiple End Point Operations Management Agents

Simultaneously.

Prerequisites

Verify that you have sufficient privileges to deploy an End Point Operations Management agent. You must have vRealize Operations Manager user credentials that include a role that allows you to install End Point Operations Management agents. See Roles and Privileges in vRealize Operations

Manager.

If you plan to run ICMP checks, you must install the End Point Operations Management agent with root privileges.

To configure the agent to use a keystore that you manage yourself for SSL communication, set up a JKS-format keystore for the agent on its host and configure the agent to use its SSL certificate. Note the full path to the keystore, and its password. You must specify this data in the agent agent.properties file.

Verify that the agent keystore password and the private key password are identical.

If you are installing a non-JRE package, define the agent HQ_JAVA_HOME location.

End Point Operations Management platform-specific installers include JRE 1.8.x. Platformindependent installers do not. Depending on your environment and the installer you use, you might need to define the location of the JRE to ensure that the agent can find the JRE to use. See

Configuring JRE Locations for End Point Operations Management Components.

If you are installing a non-JRE package, verify that you are using the latest Java version. You might be exposed to security risks with earlier versions of Java.

Verify that the installation directory for the End Point Operations Management agent does not contain a vRealize Hyperic agent installation.

If you are using the noarch installation, verify that a JDK or JRE is installed on the platform.

Verify that you use only ASCII characters when specifying the agent installation path. If you want to use non-ASCII characters, you must set the encoding of the Linux machine and SSH client application to UTF-8.

Procedure

1 Download the appropriate RPM bundle to the target machine.

Operating System RPM Bundle to Download

64bit Operating System

32bit Operating System

No Arch

epops-agent-x86-64-linux-version.rpm

epops-agent-x86-linux-version.rpm

epops-agent-noarch-linux-version.rpm

2 Open an SSH connection using root credentials.

3 Run rpm -i epops-agent-Arch-linux-version.rpm to install the agent on the platform that the

agent will monitor, where Arch is the name of the archive and version is the version number.

VMware, Inc. 15

vRealize Operations Manager Configuration Guide

The End Point Operations Management agent is installed, and the service is configured to start at boot.

What to do next

Before you start the service, verify that the epops user credentials include any permissions that are required to enable your plug-ins to discover and monitor their applications, then perform one of the following processes.

Run service epops-agent start to start the epops-agent service.

If you installed the End Point Operations Management agent on a machine running SuSE 12.x, start the End Point Operations Management agent by running the [EP Ops Home]/bin/ep-agent.sh start command.

When you attempt to start an End Point Operations Management agent you might receive a message that the agent is already running. Run ./bin/ep-agent.sh stop before starting the agent.

Configure the agent in the agent.properties file, then start the service. See Activate End Point

Operations Management Agent to vRealize Operations Manager Server Setup Properties.

Install the Agent on a Linux Platform from an Archive

You can install an End Point Operations Management agent on a Linux platform from a tar.gz archive.

By default, during installation, the setup process prompts you to provide configuration values. You can automate this process by specifying the values in the agent properties file. If the installer detects values in the properties file, it applies those values. Subsequent deployments also use the values specified in the agent properties file.

Prerequisites

Manager.

If you plan to run ICMP checks, you must install the End Point Operations Management agent with root privileges.

Verify that the installation directory for the End Point Operations Management agent does not contain a vRealize Hyperic agent installation.

VMware, Inc. 16

vRealize Operations Manager Configuration Guide

Procedure

1 Download and extract the End Point Operations Management agent installation tar.gz file that is

appropriate for your Linux operating system.

Operating System

64bit Operating System

32bit Operating System

No Arch

tar.gz Bundle to Download

epops-agent-x86-64-linux-version.tar.gz

epops-agent-x86-linux-version.tar.gz

epops-agent-noJRE-version.tar.gz

2 Run cd agent name/bin to open the bin directory for the agent.

3 Run ep-agent.sh start.

The first time that you install the agent, the command launches the setup process, unless you already specified all the required configuration values in the agent properties file.

4 (Optional) Run ep-agent.sh status to view the current status of the agent, including the IP address

and port.

What to do next

Install the Agent on a Windows Platform from an Archive

You can install an End Point Operations Management agent on a Windows platform from a .zip file.

Prerequisites

Verify that you have sufficient privileges to deploy a End Point Operations Management agent. You must have vRealize Operations Manager user credentials that include a role that allows you to install End Point Operations Management agents. See Roles and Privileges in vRealize Operations

Manager.

Verify that the installation directory for the End Point Operations Management agent does not contain a vRealize Hyperic agent installation.

Verify that you do not have any End Point Operations Management or vRealize Hyperic agent installed on your environment before running the agent Windows installer.

VMware, Inc. 17

vRealize Operations Manager Configuration Guide

Procedure

1 Download and extract the End Point Operations Management agent installation .zip file that is

appropriate for your Windows operating system.

Operating System

64bit Operating System

32bit Operating System

No Arch

ZIP Bundle to Download

epops-agent-x86-64-win-version.zip

epops-agent-win32-version.zip

epops-agent-noJRE-version.zip

2 Run cd agent name\bin to open the bin directory for the agent.

3 Run ep-agent.bat install.

4 Run ep-agent.bat start.

The first time that you install the agent, the command starts the setup process, unless you already specified the configuration values in the agent properties file.

What to do next

Generate the client certificate for the agent. See Regenerate an Agent Client Certificate.

Install the Agent on a Windows Platform Using the Windows Installer

You can install the End Point Operations Management agent on a Windows platform using a Windows installer.

You can perform a silent installation of the agent. See Installing an End Point Operations Management

Agent Silently on a Windows Machine.

Prerequisites

Manager.

Verify that the installation directory for the End Point Operations Management agent does not contain a vRealize Hyperic agent installation.

If you already have an End Point Operations Management agent installed on the machine, verify that it is not running.

Verify that you do not have any End Point Operations Management or vRealize Hyperic agent installed on your environment before running the agent Windows installer.

You must know the user name and password for the vRealize Operations Manager, the vRealize Operations Manager server address (FQDN), and the server certificate thumbprint value. You can see additional information about the certificate thumbprint in the procedure.

VMware, Inc. 18

vRealize Operations Manager Configuration Guide

Procedure

1 Download the Windows installation EXE file that is appropriate for your Windows platform.

Operating System RPM Bundle to Download

64bit Operating System

32bit Operating System

epops-agent-x86-64-win-version.exe

epops-agent-x86-win-version.exe

2 Double-click the file to open the installation wizard.

3 Complete the steps in the installation wizard.

Verify that the user and system locales are identical, and that the installation path contains only characters that are part of the system locale's code page. You can set user and system locales in the Regional Options or Regional Settings control panel.

Note the following information related to defining the server certificate thumbprint.

The server certificate thumbprint is required to run a silent installation.

Either the SHA1 or SHA256 algorithm can be used for the thumbprint.

By default, the vRealize Operations Manager server generates a self-signed CA certificate that is used to sign the certificate of all the nodes in the cluster. In this case, the thumbprint must be the thumbprint of the CA certificate, to allow for the agent to communicate with all nodes.

As a vRealize Operations Manager administrator, you can import a custom certificate instead of using the default. In this instance, you must specify a thumbprint corresponding to that certificate as the value of this property.

To view the certificate thumbprint value, log into the vRealize Operations Manager Administration interface at https://IP Address/admin and click the SSL Certificate icon located on the right of the menu bar. Unless you replaced the original certificate with a custom certificate, the second thumbprint in the list is the correct one. If you did upload a custom certificate, the first thumbprint in the list is the correct one.

4 (Optional) Run ep-agent.bat query to verify if the agent is installed and running.

The agent begins running on the Windows platform.

Caution The agent will run even if some of the parameters that you provided in the installation wizard

are missing or invalid. Check the wrapper.log and agent.log files in the product installation path/log directory to verify that there are no installation errors.

Installing an End Point Operations Management Agent Silently on a Windows Machine

You can install an End Point Operations Management agent on a Windows machine using silent or very silent installation.

Silent and very silent installations are performed from a command line interface using a setup installer executable file.

VMware, Inc. 19

vRealize Operations Manager Configuration Guide

Verify that you do not have any End Point Operations Management or vRealize Hyperic agent installed on your environment before running the agent Windows installer.

Use the following parameters to set up the installation process. For more information about these parameters, see Specify the End Point Operations Management Agent Setup Properties.

Caution The parameters that you specify for the Windows installer are passed to the agent

configuration without validation. If you provide an incorrect IP address or user credentials, the End Point Operations Management agent cannot start.

Table 1‑2. Silent Command Line Installer Parameters

Mandator

Parameter Value

y/Optional Comments

-serverAddress

-username

-securePort

-password

-serverCertificateThumbprint

FQDN/iP address

string Mandatory

number Optional Default is 443

string Mandatory

string Mandatory The vRealize Operations Manager server certificate

Mandatory FQDN or IP address of the vRealize Operations Manager

server.

thumbprint. You must enclose the certificate thumbprint in opening and closing quotation marks, for example, -

serverCertificateThumbprint "31:32:FA:1F:FD: 78:1E:D8:9A:15:32:85:D7:FE:54:49:0A:1D:9F:6D" .

Parameters are available to define various other attributes for the installation process.

Table 1‑3. Additional Silent Command Line Installer Parameters

Parameter Default Value Comments

/DIR

/SILENT

C:\ep-agent Specifies the installation path. You cannot use spaces in the

installation path, and you must connect the /DIR command and the installation path with an equal sign, for example, /DIR=C:\ep- agent.

none Specifies that the installation is to be silent. In a silent installation,

only the progress window appears.

/VERYSILENT

none Specifies that the installation is to be very silent. In a very silent

installation, the progress window does not appear, however installation error messages are displayed, as is the startup prompt if you did not disable it.

Install the Agent on an AIX Platform

You can install the End Point Operations Management agent on an AIX platform.

Prerequisites

1 Install IBM Java 7.

VMware, Inc. 20

vRealize Operations Manager Configuration Guide

2 Add the latest JCE from the IBM JRE security directory:

JAVA_INSTALLATION_DIR/jre/lib/security. For more information, see Downloading and

installing the unrestricted JCE policy files

Procedure

1 When you configure the PATH variable, add /usr/java7_64/jre/bin:/usr/java7_64/bin or

PATH=/usr/java7_64/jre/bin:/usr/java7_64/bin:$PATH.

2 Configure HQ_JAVA_HOME=path_to_current_java_directory.

For more information on setting up and checking your AIX environment, see

https://www.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.aix.

70.doc/diag/problem_determination/aix_setup.html.

3 Download the noJre version of the End Point Operations Management agent and install the agent on

an AIX machine.

4 For agent installation information, see Install the Agent on a Linux Platform from an Archive

Install the Agent on a Solaris Platform

You can install the End Point Operations Management agent on a Solaris platform.

Prerequisites

1 Install Java 7 or above for Solaris from the Oracle site:

https://java.com/en/download/help/solaris_install.xml

2 Add the latest JCE from

http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Procedure

1 When you configure the PATH variable, add /usr/java7_64/jre/bin:/usr/java7_64/bin or

PATH=/usr/java7_64/jre/bin:/usr/java7_64/bin:$PATH.

2 Configure HQ_JAVA_HOME=path_to_current_java_directory.

3 Download and install the noJre version of the End Point Operations Management agent on a Solaris

machine.

4 For agent installation information, see Install the Agent on a Linux Platform from an Archive

Java Prerequisites for the End Point Operations Management Agent

All End Point Operations Management agents require Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction policy files be included as part of the Java package.

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction policy files are included in the JRE End Point Operations Management agent installation options.

You can install an End Point Operations Management agent package that does not contain JRE files, or choose to add JRE later.

VMware, Inc. 21

vRealize Operations Manager Configuration Guide

If you select a non-JRE installation option, you must ensure that your Java package includes Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction policy files to enable registration of the End Point Operations Management agent. If you select a non-JRE option and your Java package does not include Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction policy files, you receive these error messages Server might be down (or wrong IP/port were used) and Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers.

Conﬁguring JRE Locations for End Point Operations Management Components

End Point Operations Management agents require a JRE. The platform-specific End Point Operations Management agent installers include a JRE. Platform-independent End Point Operations Management agent installers do not include a JRE.

Operations Management Agent.

Depending on your environment and the installation package that you use, you might need to define the location of the JRE for your agents. The following environments require JRE location configuration.

Platform-specific agent installation on a machine that has its own JRE that you want to use

Platform-independent agent installation

How the Agent Resolves its JRE

The agent resolves its JRE based on platform type.

UNIX-like Platforms On UNIX-like platforms, the agent determines which JRE to use in the

following order:

1 HQ_JAVA_HOME environment variable

2 Embedded JRE

3 JAVA_HOME environment variable

Linux Platforms On Linux platforms, you use export HQ_JAVA_HOME=

path_to_current_java_directory to define a system variable.

Windows Platforms On Windows platforms, the agent resolves the JRE to use in the following

order:

1 HQ_JAVA_HOME environment variable

VMware, Inc. 22

vRealize Operations Manager Configuration Guide

The path defined in the variable must not contain spaces. Consider using a shortened version of the path, using the tild (~) character. For example,c:\Program Files\Java\jre7 can become c:\Progra~1\Java\jre7. The number after the tild depends on the alphabetical order (where a = 1, b =2, and so on) of files whose name begins with progra in that directory.

2 Embedded JRE

You define a system variable from the My Computer menu. Select

Properties > Advanced > Environment Variables > System Variables > New.

Because of a known issue with Windows, on Windows Server 2008 R2 and 2012 R2, Windows services might keep old values of system variables, even though they have been updated or removed. As a result, updates or removal of the HQ_JAVA_HOME system variable might not be propagated to the End Point Operations Management Agent service. In this event, the End Point Operations Management agent might use an obsolete value for HQ_JAVA_HOME, which will cause it to use the wrong JRE version.

System Prerequisites for the End Point Operations Management Agent

If you do not define localhost as the loopback address, the End Point Operations Management agent does not register and the following error appears: Connection failed. Server may be down (or wrong IP/port were used). Waiting for 10 seconds before retrying.

As a workaround, complete the following steps:

Procedure

1 Open the hosts file /etc/hosts on Linux or C:\Windows\System32\Drivers\etc\hosts on

Windows.

2 Modify the file to include a localhost mapping to the IPv4 127.0.0.1 loopback address, using

127.0.0.1 localhost.

3 Save the file.

Conﬁgure the End Point Operations Management Agent to vRealize Operations Manager Server Communication Properties

Before first agent startup, you can define the properties that enable the agent to communicate with the vRealize Operations Manager server, and other agent properties, in the agent.properties file of an agent. When you configure the agent in the properties file you can streamline the deployment for multiple agents.

If a properties file exists, back it up before you make configuration changes. If the agent does not have a properties file, create one.

An agent looks for its properties file in AgentHome/conf. This is the default location of agent.properties.

VMware, Inc. 23

vRealize Operations Manager Configuration Guide

If the agent does not find the required properties for establishing communications with the vRealize Operations Manager server in either of these locations, it prompts for the property values at initial start up of the agent.

A number of steps are required to complete the configuration.

You can define some agent properties before or after the initial startup. You must always configure properties that control the following behaviors before initial startup.

When the agent must use an SSL keystore that you manage, rather than a keystore that vRealize Operations Manager generates.

When the agent must connect to the vRealize Operations Manager server through a proxy server.

Prerequisites

Verify that the vRealize Operations Manager server is running.

Procedure

1 Activate End Point Operations Management Agent to vRealize Operations Manager Server Setup

Properties

In the agent.properties file, properties relating to communication between the End Point Operations Management agent and the vRealize Operations Manager server are inactive by default. You must activate them.

2 Specify the End Point Operations Management Agent Setup Properties

The agent.properties file contains properties that you can configure to manage communication.

3 Configure an End Point Operations Management Agent Keystore

The agent uses a self-signed certificate for internal communication, and a second certificate that is signed by the server during the agent registration process. By default, the certificates are stored in a keystore that is generated in the data folder. You can configure your own keystore for the agent to use.

4 Configure the End Point Operations Management Agent by Using the Configuration Dialog Box

The End Point Operations Management agent configuration dialog box appears in the shell when you start an agent that does not have configuration values that specify the location of the vRealize Operations Manager server. The dialog box prompts you to provide the address and port of the vRealize Operations Manager server, and other connection-related data.

5 Overriding Agent Configuration Properties

You can specify that vRealize Operations Manager override default agent properties when they differ from custom properties that you have defined.

6 End Point Operations Management Agent Properties

Multiple properties are supported in the agent.properties file for an End Point Operations Management agent. Not all supported properties are included by default in the agent.properties file.

VMware, Inc. 24

vRealize Operations Manager Configuration Guide

What to do next

Start the End Point Operations Management agent.

Activate End Point Operations Management Agent to vRealize Operations Manager Server Setup Properties

Procedure

1 In the agent.properties file, locate the following section.

## Use the following to automate agent setup

## using these properties.

## If any properties do not have values specified, the setup

## process prompts for their values.

## If the value to use during automatic setup is the default, use the string *default* as the

value for the option.

2 Remove the hash tag at the beginning of each line to activate the properties.

#agent.setup.serverIP=localhost

#agent.setup.serverSSLPort=443

#agent.setup.serverLogin=username

#agent.setup.serverPword=password

The first time that you start the End Point Operations Management agent, if agent.setup.serverPword is inactive, and has a plain text value, the agent encrypts the value.

3 (Optional) Remove the hash tag at the beginning of the line

#agent.setup.serverCertificateThumbprint= and provide a thumbprint value to activate preapproval of the server certificate.

Specify the End Point Operations Management Agent Setup Properties

The agent.properties file contains properties that you can configure to manage communication.

Agent-server setup requires a minimum set of properties.

Procedure

1 Specify the location and credentials the agent must use to contact the vRealize Operations Manager

server.

Property Property Definition

agent.setup.serverIP

agent.setup.serverSSLPort

VMware, Inc. 25

Specify the address or hostname of the vRealize Operations Manager server.

The default value is the standard SSL vRealize Operations Manager server listen port. If your server is configured for a different listen port, specify the port number.

vRealize Operations Manager Configuration Guide

Property Property Definition

agent.setup.serverLogin

agent.setup.serverPword

Specify the user name for the agent to use when connecting to the vRealize Operations Managerserver. If you change the value from the username default value, verify that the user account is correctly configured on the vRealize Operations Manager server.

Specify the password for the agent to use, together with the user name specified in agent.setup.camLogin, when connecting to thevRealize Operations Manager server. Verify that the password is the one configured in vRealize Operations Manager for the user account.

2 (Optional) Specify the vRealize Operations Manager server certificate thumbprint.

Property Property Definition

agent.setup.serverCertificateThum

bprint

Provides details about the server certificate to trust. This parameter is required to run a silent installation. Either the SHA1 or SHA256 algorithm can be used for the thumbprint. By default, the vRealize Operations Manager server generates a self-signed CA

certificate that is used to sign the certificate of all the nodes in the cluster. In this case, the thumbprint must be the thumbprint of the CA certificate, to allow for the agent to communicate with all nodes.

3 (Optional) Specify the location and file name of the platform token file.

This file is created by the agent during installation and contains the identity token for the platform object.

Property Property Definition

Windows:

agent.setup.tokenFileWindows

Linux: agent.setup.tokenFileLinux

Provides details about the location and name of the platform token file. The value cannot include backslash (\) or percentage(%) characters, or

environment variables. Ensure that you use forward slashes (/) when specifying the Windows path.

4 (Optional) Specify any other required properties by running the appropriate command.

Operating System Command

Linux

Windows

./bin/ep-agent.sh set-property PropertyKey PropertyValue

./bin/ep-agent.bat set-property PropertyKey PropertyValue

The properties are encrypted in the agent.properties file.

VMware, Inc. 26

vRealize Operations Manager Configuration Guide

Conﬁgure an End Point Operations Management Agent Keystore

Important To use your own keystore, you must perform this task before the first agent activation.

Procedure

1 In the agent.properties file, activate the # agent.keystore.path= and #

agent.keystore.password= properties.

Define the full path to the keystore with agent.keystore.path and the keystore password with agent.keystore.password.

2 Add the [agent.keystore.alias] property to the properties file, and set it to the alias of the

primary certificate or private key entry of the keystore primary certificate.

Conﬁgure the End Point Operations Management Agent by Using the Conﬁguration Dialog Box

The agent configuration dialog box appears in these cases:

The first time that you start an agent, if you did not supply one or more of the relevant properties in the agent.properties file.

When you start an agent for which saved server connection data is corrupt or was removed.

You can also run the agent launcher to rerun the configuration dialog box.

Prerequisites

Verify that the server is running.

Procedure

1 Open a terminal window on the platform on which the agent is installed.

2 Navigate to the AgentHome/bin directory.

VMware, Inc. 27

vRealize Operations Manager Configuration Guide

3 Run the agent launcher using the start or setup option.

Platform Command

UNIX-like

Windows Install the Windows service for the agent, then run the it: ep-agent.bat

ep-agent.sh start

install ep-agent.bat start command.

When you configure an End Point Operations Management agent as a Windows service, make sure that the credentials that you specify are sufficient for the service to connect to the monitored technology. For example, if you have anEnd Point Operations Management agent that is running on Microsoft SQL Server, and only a specific user can log in to that server, the Windows service login must also be for that specific user.

4 Respond to the prompts, noting the following as you move through the process.

Prompt Description

Enter the server hostname or IP address

Enter the server SSL port Specify the SSL port on the vRealize Operations Manager server to which the

The server has presented an untrusted certificate

Enter your server username Enter the name of a vRealize Operations Manager user with agentManager

Enter your server password Enter the password for the specified vRealize Operations Manager. Do not store

If the server is on the same machine as the agent, you can enter localhost. If a firewall is blocking traffic from the agent to the server, specify the address of the firewall.

agent must connect. The default port is 443.

If this warning appears, but your server is signed by a trusted certificate or you have updated the thumbprint property to contain the thumbprint, this agent might be subject to a man-in-the-middle attack. Review the displayed certificate thumbprint details carefully.

permissions.

the password in the agent.properties file.

The agent initiates a connection to the vRealize Operations Manager server and the server verifies that the agent is authenticated to communicate with it.

The server generates a client certificate that includes the agent token. The message The agent has been successfully registered appears. The agent starts discovering the platform and supported products running on it.

Overriding Agent Conﬁguration Properties

You can specify that vRealize Operations Manager override default agent properties when they differ from custom properties that you have defined.

In the Advanced section of the Edit Object dialog, if you set the Override agent configuration data to false, default agent configuration data is applied. If you set Override agent configuration data to true, the default agent parameter values are ignored if you have set alternative values, and the values that you set are applied.

VMware, Inc. 28

vRealize Operations Manager Configuration Guide

If you set the value of Override agent configuration data to true when editing an MSSQL object (MSSQL, MSSQL Database, MSSQL Reporting Services, MSSQL Analysis Service, or MSSQL Agent) that runs in a cluster, it might result in inconsistent behavior.

End Point Operations Management Agent Properties

Multiple properties are supported in the agent.properties file for an End Point Operations Management agent. Not all supported properties are included by default in the agent.properties file.

You must add any properties that you want to use that are not included in the default agent.properties file.

You can encrypt properties in the agent.properties file to enable silent installation.

Encrypt End Point Operations Management Agent Property Values

After you have installed an End Point Operations Management agent, you can use it to add encrypted values to the agent.properties file to enable silent installation.

For example, to specify the user password, you can run ./bin/ep-agent.sh set-property agent.setup.serverPword serverPasswordValue to add the following line to the agent.properties file.

agent.setup.serverPword = ENC(4FyUf6m/c5i+RriaNpSEQ1WKGb4y

+Dhp7213XQiyvtwI4tMlbGJfZMBPG23KnsUWu3OKrW35gB+Ms20snM4TDg==)

The key that was used to encrypt the value is saved in AgentHome/conf/agent.scu. If you encrypt other values, the key that was used to encrypt the first value is used.

Prerequisites

Verify that the End Point Operations Management agent can access AgentHome/conf/agent.scu. Following the encryption of any agent-to-server connection properties, the agent must be able to access this file to start.

Procedure

Open a command prompt and run ./bin/ep-agent.sh set-property agent.setup.propertyName propertyValue.

The key that was used to encrypt the value is saved in AgentHome/conf/agent.scu.

What to do next

If your agent deployment strategy involves distributing a standard agent.properties file to all agents, you must also distribute agent.scu. See Install Multiple End Point Operations Management Agents

Simultaneously.

Adding Properties to the agent.properties File

You must add any properties that you want to use that are not included in the default agent.properties file.

Following is a list of the available properties.

VMware, Inc. 29

vRealize Operations Manager Configuration Guide

agent.keystore.alias Property

This property configures the name of the user-managed keystore for the agent for agents configured for unidirectional communication with the vRealize Operations Manager server.

agent.keystore.password Property

This property configures the password for an End Point Operations Management agent's SSL keystore.

agent.keystore.path Property

This property configures the location of a End Point Operations Management agent's SSL keystore.

agent.listenPort Property

This property specifies the port where the End Point Operations Management agent listens to receive communication from the vRealize Operations Manager server.

agent.logDir Property

You can add this property to the agent.properties file to specify the directory where the End Point Operations Management agent writes its log file. If you do not specify a fully qualified path, agent.logDir is evaluated relative to the agent installation directory.

agent.logFile Property

The path and name of the agent log file.

agent.logLevel Property

The level of detail of the messages the agent writes to the log file.

agent.logLevel.SystemErr Property

Redirects System.err to the agent.log file.

agent.logLevel.SystemOut Property

Redirects System.out to the agent.log file.

agent.proxyHost Property

The host name or IP address of the proxy server that the End Point Operations Management agent must connect to first when establishing a connection to the vRealize Operations Manager server.

agent.proxyPort Property

The port number of the proxy server that the End Point Operations Management agent must connect to first when establishing a connection to the vRealize Operations Manager server.

agent.setup.acceptUnverifiedCertificate Property

This property controls whether an End Point Operations Management agent issues a warning when the vRealize Operations Manager server presents an SSL certificate that is not in the agent's keystore, and is either self-signed or signed by a different certificate authority than the one that signed the agent's SSL certificate.

VMware, Inc. 30

+ 274 hidden pages

VMware vRealize Operations Manager - 6.7 User Manual

Contents

End Point Operations Management Agent Installation and Deployment

Prepare to Install the End Point Operations Management Agent

Supported Operating Systems for the End Point Operations Management Agent

Selecting an Agent Installer Package

Install the Agent on a Linux Platform from an RPM Package

Install the Agent on a Linux Platform from an Archive

Install the Agent on a Windows Platform from an Archive

Install the Agent on a Windows Platform Using the Windows Installer

Installing an End Point Operations Management Agent Silently on a Windows Machine

Install the Agent on an AIX Platform

Install the Agent on a Solaris Platform

Java Prerequisites for the End Point Operations Management Agent

System Prerequisites for the End Point Operations Management Agent

Activate End Point Operations Management Agent to vRealize Operations Manager Server Setup Properties

Specify the End Point Operations Management Agent Setup Properties

End Point Operations Management Agent Properties

Encrypt End Point Operations Management Agent Property Values

Adding Properties to the agent.properties File