VMware VS4-ENT-PL-A - vSphere Enterprise Plus, vSphere 5.5 Setup Manual

vSphere Installation and Setup

vSphere 5.5

This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.

EN-001266-02

vSphere Installation and Setup

2 VMware, Inc.

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2009–2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.

VMware, Inc.

3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com

Contents

About vSphere Installation and Setup 7

Updated Information 9

1

Introduction to vSphere Installation and Setup 11

Overview of the vSphere Installation and Setup Process 11

2

System Requirements 13

ESXi Hardware Requirements 13

Hardware Requirements for vCenter Server, the vSphere Web Client , vCenter Inventory Service,

and vCenter Single Sign-On 17

vCenter Server Software Requirements 22

vSphere Web Client Software Requirements 22

Providing Sufficient Space for System Logging 23

Required Ports for vCenter Server 23

Required Ports for the vCenter Server Appliance 25

Conflict Between vCenter Server and IIS for Port 80 26

DNS Requirements for vSphere 26

Supported Remote Management Server Models and Minimum Firmware Versions 27

3

Before You Install vCenter Server 29

Preparing vCenter Server Databases 30

Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server 49

How vCenter Single Sign-On Affects vCenter Server Installation 51

vCenter Single Sign-On Deployment Modes 52

vCenter Single Sign-On and High Availability 54

vCenter Single Sign-On Components 56

Setting the vCenter Server Administrator User 56

Authenticating to the vCenter Server Environment 57

How vCenter Single Sign-On Affects Log In Behavior 57

Identity Sources for vCenter Server with vCenter Single Sign-On 58

Synchronizing Clocks on the vSphere Network 59

Download the vCenter Server Installer 61

Using a User Account for Running vCenter Server 61

Installing vCenter Server on IPv6 Machines 61

JDBC URL Formats for the vCenter Server Database 62

Running the vCenter Server Installer from a Network Drive 63

Required Information for Installing or Upgrading vCenter Single Sign-On, Inventory Service,

vCenter Server, and the vSphere Web Client 63

Download the vCenter Server Installer 68

Microsoft SQL Database Set to Unsupported Compatibility Mode Causes vCenter Server

Installation or Upgrade to Fail 69

VMware, Inc.

3

4

Installing vCenter Server 71

vCenter Server Installation and Sign-In Process 71

vCenter Server Components and Support Tools 74

Download the vCenter Server Installer 75

Install vCenter Single Sign-On, the vSphere Web Client , vCenter Inventory Service, and vCenter

Server by Using Simple Install 75

Use Custom Install to Install vCenter Server and Required Components 78

Add a vCenter Single Sign-On Identity Source 87

Install or Upgrade vCenter Server Java Components Separately 92

Install or Upgrade vCenter Server tc Server Separately 93

vCenter Single Sign-On Installation Fails 93

Download and Deploy the VMware vCenter Server Appliance 94

5

After You Install vCenter Server 101

Install vCenter Server Components 102

Creating vCenter Server Linked Mode Groups 111

Configuring VMware vCenter Server - tc Server Settings in vCenter Server 116

VMware vCenter Management Webservices Service Fails to Start 118

Back Up the Inventory Service Database on Windows 118

Restore an Inventory Service Database Backup on Windows 118

Back Up the Inventory Service Database on Linux 119

Restore an Inventory Service Database Backup on Linux 119

Reset the vCenter Inventory Service Database 120

Enable IPv6 Support for vCenter Inventory Service 121

6

Before You Install ESXi 123

Options for Installing ESXi 123

Media Options for Booting the ESXi Installer 125

Using Remote Management Applications 136

Required Information for ESXi Installation 136

7

Installing ESXi 139

Installing ESXi Interactively 139

Installing, Upgrading, or Migrating Hosts Using a Script 142

Installing ESXi Using vSphere Auto Deploy 157

Using vSphere ESXi Image Builder CLI 225

8

Setting Up ESXi 247

ESXi Autoconfiguration 248

About the Direct Console ESXi Interface 248

Set the Password for the Administrator Account 251

Configuring the BIOS Boot Settings 251

Host Fails to Boot After You Install ESXi in UEFI Mode 252

Network Access to Your ESXi Host 253

Configure the Network Settings on a Host That Is Not Attached to the Network 253

Managing ESXi Remotely 254

Configuring Network Settings 254

vSphere Installation and Setup

4 VMware, Inc.

Storage Behavior 258

View System Logs 261

Configure Syslog on ESXi Hosts 262

Enable Lockdown Mode Using the Direct Console 263

Enable Lockdown Mode Using the vSphere Web Client 263

Enable ESXi Shell and SSH Access with the Direct Console User Interface 264

Set the Host Image Profile Acceptance Level 264

Reset the System Configuration 265

Remove All Custom Packages on ESXi 266

Disable Support for Non-ASCII Characters in Virtual Machine File and Directory Names 266

Disable ESXi 266

9

After You Install and Set Up ESXi 267

Managing the ESXi Host with the vSphere Web Client 267

Licensing ESXi Hosts 267

Index 269

Contents

VMware, Inc. 5

vSphere Installation and Setup

6 VMware, Inc.

About vSphere Installation and Setup

vSphere Installation and Setup describes how to install new configurations of VMware® vCenter Server and
ESXi.

Intended Audience

vSphere Installation and Setup is intended for anyone who needs to install and set up vCenter Server and
ESXi.

This information is written for experienced Windows or Linux system administrators who are familiar with
virtual machine technology and datacenter operations.

VMware, Inc.

7

vSphere Installation and Setup

8 VMware, Inc.

Updated Information

This vSphere Installation and Setup publication is updated with each release of the product or when necessary.

This table provides the update history of vSphere Installation and Setup.

Revision Description

EN-001266-02 Corrected location of dbschema directory in the following topics:

n

“Configure an Oracle Database User,” on page 43.

n

“Use a Script to Create a Local or Remote Oracle Database,” on page 44.

n

“(Optional) Use a Script to Create the Oracle Database Schema,” on page 44.

.

EN-001266-01 Updated Table 2-8.

EN-001266-00 Initial release.

VMware, Inc. 9

vSphere Installation and Setup

10 VMware, Inc.

Introduction to vSphere Installation

and Setup 1

vSphere 5.x provides various options for installation and setup. To ensure a successful vSphere deployment,
understand the installation and setup options, and the sequence of tasks required.

You have several options for installing and setting up ESXi, for managing vSphere with vCenter Server and
the vSphere Web Client, and for the database setup that you use with vCenter Server.

Overview of the vSphere Installation and Setup Process

vSphere is a sophisticated product with multiple components to install and set up. To ensure a successful
vSphere deployment, understand the sequence of tasks required.

NOTE This overview does not apply to the vCenter Server Appliance. To deploy the vCenter Server
Appliance, see “Download and Deploy the VMware vCenter Server Appliance,” on page 94.

The following illustration shows the order of installation for vCenter Server components.

vCenter Server

vCenter Inventory Service vCenter ServervSphere Web ClientvCenter Single Sign-On

Installing vSphere includes the following tasks:

1 Read the vSphere release notes.

2 Verify that your system meets vSphere hardware and software requirements. See Chapter 2, “System

Requirements,” on page 13.

3 Install vCenter Server.

a (Optional) Set up the vCenter Server database. See “Preparing vCenter Server Databases,” on

page 30.

NOTE For small installations (up to 5 hosts and 50 virtual machines), you can use the bundled
Microsoft SQL Server 2008 Express database, which you can choose to have the vCenter Server
installer create during the vCenter Server installation.

b Review the topics in Chapter 3, “Before You Install vCenter Server,” on page 29.

VMware, Inc.

11

c Use the topic “Required Information for Installing or Upgrading vCenter Single Sign-On, Inventory

Service, vCenter Server, and the vSphere Web Client,” on page 63 to create a worksheet with the

information you need for installation.

d Install vCenter Single Sign-On, the vSphere Web Client, Inventory Service, vCenter Server, and

other vCenter Server support tools as appropriate. Connect to vCenter Server from the
vSphere Web Client. See Chapter 4, “Installing vCenter Server,” on page 71 and Chapter 5, “After

You Install vCenter Server,” on page 101.

e (Optional) Create a Linked Mode Group or join vCenter Server to a Linked Mode Group. See

“Creating vCenter Server Linked Mode Groups,” on page 111.

4 Install ESXi.

a Review the topics in Chapter 6, “Before You Install ESXi,” on page 123.

b Determine the ESXi installation option to use. See “Options for Installing ESXi,” on page 123.

c Determine where you will locate and boot the ESXi installer. See “Media Options for Booting the

ESXi Installer,” on page 125. If you are PXE-booting the installer, verify that your network PXE

infrastructure is properly set up. See “PXE Booting the ESXi Installer,” on page 129.

d Use the topic “Required Information for ESXi Installation,” on page 136 to create a worksheet with

the information you will need when you install ESXi.

e Install ESXi, using the installation option you chose:

n

“Installing ESXi Interactively,” on page 139

n

“Installing, Upgrading, or Migrating Hosts Using a Script,” on page 142

n

“Installing ESXi Using vSphere Auto Deploy,” on page 157

5 Configure ESXi boot and network settings, the direct console, and other settings. See Chapter 8, “Setting

Up ESXi,” on page 247 and Chapter 9, “After You Install and Set Up ESXi,” on page 267.

6 Consider setting up a syslog server for remote logging, to ensure sufficient disk storage for log files.

Setting up logging on a remote host is especially important for hosts with limited local storage.
Optionally, you can install the vSphere Syslog Collector to collect logs from all hosts. See “Providing

Sufficient Space for System Logging,” on page 23, “Configure Syslog on ESXi Hosts,” on page 262,

and “Install or Upgrade vSphere Syslog Collector,” on page 108.

vSphere Installation and Setup

12 VMware, Inc.

System Requirements 2

Systems running vCenter Server and ESXi instances must meet specific hardware and operating system
requirements.

If you are using Auto Deploy to provision ESXi hosts, see also “Preparing for vSphere Auto Deploy,” on
page 167.

This chapter includes the following topics:

n

“ESXi Hardware Requirements,” on page 13

n

“Hardware Requirements for vCenter Server, the vSphere Web Client, vCenter Inventory Service, and
vCenter Single Sign-On,” on page 17

n

“vCenter Server Software Requirements,” on page 22

n

“vSphere Web Client Software Requirements,” on page 22

n

“Providing Sufficient Space for System Logging,” on page 23

n

“Required Ports for vCenter Server,” on page 23

n

“Required Ports for the vCenter Server Appliance,” on page 25

n

“Conflict Between vCenter Server and IIS for Port 80,” on page 26

n

“DNS Requirements for vSphere,” on page 26

n

“Supported Remote Management Server Models and Minimum Firmware Versions,” on page 27

ESXi Hardware Requirements

Make sure the host meets the minimum hardware configurations supported by ESXi 5.5.

Hardware and System Resources

To install and use ESXi 5.5, your hardware and system resources must meet the following requirements:

n

Supported server platform. For a list of supported platforms, see the VMware Compatibility Guide at

http://www.vmware.com/resources/compatibility.

n

ESXi 5.5 will install and run only on servers with 64-bit x86 CPUs.

n

ESXi 5.5 requires a host machine with at least two cores.

n

ESXi 5.5 supports only LAHF and SAHF CPU instructions.

n

ESXi 5.5 requires the NX/XD bit to be enabled for the CPU in the BIOS.

n

ESXi supports a broad range of x64 multicore processors. For a complete list of supported processors,
see the VMware compatibility guide at http://www.vmware.com/resources/compatibility.

VMware, Inc.

13

n

ESXi requires a minimum of 4GB of physical RAM. Provide at least 8GB of RAM to take full advantage
of ESXi features and run virtual machines in typical production environments.

n

To support 64-bit virtual machines, support for hardware virtualization (Intel VT-x or AMD RVI) must
be enabled on x64 CPUs.

n

One or more Gigabit or 10Gb Ethernet controllers. For a list of supported network adapter models, see
the VMware Compatibility Guide at http://www.vmware.com/resources/compatibility.

n

Any combination of one or more of the following controllers:

n

Basic SCSI controllers. Adaptec Ultra-160 or Ultra-320, LSI Logic Fusion-MPT, or most
NCR/Symbios SCSI.

n

RAID controllers. Dell PERC (Adaptec RAID or LSI MegaRAID), HP Smart Array RAID, or IBM
(Adaptec) ServeRAID controllers.

n

SCSI disk or a local, non-network, RAID LUN with unpartitioned space for the virtual machines.

n

For Serial ATA (SATA), a disk connected through supported SAS controllers or supported on-board
SATA controllers. SATA disks will be considered remote, not local. These disks will not be used as a
scratch partition by default because they are seen as remote.

NOTE You cannot connect a SATA CD-ROM device to a virtual machine on an ESXi 5.5 host. To use the
SATA CD-ROM device, you must use IDE emulation mode.

Storage Systems

For a list of supported storage systems, see the VMware Compatibility Guide at

http://www.vmware.com/resources/compatibility. ESXi 5.5 supports installing on and booting from the

following storage systems:

n

SATA disk drives. SATA disk drives connected behind supported SAS controllers or supported on­board SATA controllers.

Supported SAS controllers include:

n

LSI1068E (LSISAS3442E)

n

LSI1068 (SAS 5)

n

IBM ServeRAID 8K SAS controller

n

Smart Array P400/256 controller

n

Dell PERC 5.0.1 controller

Supported on-board SATA include:

n

Intel ICH9

n

NVIDIA MCP55

n

ServerWorks HT1000

NOTE ESXi does not support using local, internal SATA drives on the host server to create VMFS
datastores that are shared across multiple ESXi hosts.

n

Serial Attached SCSI (SAS) disk drives. Supported for installing ESXi and for storing virtual machines
on VMFS partitions.

n

Dedicated SAN disk on Fibre Channel or iSCSI

n

USB devices. Supported for installing ESXi.

vSphere Installation and Setup

14 VMware, Inc.

n

Software Fibre Channel over Ethernet (FCoE). See “Installing and Booting ESXi with Software FCoE,”
on page 136.

ESXi Booting Requirements

vSphere 5.5 supports booting ESXi hosts from the Unified Extensible Firmware Interface (UEFI). With UEFI
you can boot systems from hard drives, CD-ROM drives, or USB media. Network booting or provisioning
with VMware Auto Deploy requires the legacy BIOS firmware and is not available with UEFI.

ESXi can boot from a disk larger than 2TB provided that the system firmware and the firmware on any add­in card that you are using support it. See the vendor documentation.

NOTE Changing the boot type from legacy BIOS to UEFI after you install ESXi 5.5 might cause the host to
fail to boot. In this case, the host displays an error message similar to: Not a VMware boot bank. Changing
the host boot type between legacy BIOS and UEFI is not supported after you install ESXi 5.5.

Storage Requirements for ESXi 5.5 Installation

Installing ESXi 5.5 requires a boot device that is a minimum of 1GB in size. When booting from a local disk
or SAN/iSCSI LUN, a 5.2GB disk is required to allow for the creation of the VMFS volume and a 4GB scratch
partition on the boot device. If a smaller disk or LUN is used, the installer will attempt to allocate a scratch
region on a separate local disk. If a local disk cannot be found the scratch partition, /scratch, will be located
on the ESXi host ramdisk, linked to /tmp/scratch. You can reconfigure /scratch to use a separate disk or
LUN. For best performance and memory optimization, VMware recommends that you do not
leave /scratch on the ESXi host ramdisk.

To reconfigure /scratch, see “Set the Scratch Partition from the vSphere Web Client,” on page 260.

Due to the I/O sensitivity of USB and SD devices the installer does not create a scratch partition on these
devices. As such, there is no tangible benefit to using large USB/SD devices as ESXi uses only the first 1GB.
When installing on USB or SD devices, the installer attempts to allocate a scratch region on an available local
disk or datastore. If no local disk or datastore is found, /scratch is placed on the ramdisk. You should
reconfigure /scratch to use a persistent datastore following the installation.

In Auto Deploy installations, the installer attempts to allocate a scratch region on an available local disk or
datastore. If no local disk or datastore is found /scratch is placed on ramdisk. You should
reconfigure /scratch to use a persistent datastore following the installation.

For environments that boot from a SAN or use Auto Deploy, it is not necessary to allocate a separate LUN
for each ESXi host. You can co-locate the scratch regions for many ESXi hosts onto a single LUN. The
number of hosts assigned to any single LUN should be weighed against the LUN size and the I/O behavior
of the virtual machines.

Recommendation for Enhanced ESXi Performance

To enhance performance, install ESXi on a robust system with more RAM than the minimum required and
with multiple physical disks.

For ESXi system requirements, see “ESXi Hardware Requirements,” on page 13. See also the technical
papers on vSphere 5 performance at http://www.vmware.com/resources/techresources/cat/91,203,96.

Chapter 2 System Requirements

VMware, Inc. 15

Table 2‑1. Recommendations for Enhanced Performance

System Element Recommendation

RAM ESXi hosts require more RAM than typical servers. Provide

at least 8GB of RAM to take full advantage of ESXi features
and run virtual machines in typical production
environments. An ESXi host must have sufficient RAM to
run concurrent virtual machines. The following examples
are provided to help you calculate the RAM required by
the virtual machines running on the ESXi host.

Operating four virtual machines with
Red Hat Enterprise Linux or Windows XP requires at least
3GB of RAM for baseline performance. This figure includes
approximately 1024MB for the virtual machines, 256MB
minimum for each operating system as recommended by
vendors.

Running these four virtual machines with 512MB RAM
requires that the ESXi host have approximately 4GB RAM,
which includes 2048MB for the virtual machines.

These calculations do not take into account possible
memory savings from using variable overhead memory for
each virtual machine. See vSphere Resource Management .

Dedicated Fast Ethernet adapters for virtual machines Place the management network and virtual machine

networks on different physical network cards. Dedicated
Gigabit Ethernet cards for virtual machines, such as Intel
PRO 1000 adapters, improve throughput to virtual
machines with high network traffic.

Disk location Place all data that your virtual machines use on physical

disks allocated specifically to virtual machines.
Performance is better when you do not place your virtual
machines on the disk containing the ESXi boot image. Use
physical disks that are large enough to hold disk images
that all the virtual machines use.

VMFS5 partitioning The ESXi installer creates the initial VMFS volumes on the

first blank local disk found. To add disks or modify the
original configuration, use the vSphere Web Client. This
practice ensures that the starting sectors of partitions are
64K-aligned, which improves storage performance.

NOTE For SAS-only environments, the installer might not
format the disks. For some SAS disks, it is not possible to
identify whether the disks are local or remote. After the
installation, you can use the vSphere Web Client to set up
VMFS.

Processors Faster processors improve ESXi performance. For certain

workloads, larger caches improve ESXi performance.

Hardware compatibility Use devices in your server that are supported by ESXi 5.5

drivers. See the Hardware Compatibility Guide at

http://www.vmware.com/resources/compatibility.

vSphere Installation and Setup

16 VMware, Inc.

Hardware Requirements for vCenter Server, the vSphere Web Client ,
vCenter Inventory Service, and vCenter Single Sign-On

vCenter Server host machines must meet hardware requirements.

vCenter Single Sign-On, the vSphere Web Client , vCenter Inventory Service,
and vCenter Server Hardware Requirements

You can install vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and vCenter
Server on the same host machine (as with vCenter Simple Install) or on different machines. See Table 2-2.

The follosing tables list the hardware requirements for vCenter Single Sign-On and Inventory Service,
running on separate host machines.

n

Table 2-3

n

Table 2-4

If you use Custom Install to install vCenter Single Sign-On, vCenter Inventory Service, and vCenter Server
on the same host machine, the vCenter Single Sign-On, and Inventory Service memory and disk storage
requirements are in addition to the requirements for vCenter Server. See Table 2-5.

Table 2‑2. Minimum Hardware Requirements for Simple Install Deployment of vCenter Single Sign-On, the
vSphere Web Client , vCenter Inventory Service, and vCenter Server

Host Hardware for Simple Install Deployment Minimum Requirement

Processor Intel or AMD x64 processor with two or more logical cores,

each with a speed of 2GHz.

Memory 12GB.

Memory requirements are higher if the vCenter Server
database runs on the same machine as vCenter Server.

vCenter Server includes several Java services: VMware
VirtualCenter Management Webservices (tc Server),
Inventory Service, and Profile-Driven Storage Service.
When you install vCenter Server, you select the size of
your vCenter Server inventory to allocate memory for these
services. The inventory size determines the maximum JVM
heap settings for the services. You can adjust this setting
after installation if the number of hosts in your
environment changes. See the recommendations in

Table 2-7.

Disk storage 100GB recommended.

40-60GB of free disk space are required after installation,
depending on the size of your inventory. You should
provide more space to allow for future growth of your
inventory.

Disk storage requirements are higher if the vCenter Server
database runs on the same machine as vCenter Server,
depending on the size of the database.

In vCenter Server 5.x, the default size for vCenter Server
logs is 450MB larger than in vCenter Server 4.x. Make sure
the disk space allotted to the log folder is sufficient for this
increase.

Network speed 1Gbps

Chapter 2 System Requirements

VMware, Inc. 17

Table 2‑3. Minimum Hardware Requirements for vCenter Single Sign-On, Running on a Separate Host
Machine from vCenter Server

vCenter Single Sign-On Hardware Requirement

Processor Intel or AMD x64 processor with two or more logical cores,

each with a speed of 2GHz.

Memory 3GB. If vCenter Single Sign-On runs on the same host

machine as vCenter Server, see Table 2-2 or Table 2-5.

Disk storage 2GB.

Network speed 1Gbps

Table 2‑4. Minimum Hardware Requirements for vCenter Inventory Service, Running on a Separate Host
Machine from vCenter Server

vCenter Inventory Service Hardware Requirement

Processor Intel or AMD x64 processor with two or more logical cores,

each with a speed of 2GHz.

Memory 3GB. If vCenter Inventory Service runs on the same host

machine as vCenter Server, see Table 2-2 or Table 2-5.

Disk storage If vCenter Inventory Service runs on the same host

machine as vCenter Server, these requirements are in
addition to the disk space required for vCenter Server and
any other applications running on the vCenter Server host
machine. See Table 2-5.

Disk storage requirements for Inventory Service depend on
inventory size and the amount of activity in the virtual
machines in the inventory. At typical activity rates,
Inventory Service uses 6GB - 12GB of disk space for 15,000
virtual machines distributed among 1,000 hosts.

A high rate of activity (more than 20 percent of your virtual
machines changing per hour) results in write-ahead logs
(WAL) being written to disk to handle updates, instead of
in-line writes into existing disk usage. This high rate of
activity is often associated with Virtual Desktop
Infrastructure (VDI) use cases.

In the following guidelines for required disk space, a small
inventory is 1-100 hosts or 1-1000 virtual machines, and a
large inventory is more than 400 hosts or 4000 virtual
machines.

n

Small inventory, low activity rate: 5GB.

n

Small inventory, high activity rate: 15GB.

n

Large inventory, low activity rate: 15GB.

n

Large inventory, high activity rate: 40GB-60GB.

Network speed 1Gbps

Table 2‑5. Minimum Hardware Requirements for vCenter Server

vCenter Server Hardware Requirement

CPU Two 64-bit CPUs or one 64-bit dual-core processor.

Processor 2.0GHz or faster Intel 64 or AMD 64 processor. The

Itanium (IA64) processor is not supported. Processor
requirements might be higher if the database runs on the
same machine.

vSphere Installation and Setup

18 VMware, Inc.

Table 2‑5. Minimum Hardware Requirements for vCenter Server (Continued)

vCenter Server Hardware Requirement

Memory The amount of memory needed depends on your vCenter

Server configuration.

n

If vCenter Server is installed on a different host
machine than vCenter Single Sign-On and vCenter
Inventory Service, 4GB of RAM are required.

n

If vCenter Server, vCenter Single Sign-On and vCenter
Inventory Service are installed on the same host
machine (as with vCenter Simple Install), 10GB of
RAM are required.

Memory requirements are higher if the vCenter Server
database runs on the same machine as vCenter Server.

vCenter Server includes several Java services: VMware
VirtualCenter Management Webservices (tc Server),
Inventory Service, and Profile-Driven Storage Service.
When you install vCenter Server, you select the size of
your vCenter Server inventory to allocate memory for these
services. The inventory size determines the maximum JVM
heap settings for the services. You can adjust this setting
after installation if the number of hosts in your
environment changes. See the recommendations in

Table 2-7.

Disk storage The amount of disk storage needed for the vCenter Server

installation depends on your vCenter Server configuration.

n

If vCenter Server is installed on a different host
machine than vCenter Single Sign-On and vCenter
Inventory Service, 4GB are required.

n

If vCenter Server, vCenter Single Sign-On and vCenter
Inventory Service are installed on the same host
machine (as with vCenter Simple Install), at least
40-60GB of free disk space are required after
installation, depending on the size of your inventory.
You should provide more space to allow for future
growth of your inventory. For guidelines about the
disk space required for vCenter Single Sign-On and
Inventory Service, see Table 2-3 and Table 2-4

Disk storage requirements are higher if the vCenter Server
database runs on the same machine as vCenter Server,
depending on the size of those databases.

In vCenter Server 5.x, the default size for vCenter Server
logs is 450MB larger than in vCenter Server 4.x. Make sure
the disk space allotted to the log folder is sufficient for this
increase.

Microsoft SQL Server 2008 R2 Express disk Up to 2GB free disk space to decompress the installation

archive. Approximately 1.5GB of these files are deleted
after the installation is complete.

Network speed 1Gbps

NOTE Installing vCenter Server on a network drive or USB flash drive is not supported.

For the hardware requirements of your database, see your database documentation. The database
requirements are in addition to the vCenter Server requirements if the database and vCenter Server run on
the same machine.

Chapter 2 System Requirements

VMware, Inc. 19

vSphere Web Client Hardware Requirements

The vSphere Web Client has two components: A Java server and an Adobe Flex client application running in
a browser.

Table 2‑6. Hardware Requirements for the vSphere Web Client Server Component

vSphere Web Client Server Hardware Requirement

Memory At least 2GB: 1GB for the Java heap, and 1GB for

n

The resident code

n

The stack for Java threads

n

Global/bss segments for the Java process

CPU 2.00 GHz processor with 4 cores

Disk Storage At least 2GB free disk space

Networking Gigabit connection recommended

JVM heap settings for vCenter Server

The JVM heap settings for vCenter Server depend on your inventory size. See “Configuring VMware

vCenter Server - tc Server Settings in vCenter Server,” on page 116.

Table 2‑7. JVM Heap Settings for vCenter Server

vCenter Server
Inventory

VMware VirtualCenter
Management Webservices (tc
Server) Inventory Service

Profile-Driven
Storage Service

Small inventory (1-100
hosts or 1-1000 virtual
machines)

1GB 3GB 1GB

Medium inventory
(100-400 hosts or
1000-4000 virtual
machines)

2GB 6GB 2GB

Large inventory (More
than 400 hosts or 4000
virtual machines)

3GB 12GB 4GB

vSphere Installation and Setup

20 VMware, Inc.

VMware vCenter Server Appliance Hardware Requirements and
Recommendations

Table 2‑8. Hardware Requirements for VMware vCenter Server Appliance

VMware vCenter Server Appliance Hardware Requirement

Disk storage on the host machine For most deployments, the vCenter Server Appliance

requires at least 70GB of disk space, and is limited to a
maximum size of 125GB. The required disk space depends
on the size of your vCenter Server inventory. The vCenter
Server Appliance can be deployed with thin-provisioned
virtual disks that can grow to the maximum size of 125GB.
If the host machine does not have enough free disk space to
accommodate the growth of the vCenter Server Appliance
virtual disks, vCenter Server might cease operation, and
you will not be able to manage your vSphere environment.

Memory in the VMware vCenter Server Appliance Using the embedded PostgreSQL database, the vCenter

Server Appliance supports up to 100 hosts or 3000 virtual
machines, and has the following memory requirements

n

Very small inventory (10 or fewer hosts, 100 or fewer
virtual machines): at least 8GB.

n

Small inventory (10-50 hosts or 100-1500 virtual
machines): at least 16GB.

n

Medium inventory (the maximum inventory supported
with the embedded database; 50-100 hosts or 1500-3000
virtual machines): at least 24GB.

Using an external Oracle database, the vCenter Server
Appliance supports up to 1000 hosts or 10000 registered
virtual machines, and 10000 powered-on virtual machines,
and has the following memory requirements:

n

Very small inventory (10 or fewer hosts, 100 or fewer
virtual machines): at least 4GB.

n

Small inventory (10-100 hosts or 100-1000 virtual
machines): at least 8GB.

n

Medium inventory (100-400 hosts or 1000-4000 virtual
machines): at least 16GB.

n

Large inventory (More than 400 hosts or 4000 virtual
machines): at least 32GB.

For inventory and other configuration limits in the vCenter Server Appliance, see Configuration Maximums.

Table 2‑9. JVM Heap Settings for VMware vCenter Server Appliance

vCenter Server
Appliance Inventory

VMware VirtualCenter
Management Webservices (tc
Server) Inventory Service

Profile-Driven
Storage Service

Small inventory (1-100
hosts or 1-1000 virtual
machines)

512MB 3GB 1GB

Medium inventory
(100-400 hosts or
1000-4000 virtual
machines)

512MB 6GB 2GB

Large inventory (More
than 400 hosts or 4000
virtual machines)

1GB 12GB 4GB

See “Configuring VMware vCenter Server - tc Server Settings in vCenter Server,” on page 116.

Chapter 2 System Requirements

VMware, Inc. 21

vCenter Server Software Requirements

Make sure that your operating system supports vCenter Server. vCenter Server requires a 64-bit operating
system, and the 64-bit system DSN is required for vCenter Server to connect to its database.

For a list of supported operating systems, see the VMware Compatibility Guide at

http://www.vmware.com/resources/compatibility.

vCenter Server requires the Microsoft .NET 3.5 SP1 Framework. If it is not installed on your system, the
vCenter Server installer installs it. The .NET 3.5 SP1 installation might require Internet connectivity to
download more files.

NOTE If your vCenter Server host machine uses a non-English operating system, install both the
Microsoft .NET Framework 3.5 SP1 and Microsoft .NET Framework 3.5 Language Pack through Windows
Update. Windows Update automatically selects the correct localized version for your operating system.
The .NET Framework installed through the vCenter Server installer includes only the English version.

vCenter Server 5.5 removes support for Windows Server 2003 as a host operating system. See the VMware
Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php.

vCenter Server 5.5 removes support for Windows Server 2008 SP1 as a host operating system. Upgrade
Windows Server 2008 SP1 hosts to SP2 before upgrading vCenter Server to version 5.5. See the VMware
Compatibility Guide at http://www.vmware.com/resources/compatibility/search.php and the Microsoft
Software Lifecycle Policy at http://support.microsoft.com/lifecycle/#ServicePackSupport.

If you plan to use the Microsoft SQL Server 2008 R2 Express database that is bundled with vCenter Server,
Microsoft Windows Installer version 4.5 (MSI 4.5) is required on your system. You can download MSI 4.5
from the Microsoft Web site. You can also install MSI 4.5 directly from the vCenter Server autorun.exe
installer.

The VMware vCenter Server Appliance can be deployed only on hosts that are running ESX version 4.x or
ESXi version 4.x or later.

vSphere Web Client Software Requirements

Make sure that your browser supports the vSphere Web Client.

VMware has tested and supports the following guest operating systems and browser versions for the
vSphere Web Client.

Table 2‑10. Supported guest operating systems and browser versions for the vSphere Web Client .

Operating system Browser

Windows 32-bit and 64-bit Microsoft Internet Explorer 8, 9 (64-bit only), and 10.

Mozilla Firefox: the latest browser version, and the one previous version at the time
the vSphere 5.5 is produced.

Google Chrome: the latest browser version, and the one previous version at the time
the vSphere 5.5 is produced.

Mac OS Mozilla Firefox: the latest browser version, and the one previous version at the time

the vSphere 5.5 is produced.

Google Chrome: the latest browser version, and the one previous version at the time
the vSphere 5.5 is produced.

Later versions of these browsers are likely to work, but have not been tested.

The vSphere Web Client requires the Adobe Flash Player version 11.5.0 or later to be installed with the
appropriate plug-in for your browser.

vSphere Installation and Setup

22 VMware, Inc.

Providing Sufficient Space for System Logging

ESXi 5.x uses a new log infrastructure. If your host is deployed with Auto Deploy, or if you set up a log
directory separate from the default location in a scratch directory on the VMFS volume, you might need to
change your current log size and rotation settings to ensure that enough space for system logging exists.

All vSphere components use this infrastructure. The default values for log capacity in this infrastructure
vary, depending on the amount of storage available and on how you have configured system logging. Hosts
that are deployed with Auto Deploy store logs on a RAM disk, which means that the amount of space
available for logs is small.

If your host is deployed with Auto Deploy, reconfigure your log storage in one of the following ways:

n

Redirect logs over the network to a remote collector.

n

Redirect logs to a NAS or NFS store.

You might also want to reconfigure log sizing and rotations for hosts that are installed to disk, if you
redirect logs to nondefault storage, such as a NAS or NFS store.

You do not need to reconfigure log storage for ESXi hosts that use the default configuration, which stores
logs in a scratch directory on the VMFS volume. For these hosts, ESXi 5.x autoconfigures logs to best suit
your installation, and provides enough space to accommodate log messages.

Table 2‑11. Recommended Minimum Size and Rotation Configuration for hostd, vpxa, and fdm Logs.

Log Maximum Log File Size

Number of Rotations to
Preserve Minimum Disk Space Required

Management Agent
(hostd)

10240KB 10 100MB

VirtualCenter Agent
(vpxa)

5120KB 10 50MB

vSphere HA agent (Fault
Domain Manager, fdm)

5120KB 10 50MB

For information about setting up a remote log server, see “Configure Syslog on ESXi Hosts,” on page 262
and “Install or Upgrade vSphere Syslog Collector,” on page 108.

Required Ports for vCenter Server

The VMware vCenter Server system must be able to send data to every managed host and receive data from
every vSphere Web Client. To enable migration and provisioning activities between managed hosts, the
source and destination hosts must be able to receive data from each other.

For information about ports required for the vCenter Server Appliance, see “Required Ports for the vCenter

Server Appliance,” on page 25.

VMware uses designated ports for communication. Additionally, the managed hosts monitor designated
ports for data from the vCenter Server system. If a firewall exists between any of these elements and
Windows firewall service is in use, the installer opens the ports during the installation. For custom firewalls,
you must manually open the required ports. If you have a firewall between two managed hosts and you
want to perform source or target activities, such as migration or cloning, you must configure a means for the
managed hosts to receive data.

NOTE In Microsoft Windows Server 2008, a firewall is enabled by default.

Chapter 2 System Requirements

VMware, Inc. 23

Table 2‑12. Ports Required for Communication Between Components

Port Description

80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS

port 443. This redirection is useful if you accidentally use http://server instead of https://server.

If you use a custom Microsoft SQL database (not the bundled SQL Server 2008 database) that is
stored on the same host machine as the vCenter Server, port 80 is used by the SQL Reporting Service.
When you install vCenter Server, the installer will prompt you to change the HTTP port for vCenter
Server. Change the vCenter Server HTTP port to a custom value to ensure a successful installation.

Microsoft Internet Information Services (IIS) also use port 80. See “Conflict Between vCenter Server

and IIS for Port 80,” on page 26.

389 This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port

number for the Directory Services for the vCenter Server group. The vCenter Server system needs to
bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If
another service is running on this port, it might be preferable to remove it or change its port to a
different port. You can run the LDAP service on any port from 1025 through 65535.

If this instance is serving as the Microsoft Windows Active Directory, change the port number from
389 to an available port from 1025 through 65535.

636 For vCenter Server Linked Mode, this is the SSL port of the local instance. If another service is

running on this port, it might be preferable to remove it or change its port to a different port. You can
run the SSL service on any port from 1025 through 65535.

902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts

also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be
blocked by firewalls between the server and the hosts or between hosts.

8080 Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.

8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.

60099 Web Service change service notification port

6501 Auto Deploy service

6502 Auto Deploy management

7005 vCenter Single Sign-On

7009 vCenter Single Sign-On

7080 vCenter Single Sign-On

7444 vCenter Single Sign-On HTTPS

9443 vSphere Web Client HTTPS

9090 vSphere Web Client HTTP

10080 vCenter Inventory Service HTTP

10443 vCenter Inventory Service HTTPS

10109 vCenter Inventory Service Management

10111 vCenter Inventory Service Linked Mode Communication

To have the vCenter Server system use a different port to receive vSphere Web Client data, see the vCenter
Server and Host Management documentation.

For a discussion of firewall configuration, see the vSphere Security documentation.

vSphere Installation and Setup

24 VMware, Inc.

Required Ports for the vCenter Server Appliance

The VMware vCenter Server system must be able to send data to every managed host and receive data from
every vSphere Web Client. For migration and provisioning activities between managed hosts, the source
and destination hosts must be able to receive data from each other.

For information about ports required for vCenter Server on Windows, see “Required Ports for vCenter

Server,” on page 23.

VMware uses designated ports for communication. Additionally, the managed hosts monitor designated
ports for data from the vCenter Server system. The vCenter Server Appliance is preconfigured to use the
ports listed in Table 2-13. For custom firewalls, you must manually open the required ports. If you have a
firewall between two managed hosts and you want to perform source or target activities, such as migration
or cloning, you must configure a means for the managed hosts to receive data.

Table 2‑13. Ports Required for the vCenter Server Appliance

Port Description

80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS

port 443. This redirection is useful if you accidentally use http://server instead of https://server.

443 The vCenter Server system uses port 443 to monitor data transfer from SDK clients.

902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts

also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be
blocked by firewalls between the server and the hosts or between hosts.

8080 Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.

8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.

10080 vCenter Inventory Service HTTP

10443 vCenter Inventory Service HTTPS

10109 vCenter Inventory Service database

514 vSphere Syslog Collector server

1514 vSphere Syslog Collector server (SSL)

6500 Network coredump server (UDP)

6501 Auto Deploy service

6502 Auto Deploy management

9090 vSphere Web Client HTTP

9443 vSphere Web Client HTTPS

5480 vCenter Server Appliance Web user interface HTTPS

5489 vCenter Server Appliance Web user interface CIM service

22 System port for SSHD

To have the vCenter Server system use a different port to receive vSphere Web Client data, see the vCenter
Server and Host Management documentation.

For a discussion of firewall configuration, see the vSphere Security documentation.

Chapter 2 System Requirements

VMware, Inc. 25

Conflict Between vCenter Server and IIS for Port 80

vCenter Server and Microsoft Internet Information Service (IIS) both use port 80 as the default port for direct
HTTP connections. This conflict can cause vCenter Server to fail to restart after the installation of vSphere
Authentication Proxy.

Problem

vCenter Server fails to restart after the installation of vSphere Authentication Proxy is complete.

Cause

If you do not have IIS installed when you install vSphere Authentication Proxy, the installer prompts you to
install IIS. Because IIS uses port 80, which is the default port for vCenter Server direct HTTP connections,
vCenter Server fails to restart after the installation of vSphere Authentication Proxy is complete. See

“Required Ports for vCenter Server,” on page 23.

Solution

u

To resolve a conflict between IIS and vCenter Server for port 80, take one of the following actions.

Option Description

If you installed IIS before installing
vCenter Server

Change the port for vCenter Server direct HTTP connections from 80 to
another value.

If you installed vCenter Server
before installing IIS

Before restarting vCenter Server, change the binding port of the IIS default
Web site from 80 to another value.

DNS Requirements for vSphere

You install vCenter Server, like any other network server, on a machine with a fixed IP address and well­known DNS name, so that clients can reliably access the service.

Assign a static IP address and host name to the Windows server that will host the vCenter Server system.
This IP address must have a valid (internal) domain name system (DNS) registration.

Ensure that the ESXi host management interface has a valid DNS resolution from the vCenter Server and all
vSphere Web Clients. Ensure that the vCenter Server has a valid DNS resolution from all ESXi hosts and all
vSphere Web Clients.

Ensure that the vCenter Server is installed on a machine that has a resolvable fully qualified domain name
(FQDN). To check that the FQDN is resolvable, type nslookup your_vCenter_Server_fqdn at a command line
prompt. If the FQDN is resolvable, the nslookup command returns the IP and name of the domain controller
machine.

Ensure that DNS reverse lookup returns a fully qualified domain name when queried with the IP address of
the vCenter Server. When you install vCenter Server, the installation of the web server component that
supports the vSphere Web Client fails if the installer cannot look up the fully qualified domain name of the
vCenter Server from its IP address. Reverse lookup is implemented using PTR records. To create a PTR
record, see the documentation for your vCenter Server host operating system.

If you use DHCP instead of a static IP address for vCenter Server, make sure that the vCenter Server
computer name is updated in the domain name service (DNS). Ping the computer name to test the
connection. For example, if the computer name is host-1.company.com, run the following command in the
Windows command prompt:

ping host-1.company.com

If you can ping the computer name, the name is updated in DNS.

vSphere Installation and Setup

26 VMware, Inc.

Supported Remote Management Server Models and Minimum
Firmware Versions

You can use remote management applications to install ESXi or for remote management of hosts.

Table 2‑14. Supported Remote Management Server Models and Firmware Versions

Remote Controller Make and
Model Firmware Version Java

Dell DRAC 6 1.54 (Build 15), 1.70 (Build 21) 1.6.0_24

Dell DRAC 5 1.0, 1.45, 1.51 1.6.0_20,1.6.0_203

Dell DRAC 4 1.75 1.6.0_23

HP ILO 1.81, 1.92 1.6.0_22, 1.6.0_23

HP ILO 2 1.8, 1.81 1.6.0_20, 1.6.0_23

IBM RSA 2 1.03, 1.2 1.6.0_22

Chapter 2 System Requirements

VMware, Inc. 27

vSphere Installation and Setup

28 VMware, Inc.

Before You Install vCenter Server 3

You can install vCenter Server on a physical system or on a virtual machine running on an ESXi host. You
can also download the VMware vCenter Server Appliance, a preconfigured Linux-based virtual machine
optimized for running vCenter Server.

This chapter includes the following topics:

n

“Preparing vCenter Server Databases,” on page 30

n

“Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server,” on

page 49

n

“How vCenter Single Sign-On Affects vCenter Server Installation,” on page 51

n

“vCenter Single Sign-On Deployment Modes,” on page 52

n

“vCenter Single Sign-On and High Availability,” on page 54

n

“vCenter Single Sign-On Components,” on page 56

n

“Setting the vCenter Server Administrator User,” on page 56

n

“Authenticating to the vCenter Server Environment,” on page 57

n

“How vCenter Single Sign-On Affects Log In Behavior,” on page 57

n

“Identity Sources for vCenter Server with vCenter Single Sign-On,” on page 58

n

“Synchronizing Clocks on the vSphere Network,” on page 59

n

“Download the vCenter Server Installer,” on page 61

n

“Using a User Account for Running vCenter Server,” on page 61

n

“Installing vCenter Server on IPv6 Machines,” on page 61

n

“JDBC URL Formats for the vCenter Server Database,” on page 62

n

“Running the vCenter Server Installer from a Network Drive,” on page 63

n

“Required Information for Installing or Upgrading vCenter Single Sign-On, Inventory Service,
vCenter Server, and the vSphere Web Client,” on page 63

n

“Download the vCenter Server Installer,” on page 68

n

“Microsoft SQL Database Set to Unsupported Compatibility Mode Causes vCenter Server Installation
or Upgrade to Fail,” on page 69

VMware, Inc.

29

Preparing vCenter Server Databases

vCenter Server and vSphere Update Manager require databases to store and organize server data.

Each vCenter Server instance must have its own database. For small installations (up to 5 hosts and 50
virtual machines), you can use the bundled Microsoft SQL Server 2008 Express database, which you can
choose to have the vCenter Server installer create during the vCenter Server installation. Larger installations
require a supported database, prepared as described in the subtopics of this section.

vCenter Server instances cannot share the same database schema. Multiple vCenter Server databases can
reside on the same database server, or they can be separated across multiple database servers. For Oracle
databases, which have the concept of schema objects, you can run multiple vCenter Server instances in a
single database server if you have a different schema owner for each vCenter Server instance. You can also
use a dedicated Oracle database server for each vCenter Server instance.

You do not need to install a new database server for the vCenter Server installation to work. During
vCenter Server installation, you can point the vCenter Server system to any existing supported database.
vCenter Server supports Oracle and Microsoft SQL Server databases. Update Manager supports Oracle and
Microsoft SQL Server databases. For information about supported database server versions, see the VMware
Product Interoperability Matrix at

http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

CAUTION If you have a VirtualCenter database that you want to preserve, do not perform a fresh installation
of vCenter Server. See the vSphere Upgrade documentation.

VMware recommends using separate databases for vCenter Server and Update Manager. For a small
deployments, a separate database for Update Manager might not be necessary.

vCenter Server Database Configuration Notes

After you choose a supported database type, make sure you understand any special configuration
requirements.

Table 3-1 is not a complete list of databases supported with vCenter Server. For information about specific

database versions and service pack configurations supported with vCenter Server, see the VMware Product

Interoperability Matrixes. This topic is intended only to provide special database configuration notes not

listed in the Product Interoperability Matrixes.

vCenter Server databases require a UTF code set.

Contact your DBA for the appropriate database credentials.

Table 3‑1. Configuration Notes for Databases Supported with vCenter Server

Database Type Configuration Notes

Microsoft SQL Server 2008
R2 Express

Bundled database that you can use for small deployments of up to 5 hosts and 50 virtual
machines.

NOTE This database is not supported for the vCenter Server Appliance.

Microsoft SQL Server 2005 Ensure that the machine has a valid ODBC DSN entry.

If Microsoft SQL Server 2005 is not already installed and the machine has MSXML Core
Services 6.0 installed, remove MSXML Core Services 6.0 before installing Microsoft SQL
Server 2005. If you cannot remove it using the Add or Remove Programs utility, use the
Windows Installer CleanUp utility. See http://support.microsoft.com/kb/968749.

NOTE This database is not supported for the vCenter Server Appliance.

vSphere Installation and Setup

30 VMware, Inc.

Table 3‑1. Configuration Notes for Databases Supported with vCenter Server (Continued)

Database Type Configuration Notes

Microsoft SQL Server 2008 Ensure that the machine has a valid ODBC DSN entry.

NOTE This database is not supported for the vCenter Server Appliance.

Oracle Ensure that the machine has a valid ODBC DSN entry.

After you complete the vCenter Server installation, take the following steps:

n

Apply the latest patch to the Oracle client and server.

n

Copy the Oracle JDBC driver (ojdbc14.jar or ojdbc5.jar) to the vCenter Server
installation directory, in the tomcat\lib subdirectory: vCenter install
location\Infrastructure\tomcat\lib.

n

In the Services section of the Windows Administrative Tools control panel, restart the
WMware VirtualCenter Management Webservices service.

The vCenter Server installer attempts to copy the Oracle JDBC driver from the Oracle client
location to the vCenter Server installation directory. If the Oracle JDBC driver is not found
in the Oracle client location, the vCenter Server installer prompts you to copy the file
manually. You can download the file from the oracle.com Web site.

Create a 64-Bit DSN

The vCenter Server system must have a 64-bit DSN. This requirement applies to all supported databases.

Procedure

1 Select Control Panel > Administrative Tools > Data Sources (ODBC).

2 Use the application to create a system DSN.

If you have a Microsoft SQL database, create the system DSN for the SQL Native Client driver.

3 Test the connectivity.

The system now has a DSN that is compatible with vCenter Server. When the vCenter Server installer
prompts you for a DSN, select the 64-bit DSN.

Confirm That vCenter Server Can Communicate with the Local Database

If your database is located on the same machine on which vCenter Server will be installed, and you have
changed the name of this machine, make sure the vCenter Server DSN is configured to communicate with
the new name of the machine.

Changing the vCenter Server computer name impacts database communication if the database server is on
the same computer with vCenter Server. If you changed the machine name, you can verify that
communication remains intact.

The name change has no effect on communication with remote databases. You can skip this procedure if
your database is remote.

Check with your database administrator or the database vendor to make sure all components of the
database are working after you rename the server.

Prerequisites

n

Make sure the database server is running.

n

Make sure that the vCenter Server computer name is updated in the domain name service (DNS).

Procedure

1 Update the data source information, as needed.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 31

2 Ping the computer name to test this connection.

For example, if the computer name is host-1.company.com, run the following command in the Windows
command prompt:

ping host-1.company.com

If you can ping the computer name, the name is updated in DNS.

Maintaining a vCenter Server Database

After your vCenter Server database instance and vCenter Server are installed and operational, perform
standard database maintenance processes.

The standard database maintenance processes include the following:

n

Monitoring the growth of the log file and compacting the database log file, as needed.

n

Scheduling regular backups of the database.

n

Backing up the database before any vCenter Server upgrade.

See your database vendor's documentation for specific maintenance procedures and support.

Configure Microsoft SQL Server Databases

To use a Microsoft SQL database for your vCenter Server repository, configure your database to work with
vCenter Server.

Procedure

1 Create a SQL Server Database and User for vCenter Server on page 33

You must create a database and user for vCenter Server. To simplify the process, you can use a script.

2 Set Database Permissions By Manually Creating Database Roles and the VMW Schema on page 34

By using this recommended method, available with vCenter Server 5.x, the vCenter Server database
administrator can set permissions for vCenter Server users and administrators to be granted through
Microsoft SQL Server database roles.

3 Set Database Permissions by Using the dbo Schema and the db_owner Database Role on page 35

If you use Microsoft SQL Server database, the simplest way to assign permissions for a vCenter Server
database user is through the database role db_owner. Assign the db_owner role to the vCenter Server
database user on both the vCenter and MSDB databases.

4 Use a Script to Create a vCenter Server User by Using the dbo Schema and db_owner Database Role

on page 35

If you set database permissions by using the dbo schema and db_owner database role, you can use a
script to create a vCenter Server user with the db_owner database role.

5 Use a Script to Create a Microsoft SQL Server Database Schema and Roles on page 36

In this recommended method of configuring the SQL database, you create the custom schema VMW,
instead of using the existing dbo schema.

6 (Optional) Use a Script to Create Microsoft SQL Server Database Objects Manually on page 37

You can create database objects manually with this method of configuring the SQL database.

7 Configure a SQL Server ODBC Connection on page 40

After you create a vCenter Server user, establish a connection with a SQL Server database. This
connection is required to install a vCenter Server system.

vSphere Installation and Setup

32 VMware, Inc.

8 Configure Microsoft SQL Server TCP/IP for JDBC on page 41

If the Microsoft SQL Server database has TCP/IP disabled and the dynamic ports are not set, the JDBC
connection remains closed. The closed connection causes the vCenter Server statistics to malfunction.
You can configure the server TCP/IP for JDBC.

9 (Optional) Configure a Microsoft SQL Server Database User to Enable Database Monitoring on

page 42

vCenter Server Database Monitoring captures metrics that enable the administrator to assess the status
and health of the database server. Enabling Database Monitoring helps the administrator prevent
vCenter downtime because of a lack of resources for the database server.

Create a SQL Server Database and User for vCenter Server

You must create a database and user for vCenter Server. To simplify the process, you can use a script.

In the script, you can customize the location of the data and log files.

The user that is created by this script is not subject to any security policy. Change the passwords as
appropriate.

Procedure

1 Log in to a Microsoft SQL Server Management Studio session as the sysadmin (SA) or a user account

with sysadmin privileges.

2 Run the following script.

The script is located in the vCenter Server installation package at /<installation directory>/vCenter-

Server/dbschema/DB_and_schema_creation_scripts_MSSQL.txt.

use [master]
go
CREATE DATABASE [VCDB] ON PRIMARY
(NAME = N'vcdb', FILENAME = N'C:\VCDB.mdf', SIZE = 3000KB, FILEGROWTH = 10% )
LOG ON
(NAME = N'vcdb_log', FILENAME = N'C:\VCDB.ldf', SIZE = 1000KB, FILEGROWTH = 10%)
COLLATE SQL_Latin1_General_CP1_CI_AS
go
use VCDB
go
sp_addlogin @loginame=[vpxuser], @passwd=N'vpxuser!0', @defdb='VCDB',
@deflanguage='us_english'
go
ALTER LOGIN [vpxuser] WITH CHECK_POLICY = OFF
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go
use MSDB
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go

You now have a Microsoft SQL Server database that you can use with vCenter Server.

What to do next

See “Set Database Permissions By Manually Creating Database Roles and the VMW Schema,” on page 34.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 33

Set Database Permissions By Manually Creating Database Roles and the VMW
Schema

By using this recommended method, available with vCenter Server 5.x, the vCenter Server database
administrator can set permissions for vCenter Server users and administrators to be granted through
Microsoft SQL Server database roles.

VMware recommends this method because it removes the requirement to set up the database dbo schema
and db_owner role for vCenter Server users who install and upgrade vCenter Server.

Alternatively, you can assign vCenter Server database permissions by creating and assigning the db_owner
role and letting the vCenter Server installer create the default schema that assigns database user permissions
to that role. See “Set Database Permissions by Using the dbo Schema and the db_owner Database Role,” on
page 35.

Prerequisites

Create the vCenter Server database. See “Create a SQL Server Database and User for vCenter Server,” on
page 33

Procedure

1 Create the database VCDB and the database schema VMW in VCDB.

2 Assign the default schema VMW to the user [vpxuser].

3 In the vCenter Server database, create the user role VC_ADMIN_ROLE.

4 In the vCenter Server database, grant privileges to the VC_ADMIN_ROLE.

a Grant the schema permissions ALTER, REFERENCES, and INSERT.

b Grant the permissions CREATE TABLE, VIEW, and CREATE PROCEDURES.

5 In the vCenter Server database, create the VC_USER_ROLE.

6 In the vCenter Server database, grant the schema permissions SELECT, INSERT, DELETE, UPDATE,

and EXECUTE to the VC_USER_ROLE.

7 Grant the VC_USER_ROLE to the user [vpxuser].

8 Grant the VC_ADMIN_ROLE to the user [vpxuser].

9 In the MSDB database, create the user [vpxuser].

10 In the MSDB database, create the user role VC_ADMIN_ROLE.

11 Grant privileges to the VC_ADMIN_ROLE in MSDB.

a On the MSDB tables syscategories, sysjobsteps, and sysjobs, grant the SELECT permission to the

user [vpxuser].

b On the MSDB stored procedures sp_add_job, sp_delete_job, sp_add_jobstep, sp_update_job,

sp_add_jobserver, sp_add_jobschedule, and sp_add_category, grant the EXECUTE permission to

the role VC_ADMIN_ROLE.

12 In the MSDB database, grant the VC_ADMIN_ROLE to the user [vpxuser].

13 Connect to the vCenter Server database as user [vpxuser] and create the ODBC DSN.

14 Install vCenter Server.

vSphere Installation and Setup

34 VMware, Inc.

15 Revoke the VC_ADMIN_ROLE from the user [vpxuser] in the vCenter Server database.

After you revoke the role, you can leave the role as inactive for use in future upgrades, or remove the
role for increased security. If you remove the role, you must recreate the role and assign it to the user
[vpxuser] before any future upgrade of vCenter Server.

The hardcoded dbo role is removed from VCDB_mssql.sql.

What to do next

“Use a Script to Create a Microsoft SQL Server Database Schema and Roles,” on page 36

Set Database Permissions by Using the dbo Schema and the db_owner Database
Role

If you use Microsoft SQL Server database, the simplest way to assign permissions for a vCenter Server
database user is through the database role db_owner. Assign the db_owner role to the vCenter Server
database user on both the vCenter and MSDB databases.

Alternatively, experienced database administrators can set permissions by creating database roles and the
VMW schema manually. See “Set Database Permissions By Manually Creating Database Roles and the

VMW Schema,” on page 34 and “Use a Script to Create a Microsoft SQL Server Database Schema and
Roles,” on page 36. That method, available beginning with vSphere 5.0, is recommended, because it gives

the database administrator greater control over database permissions. The recommended method also
removes the requirement to set up the database dbo schema and db_owner role for vCenter Server users
who install and upgrade vCenter Server.

Prerequisites

Create the vCenter Server database. See “Create a SQL Server Database and User for vCenter Server,” on
page 33

Procedure

1 Assign the role dbo to the vCenter Server and Microsoft SQL databases.

2 For any user who will install or upgrade vCenter Server, assign the user the default schema dbo.

When you install vCenter Server, the installer uses the default dbo schema to assign permissions to the
db_owner role.

Use a Script to Create a vCenter Server User by Using the dbo Schema and
db_owner Database Role

If you set database permissions by using the dbo schema and db_owner database role, you can use a script
to create a vCenter Server user with the db_owner database role.

Alternatively, experienced database administrators can set permissions by creating database roles and the
VMW and SQL Server database schemas. See “Set Database Permissions By Manually Creating Database

Roles and the VMW Schema,” on page 34“Use a Script to Create a Microsoft SQL Server Database Schema
and Roles,” on page 36. That method, available beginning with vSphere 5.0, is recommended, because it

gives the database administrator greater control over database permissions. That method removes the
requirement to set up the database role dbo and db_owner schema for vCenter Server users who install and
upgrade vCenter Server.

Prerequisites

Create the vCenter Server database. See “Create a SQL Server Database and User for vCenter Server,” on
page 33

Chapter 3 Before You Install vCenter Server

VMware, Inc. 35

Procedure

1 Log in to a Microsoft SQL Server Management Studio session as the sysadmin (SA) or a user account

with sysadmin privileges.

2 Run the following script.

The script is located in the vCenter Server installation package /installation directory/vCenter-

Server/dbschema/DB_and_schema_creation_scripts_MSSQL.txt file.

use VCDB
go
sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
go
use MSDB
go
sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
go

What to do next

“Configure a SQL Server ODBC Connection,” on page 40

Use a Script to Create a Microsoft SQL Server Database Schema and Roles

In this recommended method of configuring the SQL database, you create the custom schema VMW,
instead of using the existing dbo schema.

This method requires that you create new database roles and grant them to the database user. See “Set

Database Permissions By Manually Creating Database Roles and the VMW Schema,” on page 34 and “Use a
Script to Create a Microsoft SQL Server Database Schema and Roles,” on page 36.

Prerequisites

Create the SQL Server database and user for vCenter Server. You can create the database manually or by
using a script. See “Create a SQL Server Database and User for vCenter Server,” on page 33

Procedure

1 Log in to a Microsoft SQL Server Management Studio session as the sysadmin (SA) or a user account

with sysadmin privileges.

2 Run the following script.

The script is located in the vCenter Server installation package at /installation directory/vCenter-

Server/dbschema/DB_and_schema_creation_scripts_MSSQL.txt

CREATE SCHEMA [VMW]
go
ALTER USER [vpxuser] WITH DEFAULT_SCHEMA =[VMW]
go

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'VC_ADMIN_ROLE')
CREATE ROLE VC_ADMIN_ROLE;
GRANT ALTER ON SCHEMA :: [VMW] to VC_ADMIN_ROLE;
GRANT REFERENCES ON SCHEMA :: [VMW] to VC_ADMIN_ROLE;
GRANT INSERT ON SCHEMA :: [VMW] to VC_ADMIN_ROLE;

GRANT CREATE TABLE to VC_ADMIN_ROLE;
GRANT CREATE VIEW to VC_ADMIN_ROLE;
GRANT CREATE Procedure to VC_ADMIN_ROLE;

vSphere Installation and Setup

36 VMware, Inc.

if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'VC_USER_ROLE')
CREATE ROLE VC_USER_ROLE
go
GRANT SELECT ON SCHEMA :: [VMW] to VC_USER_ROLE
go
GRANT INSERT ON SCHEMA :: [VMW] to VC_USER_ROLE
go
GRANT DELETE ON SCHEMA :: [VMW] to VC_USER_ROLE
go
GRANT UPDATE ON SCHEMA :: [VMW] to VC_USER_ROLE
go
GRANT EXECUTE ON SCHEMA :: [VMW] to VC_USER_ROLE
go
sp_addrolemember VC_USER_ROLE , [vpxuser]
go
sp_addrolemember VC_ADMIN_ROLE , [vpxuser]
go
use MSDB
go
if not exists (SELECT name FROM sysusers WHERE issqlrole=1 AND name = 'VC_ADMIN_ROLE')
CREATE ROLE VC_ADMIN_ROLE;
go
GRANT SELECT on msdb.dbo.syscategories to VC_ADMIN_ROLE
go
GRANT SELECT on msdb.dbo.sysjobsteps to VC_ADMIN_ROLE
go
GRANT SELECT ON msdb.dbo.sysjobs to VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_delete_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_update_job TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO VC_ADMIN_ROLE
go
GRANT EXECUTE ON msdb.dbo.sp_add_category TO VC_ADMIN_ROLE
go
sp_addrolemember VC_ADMIN_ROLE , [vpxuser]
go

(Optional) Use a Script to Create Microsoft SQL Server Database Objects Manually

You can create database objects manually with this method of configuring the SQL database.

Alternatively, you can configure a SQL Server ODBC connection and run the Install package. The vCenter
Server installer will create database objects. See“Configure a SQL Server ODBC Connection,” on page 40.

Using a script to create database objects manually requires that you take one of the following actions.

n

Grant the db_owner role to the database user in VCDB and in MSDB. See “Set Database Permissions by

Using the dbo Schema and the db_owner Database Role,” on page 35 and “Use a Script to Create a
vCenter Server User by Using the dbo Schema and db_owner Database Role,” on page 35.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 37

n

Grant the VC_ADMIN_ROLE to the database user in VCDB and in MSDB, and grant the
VC_USER_ROLE to the database user in VCDB. See “Set Database Permissions By Manually Creating

Database Roles and the VMW Schema,” on page 34.

Prerequisites

Create the SQL Server database. You can create the SQL Server database manually or by using a script. See

“Create a SQL Server Database and User for vCenter Server,” on page 33

Procedure

1 Log in to a Microsoft SQL Server Management Studio session as user_name for a user account that you

created on the vCenter Server and MSDB databases.

2 Locate the dbschema scripts in the vCenter Server installation

package /installation_directory/vCenter-Server/dbschema directory.

3 Open the sql file through Microsoft SQL Server Management Studio and replace all occurrences of

$schema with the schema name in the file VCDB_mssql.SQL.

4 Run the scripts in sequence on the database.

The DBO user must own the objects created by these scripts. Open the scripts one at a time in Microsoft
SQL Server Management Studio and press F5 to execute each script in the order shown here.

VCDB_mssql.SQL
load_stats_proc_mssql.sql
purge_stat2_proc_mssql.sql
purge_stat3_proc_mssql.sql
purge_usage_stats_proc_mssql.sql
stats_rollup1_proc_mssql.sql
stats_rollup2_proc_mssql.sql
stats_rollup3_proc_mssql.sql
cleanup_events_mssql.sql
delete_stats_proc_mssql.sql
upsert_last_event_proc_mssql.sql
load_usage_stats_proc_mssql.sql
TopN_DB_mssql.sql
calc_topn1_proc_mssql.sql
calc_topn2_proc_mssql.sql
calc_topn3_proc_mssql.sql
calc_topn4_proc_mssql.sql
clear_topn1_proc_mssql.sql
clear_topn2_proc_mssql.sql
clear_topn3_proc_mssql.sql
clear_topn4_proc_mssql.sql
rule_topn1_proc_mssql.sql
rule_topn2_proc_mssql.sql
rule_topn3_proc_mssql.sql
rule_topn4_proc_mssql.sql
process_license_snapshot_mssql.sql
l_stats_rollup3_proc_mssql.sql
l_purge_stat2_proc_mssql.sql
l_purge_stat3_proc_mssql.sql
l_stats_rollup1_proc_mssql.sql
l_stats_rollup2_proc_mssql.sql
VCDB_view_mssql.sql

vSphere Installation and Setup

38 VMware, Inc.

5 (Optional) You can also run the following scripts to enable database health monitoring.

job_dbm_performance_data_mssql.sql
process_performance_data_mssql.sql

6 For all supported editions of Microsoft SQL Server (except Microsoft SQL Server 2005 Express and

Microsoft SQL Server 2008 R2 Express), run these scripts to set up scheduled jobs on the database.

These scripts ensure that the SQL Server Agent service is running.

job_schedule1_mssql.sql
job_schedule2_mssql.sql
job_schedule3_mssql.sql
job_cleanup_events_mssql.sql
job_topn_past_day_mssql.sql
job_topn_past_week_mssql.sql
job_topn_past_month_mssql.sql
job_topn_past_year_mssql.sql
job_property_bulletin_mssql.sql

7 For all the procedures you created in Step 4, grant the execute privilege to the vCenter Server database.

grant execute on purge_stat2_proc to vCenter_db_user
grant execute on purge_stat3_proc to vCenter_db_user
grant execute on purge_usage_stat_proc to vCenter_db_user
grant execute on stats_rollup1_proc to vCenter_db_user
grant execute on stats_rollup2_proc to vCenter_db_user
grant execute on stats_rollup3_proc to vCenter_db_user
grant execute on cleanup_events_tasks_proc to vCenter_db_user
grant execute on delete_stats_proc to vCenter_db_user
grant execute on upsert_last_event_proc to vCenter_db_user
grant execute on load_usage_stats_proc to vCenter_db_user
grant execute on load_stats_proc to vCenter_db_user
grant execute on calc_topn1_proc to vCenter_db_user
grant execute on calc_topn2_proc to vCenter_db_user
grant execute on calc_topn3_proc to vCenter_db_user
grant execute on calc_topn4_proc to vCenter_db_user
grant execute on clear_topn1_proc to vCenter_db_user
grant execute on clear_topn2_proc to vCenter_db_user
grant execute on clear_topn3_proc to vCenter_db_user
grant execute on clear_topn4_proc to vCenter_db_user
grant execute on rule_topn1_proc to vCenter_db_user
grant execute on rule_topn2_proc to vCenter_db_user
grant execute on rule_topn3_proc to vCenter_db_user
grant execute on rule_topn4_proc to vCenter_db_user
grant execute on process_license_snapshot_proc to vCenter_db_user
grant execute on l_stats_rollup3_proc to vCenter_db_user
grant execute on l_purge_stat2_proc to vCenter_db_user
grant execute on l_purge_stat3_proc to vCenter_db_user
grant execute on l_stats_rollup1_proc to vCenter_db_user
grant execute on l_stats_rollup2_proc to vCenter_db_user
grant execute on process_temptable0_proc to vCenter_db_user
grant execute on process_temptable1_proc to vCenter_db_user
grant execute on process_temptable2_proc to vCenter_db_user

If you ran the script process_performance_data_mssql.sql in Step 4, grant the following execute
privilege to the vCenter Server database.

grant execute on process_performance_data_proc to vCenter_db_user

Chapter 3 Before You Install vCenter Server

VMware, Inc. 39

8 On the machine on which you intend to install vCenter Server, create a DSN that points to the database

server with the schema.

9 Run the vCenter Server installer.

10 If a database reinitialization warning message appears in the vCenter Server installer, select Do not

overwrite, leave my existing database in place and continue the installation.

This message appears if you are using a database that has vCenter Server tables that were created by a
previous installation. The message does not appear if the database is clean.

If you leave your existing database in place, you cannot join a Linked Mode group during the
installation. You can join after the installation is complete. See “Join a Linked Mode Group After

Installation,” on page 114.

11 When prompted, provide the database user login.

Configure a SQL Server ODBC Connection

After you create a vCenter Server user, establish a connection with a SQL Server database. This connection is
required to install a vCenter Server system.

If you use SQL Server for vCenter Server, do not use the master database.

See your Microsoft SQL ODBC documentation for specific instructions regarding configuring the SQL
Server ODBC connection.

CAUTION If you are using a named instance of Microsoft SQL Server 2008 Standard Edition with vCenter
Server, do not name the instance MSSQLSERVER. If you do, the JDBC connection does not work, and
certain features, such as Performance Charts, are not available.

Prerequisites

n

Review the required database patches specified in “vCenter Server Database Configuration Notes,” on
page 30.

n

Create a database using SQL Server Management Studio on the SQL Server. See “Create a SQL Server

Database and User for vCenter Server,” on page 33

n

Set database permissions using one of the following options:

n

Option 1 (recommended): Follow the procedures in “Set Database Permissions By Manually

Creating Database Roles and the VMW Schema,” on page 34 and “Use a Script to Create a
Microsoft SQL Server Database Schema and Roles,” on page 36

n

Option 2 (alternative): Follow the procedures in “Set Database Permissions by Using the dbo

Schema and the db_owner Database Role,” on page 35 and “Use a Script to Create a vCenter Server
User by Using the dbo Schema and db_owner Database Role,” on page 35.

Procedure

1 On your vCenter Server system, select Settings > Control Panel > Administrative Tools > Data Sources

(ODBC).

2 Click the System DSN tab and do one of the following.

n

To modify an existing SQL Server ODBC connection, select the connection from the System Data
Source list and click Configure.

n

To create a new SQL Server ODBC connection, click Add, select SQL Native Client, and click
Finish.

3 Type an ODBC datastore name (DSN) in the Name text box.

For example, VMware vCenter Server.

vSphere Installation and Setup

40 VMware, Inc.

4 (Optional) Type an ODBC DSN description in the Description text box.

5 Select the server name from the Server drop-down menu.

Type the SQL Server host name in the text box if it is not in the drop-down menu.

6 Select one of the authentication methods.

n

Integrate Windows authentication. Optionally, enter the Service Principal Name (SPN).

n

SQL Server authentication. Type your SQL Server login name and password.

7 Select the database created for the vCenter Server system from the Change the default database to

menu.

8 Click Finish.

9 For SQL Server 2005 and SQL Server 2008 editions, test the data source by selecting Test Data Source

and clicking OK from the ODBC Microsoft SQL Server Setup menu.

10 Verify that the SQL Agent is running on your database server.

Configure Microsoft SQL Server TCP/IP for JDBC

If the Microsoft SQL Server database has TCP/IP disabled and the dynamic ports are not set, the JDBC
connection remains closed. The closed connection causes the vCenter Server statistics to malfunction. You
can configure the server TCP/IP for JDBC.

This task applies to remote Microsoft SQL Server database servers. You can skip this task if your database is
local.

Procedure

1 Select Start > All Programs > Microsoft SQL Server > Configuration Tool > SQL Server Configuration

Manager.

2 Select SQL Server Network Configuration > Protocols for Instance name.

3 Enable TCP/IP.

4 Open TCP/IP Properties.

5 On the Protocol tab, make the following entries.

Enabled Yes

Listen All Yes

Keep Alive 30000

6 On the IP Addresses tab, make the following selections.

Active Yes

TCP Dynamic Ports 0

7 Restart the SQL Server service from SQL Server Configuration Manager > SQL Server Services.

8 Start the SQL Server Browser service from SQL Server Configuration Manager > SQL Server Services.

What to do next

Optionally, you can enable Database Monitoring for Microsoft SQL database users. Otherwise, install
vCenter Server.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 41

(Optional) Configure a Microsoft SQL Server Database User to Enable Database
Monitoring

vCenter Server Database Monitoring captures metrics that enable the administrator to assess the status and
health of the database server. Enabling Database Monitoring helps the administrator prevent vCenter
downtime because of a lack of resources for the database server.

Database Monitoring for vCenter Server enables administrators to monitor the database server CPU,
memory, I/O, data storage, and other environment factors for stress conditions. Statistics are stored in the
vCenter Server Profile Logs.

You can enable Database Monitoring for a user before or after you install vCenter Server. You can also
perform this procedure while vCenter Server is running.

Procedure

1 Log in to a SQL Server Management Studio session as the sysadmin (SA) or to a user account with

sysadmin privileges.

2 Run the following SQL commands to grant additional permissions to vCenter Server database login:

use master
go
grant VIEW SERVER STATE to user
go

vCenter Database Monitoring is enabled.

Configure Oracle Databases

To use an Oracle database for your vCenter Server repository, configure your database to work with
vCenter Server.

Procedure

1 Configure an Oracle Database User on page 43

To use an Oracle database when you install vCenter Server, you must configure the database user.

2 Use a Script to Create a Local or Remote Oracle Database on page 44

When you use an Oracle database with vCenter Server, the database must have certain table spaces
and privileges. To simplify the process of creating the database, you can run a script. You also can
create the database manually.

3 (Optional) Use a Script to Create the Oracle Database Schema on page 44

The vCenter Server installer creates the schema during installation. For experienced database
administrators who need more control over schema creation because of environmental constraints,
you can optionally use a script to create your database schema.

4 Configure an Oracle Connection for Local Access on page 46

Configure a connection for local access if you install vCenter Server on the same system as the Oracle
database.

5 Configure an Oracle Database Connection for Remote Access on page 46

Before a vCenter Server system can access the Oracle database remotely, you must configure an Oracle
connection.

6 Connect to an Oracle Database Locally on page 47

Before a vCenter Server system can connect to an Oracle database locally, you must set up the
connection.

vSphere Installation and Setup

42 VMware, Inc.

7 (Optional) Configure an Oracle Database User to Enable Database Monitoring on page 48

vCenter Server Database Monitoring captures metrics that enable the administrator to assess the status
and health of the database server. Enabling Database Monitoring helps the administrator prevent
vCenter downtime because of a lack of resources for the database server.

Configure an Oracle Database User

To use an Oracle database when you install vCenter Server, you must configure the database user.

You can configure an Oracle database for vCenter Server either locally on the same Microsoft Windows
machine as vCenter Server or remotely on a network-connected Linux, UNIX or Microsoft Windows host.

Prerequisites

Review the software requirements for vCenter Server with Oracle.

Procedure

1 Log in to a SQL*Plus session with the system account.

2 Run the following SQL command to create a vCenter Server database user with the correct permissions.

The script is located in the vCenter Server installation package /installation directory/vCenter-

Server/dbschema/DB_and_schema_creation_scripts_oracle.txt file.

In this example, the user name is VPXADMIN.

CREATE USER "VPXADMIN" PROFILE "DEFAULT" IDENTIFIED BY "oracle" DEFAULT TABLESPACE
"VPX" ACCOUNT UNLOCK;
grant connect to VPXADMIN;
grant resource to VPXADMIN;
grant create view to VPXADMIN;
grant create sequence to VPXADMIN;
grant create table to VPXADMIN;
grant create materialized view to VPXADMIN;
grant execute on dbms_lock to VPXADMIN;
grant execute on dbms_job to VPXADMIN;
grant select on dba_tablespaces to VPXADMIN;
grant select on dba_temp_files to VPXADMIN;
grant select on dba_data_files to VPXADMIN;
grant unlimited tablespace to VPXADMIN;

By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE
SEQUENCE privileges assigned. If the RESOURCE role lacks these privileges, grant them to the

vCenter Server database user.

NOTE Instead of granting unlimited tablespace, you can set a specific tablespace quota. The
recommended quota is unlimited with a minimum of at least 500MB. To set an unlimited quota, use the
following command.

alter user "VPXADMIN" quota unlimited on "VPX";

If you set a limited quota, monitor the remaining available tablespace to avoid the following error.

ORA-01536: space quota exceeded for tablespace '<tablespace>'

3 (Optional) After you have successfully installed vCenter Server with the Oracle database, you can

revoke the following privileges.

revoke select on dba_tablespaces from VPXADMIN;
revoke select on dba_temp_files from VPXADMIN;
revoke select on dba_data_files from VPXADMIN;

Chapter 3 Before You Install vCenter Server

VMware, Inc. 43

You now have an Oracle database user that you can reference in the vCenter Server installer.

What to do next

Create the Oracle database, including all necessary table spaces and privileges.

Use a Script to Create a Local or Remote Oracle Database

When you use an Oracle database with vCenter Server, the database must have certain table spaces and
privileges. To simplify the process of creating the database, you can run a script. You also can create the
database manually.

When using the script, you can customize the location of the data and log files. The user created by this
script does not follow any security policy. The passwords are provided only for convenience. Change the
passwords as appropriate.

Procedure

1 Log in to a SQL*Plus session with the system account.

2 Run the following script.

The script is located in the vCenter Server installation package /installation directory/vCenter-

Server/dbschema/DB_and_schema_creation_scripts_oracle.txt file.

CREATE SMALLFILE TABLESPACE "VPX" DATAFILE '/u01/app/oracle/oradata/vcdb/vpx01.dbf'
SIZE 1G AUTOEXTEND ON NEXT 10M MAXSIZE UNLIMITED LOGGING EXTENT MANAGEMENT LOCAL SEGMENT
SPACE MANAGEMENT AUTO;

For a Windows installation, change the directory path to the vpx01.dbf file.

You now have an Oracle database that you can use with vCenter Server.

What to do next

You can run a script to create the database schema.

(Optional) Use a Script to Create the Oracle Database Schema

The vCenter Server installer creates the schema during installation. For experienced database administrators
who need more control over schema creation because of environmental constraints, you can optionally use a
script to create your database schema.

To have the vCenter Server installer create your schema for you, see “Configure an Oracle Connection for

Local Access,” on page 46 or “Configure an Oracle Database Connection for Remote Access,” on page 46,

depending on your environment.

Prerequisites

Create the Oracle database and user. You can create the Oracle database and user manually or by using
scripts.

Procedure

1 Open a SQL*Plus window with a user that has schema owner rights on the vCenter Server database.

2 Locate the dbschema scripts in the vCenter Server installation package /installation

directory/vCenter-Server/dbschema directory.

vSphere Installation and Setup

44 VMware, Inc.

3 In SQL*Plus, run the scripts in sequence on the database.

path is the directory path to the /installation directory/vCenter-Server/dbschema folder.

@path/VCDB_oracle.SQL
@path/load_stats_proc_oracle.sql
@path/purge_stat2_proc_oracle.sql
@path/purge_stat3_proc_oracle.sql
@path/purge_usage_stats_proc_oracle.sql
@path/stats_rollup1_proc_oracle.sql
@path/stats_rollup2_proc_oracle.sql
@path/stats_rollup3_proc_oracle.sql
@path/cleanup_events_oracle.sql
@path/delete_stats_proc_oracle.sql
@path/load_usage_stats_proc_oracle.sql
@path/TopN_DB_oracle.sql
@path/calc_topn1_proc_oracle.sql
@path/calc_topn2_proc_oracle.sql
@path/calc_topn3_proc_oracle.sql
@path/calc_topn4_proc_oracle.sql
@path/clear_topn1_proc_oracle.sql
@path/clear_topn2_proc_oracle.sql
@path/clear_topn3_proc_oracle.sql
@path/clear_topn4_proc_oracle.sql
@path/rule_topn1_proc_oracle.sql
@path/rule_topn2_proc_oracle.sql
@path/rule_topn3_proc_oracle.sql
@path/rule_topn4_proc_oracle.sql
@path/process_license_snapshot_oracle.sql
@path/l_stats_rollup3_proc_oracle.sql
@path/l_purge_stat2_proc_oracle.sql
@path/l_purge_stat3_proc_oracle.sql
@path/l_stats_rollup1_proc_oracle.sql
@path/l_stats_rollup2_proc_oracle.sql
@path/process_temptable0_proc_oracle.sql
@path/process_temptable1_proc_oracle.sql
@path/process_temptable2_proc_oracle.sql

4 (Optional) You can also run the following scripts to enable database health monitoring.

job_dbm_performance_data_oracle.sql
process_performance_data_oracle.sql

5 For all supported editions of Oracle Server, run these scripts to set up scheduled jobs on the database.

@path/job_schedule1_oracle.sql
@path/job_schedule2_oracle.sql
@path/job_schedule3_oracle.sql
@path/job_cleanup_events_oracle.sql
@path/job_topn_past_day_oracle.sql
@path/job_topn_past_week_oracle.sql
@path/job_topn_past_month_oracle.sql
@path/job_topn_past_year_oracle.sql
@path/job_property_bulletin_oracle.sql

You now have a database schema that is compatible with vCenter Server.

6 On the machine that you are installing vCenter Server on, create a DSN that points to the database

server that has the schema.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 45

7 Run the vCenter Server installer.

8 If a database reinitialization warning message appears in the vCenter Server installer, select Do not

overwrite, leave my existing database in place and continue the installation.

This message appears if you are using a database that has vCenter Server tables that were created by a
previous installation. The message does not appear if the database is clean.

If you leave your existing database in place, you cannot join a Linked Mode group during the
installation. You can join after the installation is complete. See “Join a Linked Mode Group After

Installation,” on page 114.

9 When prompted, provide the database user login.

The Oracle dadtabase schema is created.

Configure an Oracle Connection for Local Access

Configure a connection for local access if you install vCenter Server on the same system as the Oracle
database.

Prerequisites

Review the required database patches specified in “vCenter Server Database Configuration Notes,” on
page 30. If you do not prepare your database correctly, the vCenter Server installer displays error and
warning messages.

Procedure

1 Download Oracle 10g or Oracle 11g from the Oracle Web site.

2 Install Oracle 10g or Oracle 11g, and create a database.

3 Configure the TNS Service Name option in the ODBC DSN.

The TNS Service Name is the net service name for the database to which you want to connect. You can
find the net service name in the tnsnames.ora file located in the NETWORK\ADMIN folder in the Oracle
database installation location.

The database is configured for local access.

Configure an Oracle Database Connection for Remote Access

Before a vCenter Server system can access the Oracle database remotely, you must configure an Oracle
connection.

Prerequisites

Review the required database patches specified in “vCenter Server Database Configuration Notes,” on
page 30. If you do not prepare your database correctly, the vCenter Server installer displays error and
warning messages.

Procedure

1 Install the Oracle client on the vCenter Server system machine.

2 Download and install the ODBC driver.

3 Create a new tablespace for a vCenter Server system using a SQL statement such as the following

statement.

CREATE TABLESPACE "VPX" DATAFILE 'C:\Oracle\ORADATA\VPX\VPX.dat' SIZE 1000M AUTOEXTEND ON
NEXT 500K;

vSphere Installation and Setup

46 VMware, Inc.

4 Create a user, such as vpxAdmin, for accessing the tablespace through ODBC.

CREATE USER vpxAdmin IDENTIFIED BY vpxadmin DEFAULT TABLESPACE vpx;

5 Grant permissions to the user, in one of the following ways.

n

Grant dba permission to the user.

n

Grant the following permissions to the user.

grant connect to user
grant resource to user
grant create view to user
grant create sequence to user
grant create table to user
grant create materialized view to user
grant execute on dbms_lock to user
grant execute on dbms_job to user
grant unlimited tablespace to user # To ensure space is sufficient

By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE
SEQUENCE privileges assigned. If the RESOURCE role lacks these privileges, grant them to the

vCenter Server database user.

6 Use a text editor or the Net8 Configuration Assistant to edit the tnsnames.ora file located in the

directory C:\Oracle\Oraxx\NETWORK\ADMIN, where xx is either 10g or 11g.

Add the following entry, where HOST is the managed host to which the client must connect.

VPX =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS=(PROTOCOL=TCP)(HOST=vpxd-Oracle)(PORT=1521))
)
(CONNECT_DATA =
(SERVICE_NAME = VPX)
)
)

7 Configure the TNS Service Name option in the ODBC DSN.

The TNS Service Name is the net service name for the database to which you want to connect, in this
case, VPX. You can find the net service name in the tnsnames.ora file.

Connect to an Oracle Database Locally

Before a vCenter Server system can connect to an Oracle database locally, you must set up the connection.

Procedure

1 Create a new tablespace for a vCenter Server system using a SQL statement such as the following

statement.

CREATE TABLESPACE "VPX" DATAFILE 'C:\Oracle\ORADATA\VPX\VPX.dat' SIZE 1000M AUTOEXTEND ON
NEXT 500K;

2 Create a user, such as vpxAdmin, for accessing the tablespace through ODBC.

CREATE USER vpxAdmin IDENTIFIED BY vpxadmin DEFAULT TABLESPACE vpx;

Chapter 3 Before You Install vCenter Server

VMware, Inc. 47

3 Grant permissions to the user, in one of the following ways.

n

Grant dba permission to the user.

n

Grant the following permissions to the user.

grant connect to user
grant resource to user
grant create view to user
grant create sequence to user
grant create table to user
grant create materialized view to user
grant execute on dbms_lock to user
grant execute on dbms_job to user
grant unlimited tablespace to user # To ensure space is sufficient

By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE
SEQUENCE privileges assigned. If the RESOURCE role lacks these privileges, grant them to the

vCenter Server database user.

4 Create an ODBC connection to the database.

The following code shows example settings.

Data Source Name: VMware vCenter Server TNS Service Name: VPX User Id: vpxAdmin

You now have a database that you can connect to locally.

What to do next

Optionally, you can enable Database Monitoring for Oracle database users. Otherwise, install vCenter
Server.

(Optional) Configure an Oracle Database User to Enable Database Monitoring

vCenter Server Database Monitoring captures metrics that enable the administrator to assess the status and
health of the database server. Enabling Database Monitoring helps the administrator prevent vCenter
downtime because of a lack of resources for the database server.

Database Monitoring for vCenter Server enables administrators to monitor the database server CPU,
memory, I/O, data storage, and other environment factors for stress conditions. Statistics are stored in the
vCenter Server Profile Logs.

Enable Database Monitoring for a user before or after you install vCenter Server. You can perform this
procedure while vCenter Server is running.

Procedure

1 Log in to a SQL*Plus session with the system account.

2 Run the following SQL commands to grant additional permissions to the vCenter Server database user:

grant select on v_$system_event to user;
grant select on v_$sysmetric_history to user;
grant select on v_$sysstat to user;
grant select on dba_data_files to user;
grant select on v_$loghist to user;

vCenter Database Monitoring is enabled.

vSphere Installation and Setup

48 VMware, Inc.

Prerequisites for Installing vCenter Single Sign-On, Inventory Service,
and vCenter Server

Before installing vCenter Single Sign-On, Inventory Service, and vCenter Server, review the prerequisites.

Prerequisites for Understanding and Preparing for the Installation Process

n

vCenter Server versions 5.1 and later require vCenter Single Sign-On and Inventory Service. You must
install these components in this order: vCenter Single Sign-On, the vSphere Web Client, Inventory
Service, and vCenter Server. Review the topics in the section “How vCenter Single Sign-On Affects

vCenter Server Installation,” on page 51

n

Review the release notes for known issues or special installation notes.

n

Gather the information that the vCenter Single Sign-On, Inventory Service , and vCenter Server
installation wizards require. See “Required Information for Installing or Upgrading vCenter Single

Sign-On, Inventory Service, vCenter Server, and the vSphere Web Client,” on page 63.

n

Decide whether the vCenter Server instance will be a standalone instance or in a Linked Mode group.
See “Creating vCenter Server Linked Mode Groups,” on page 111.

n

Download the vCenter Server installer from the VMware Web site.

System Prerequisites

n

Verify that your system meets the requirements listed in “Hardware Requirements for vCenter Server,

the vSphere Web Client, vCenter Inventory Service, and vCenter Single Sign-On,” on page 17 and
“vCenter Server Software Requirements,” on page 22, and that the required ports are open, as discussed

in “Required Ports for vCenter Server,” on page 23.

n

Before you install or upgrade any vSphere product, synchronize the clocks of all machines on the
vSphere network. See “Synchronizing Clocks on the vSphere Network,” on page 59.

n

Verify that the DNS name of the vCenter Server host machine matches the actual computer name.

n

Verify that the host name of the machine that you are installing vCenter Server on complies with RFC
952 guidelines.

n

The installation path of vCenter Server must be compatible with the installation requirements for
Microsoft Active Directory Application Mode (ADAM/AD LDS). The installation path cannot contain
any of the following characters: non-ASCII characters, commas (,), periods (.), exclamation points (!),
pound signs (#), at signs (@), or percentage signs (%).

n

Verify that the system on which you are installing vCenter Server is not an Active Directory domain
controller.

n

On each system that is running vCenter Server, verify that the domain user account has the following
permissions:

n

Member of the Administrators group

n

Act as part of the operating system

n

Log on as a service

n

vCenter Server requires the Microsoft .NET 3.5 SP1 Framework. If your system does not have it
installed, the vCenter Server installer installs it. The .NET 3.5 SP1 installation might require Internet
connectivity to download more files.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 49

n

If the system that you use for your vCenter Server installation belongs to a workgroup rather than a
domain, not all functionality is available to vCenter Server. If assigned to a workgroup, the vCenter
Server system is not able to discover all domains and systems available on the network when using
some features. Your machine must be connected to a domain if you want to add Active Directory
identity sources after the installation. To determine whether the system belongs to a workgroup or a
domain, right-click My Computer. Click Properties and click the Computer Name tab. The Computer
Name tab displays either a Workgroup label or a Domain label.

n

Verify that the NETWORK SERVICE account has read permission on the folder in which vCenter
Server is installed and on the HKLM registry.

n

During the installation, verify that the connection between the machine and the domain controller is
working.

n

Before the vCenter Server installation, in the Administrative Tools control panel of the vCenter Single
Sign-On instance that you will register vCenter Server to, verify that the following services are started:
VMware Certificate Service, VMware Directory service , VMware Identity Manager Service, VMware
KDC service, and tcruntime-C-ProgramData-VMware-cis-runtime-VMwareSTSService.

n

You must log in as a member of the Administrators group on the host machine, with a user name that
does not contain any non-ASCII characters.

Network Prerequisites

n

Verify that the fully qualified domain name (FQDN) of the system where you will install vCenter
Server is resolvable. To check that the FQDN is resolvable, type nslookup your_vCenter_Server_fqdn at
a command line prompt. If the FQDN is resolvable, the nslookup command returns the IP and name of
the domain controller machine.

n

Verify that DNS reverse lookup returns a fully qualified domain name when queried with the IP
address of the vCenter Server. When you install vCenter Server, the installation of the web server
component that supports the vSphere Web Client fails if the installer cannot look up the fully qualified
domain name of the vCenter Server from its IP address. Reverse lookup is implemented using PTR
records. To create a PTR record, see the documentation for your vCenter Server host operating system.

n

Verify that no Network Address Translation (NAT) exists between the vCenter Server system and the
hosts it will manage.

n

Install vCenter Server, like any other network server, on a machine with a fixed IP address and well
known DNS name, so that clients can reliably access the service. Assign a static IP address and host
name to the Windows server that will host the vCenter Server system. This IP address must have a
valid (internal) domain name system (DNS) registration. Ensure that the ESXi host management
interface has a valid DNS resolution from the vCenter Server and all vSphere Web Clients. Ensure that
the vCenter Server has a valid DNS resolution from all ESXi hosts and all vSphere Web Clients. If you
use DHCP instead of a static IP address for vCenter Server, make sure that the vCenter Server computer
name is updated in the domain name service (DNS). Ping the computer name to test this connection.
For example, if the computer name is host-1.company.com, run the following command in the Windows
command prompt:

ping host-1.company.com

If you can ping the computer name, the name is updated in DNS.

n

If you will use Active Directory as an identity source, verify that it is set up correctly. The DNS of the
vCenter Single Sign-On Server host machine must contain both lookup and reverse lookup entries for
the domain controller of the Active Directory. For example, pinging mycompany.com should return the
domain controller IP address for mycompany. Similarly, the ping -a command for that IP address
should return the domain controller hostname. Avoid trying to correct name resolution issues by
editing the hosts file. Instead, make sure that the DNS server is correctly set up. For more information
about configuring Active Directory, see the Microsoft Web site.

vSphere Installation and Setup

50 VMware, Inc.

Database Prerequisites

n

Verify that your vCenter Server database meets the database requirements. See “vCenter Server

Database Configuration Notes,” on page 30 and “Preparing vCenter Server Databases,” on page 30.

n

Create a vCenter Server database, unless you plan to install the bundled database.

How vCenter Single Sign-On Affects vCenter Server Installation

Starting with version 5.1, vSphere includes a vCenter Single Sign-On component as part of the
vCenter Server management infrastructure. This change affects vCenter Server installation.

Authentication by vCenter Single Sign-On makes the VMware cloud infrastructure platform more secure by
allowing the vSphere software components to communicate with each other through a secure token
exchange mechanism.

For information about configuring vCenter Single Sign-On, see vSphere Security. For more information about
vCenter Single Sign-On deployment modes, see “vCenter Single Sign-On Deployment Modes,” on
page 52.

For the first installation of vCenter Server, you must install all components. In subsequent installations in
the same environment, or if you add services, you do not have to install vCenter Single Sign-On. One
vCenter Single Sign-On server can serve your entire vSphere environment. After you install vCenter Single
Sign-On once, you can connect all new vCenter Server instances to the same vCenter Single Sign-On service.
You must install an Inventory Service instance for each vCenter Server instance.

Simple Install

The Simple Install option installs vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory
Service, and vCenter Server on the same host or virtual machine. Simple Install is appropriate for most
deployments.

Custom Install

If you want to customize the location and setup of each component, you can install the components
separately by performing a custom install and selecting the individual installation options, in the following
order:

1 vCenter Single Sign-On

2 vSphere Web Client

3 vCenter Inventory Service

4 vCenter Server

You can install each component on a different host or virtual machine.

If you decide on installing multiple vCenter Server systems, you can point to the same vCenter Single Sign­On service for each vCenter Server.

Installing in Multiple Locations

Unlike vCenter Single Sign-On version 5.1, vCenter Single Sign-On 5.5 synchronizes authentication data
across locations.

If you install vCenter Server systems in multiple locations, you can install a vCenter Single Sign-On server
in each location. When you install the second and subsequent instances of vCenter Single Sign-On, you can
point it to the first vCenter Single Sign-On instance during installation. The two instances synchronize their
VMware Directory Service instances. Changes to one instance are propagated to the other instance.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 51

Figure 3‑1. Installing vCenter Single Sign-On in Multiple Locations

vCenter

Server

1

vCenter

Single

Sign-On

1

vCenter

Server

2

vCenter

Single

Sign-On

2

VMware

Directory

Service

vSphere.local

Solutions users

Active Directory

VMware

Directory

Service

vCenter Single Sign-On Deployment Modes

vCenter Server provides several ways to deploy vCenter Single Sign-On to best serve your vSphere
environment

You can deploy vCenter Single Sign-On in one of three modes.

To choose the right mode for your environment, consider the way you use vCenter Server.

Table 3‑2. Choosing a vCenter Single Sign-On Deployment Mode

vCenter Server Deployment Single Sign-On Deployment Mode

Single vCenter Server Basic vCenter Single Sign-On

Multiple local vCenter Servers Basic vCenter Single Sign-On

Multiple remote vCenter Servers Basic vCenter Single Sign-On

Multiple vCenter Servers in Linked Mode Multisite vCenter Single Sign-On

vCenter Servers with high availability Basic vCenter Single Sign-On with VMware vSphere HA

(provides high availability for vCenter Server and vCenter
Single Sign-On )

Basic vCenter Single Sign-On with vCenter Server
Heartbeat (provides high availability for vCenter Server
and vCenter Single Sign-On )

See “vCenter Single Sign-On and High Availability,” on
page 54.

Basic

Basic vCenter Single Sign-On is the most common deployment mode, and
meets the requirements of most vSphere 5.1 and 5.5 users. Typically, this
deployment mode maintains the same architecture as previous vCenter
Server environments. In most cases, you can use vCenter Simple Install to
deploy vCenter Server with vCenter Single Sign-On in basic mode.

vSphere Installation and Setup

52 VMware, Inc.

In Basic deployment mode, a single standalone instance of the vCenter Single
Sign-On server supports the connectivity of Active Directory, OpenLDAP,
Local Operating System, and vCenter Single Sign-On embedded users and
groups. In most cases, the vCenter Single Sign-On instance is installed on the
same host machine as vCenter Server, as with the vCenter Server Simple
Install option, or the vCenter Server Appliance.

The Basic vCenter Single Sign-On deployment is appropriate in the following
circumstances:

n

If you have a single vCenter Server of any supported inventory size: up
to 1,000 hosts or 10,000 virtual machines.

n

If you have multiple geographically dispersed locations, each with a
local vCenter Server and you do not require a single-pane-of-glass view
as provided by vCenter Linked Mode.

Multiple Single Sign-On
instances in the same
location

For this deployment mode, you install a vCenter Single Sign-On primary
instance and one or more additional vCenter Single Sign-On nodes. Both the
primary and high availability instances are placed behind a third-party
network load balancer (for example, Apache HTTPD or vCNS). Each vCenter
Single Sign-On has its own VMware Directory Service that replicates
information with other vCenter Single Sign-On servers. vCenter Single Sign­On administrator users, when connected to vCenter Server through the
vSphere Web Client, will see the primary vCenter Single Sign-On instance.

This deployment mode has the following limitations:

n

It provides provides failover only for the vCenter Single Sign-On
service. It does not provide failover for the vCenter Single Sign-On host
machine and it does not load balance requests between vCenter Single
Sign-On nodes.

n

It supports the connectivity of Active Directory, OpenLDAP and
vCenter Single Sign-On embedded users and groups, but does not
support the use of local operating system user accounts.

See “vCenter Single Sign-On and High Availability,” on page 54 for high
availability options.

Multiple Single Sign-On
instances in different
locations

This mode is designed for vCenter Server deployments with multiple
physical locations. Multisite deployment is required when a single
administrator needs to administer vCenter Server instances that are
deployed on geographically dispersed sites in Linked Mode.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 53

Each site is represented by one vCenter Single Sign-On instance, with one
vCenter Single Sign-On server, or a high-availability cluster. The vCenter
Single Sign-On site entry point is the machine that other sites communicate
with. This is the only machine that needs to be visible from the other sites. In
a clustered deployment, the entry point of the site is the machine where the
load balancer is installed.

NOTE This deployment mode is required if you have geographically

dispersed vCenter Servers in Linked Mode. You might also consider this
mode in the following cases:

n

If multiple vCenter Servers require the ability to communicate with each
other.

n

If you require one vCenter Single Sign-On server security domain for
your organization.

This deployment mode has the following limitations:

n

It supports the connectivity of Active Directory, OpenLDAP and
vCenter Single Sign-On embedded users and groups, but does not
support the use of local operating system user accounts.

n

Secondary vCenter Single Sign-On instances must belong to the same
Active Directory or OpenLDAP domain as the primary vCenter Single
Sign-On server and must have a local domain controller available.

You can install the vCenter Single Sign-On nodes in this deployment in any
order. Any node that is installed after the first node can point to any node
that is already installed. For example, the third node can point to either the
first or second node.

vCenter Single Sign-On and High Availability

vSphere provides several ways to ensure availability of your vSphere deployment with vCenter Single Sign­On.

vCenter Single Sign-On is merely an authentication component for vCenter Server. Single Sign-On
protection does not provide any benefit without vCenter Server protection. Protecting one without the other
does not provide an effective availability solution. The solution you choose to protect vCenter Server will
provide the same protection for vCenter Single Sign-On without the additional complexity caused by
including third-party technologies.

vSphere Installation and Setup

54 VMware, Inc.

Options for Protecting vCenter Single Sign-On and vCenter Server

The following options vary in the level of protection afforded, and in the recovery time required.

Backup and restore

Backup and restore should be an essential part of any availability solution,
providing a granular recovery method, by tape, disk, or snapshot. However,
the recovery time is typically measured in hours or days and requires
manual intervention. Any backup solution must be independent of vCenter
Server. Solutions like VMware Data Protection require an operational
vCenter Server with a functioning vCenter Single Sign-On server to restore a
virtual machine.

vSphere HA

vSphere HA is an industry standard for maintaining uptime of virtual
machines and for detection of ESXi host failure. Also, with vSphere HA, a
failed response to a configured VMware Tools heartbeat automatically
reboots the virtual machine onto another operational host within the vSphere
cluster. This detection usually occurs within seconds. A virtual machine can
be fully rebooted within minutes, providing redundancy for vSphere host
failures and virtual machine operating system crashes. vSphere HA does not
have any knowledge of the application running inside the virtual machine.

vCenter Server
Heartbeat

This separately licensed vCenter Server plug-in provides vCenter Server
protection (physical or virtual) and can protect against failure of hosts.
vCenter Server Heartbeat also adds application-level monitoring and
intelligence of all vCenter Server components. vCenter Server Heartbeat is
installed directly onto the vCenter Server or vCenter Server component, and
replicates changes to a cloned virtual machine. The cloned virtual machine
can take over when a failure event is triggered. The recovery can be
accomplished by restarting the component, by restarting the entire
application, or by the entire failover of the component or application to one
or more paired virtual machines. Recovery time is measured in minutes.

vCenter Single Sign-On Deployment Modes and High Availability

To determine the best deployment mode for vCenter Single Sign-On availability, consider the environment
that vCenter Single Sign-On will serve.

Single vCenter Server
with local vCenter
Single Sign-On in Basic
deployment mode

In the simplest deployment of vCenter Single Sign-On for high availability,
you install vCenter Single Sign-On in Basic deployment mode, local to
vCenter Server, and then add the availability solution. If the single machine
that hosts vCenter Server and vCenter Single Sign-On is virtual, you can
place it in a vSphere HA-enabled cluster and protect it with no further
configuration. If you require protection at the application level, you can use
vCenter Server Heartbeat. If vCenter Server and vCenter Single Sign-On are
hosted on a physical server, vCenter Server Heartbeat is the only solution for
availability.

Multiple vCenter
Servers in a single
location

In this environment, a dedicated, standalone vCenter Single Sign-On
instance serves multiple vCenter Server instances in one physical location. If
vCenter Single Sign-On is hosted on a virtual machine, you can place the
standalone vCenter Single Sign-On server in a vSphere HA-enabled cluster
and protect vCenter Single Sign-On with no further configuration. If you
require application-level protection, you can use vCenter Server Heartbeat.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 55

vCenter Server Heartbeat is the only solution for availability if vCenter
Single Sign-On is on a physical server. With either vSphere HA or vCenter
Server Heartbeat, this deployment provides complete protection of the
centralized vCenter Single Sign-On environment.

Geographically
dispersed vCenter
Servers

If your vSphere deployment includes vCenter Servers in different locations,
it is not advisable to use a remote centralized vCenter Single Sign-On
environment for vCenter Server authentication. Instead, you can provide one
or more vCenter Single Sign-On instances at each location. Depending on the
deployment of vCenter Servers at each location, you can use one of the same
availability strategies described above in the options "Single vCenter Server
with local vCenter Single Sign-On in Basic deployment mode" and "Multiple
vCenter Servers in a single location with one vCenter Single Sign-On server."

vCenter Single Sign-On Components

vCenter Single Sign-On includes the Security Token Service (STS), an administration server, and vCenter
Lookup Service, as well as the VMware Directory Service (vmdir).

The components are deployed as part of installation.

STS (Security Token
Service)

STS certificates enable a user who has logged on through vCenter Single
Sign-On to use any vCenter service that vCenter Single Sign-On supports
without authenticating to each one. The STS service issues Security Assertion
Markup Language (SAML) tokens. These security tokens represent the
identity of a user in one of the identity source types supported by vCenter
Single Sign-On.

Administration server

The administration server allows users with administrator privileges to
vCenter Single Sign-On to configure the vCenter Single Sign-On server and
manage users and groups from the vSphere Web Client. Initially, only the
user administrator@vsphere.local has these privileges.

vCenter Lookup Service

vCenter Lookup Service contains topology information about the vSphere
infrastructure, enabling vSphere components to connect to each other
securely. Unless you are using Simple Install, you are prompted for the
Lookup Service URL when you install other vSphere components. For
example, the Inventory Service and the vCenter Server installers ask for the
Lookup Service URL and then contact the Lookup Service to find vCenter
Single Sign-On. After installation, the Inventory Service and vCenter Server
system are registered in vCenter Lookup Service so other vSphere
components, like the vSphere Web Client, can find them.

VMware Directory
Service

Directory service associated with the vsphere.local domain. This service is a
multi-tenanted, multi-mastered directory service that makes an LDAP
directory available on port 11711. In multisite mode, an update of VMware
Directory Service content in one VMware Directory Service instance results
in the automatic update of the VMware Directory Service instances
associated with all other vCenter Single Sign-On nodes.

Setting the vCenter Server Administrator User

The way you set the vCenter Server administrator user depends on your vCenter Single Sign On
deployment.

In vSphere versions before vSphere 5.1, vCenter Server administrators are the users that belong to the local
operating system administrators group.

vSphere Installation and Setup

56 VMware, Inc.

In vSphere 5.1.x and 5.5, when you install vCenter Server, you must provide the default (initial)
vCenter Server administrator user or group. For deployments where vCenter Server and vCenter Single
Sign-On are on the same host machine, you can designate the local operating system group Administrators
as vCenter Server administrative users. This option is the default. This behavior is unchanged from
vCenter Server 5.0.

For larger installations, where vCenter Single Sign-On and vCenter Server are deployed on different hosts,
you cannot preserve the same behavior as in vCenter Server 5.0. Instead, assign the vCenter Server
administrator role to a user or group from an identity source that is registered in the vCenter Single Sign-On
server: Active Directory, OpenLDAP, or the system identity source.

Authenticating to the vCenter Server Environment

In vCenter Server versions 5.1 and later, users authenticate through vCenter Single Sign-On.

In vCenter Server versions earlier than vCenter Server 5.1, when a user connects to vCenter Server, vCenter
Server authenticates the user by validating the user against an Active Directory domain or the list of local
operating system users.

The user administrator@vsphere.local has vCenter Single Sign-On administrator privileges by default. When
logged in to the vCenter Single Sign-On server from the vSphere Web Client, the
administrator@vsphere.local user can assign vCenter Single Sign-On administrator privileges to other users.
These users might be different from the users that administer vCenter Server.

Users can log in to vCenter Server with the vSphere Web Client. Users authenticate to vCenter Single Sign­On. Users can view all the vCenter Server instances that the user has permissions on. After users connect to
vCenter Server, no further authentication is required. The actions users can perform on objects depend on
the user's vCenter Server permissions on those objects.

For more information about vCenter Single Sign-On, see vSphere Security.

How vCenter Single Sign-On Affects Log In Behavior

vCenter Single Sign-On log in behavior depends on the domain the user belongs to and the identity sources
that you have added to vCenter Single Sign-On.

When a user logs in to a vCenter Server system from the vSphere Web Client, the login behavior depends on
whether the user is in the default domain.

n

Users who are in the default domain can log in with their user name and password.

n

Users who are in a domain that has been added to vCenter Single Sign-On as an identity source but is
not the default domain can log in to vCenter Server but must specify the domain in one of the following
ways.

n

Including a domain name prefix, for example, MYDOMAIN\user1

n

Including the domain, for example, user1@mydomain.com

n

Users who are in a domain that is not a vCenter Single Sign-On identity source cannot log in to
vCenter Server. If the domain that you add to vCenter Single Sign-On is part of a domain hierarchy,
Active Directory determines whether users of other domains in the hierarchy are authenticated or not.

After installation on a Windows system, the user administrator@vsphere.local has administrator privileges
to both the vCenter Single Sign-On server and to the vCenter Server system.

After you deploy the vCenter Virtual Appliance, the user administrator@vsphere.local has administrator
privileges to both the vCenter Single Sign-On server and to the vCenter Server system. The user
root@localos has administrative privileges on the vCenter Single Sign-On server and can authenticate to the
vCenter Server system. Assign permissions to root@localos to allow that user access to the vCenter Server
system.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 57

Identity Sources for vCenter Server with vCenter Single Sign-On

Identity sources allow you to attach one or more domains to vCenter Single Sign-On. A domain is a
repository for users and groups that the vCenter Single Sign-On server can use for user authentication.

An identity source is a collection of user and group data. The user and group data is stored in Active
Directory, OpenLDAP, or locally to the operating system of the machine where vCenter Single Sign-On is
installed. Upon installation, every instance of vCenter Single Sign-On has the Local OS identity source
identity source vpshere.local. This identity source is internal to vCenter Single Sign-On.

A vCenter Single Sign-On administrator user can create vCenter Single Sign-On users and groups.

Types of Identity Sources

vCenter Server versions earlier than version 5.1 supported Active Directory and local operating system
users as user repositories. As a result, local operating system users could always authenticate to the
vCenter Server system. vCenter Server version 5.1 and version 5.5 uses vCenter Single Sign-On for
authentication. See the vSphere 5.1 documentation for a list of supported identity sources with vCenter
Single Sign-On 5.1. vCenter Single Sign-On 5.5 supports the following types of user repositories as identity
sources, but supports only one default identity source.

n

Active Directory versions 2003 and later. vCenter Single Sign-On allows you to specify a single Active
Directory domain as an identity source. The domain can have child domains or be a forest root domain.
Shown as Active Directory (Integrated Windows Authentication) in the vSphere Web Client.

n

Active Directory over LDAP. vCenter Single Sign-On supports multiple Active Directory over LDAP
identity sources. This identity source type is included for compatibility with the vCenter Single Sign-On
service included with vSphere 5.1. Shown as Active Directory as an LDAP Server in the vSphere Web
Client.

n

OpenLDAP versions 2.4 and later. vCenter Single Sign-On supports multiple OpenLDAP identity
sources. Shown as OpenLDAP in the vSphere Web Client.

n

Local operating system users. Local operating system users are local to the operating system where the
vCenter Single Sign-On server is running. The local operating system identity source exists only in basic
vCenter Single Sign-On server deployments and is not available in deployments with multiple vCenter
Single Sign-On instances. Only one local operating system identity source is allowed. Shown as localos
in the vSphere Web Client.

n

vCenter Single Sign-On system users. Exactly one system identity source named vsphere.local is created
when you install vCenter Single Sign-On. Shown as vsphere.local in the vSphere Web Client.

NOTE At any time, only one default domain exists. If a user from a non-default domain logs in, that user
must add the domain name (DOMAIN\user) to authenticate successfully.

vCenter Single Sign-On identity sources are managed by vCenter Single Sign-On administrator users.

You can add identity sources to a vCenter Single Sign-On server instance. Remote identity sources are
limited to Active Directory and OpenLDAP server implementations.

For more information about vCenter Single Sign-On, see vSphere Security.

Login Behavior

When a user logs in to a vCenter Server system from the vSphere Web Client, the login behavior depends on
whether the user is in the default domain.

n

Users who are in the default domain can log in with their user name and password.

vSphere Installation and Setup

58 VMware, Inc.

n

Users who are in a domain that has been added to vCenter Single Sign-On as an identity source but is
not the default domain can log in to vCenter Server but must specify the domain in one of the following
ways.

n

Including a domain name prefix, for example, MYDOMAIN\user1

n

Including the domain, for example, user1@mydomain.com

n

Users who are in a domain that is not a vCenter Single Sign-On identity source cannot log in to
vCenter Server. If the domain that you add to vCenter Single Sign-On is part of a domain hierarchy,
Active Directory determines whether users of other domains in the hierarchy are authenticated or not.

vCenter Single Sign-On does not propagate permissions that result from nested groups from dissimilar
identity sources. For example, if you add the Domain Administrators group to the Local Administrators
group, the permissions is not propagated because Local OS and Active Directory are separate identity
sources.

Synchronizing Clocks on the vSphere Network

Before you install vCenter Single Sign-On, install the vSphere Web Client, or deploy the vCenter Server
Appliance, make sure that all machines on the vSphere network have their clocks synchronized.

If the clocks on vCenter Server network machines are not synchronized, SSL certificates, which are time­sensitive, might not be recognized as valid in communications between network machines. Unsynchronized
clocks can result in authentication problems, which can cause the vSphere Web Client installation to fail or
prevent the vCenter Server Appliance vpxd service from starting.

Synchronize ESX and ESXi Clocks with a Network Time Server

Before you install vCenter Single Sign-On, the vSphere Web Client, or the vCenter Server appliance, make
sure all machines on the vSphere network have their clocks synchronized.

Procedure

1 From the vSphere Web Client, connect to the vCenter Server.

2 Select the host in the inventory.

3 Select the Manage tab.

4 Select Settings.

5 In the System section, select Time Configuration.

6 Click Edit and set up the NTP server.

a Select Use Network Time Protocol (Enable NTP client).

b Set the NTP Service Startup Policy.

c Enter the IP addresses of the NTP servers to synchronize with.

d Click Start or Restart in the NTP Service Status section.

7 Click OK.

The host synchronizes with the NTP server.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 59

Synchronize the vCenter Server Appliance Clock with an NTP Server

Before you deploy thevCenter Server Appliance, make sure all machines on the network have their clocks
synchronized. Unsynchronized clocks can cause installation and authentication errors.

On systems that are joined to a Windows domain, the vCenter Server Appliance clock is synchronized
automatically with the domain controller. On other systems, you can enable synchronizing the clock
through VMware Tools. As an alternative, you can use this procedure.

Procedure

1 Open a Web browser and navigate to thevCenter Server Appliance Management Interface

(https://vCenter-Appliance-Address:5480/).

2 Log in as root.

3 From the vCenter Server tab, select the Time subtab.

4 Select one or more of the available options.

Option Description

No synchronization

Does not perform synchronization.

NTP synchronization

Select this option and specify one or more NTP servers to configure the
appliance to synchronize with an NTP server directly.

VMware Tools synchronization

Select this option to synchronize all virtual machines.

Active Directory synchronization

This option becomes available only if you add the appliance to an Active
Directory domain. If you select this option, none of the other options is
available.

5 Click Save Settings.

The vCenter Server Appliance clock is synchronized with the NTP server.

Configure a Windows NTP Client for Network Clock Synchronization

The clocks of all servers on the vSphere network must be synchronized. You can configure a Windows NTP
client as a source for clock synchronization on Windows servers.

Use the registry editor on the Windows server to make the configuration changes.

Procedure

1 Enable NTP mode.

a Go to the registry setting

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

b Set the Type value to NTP.

2 Enable the NTP client.

a Go to the registry setting

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

b Set the AnnounceFlags value to 5.

vSphere Installation and Setup

60 VMware, Inc.

3 Enter the upstream NTP servers to synchronize from.

a Go to the registry setting

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders.

b Set the NtpServer value to a list of at least three NTP servers.

For example, you might set the value to 0x1 1.pool.ntp.org,0x1 2.pool.ntp.org,0x1 3.pool.ntp.org.

4 Specify a 150-minute update interval.

a Go to the registry setting

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\Nt
pClient,

b Set the SpecialPollInterval value to 900.

5 Restart the W32time service for the changes to take effect.

Download the vCenter Server Installer

Download the installer for vCenter Server, the vSphere Web Client, and associated vCenter components and
support tools.

Procedure

1 Download the vCenter Server installer from the VMware downloads page at

http://www.vmware.com/support/.

2 Confirm that the md5sum is correct.

See the VMware Web site topic Using MD5 Checksums at

http://www.vmware.com/download/md5.html.

Using a User Account for Running vCenter Server

You can use the Microsoft Windows built-in system account or a user account to run vCenter Server. With a
user account, you can enable Windows authentication for SQL Server, and it provides more security.

The user account must be an administrator on the local machine. In the installation wizard, you specify the
account name as DomainName\Username. You must configure the SQL Server database to allow the domain
account access to SQL Server.

The Microsoft Windows built-in system account has more permissions and rights on the server than the
vCenter Server system needs, which can contribute to security problems.

For SQL Server DSNs configured with Windows authentication, use the same user account for the VMware
VirtualCenter Management Webservices service and the DSN user.

If you do not plan to use Microsoft Windows authentication for SQL Server or you are using an Oracle
database, you might still want to set up a local user account for the vCenter Server system. The only
requirement is that the user account is an administrator on the local machine.

Installing vCenter Server on IPv6 Machines

vCenter Server 5.1 supports connection between vCenter Server and vCenter Server components by IP
address only if the IP address is IPV4-compliant. To connect to vCenter Server system in an IPv6
environment you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.

The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 61

JDBC URL Formats for the vCenter Server Database

The vCenter Server installer generates and validates the JDBC URL for the vCenter Server database. If the
installer fails to connect to the database using the generated JDBC URL, the installer will prompt you to
specify the JDBC URL.

JDBC URL Note for All Databases

NOTE The domain name cannot contain the exclamation point character (!). Java interprets the exclamation
point as a jar file separator.

JDBC URL Formats for Microsoft SQL Server Databases

For Microsoft SQL Server databases, you can use the following example JDBC URLs as a model:

n

Connect to default (unnamed) SQL Server instance by host name:

jdbc:sqlserver://host;databaseName=database

n

Connect to named instance by host name and instance name:

jdbc:sqlserver://host;instanceName=instance;databaseName=database

n

Connect to SQL Server by host name and port:

jdbc:sqlserver://host:port;databaseName=database

n

Connect by port:

jdbc:sqlserver://localhost:1422;databaseName\=VIM_VCDB (user name, password, and database type

to be passed separately)

n

Connect to local server with integrated security:

jdbc:sqlserver://localhost\\SQLEXP_VIM;databaseName=VIM_VCDB;integratedSecurity=true

n

Connect to local server without integrated security:

jdbc:sqlserver://localhost\\SQLEXP_VIM;databaseName\=VIM_VCDB (user name, password, and

database type to be passed separately)

VMware vCenter Server JDBC configuration for Microsoft SQL Server might not work by default with direct
IPv6 addresses. You must use one of the following forms:

n

Use the host name form for a standard Type-4 JDBC URL (recommended):

jdbc:sqlserver://database-fully-qualified-host-name:port

n

Use direct IPv6 address format:

jdbc:sqlserver://;serverName=[IPv6-address]

For more information about JDBC URL formatting for MS SQL databases, including port and instance
configuration options, see the msdn.microsoft.com Web site. At the time of this topic's publication, the
information was available at http://msdn.microsoft.com/en-us/library/ms378428.aspx.

JDBC URL Formats for Oracle Databases

For Oracle databases, you can use the following example JDBC URLs as a model:

n

This format requires host name and address, port (default 1521) and service name (for example,
"oracle.world"):

jdbc:oracle:thin:@host:port/service

vSphere Installation and Setup

62 VMware, Inc.

n

This format requires host name and address, port (default 1521) and SID (for example, "ORCL"):

jdbc:oracle:thin:@host:port:SID

n

This format is for a fully configured Oracle client with Oracle Net, which is useful for non-TCP
configuration or Oracle RAC (real application clusters):

jdbc:oracle:thin:@tnsname

n

The following example is for an Oracle RAC with a thin driver, without the full Oracle client installed:

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac1-vip)(PORT=1521))
(ADDRESS=(PROTOCOL=TCP)(HOST=rac2-vip)(PORT=1521))(LOAD_BALANCE=yes)(FAILOVER=ON)
(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=RAC.DBTEAM)(FAILOVER_MODE=(BACKUP=rac1)
(TYPE=SELECT)(METHOD=BASIC)))))

In this example, rac1-vip is first node virtual IP, rac2-vip is second node virtual IP, RAC.DBTEAM is RAC
DB service name, and rac1 is name of failover node.

For more information about JDBC URL formatting for Oracle databases, see the oracle.com Web site.

Running the vCenter Server Installer from a Network Drive

You can run the vCenter Server installer from a network drive, but you cannot install the software on a
network drive.

In Windows, you can run the installers from the network drive and install the software on the local machine.

Required Information for Installing or Upgrading vCenter Single Sign­On, Inventory Service, vCenter Server, and the vSphere Web Client

Prepare for the vCenter Server installation by recording the values that vCenter Server and related
components require.

The vCenter Single Sign-On, vSphere Web Client, vCenter Inventory Service, and vCenter Server
installation wizards prompt you for the installation or upgrade information. Keep a record of the values
entered, in case you must reinstall vCenter Server. You can print this topic as a worksheet to record the
information that you need for the installation or upgrade of vCenter Single Sign-On, the
vSphere Web Client, Inventory Service, and vCenter Server.

The following tables list the required information for installing or upgrading vCenter Single Sign-On, the
vSphere Web Client, vCenter Inventory Service, vCenter Server.

n

Table 3-3.

n

Table 3-4.

n

Table 3-5.

n

Table 3-6.

NOTE Depending on the type of installation or upgrade you are doing, some entries might not be required.

Table 3‑3. Information Required for vCenter Single Sign-On Installation.

Required Information Default Your Entry

Setup Language.

This selection controls the language only for the installer.

English

vCenter Single Sign-On HTTPS port. 7444

Chapter 3 Before You Install vCenter Server

VMware, Inc. 63

Table 3‑3. Information Required for vCenter Single Sign-On Installation. (Continued)

Required Information Default Your Entry

vCenter Single Sign-On deployment type.

Choose from the following options:

n

vCenter Single Sign-On for your first vCenter Server. Select
this option to create a new vCenter Single Sign-On server,
which will become the first vCenter Single Sign-On server in a
new domain..

n

vCenter Single Sign-On for an additional vCenter Server in an
existing
site. Select this option to create an additional vCenter Single
Sign-On server that replicates information from an existing
vCenter Single Sign-On server in the domain.

n

vCenter Single Sign-On for an additional vCenter Server with a
new
site. Select this option to create an additional vCenter Single
Sign-On server that replicates information from an existing
vCenter Single Sign-On server in a different site.

Domain name. vsphere.local You cannot change the

domain name from the
default during
installation.

User name. administrator@vsphere

.local

You cannot change the
user name from the
default during
installation.

Password for the vCenter Single Sign-On administrator account in
the default domain.

You must use the same vCenter Single Sign-On password name
when you install or upgrade vCenter Single Sign-On, Inventory
Service, vCenter Server, and the vSphere Web Client.

IMPORTANT Be sure to record the password. If you need to restore
the vCenter Single Sign-On configuration from a backup, the
restore process requires the password you enter for the original
vCenter Single Sign-On installation, even if you change the
password later.

By default, the password must have at least eight characters, at
least one lowercase character, one uppercase character, one
number, and one special character. See the vSphere Security
documentation for information about changing the password
policy. The following characters are not supported in passwords:
non-ASCII characters, semicolon (;), double quotation mark ("),
single quotation mark ('), circumflex (^), and backslash (\).

Site name.

Your name for the vCenter Single Sign-On site.

Partner host name. Required only if you are installing additional
vCenter Single Sign-On servers.

The partner host name is the DNS name of the existing vCenter
Single Sign-On server to replicate from.

vSphere Installation and Setup

64 VMware, Inc.

Table 3‑4. Information Required for the vSphere Web Client Installation

Required Information Default Your Entry

Setup Language.

This selection controls the language only for the installer.

English

Destination folder.

The folder to install the vSphere Web Client in. The installation
path cannot contain the following characters: non-ASCII characters,
commas (,), periods (.), exclamation points (!), pound signs (#), at
signs (@), or percentage signs (%).

If 8.3 name creation is disabled on the host machine, do not install
the vSphere Web Clientin a directory that does not have an 8.3
short name or has a name that contains spaces. This situation will
make the vSphere Web Client inaccessible.

C:\Program
Files\VMware\Infra
structure

vCenter Single Sign-On HTTPS port. 9090

vCenter Single Sign-On HTTPS port. 9443

vCenter Single Sign-On administrator user name.

The entry is case sensitive, and must match the administrator user
name you enter when you install vCenter Single Sign-On

administrator@vsphere
.local

Password for the vCenter Single Sign-On administrator account in
the default domain.

You must use the same vCenter Single Sign-On password when
you install or upgrade vCenter Single Sign-On, Inventory Service,
vCenter Server, and the vSphere Web Client.

IMPORTANT Be sure to record the password. If you need to restore
the vCenter Single Sign-On configuration from a backup, the
restore process requires the password you enter for the original
vCenter Single Sign-On installation, even if you change the
password later.

Lookup Service URL.

The Lookup Service URL takes the form
https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444
is the default vCenter Single Sign-On HTTPS port number. This
entry must match the URL you enter when you install vCenter
Inventory Service.

Table 3‑5. Information Required for vCenter Inventory Service Installation or Upgrade

Required Information Default Your Entry

Setup Language.

This selection controls the language only for the installer.

English

Destination folder.

The folder to install Inventory Service in. The installation path
cannot contain the following characters: non-ASCII characters,
commas (,), periods (.), exclamation points (!), pound signs (#), at
signs (@), or percentage signs (%).

C:\Program
Files\VMware\Infra
structure

Fully Qualified Domain Name.

The FQDN for the Inventory Service local system.

vCenter Inventory
Service HTTPS port.

See “Required Ports for vCenter

Server,” on page 23.

10443

vCenter Inventory
Service management
port.

10109

vCenter Inventory
Service Linked Mode
communication port.

10111

Chapter 3 Before You Install vCenter Server

VMware, Inc. 65

Table 3‑5. Information Required for vCenter Inventory Service Installation or Upgrade (Continued)

Required Information Default Your Entry

Inventory size.

The inventory size of your vCenter Server deployment:

n

Small (less than 100 hosts or 1000 virtual machines.

n

Medium (100-400 hosts or 1000-4000 virtual machines.

n

Large (more than 400 hosts or 4000 virtual machines.

This setting determines the maximum JVM heap settings for
VMware VirtualCenter Management Webservices (Tomcat),
Inventory Service, and Profile-Driven Storage Service. You can
adjust this setting after installation if the number of hosts in your
environment changes. See the recommendations in “Hardware

Requirements for vCenter Server, the vSphere Web Client, vCenter
Inventory Service, and vCenter Single Sign-On,” on page 17.

User name for the vCenter Single Sign-On administrator user
account.

You must use the same vCenter Single Sign-On user name and
password name when you install vCenter Single Sign-On, and
install or upgrade Inventory Service, vCenter Server, and the
vSphere Web Client.

administrator

Lookup Service URL.

The Lookup Service URL takes the form
https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444
is the default vCenter Single Sign-On HTTPS port number. If you
enter a different port number when you install vCenter Single
Sign-On, use that port number.

Table 3‑6. Information Required for vCenter Server Installation or Upgrade

Required Information Default Your Entry

Setup Language.

This selection controls the language only for the installer.

English

vCenter Server license key.

If you omit the license key, vCenter Server is installed in
evaluation mode. After you install vCenter Server, you can enter
the vCenter Server license in the vSphere Web Client.

Data source name (DSN).

Required if you use an existing database. Not required if you are
using the bundled Microsoft SQL Server 2008 Express database.
Leading and trailing spaces are not supported. Remove spaces
from the beginning or end of the DSN.

Database user
name.

Required to use an existing database. Not
required if you are using the bundled
database. Non-ASCII characters are not
supported.

Database
password.

JDBC URL for database.

Required if you use an existing database. The vCenter Server
installer should generate and validate the JDBC URL for the
vCenter Server database. If the installer fails to connect to the
database by using the generated JDBC URL, the installer prompts
you to specify the JDBC URL.

The format of the JDBC URL depends on the database that you are
using. See “JDBC URL Formats for the vCenter Server Database,”
on page 62.v

vSphere Installation and Setup

66 VMware, Inc.

Table 3‑6. Information Required for vCenter Server Installation or Upgrade (Continued)

Required Information Default Your Entry

vCenter Server Service account information.

Can be the Microsoft Windows system account or a user-specified
account. Use a user-specified account if you plan to use Microsoft
Windows authentication for SQL Server.

Microsoft Windows
system account

Fully qualified domain name (FQDN) for the vCenter Server
machine

The FQDN of the system that you are installing vCenter Server on.
The vCenter Server installer checks that the FQDN is resolvable. If
not, a warning message appears. Change the entry to a resolvable
FQDN. You must enter the FQDN, not the IP address.

Standalone or join group.

Join a Linked Mode group to enable the vSphere Web Client to
view, search, and manage data across multiple vCenter Server
systems.

Standalone

Fully qualified domain name of Directory Services for the vCenter
Server group.

The FQDN of a remote instance of vCenter Server. Required if this
instance of vCenter Server is joining a group. The local and remote
instances will be members of a Linked Mode group.

LDAP port for the Directory Services for the remote vCenter Server
instance.

The LDAP port of the remote instance. Required if this instance of
vCenter Server is joining a Linked Mode group. See “Required

Ports for vCenter Server,” on page 23.

389

vCenter Server
HTTPS port.

See “Required Ports for vCenter Server,” on
page 23.

443

vCenter Server
HTTP port.

80

Heartbeat port
(UDP) used for
sending data to
ESX/ESXi hosts.

902

VMware
VirtualCenter
Management
Webservices.

8080

VMware
VirtualCenter
Management
Webservices.

8443

Web Services
change service
notification port.

60099

LDAP port for
the Directory
Services for the
local vCenter
Server instance.

389

SSL port for the
Directory
Services for the
local vCenter
Server instance.

636

Chapter 3 Before You Install vCenter Server

VMware, Inc. 67

Table 3‑6. Information Required for vCenter Server Installation or Upgrade (Continued)

Required Information Default Your Entry

Ephemeral ports.

Select Increase the number of available ephemeral ports if your
vCenter Server manages hosts on which you will power on more
than 2000 virtual machines simultaneously. This option prevents
the pool of available ephemeral ports from being exhausted.

Inventory size.

The inventory size of your vCenter Server deployment:

n

Small (less than 100 hosts or 1000 virtual machines.

n

Medium (100-400 hosts or 1000-4000 virtual machines.

n

Large (more than 400 hosts or 4000 virtual machines.

This setting determines the maximum JVM heap settings for
VMware VirtualCenter Management Webservices (Tomcat),
Inventory Service, and Profile-Driven Storage Service. You can
adjust this setting after installation if the number of hosts in your
environment changes. See the recommendations in “Hardware

Requirements for vCenter Server, the vSphere Web Client, vCenter
Inventory Service, and vCenter Single Sign-On,” on page 17.

User name for
the vCenter
Single Sign-On
administrator
user account.

You must use the same vCenter Single Sign­On user name and password name when you
install vCenter Single Sign-On, and install or
upgrade Inventory Service, vCenter Server,
and the vSphere Web Client.

administrator

Password for the
vCenter Single
Sign-On
administrator
user account.

Lookup Service URL.

The Lookup Service URL takes the form
https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444
is the default vCenter Single Sign-On HTTPS port number. If you
enter a different port number when you install vCenter Single
Sign-On, use that port number.

Inventory Service URL.

The inventory Service URL takes the form
https://Inventory_Service_host_FQDN_or_IP:10443. 10443 is the
default Inventory Service HTTPS port number. If you enter a
different port number when you install Inventory Service, use that
port number.

Destination folder.

The folder to install vCenter Server in. The installation path cannot
contain the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or
percentage signs (%).

C:\Program
Files\VMware\Infra
structure

Download the vCenter Server Installer

Download the installer for vCenter Server, the vSphere Web Client, and associated vCenter components and
support tools.

Procedure

1 Download the vCenter Server installer from the VMware downloads page at

http://www.vmware.com/support/.

vSphere Installation and Setup

68 VMware, Inc.

2 Confirm that the md5sum is correct.

See the VMware Web site topic Using MD5 Checksums at

http://www.vmware.com/download/md5.html.

Microsoft SQL Database Set to Unsupported Compatibility Mode
Causes vCenter Server Installation or Upgrade to Fail

vCenter Server installation with a Microsoft SQL database fails when the database is set to compatibility
mode with an unsupported version.

Problem

The following error message appears: The DB User entered does not have the required permissions

needed to install and configure vCenter Server with the selected DB. Please correct the following
error(s): %s

Cause

The database version must be supported for vCenter Server. For SQL, even if the database is a supported
version, if it is set to run in compatibility mode with an unsupported version, this error occurs. For example,
if SQL 2008 is set to run in SQL 2000 compatibility mode, this error occurs.

Solution

u

Make sure the vCenter Server database is a supported version and is not set to compatibility mode with
an unsupported version. See the VMware Product Interoperability Matrixes at

http://partnerweb.vmware.com/comp_guide2/sim/interop_matrix.php?.

Chapter 3 Before You Install vCenter Server

VMware, Inc. 69

vSphere Installation and Setup

70 VMware, Inc.

Installing vCenter Server 4

Install vCenter Server to manage your vSphere system.

This chapter includes the following topics:

n

“vCenter Server Installation and Sign-In Process,” on page 71

n

“vCenter Server Components and Support Tools,” on page 74

n

“Download the vCenter Server Installer,” on page 75

n

“Install vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and vCenter
Server by Using Simple Install,” on page 75

n

“Use Custom Install to Install vCenter Server and Required Components,” on page 78

n

“Add a vCenter Single Sign-On Identity Source,” on page 87

n

“Install or Upgrade vCenter Server Java Components Separately,” on page 92

n

“Install or Upgrade vCenter Server tc Server Separately,” on page 93

n

“vCenter Single Sign-On Installation Fails,” on page 93

n

“Download and Deploy the VMware vCenter Server Appliance,” on page 94

vCenter Server Installation and Sign-In Process

As part of installation, you are prompted to make choices. Understand the complete installation, vCenter
Single Sign-On setup, and permission assignment process before you start.

Before installing vCenter Server, consider your environment and requirements to make the fofllowing
decisions:

n

Decide how to set up vCenter Server services: on a single Windows platform or vCenter Server
Appliance, or distributed across multiple Windows hosts or vCenter Server Appliances?

n

Decide whether you want your vSphere deployment to authenticate and give permissions to Active
Directory users and groups.

n

Decide whether you want your vSphere deployment to authenticate and give permissions to Open
LDAP users and groups.

n

Decide whether to use an embedded or an external vCenter Server database

n

If you have multiple vCenter Servers, decide whether theyshould be standalone instances or joined in a
Linked Mode group.

n

Decide whether your vCenter Server deployment requires high availability protection.

n

Decide whether you will be deploying vSphere across multiple sites.

VMware, Inc.

71

For guidance in making these decisions, review the sections in Chapter 3, “Before You Install vCenter

Server,” on page 29.

After you verify your hardware and software environment, you can start installation. Your interaction with
the installer and with vCenter Single Sign-On is shown in the figure below.

Figure 4‑1. Flowchart of vCenter Installation and User Management Process

Different

locations?

Yes

No

Different
locations

Log in to VC and

assign permissions

Custom install SSO1

and VC1 at location 1

Set up SSO for

location 1

Log in SSO add

domain

Set default domain

Yes

System

replicates domain info to

SSO2

Log in to VC and

assign permissions

Log in to VC1 and

assign permissions

Log in to VC2 and

assign permissions

Done

Done

Done

Custom install SSO2
and VC2 at location 2
Point SSO2 to SSO1

Custom install

NoYes

First VC?

Localos

only?

Simple install

No

Point to local SSO

during Install

.

The interaction proceeds as follows.

1 You decide whether to install the vCenter components in different locations.

n

For a single location, the process differs if you perform a first installation or you are installing
multiple vCenter Server systems at the same location. Continue with step 2.

vSphere Installation and Setup

72 VMware, Inc.

n

For multiple locations for the different components, you can perform a custom install (step 5) and
set up an Active Directory or OpenLDAP identity source.

2 The installation type you select when you install everything in one location depends on whether this is

the first vCenter Server system.

n

If this is the first or the only vCenter Server system that you install at this location, you can perform
a Simple Install. See “Install vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory

Service, and vCenter Server by Using Simple Install,” on page 75.

NOTE Use Simple Install unless you have good reasons to install the vCenter Server in different
locations.

n

If this is not the first vCenter Server system that you install at this location, you can perform a
Custom Install and point to the vCenter Single Sign-On service that you installed earlier when
prompted. See “Use Custom Install to Install vCenter Server and Required Components,” on
page 78.

3 After an installation in one location, local operating system users and the user

administrator@vsphere.local can authenticate.

n

If the localos identity source is sufficient, you can log in to vCenter Server as
administrator@vsphere.local and assign permissions to other local operating system (localos) users.
See User Management Tasks in vSphere Security.

n

If an Active Directory identity source is needed, continue to step 4.

4 If you want to use an Active Directory or OpenLDAP identity source:

a Log in to the vCenter Single Sign-On server as administrator@vsphere.local and add the domain as

an identity source.

b Add the Active Directory or OpenLDAP domain as an identity source.

c Log in to vCenter Server and assign permissions so users in your domain can access vCenter Server

components.

See “Add a vCenter Single Sign-On Identity Source,” on page 87 and “Assign Permissions in the

vSphere Web Client,” on page 89.

5 If you decide to install vCenter Server in multiple locations, you can install one or more vCenter Server

components and a vCenter Single Sign-On component in each location. See “Use Custom Install to

Install vCenter Server and Required Components,” on page 78.

a Custom Install vCenter Server and vCenter Single Sign-On in location 1.

b Custom Install vCenter Server and vCenter Single Sign-On in location 2.

As part of the installation of the second system, point the vCenter Single Sign-On system to the first
vCenter Single Sign-On system you installed. If you want, you can also set up Linked Mode for the
vCenter Server instances.

c Set up vCenter Single Sign-On for location 1 using the procedure in Steps 3 and 4.

6 After you complete the setup of vCenter Single Sign-On in one location, vCenter Single Sign-On

settings in all other locations are updated immediately.

7 Log in to vCenter Server and assign permissions to users and groups.

You set permissions for each vCenter Server instance. See “Assign Permissions in the vSphere Web

Client,” on page 89.

Chapter 4 Installing vCenter Server

VMware, Inc. 73

vCenter Server Components and Support Tools

When you install vCenter Server, other components are also installed.

The following components can also be installed when you install vCenter Server.

VMware vCenter Server

Windows service to manage ESXi and legacy ESX hosts.

vCenter Single Sign-On

The vCenter Single Sign-On authentication service makes the VMware cloud
infrastructure platform more secure by allowing the various vSphere
software components to communicate with each other through a secure
token exchange mechanism, instead of requiring each component to
authenticate a user separately with a directory service like Active Directory.
Available and required with vCenter Server 5.1.

vCenter Inventory
Service

Inventory Service stores vCenter Server application and inventory data,
enabling you to search and access inventory objects across linked vCenter
Servers.

Microsoft .NET 3.5 SP1
Framework

Software used by the Database Upgrade wizard and the vSphere Web Client.
Also used by vCenter Server if you are using the bundled database. If it is
not installed on your system, the vCenter Server installer installs it.

Microsoft Windows
Installer version 4.5

If you plan to use the Microsoft SQL Server 2008 R2 Express database that is
bundled with vCenter Server, Microsoft Windows Installer version 4.5 (MSI

4.5) is required on your system. You can also install MSI 4.5 directly from the
vCenter Server autorun.exe installer.

VMware vCenter
Orchestrator

vCenter Server module that provides a set of tools to manage your virtual IT
environment. vCenter Orchestrator module is not supported on IPv6-only
operating systems. If you install vCenter Server in a mixed environment
(both IPv4 and IPv6 enabled), the vCenter Orchestrator module can be
configured using IPv4. See the Administering vCenter Orchestrator. This
component is installed automatically with vCenter Server.

Microsoft SQL Server
2008 R2 Express
(optional)

Free, bundled version of the Microsoft SQL Server database for smaller scale
applications. If you choose to use an existing database, the installer does not
install the bundled database.

vSphere Web Client

Server application that you can use to manage an ESXi host by Web browser
through a vCenter Server.

vSphere Update
Manager

vCenter Server component that provides security monitoring and patching
support for hosts and virtual machines.

vSphere ESXi Dump
Collector

vCenter Server support tool. You can configure ESXi to dump the vmkernel
memory to a network server, rather than to a disk, when the system has
encountered a critical failure. The Dump Collector collects such memory
dumps over the network.

vSphere Syslog
Collector

vCenter Server support tool that provides a unified architecture for system
logging and enables network logging and combining of logs from multiple
hosts.

vSphere Installation and Setup

74 VMware, Inc.

vSphere Auto Deploy

vCenter Server support tool that can provision hundreds of physical hosts
with ESXi software. You can specify the image to deploy and the hosts to
provision with the image. Optionally, you can specify host profiles to apply
to the hosts, and a vCenter Server location (folder or cluster) for each host.

vSphere Authentication
Proxy

vCenter Server support tool that enables ESXi hosts to join a domain without
using Active Directory credentials. This tool enhances security for PXE­booted hosts and hosts that are provisioned using Auto Deploy, by removing
the need to store Active Directory credentials in the host configuration.

Download the vCenter Server Installer

Download the installer for vCenter Server, the vSphere Web Client, and associated vCenter components and
support tools.

Procedure

1 Download the vCenter Server installer from the VMware downloads page at

http://www.vmware.com/support/.

2 Confirm that the md5sum is correct.

See the VMware Web site topic Using MD5 Checksums at

http://www.vmware.com/download/md5.html.

Install vCenter Single Sign-On, the vSphere Web Client , vCenter
Inventory Service, and vCenter Server by Using Simple Install

You can install vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and vCenter
Server together on a single host machine by using the vCenter Server Simple Install option. This option is
appropriate for most deployments.

Alternatively, you can use Custom Install to install vCenter Single Sign-On, the vSphere Web Client,
vCenter Inventory Service, and vCenter Server separately and customize the location and configuration of
each component. See “Use Custom Install to Install vCenter Server and Required Components,” on
page 78.

If vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, or vCenter Server is already
installed on the computer, this procedure upgrades the existing version.

Prerequisites

n

Review the topics in Chapter 3, “Before You Install vCenter Server,” on page 29.

n

Review “Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server,” on
page 49.

Procedure

1 Install vCenter Single Sign-On, the vSphere Web Client, and vCenter Inventory Service as Part of a

vCenter Server Simple Install on page 76

Create the only node in a basic, Simple Install vCenter Single Sign-On installation, and install the
vSphere Web Client and vCenter Inventory Service.

2 Install vCenter Server as Part of a Simple Install on page 77

In a simple Install, after you install vCenter Single Sign-On, the vSphere Web Client, and vCenter
Inventory Service, the installer starts the vCenter Server installation.

Chapter 4 Installing vCenter Server

VMware, Inc. 75

Install vCenter Single Sign-On, the vSphere Web Client, and vCenter Inventory
Service as Part of a vCenter Server Simple Install

Create the only node in a basic, Simple Install vCenter Single Sign-On installation, and install the
vSphere Web Client and vCenter Inventory Service.

You can use Simple Install for the first vCenter Single Sign-On and vCenter Server in a deployment with
multiple vCenter Servers. Succeeding instances of vCenter Single Sign-On and vCenter Server in the same
deployment must be installed by using Custom Install. For more information about vCenter Single Sign-On,
see “How vCenter Single Sign-On Affects vCenter Server Installation,” on page 51. and the vSphere Security
documentation.

NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.

Prerequisites

n

See “Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server,” on
page 49

n

Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 61.

Procedure

1 In the software installer directory, double-click the autorun.exe file to start the installer.

2 Select vCenter™ Simple Install, and click Install.

3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user

patent and license agreements.

4 If the prerequisites check screen shows any problems, cancel the installation, correct the problems, and

restart the installer.

5 Set the password for the vCenter Single Sign-On administrator account.

This is the password for the user administrator@vsphere.local. vsphere.local is a new domain that is
created by vCenter Single Sign-On. After installation, you can log in to vCenter Single Sign-On and in to
vCenter Server as adminstrator@vsphere.local.

By default, the password must have at least eight characters, at least one lowercase character, one
uppercase character, one number, and one special character. See the vSphere Security documentation for
information about changing the password policy. The following characters are not supported in
passwords: non-ASCII characters, semicolon (;), double quotation mark ("), single quotation mark ('),
circumflex (^), and backslash (\).

6 Enter the site name for vCenter Single Sign-On.

Choose your own name for the vCenter Single Sign-On site.

7 Accept or change the HTTPS port for vCenter Single Sign-On.

8 Select the folder in which to install vCenter Single Sign-On.

The installation path cannot contain any of the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).

9 Review the installation options and click Install.

vSphere Installation and Setup

76 VMware, Inc.

The vCenter Single Sign-On installation begins. When the vCenter Single Sign-On installation is complete,
the installer proceeds with the vSphere Web Client and vCenter Inventory Service installations.

No input is required for a new Simple Install installation of the vSphere Web Client and vCenter Inventory
Service.

NOTE After each component is installed, the installer might take a few minutes to start the installer for the
next component.

Install vCenter Server as Part of a Simple Install

In a simple Install, after you install vCenter Single Sign-On, the vSphere Web Client, and vCenter Inventory
Service, the installer starts the vCenter Server installation.

NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.

Prerequisites

n

See “Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server,” on
page 49

Procedure

1 (Optional) Enter your license key.

If you omit the license key, vCenter Server is in evaluation mode, which allows you to use the full
feature set for a 60-day evaluation period. After installation, you can enter the license key to convert
vCenter Server to licensed mode.

2 Choose the type of database that you want to use.

n

To use the bundled database, click Install a Microsoft SQL Server 2008 Express instance (for
small-scale deployments).

This database is suitable for deployments of up to 5 hosts and 50 virtual machines.

n

To use an existing database, click Use an existing supported database and select your database
from the list of available DSNs. Enter the user name and password for the DSN.

If your database uses Windows NT authentication, the user name and password fields are
disabled.

NOTE A warning might appear that the DSN points to an older version of a repository that must be
upgraded. If you click Yes, the installer upgrades the database schema, making the database
irreversibly incompatible with previous VirtualCenter versions. See the vSphere Upgrade documentation.

3 Set the vCenter Server service account information.

n

If you are using a nonbundled database, enter the administrator name and password that you use
when you log in to the system on which you are installing vCenter Server.

n

If you are using the bundled SQL Server database, select Use Windows Local System Account.

You need the user name and password entered here to log in to vCenter Server after you have installed
it.

Chapter 4 Installing vCenter Server

VMware, Inc. 77

The Fully Qualified Domain Name field displays the FQDN of the system that you are installing
vCenter Server on. The vCenter Server installer checks that the FQDN is resolvable. If not, a warning
message appears when you click Next. Change the entry to a resolvable FQDN. You must enter the
FQDN, not the IP address.

4 For each component that you install, accept the default port numbers, or if another service is using the

defaults, enter alternative ports.

5 (Optional) Select Increase the number of available ephemeral ports.

6 Select the size of your vCenter Server inventory to allocate memory for several Java services that are

used by vCenter Server.

This setting determines the maximum JVM heap settings for VMware VirtualCenter Management
Webservices (Tomcat), Inventory Service, and Profile-Driven Storage Service. You can adjust this
setting after installation if the number of hosts in your environment changes. See the recommendations
in the topic vCenter Server Hardware Requirements.

7 Click Install.

Multiple progress bars appear during the installation of the selected components.

The vCenter Simple Install is complete.

What to do next

See Chapter 5, “After You Install vCenter Server,” on page 101.

Use Custom Install to Install vCenter Server and Required
Components

You can install vCenter Server and other vCenter components separately to customize the location and
configuration of each component.

For most basic vCenter Single Sign-On deployments, if all components are on the same host machine, you
can install vCenter Single Sign-On, the vSphere Web Client, Inventory Service, and vCenter Server together
on a single host machine using the vCenter Server Simple Install option.

See “Install vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and vCenter Server

by Using Simple Install,” on page 75.

NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.

Prerequisites

n

Review Chapter 3, “Before You Install vCenter Server,” on page 29.

n

Review “Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server,” on
page 49

Procedure

1 Install the First or Only vCenter Single Sign-On Instance in a vCenter Server Deployment on page 79

Create the only vCenter Single Sign-On instance in a basic vCenter Single Sign-On installation or the
first vCenter Single Sign-On instance in a deployment with multiple vCenter Single Sign-On instances.

vSphere Installation and Setup

78 VMware, Inc.

2 (Optional) Install an Additional vCenter Single Sign-On Node at an Existing Site on page 80

Create an additional vCenter Single Sign-On node at an existing vCenter Single Sign-On installation.
An additional vCenter Single Sign-On node might be useful if your deployment includes multiple
vCenter Server instances.

3 (Optional) Install an Additional vCenter Single Sign-On Node at a New Site on page 81

Create an additional vCenter Single Sign-On node for a multisite vCenter Single Sign-On installation.
An additional node can be useful if you need multiple vCenter Server instances in different locations.
Authentication information is replicated between vCenter single Sign-On instances that are related.

4 Install or Upgrade the vSphere Web Client on page 82

The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere
deployment through a browser.

5 Install vCenter Inventory Service Separately by Using Custom Install on page 83

You can use Custom Install to install vCenter Single Sign-On, vCenter Inventory Service, and vCenter
Server separately to customize the location and configuration of the components.

6 Install vCenter Server as Part of a Custom Install on page 85

You can install vCenter Server separately from vCenter Single Sign-On and vCenter Inventory Service
to customize the location and configuration of the components.

Install the First or Only vCenter Single Sign-On Instance in a vCenter Server
Deployment

Create the only vCenter Single Sign-On instance in a basic vCenter Single Sign-On installation or the first
vCenter Single Sign-On instance in a deployment with multiple vCenter Single Sign-On instances.

These instructions let you install vCenter Single Sign-On only. You must install vCenter Single Sign-On and
Inventory Service before installing vCenter Server. For most deployments, you can install vCenter Single
Sign-On, the vSphere Web Client, vCenter Inventory Service, and vCenter Server together on a single host
machine by using vCenter Server Simple Install. See “vCenter Single Sign-On Deployment Modes,” on
page 52 and “Install vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and

vCenter Server by Using Simple Install,” on page 75.

For more information about vCenter Single Sign-On, see “How vCenter Single Sign-On Affects vCenter

Server Installation,” on page 51. and the vSphere Security documentation.

NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.

Prerequisites

n

Review “vCenter Single Sign-On Deployment Modes,” on page 52.

n

Review “How vCenter Single Sign-On Affects vCenter Server Installation,” on page 51. .

n

Review “Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server,” on
page 49

n

Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 61.

Procedure

1 In the software installer directory, double-click the autorun.exe file to start the installer.

2 Select vCenter Single Sign-On and click Install.

Chapter 4 Installing vCenter Server

VMware, Inc. 79

3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user

patent and license agreements.

4 If the prerequisites check screen shows any problems, cancel the installation, correct the problems, and

restart the installer.

5 Set the password for the vCenter Single Sign-On administrator account.

This is the password for the user administrator@vsphere.local. vsphere.local is a new domain that is
created by vCenter Single Sign-On. After installation, you can log in to vCenter Single Sign-On and in to
vCenter Server as adminstrator@vsphere.local.

By default, the password must have at least eight characters, at least one lowercase character, one
uppercase character, one number, and one special character. See the vSphere Security documentation for
information about changing the password policy. The following characters are not supported in
passwords: non-ASCII characters, semicolon (;), double quotation mark ("), single quotation mark ('),
circumflex (^), and backslash (\).

6 Accept or change the HTTPS port for vCenter Single Sign-On.

7 Select the deployment mode vCenter Single Sign-On for your first vCenter Server.

8 Enter the site name for vCenter Single Sign-On.

Choose your own name for the vCenter Single Sign-On site.

9 Review the installation options and click Install.

vCenter Single Sign-On is installed.

After vCenter Single Sign-On is installed or upgraded, the following default identity sources and users are
available:

localos

All local operating system users. These users can be granted permissions to
vCenter Server. If you are upgrading, those users who already have
permissions keep those permissions.

vsphere.local

Contains all users who have administrator access to the vCenter Single Sign­On server. Initially, only the user administrator is defined.

What to do next

To deploy vCenter Server with multiple vCenter Single Sign-On instances, install an additional vCenter
Single Sign-On at an existing or new site. See “(Optional) Install an Additional vCenter Single Sign-On Node

at an Existing Site,” on page 80 or “(Optional) Install an Additional vCenter Single Sign-On Node at a New
Site,” on page 81. If your vCenter Server deployment requires only one vCenter Single-Sign-On instance,

install the vSphere Web Client. See “Install or Upgrade the vSphere Web Client,” on page 103.

To add other identity sources, such as a native Active Directory (Integrated Windows Authentication)
domain or an OpenLDAP directory service, see “Add a vCenter Single Sign-On Identity Source,” on
page 87.

(Optional) Install an Additional vCenter Single Sign-On Node at an Existing Site

Create an additional vCenter Single Sign-On node at an existing vCenter Single Sign-On installation. An
additional vCenter Single Sign-On node might be useful if your deployment includes multiple vCenter
Server instances.

Prerequisites

n

Review “vCenter Single Sign-On Deployment Modes,” on page 52.

n

See “Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server,” on
page 49.

vSphere Installation and Setup

80 VMware, Inc.

n

Install the first node in the vCenter Single Sign-On installation. See “Install the First or Only vCenter

Single Sign-On Instance in a vCenter Server Deployment,” on page 79.

Procedure

1 In the software installer directory, double-click the autorun.exe file to start the installer.

2 Select vCenter Single Sign-On and click Install.

3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user

patent and license agreements.

4 Accept or change the HTTPS port for vCenter Single Sign-On.

5 Select the deployment mode vCenter Single Sign-On for an additional vCenter Server in an existing

site.

6 Enter the information to point this additional node to the first vCenter Single Sign-On server.

NOTE If the primary node is in a high-availability cluster, enter the address of the primary node load
balancer.

a Enter the Partner host name.

The partner host name is the DNS name of the existing vCenter Single Sign-On server to replicate
from.

b Enter the password for the vCenter Single Sign-On administrator account of the existing vCenter

Single Sign-On server (administrator@vsphere.local).

7 Select an existing site as the partner or enter a new site.

8 Click Install.

(Optional) Install an Additional vCenter Single Sign-On Node at a New Site

Create an additional vCenter Single Sign-On node for a multisite vCenter Single Sign-On installation. An
additional node can be useful if you need multiple vCenter Server instances in different locations.
Authentication information is replicated between vCenter single Sign-On instances that are related.

Prerequisites

n

Review “vCenter Single Sign-On Deployment Modes,” on page 52.

n

See “Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server,” on
page 49.

n

Install the first node in the vCenter Single Sign-On installation. See “Install the First or Only vCenter

Single Sign-On Instance in a vCenter Server Deployment,” on page 79.

Procedure

1 In the software installer directory, double-click the autorun.exe file to start the installer.

2 Select vCenter Single Sign-On and click Install.

3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user

patent and license agreements.

4 Accept or change the HTTPS port for vCenter Single Sign-On.

5 Select the deployment mode vCenter Single Sign-On for an additional vCenter Server with a new

site.

Chapter 4 Installing vCenter Server

VMware, Inc. 81

6 Enter the information to point this additional node to the first vCenter Single Sign-On server.

NOTE If the primary node is in a high-availability cluster, enter the address of the primary node load
balancer.

a Enter the Partner host name.

The partner host name is the DNS name of the existing vCenter Single Sign-On server to replicate
from.

b Enter the password for the vCenter Single Sign-On administrator account of the existing vCenter

Single Sign-On server (administrator@vsphere.local).

7 Select an existing site as the partner or enter a new site.

8 Click Install.

The additional vCenter Single Sign-On server is installed.

What to do next

Repeat this procedure for each additional node.

Install or Upgrade the vSphere Web Client

The vSphere Web Client lets you connect to a vCenter Server system to manage your vSphere deployment
through a browser.

If an earlier version of the vSphere Web Client is installed, this procedure upgrades the vSphere Web Client.

NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.

Prerequisites

n

Download the vCenter Server installer. See “Download the vCenter Server Installer,” on page 61.

n

Verify that the system has an Internet connection.

n

Verify that the system meets the software requirements for the vSphere Web Client. See “vSphere Web

Client Software Requirements,” on page 22.

n

Before you install or upgrade any vSphere product, synchronize the clocks of all machines on the
vSphere network. See “Synchronizing Clocks on the vSphere Network,” on page 59.

n

Install vCenter Single Sign-On, or upgrade to the current version.

n

Verify that the vSphere Web Client and vCenter Server are registered to the same vCenter Single Sign­On server, to ensure that the vSphere Web Client can access the vCenter Server inventory.

n

Close all browsers before installing or uninstalling the vSphere Web Client.

n

Log in as a member of the Administrators group on the host machine, with a user name that does not
contain any non-ASCII characters.

Procedure

1 In the software installer directory, double-click the autorun.exe file to start the installer.

2 Select vSphere Web Client and click Install.

vSphere Installation and Setup

82 VMware, Inc.

3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user

patent and license agreements.

4 Either accept the default destination folder or click Change to select another location.

The installation path cannot contain any of the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).

If 8.3 name creation is disabled on the host machine, do not install the vSphere Web Clientin a directory
that does not have an 8.3 short name or has a name that contains spaces. This situation will make the
vSphere Web Client inaccessible.

5 Accept or change the default port settings.

6 Enter the information to register the vSphere Web Client with vCenter Single Sign-On.

The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered for the administrator user when you installed vCenter Single
Sign-On. The Lookup Service URL takes the form https://SSO_host_FQDN_or_IP:
7444/lookupservice/sdk, where 7444 is the default vCenter Single Sign-On HTTPS port number. Your
entry should match the entry you made when you installed vCenter Single Sign-On. If you entered a
different port number when you installed vCenter Single Sign-On, use that port number.

7 Click Install.

8 Start the vSphere Web Client by taking one of the following actions.

n

If you are starting the vSphere Web Client for the first time, open a supported browser, and go to
https://vSphere_Web_Client_host_name_or_IP:9443/vsphere-client.

n

In subsequent sessions, you can start the vSphere Web Client from the Windows Start menu, by
selecting Programs > VMware > VMware vSphere Web Client > vSphere Web Client.

NOTE After you upgrade the vSphere Web Client, when you log in for the first time, you may see the
error message Failed to navigate to desired location. This can happen when a vSphere Web Client
session from the previous version remains open when you upgrade. In this case, refresh the browser
and log in again.

What to do next

Install the Client Integration Plug-In in the vSphere Web Client. See “Install the Client Integration Plug-In in

the vSphere Web Client,” on page 102

Install vCenter Inventory Service Separately by Using Custom Install

You can use Custom Install to install vCenter Single Sign-On, vCenter Inventory Service, and vCenter Server
separately to customize the location and configuration of the components.

These instructions install vCenter Inventory Service only. You must install vCenter Single Sign-On before
installing Inventory Service and vCenter Server. For most deployments, you can install vCenter Single Sign­On, the vSphere Web Client, Inventory Service, and vCenter Server together on a single host machine using
the vCenter Server Simple Install option. See “vCenter Single Sign-On Deployment Modes,” on page 52 and

“Install vCenter Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and vCenter Server by
Using Simple Install,” on page 75.

NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.

Chapter 4 Installing vCenter Server

VMware, Inc. 83

Prerequisites

n

Review “vCenter Single Sign-On Deployment Modes,” on page 52.

n

Review “How vCenter Single Sign-On Affects vCenter Server Installation,” on page 51. .

n

Review “Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server,” on
page 49

n

Download the vCenter Server Installer.

n

Install vCenter Single Sign-On.

Procedure

1 In the software installer directory, double-click the autorun.exe file to start the installer.

2 Select vCenter Inventory Service and click Install.

3 Follow the prompts in the installation wizard to choose the installer language, and agree to the end user

patent and license agreements.

4 Accept or change the default installation folder.

The installation path cannot contain any of the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).

5 Enter the fully qualified domain name for the Inventory Service host machine.

6 If you are upgrading or reinstalling an existing instance of Inventory Service, choose whether to keep

the existing database or replace it with a new empty database.

7 Accept or change the default values for Inventory Service port numbers.

8 Select the size of your vCenter Server inventory to allocate memory for several Java services that are

used by vCenter Server.

This setting determines the maximum JVM heap settings for VMware VirtualCenter Management
Webservices (Tomcat), Inventory Service, and Profile-Driven Storage Service. You can adjust this
setting after installation if the number of hosts in your environment changes. See the recommendations
in the topic vCenter Server Hardware Requirements.

9 Enter the information to register Inventory Service with vCenter Single Sign-On.

The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered when you installed vCenter Single Sign-On. The Lookup Service
URL takes the form https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444 is the default
vCenter Single Sign-On HTTPS port number. Your entry should match the entry you made when you
installed vCenter Single Sign-On. If you entered a different port number when you installed vCenter
Single Sign-On, use that port number.

NOTE If you installed vCenter Single Sign-On in a vCenter Server Appliance, you can also enter the
Single Sign-On administrator user as root@localos. In this case, the password is the root password of the
vCenter Server Appliance. The Lookup Service URL takes the form
https://vCenter_Appliance_IP_or_host_name:{7444}/lookupservice/sdk.

10 Click Install Certificates.

11 Click Install.

Inventory Service is installed.

vSphere Installation and Setup

84 VMware, Inc.

Install vCenter Server as Part of a Custom Install

You can install vCenter Server separately from vCenter Single Sign-On and vCenter Inventory Service to
customize the location and configuration of the components.

These instructions let you install vCenter Server only. For most deployments, you can install vCenter Server,
vCenter Single Sign-On, and Inventory Service together on a single host machine using the vCenter Server
Simple Install option. See “vCenter Single Sign-On Deployment Modes,” on page 52 and “Install vCenter

Single Sign-On, the vSphere Web Client, vCenter Inventory Service, and vCenter Server by Using Simple
Install,” on page 75.

If you do not enter a license key, vCenter Server will be in evaluation mode, which allows you to use the full
feature set for a 60-day evaluation period. After installation, you can enter the license key to convert vCenter
Server to licensed mode.

NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.

Prerequisites

n

Review “vCenter Single Sign-On Deployment Modes,” on page 52.

n

Review “How vCenter Single Sign-On Affects vCenter Server Installation,” on page 51.

n

Review “Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server,” on
page 49

n

Install vCenter Single Sign-On and Inventory Service.

n

To install the vCenter Server on a drive other than C:, verify that there is enough space in the C: drive to
install the Microsoft Windows Installer .msi file.

Procedure

1 In the software installer directory, double-click the autorun.exe file to start the installer.

2 Select vCenter Server and click Install.

3 Follow the prompts in the installation wizard to choose the installer language, agree to the end user

patent and license agreements, and enter your license key.

4 Choose the type of database that you want to use.

n

To use the bundled database, click Install a Microsoft SQL Server 2008 Express instance (for
small-scale deployments: up to 5 hosts and 50 virtual machines).

n

To use an existing database, click Use an existing supported database and select your database
from the list of available DSNs. Enter the user name and password for the DSN.

If your database uses Windows NT authentication, the user name and password fields are
disabled.

NOTE You might get a warning that the DSN points to an older version of a repository that must be
upgraded. If you click Yes, the installer upgrades the database schema, making the database
irreversibly incompatible with previous VirtualCenter versions. See the vSphere Upgrade documentation.

Chapter 4 Installing vCenter Server

VMware, Inc. 85

5 If the installer prompts you, enter the JDBC URL for your existing vCenter Server database.

The installer should generate and validate the JDBC URL for the vCenter Server database. If the
installer fails to connect to the database by using the generated JDBC URL, the installer prompts you to
specify the JDBC URL.

6 Set the vCenter Server service account information.

n

If you are using a nonbundled database, enter the administrator name and password that you use
when you log in to the system on which you are installing vCenter Server.

n

If you are using the bundled SQL Server database, select Use Windows Local System Account.

You need the user name and password to log in to vCenter Server after you install it.

The Fully Qualified Domain Name text box displays the FQDN of the system that you are installing
vCenter Server on. The vCenter Server installer checks that the FQDN is resolvable. If not, a warning
message appears when you click Next. Change the entry to a resolvable FQDN. You must enter the
FQDN, not the IP address.

7 Select Create a standalone VMware vCenter Server instance or Join a VMware vCenter Group using

Linked Mode to share information.

Joining a Linked Mode group enables the vSphere Web Client to view, search, and manage data across
multiple vCenter Server systems.

NOTE This option does not appear if you are upgrading the VirtualCenter or vCenter Server database
schema. You can join a Linked Mode group after the installation is complete.

8 If you join a group, enter the fully qualified domain name and LDAP port number of any remote

vCenter Server system.

9 Enter the port numbers that you want to use or accept the default port numbers.

10 (Optional) Select Increase the number of available ephemeral ports.

11 Select the size of your vCenter Server inventory to allocate memory for several Java services that are

used by vCenter Server.

This setting determines the maximum JVM heap settings for VMware VirtualCenter Management
Webservices (Tomcat), Inventory Service, and Profile-Driven Storage Service. You can adjust this
setting after installation if the number of hosts in your environment changes. See the recommendations
in the topic vCenter Server Hardware Requirements.

12 Enter the information to register vCenter Server with vCenter Single Sign-On.

The vCenter Single Sign-On administrator user name is administrator@vsphere.local, and the password
must match the password you entered when you installed vCenter Single Sign-On. The Lookup Service
URL takes the form https://SSO_host_FQDN_or_IP:7444/lookupservice/sdk, where 7444 is the default
vCenter Single Sign-On HTTPS port number. Your entry should match the entry you made when you
installed vCenter Single Sign-On. If you entered a different port number when you installed vCenter
Single Sign-On, use that port number.

NOTE If you installed vCenter Single Sign-On in a vCenter Server Appliance, you can enter the vCenter
Single Sign-On administrator user as root@localos. In this case, the password is the root password of the
vCenter Server Appliance. The Lookup Service URL takes the form
https://vCenter_Appliance_IP_or_host_name:{7444}/lookupservice/sdk.

13 If prompted to install or overwrite a certificate, follow the prompt.

14 Enter the vCenter Single Sign-On user or group to add as a vCenter Server administrator.

The administrator or group you enter here is granted the necessary privileges to administer the vCenter
Server instance that you are installing.

vSphere Installation and Setup

86 VMware, Inc.

15 Enter the Inventory Service URL.

The Inventory Service URL takes the form https://Inventory_Service_host_FQDN_or_IP:10443. 10443 is
the default Inventory Service HTTPS port number. If you entered a different port number when you
installed Inventory Service, use that port number here.

16 Either accept the default destination folder or click Change to select another location.

The installation path cannot contain any of the following characters: non-ASCII characters, commas (,),
periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).

17 Click Install.

Multiple progress bars appear during the installation of the selected components.

18 Click Finish.

The vCenter Server installation is complete.

What to do next

After you install vCenter Server, you can display the vCenter Server welcome page by typing the IP address
of the vCenter Server machine or by typing localhost from a browser installed on the vCenter Server
machine. You can install the vSphere Web Client to access vCenter Server.

Review the topics in Chapter 5, “After You Install vCenter Server,” on page 101 for other postinstallation
actions you might want to take.

Add a vCenter Single Sign-On Identity Source

Users can log in to vCenter Server only if they are in a domain that has been added as a vCenter Single Sign­On identity source. vCenter Single Sign-On administrator users can add identity sources from the
vSphere Web Client.

An identity source can be a native Active Directory (Integrated Windows Authentication) domain or an
OpenLDAP directory service. For backward compatibility, Active Directory as an LDAP Server is also
available.

Immediately after installation, the following default identity sources and users are available:

localos

All local operating system users. These users can be granted permissions to
vCenter Server. If you are upgrading, those users who already have
permissions keep those permissions.

vsphere.local

Contains the vCenter Single Sign-On internal users.

Procedure

1 Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single

Sign-On administrator privileges.

2 Browse to Administration > Single Sign-On > Configuration.

3 On the Identity Sources tab, click the Add Identity Source icon.

4 Select the type of identity source and enter the identity source settings.

Option Description

Active Directory (Integrated
Windows Authentication)

Use this option for native Active Directory implementations. See “Active

Directory Identity Source Settings,” on page 88.

Active Directory as an LDAP Server

This option is available for backward compatibility. It requires that you
specify the domain controller and other information. See “Active Directory

LDAP Server and OpenLDAP Server Identity Source Settings,” on

page 89.

Chapter 4 Installing vCenter Server

VMware, Inc. 87

Option Description

OpenLDAP

Use this option for an OpenLDAP identity source. See “Active Directory

LDAP Server and OpenLDAP Server Identity Source Settings,” on

page 89.

LocalOS

Use this option to add the local operating system as an identity source.
You are prompted only for the name of the local operating system. If you
select this option, all users on the specified machine are visible to vCenter
Single Sign-On, even if those users are not part of another domain.

NOTE If the user account is locked or disabled, authentications and group and user searches in the
Active Directory domain will fail. The user account must have read-only access over the User and
Group OU, and must be able to read user and group attributes. This is the default Active Directory
domain configuration for user permissions. VMware recommends using a special service user.

5 If you configured an Active Directory as an LDAP Server or an OpenLDAP identity source, click Test

Connection to ensure that you can connect to the identity source.

6 Click OK.

What to do next

When an identity source is added, all users can be authenticated but have the No access permission. A user
with vCenter Server Modify.permissions privileges can assign permissions to users or groups of users to
enable them to log in to vCenter Server. See “Assign Permissions in the vSphere Web Client,” on page 89.

Active Directory Identity Source Settings

If you select the Active Directory (Integrated Windows Authentication) identity source type, you can either
use the local machine account as your SPN (Service Principal Name) or specify an SPN explicitly.

Select Use machine account to speed up configuration. If you expect to rename the local machine on which
vCenter Single Sign-On runs, specifying an SPN explicitly is preferable.

Table 4‑1. Add Identity Source Settings

Field Description

Domain name FDQN of the domain. Do not provide an IP address in this

field.

Use machine account Select this option to use the local machine account as the

SPN. When you select this option, you specify only the
domain name. Do not select this option if you expect to
rename this machine.

Use SPN Select this option if you expect to rename the local

machine. You must specify an SPN, a user who can
authenticate with the identity source, and a password for
the user.

Service Principal SPN that helps Kerberos to identify the Active Directory

service. Include the domain in the name, for example,
STS/example.com.

You might have to run setspn -S to add the user you
want to use. See the Microsoft documentation for
information on setspn.

The SPN must be unique across the domain. Running
setspn -S checks that no duplicate is created.

vSphere Installation and Setup

88 VMware, Inc.

Table 4‑1. Add Identity Source Settings (Continued)

Field Description

User Principal Name Name of a user who can authenticate with this identity

source. Use the email address format, for example,
jchin@mydomain.com. You can verify the User Principal
Name with the Active Directory Service Interfaces Editor
(ADSI Edit).

Password Password for the user who is used to authenticate with this

identity source, which is the user who is specified in User
Principal Name. Include the domain name, for example,
jdoe@example.com.

Active Directory LDAP Server and OpenLDAP Server Identity Source Settings

The Active Directory as an LDAP Server identity source is available for backward compatibility. Use the
Active Directory (Integrated Windows Authentication) option for a setup that requires less input. The
OpenLDAP Server identity source is available for environments that use OpenLDAP.

Table 4‑2. Active Directory as an LDAP Server and OpenLDAP Settings

Field Description

Name Name of the identity source.

Base DN for users (Optional) Base domain name for users.

Domain name FDQN of the domain, for example, example.com. Do not

provide an IP address in this field.

Domain alias The domain's NetBIOS name. Add the NetBIOS name of

the Active Directory domain as an alias of the identity
source if you are using SSPI authentications.

Base DN for groups (Optional) The base domain name for groups.

Primary Server URL Primary domain controller LDAP server for the domain.

Use the format ldap://hostname:port or
ldaps://hostname:port. The port is typically 389 for ldap:
connections and 636 for ldaps: connections. For Active
Directory multi-domain controller deployments, the port is
typically 3268 for ldap: connections and 3269 for ldaps:
connections.

A certificate that establishes trust for the LDAPS endpoint
of the Active Directory server is required when you use
ldaps:// in the primary or secondary LDAP URL.

Secondary server URL (Optional) Address of a secondary domain controller

LDAP server that is used for failover.

Username ID of a user in the domain who has a minimum of read-

only access to Base DN for users and groups.

Password Password of the user who is specified by Username.

Assign Permissions in the vSphere Web Client

After you create users and groups and define roles, you must assign the users and groups and their roles to
the relevant inventory objects. You can assign the same permissions at one time on multiple objects by
moving the objects to a folder and setting the permissions on the folder.

Prerequisites

Permissions.Modify permission on the parent object of the object whose permissions you want to modify.

Chapter 4 Installing vCenter Server

VMware, Inc. 89

Procedure

1 Browse to the object in the vSphere Web Client object navigator.

2 Click the Manage tab and select Permissions.

3 Click Add Permission.

4 Click Add.

5 Identify the user or group to assign to this role.

a Select the domain where the user or group is located from the Domain drop-down menu.

b Type a name in the Search box or select a name from the list.

The system searches user names, group names, and descriptions.

c Select the user and click Add.

The name is added to either the Users or Groups list.

d (Optional) Click Check Names to verify that the user or group exists in the database.

e Click OK.

6 Select a role from the Assigned Role drop-down menu.

The roles that are assigned to the object appear in the menu. The privileges contained in the role are
listed in the section below the role title.

7 (Optional) Deselect the Propagate to Child Objects check box.

The role is applied only to the selected object and does not propagate to the child objects.

8 Verify that the users and groups are assigned to the appropriate permissions and click OK.

The server adds the permission to the list of permissions for the object.

The list of permissions references all users and groups that have roles assigned to the object and
indicates where in the vCenter Server hierarchy the role is assigned.

Hierarchical Inheritance of Permissions

When you assign a permission to an object, you can choose whether the permission propagates down the
object hierarchy. You set propagation for each permission. Propagation is not universally applied.
Permissions defined for a child object always override the permissions that are propagated from parent
objects.

The figure illustrates inventory hierarchy and the paths by which permissions can propagate.

vSphere Installation and Setup

90 VMware, Inc.

Figure 4‑2. vSphere Inventory Hierarchy

template host

standard

switch

VDS datastore

virtual

machine

virtual

machine

virtual

machine

virtual

machine

cluster

resource pool

vApp

vApp

vApp

resource pool

VM folder host folder network folder datastore folder

data center folder

data center

root folder

distributed
port group

datastore

cluster

resource pool

Most inventory objects inherit permissions from a single parent object in the hierarchy. For example, a
datastore inherits permissions from either its parent datastore folder or parent datacenter. Virtual machines
inherit permissions from both the parent virtual machine folder and the parent host, cluster, or resource
pool simultaneously. To restrict a user’s privileges on a virtual machine, you must set permissions on both
the parent folder and the parent host, cluster, or resource pool for that virtual machine.

Chapter 4 Installing vCenter Server

VMware, Inc. 91

To set permissions for a distributed switch and its associated distributed port groups, set permissions on a
parent object, such a folder or datacenter. You must also select the option to propagate these permissions to
child objects.

Permissions take several forms in the hierarchy:

Managed entities

You can define permissions on managed entities.

n

Clusters

n

Datacenters

n

Datastores

n

Datastore clusters

n

Folders

n

Hosts

n

Networks (except vSphere Distributed Switches)

n

Distributed port groups

n

Resource pools

n

Templates

n

Virtual machines

n

vSphere vApps

Global entities

Global entities derive permissions from the root vCenter Server system.

n

Custom fields

n

Licenses

n

Roles

n

Statistics intervals

n

Sessions

Install or Upgrade vCenter Server Java Components Separately

The required vCenter Server Java Components (JRE) are installed or upgraded silently when you install or
upgrade vCenter Server. You can also install or upgrade vCenter Server Java Components separately.

By using the separate installer, you can update or upgrade JRE to a version that is released asynchronously
from vCenter Server releases. If an earlier version of JRE is present on the system, this procedure upgrades
the existing JRE version.

Prerequisites

n

Verify that Microsoft Windows Installler 3.0 or later is present on your system.

n

Download the vCenter Server installer from the VMware downloads page at

http://www.vmware.com/support/ and extract the zip archive.

Procedure

1 In Windows Explorer, double-click the file vCenter_Server_installation_directory/vJRE/VMware-

jre.exe.

The VMware vCenter Server - Java Components installer wizard opens.

2 Accept the license agreement.

vSphere Installation and Setup

92 VMware, Inc.

3 Accept or change the default installation folder.

4 Click Install.

The vCenter Server Java Components (JRE) are installed or upgraded.

Install or Upgrade vCenter Server tc Server Separately

The required vCenter Server component tc Server is installed or upgraded silently when you install or
upgrade vCenter Server. You can also install or upgrade vCenter Server tc Server separately.

By using the separate installer, you can update or upgrade vCenter Server tc Server to a version that is
released asynchronously from vCenter Server releases. If an earlier version of vCenter Server tc Server is
present on the system, this procedure upgrades the existing JRE version.

Prerequisites

n

Verify that Microsoft Windows Installler 3.0 or later is present on your system.

n

Download the vCenter Server installer from the VMware downloads page at

http://www.vmware.com/support/ and extract the zip archive.

Download the vCenter Server installer from the VMware downloads page at

http://www.vmware.com/support/ and extract the zip archive.

Procedure

1 In Windows Explorer, double-click the file

vCenter_Server_installation_directory/vtcServer/VMware-tcserver.exe.

The VMware vCenter Server - tc Server installer wizard opens.

2 Accept the license agreement.

3 Accept or change the default installation folder.

4 Click Install.

vCenter Server tc Server is installed is installed or upgraded.

vCenter Single Sign-On Installation Fails

In a Windows environment, vCenter Single Sign-On installation might fail for several reasons.

Problem

The vCenter Single Sign-On installation fails in a Windows environment.

Cause

Multiple causes of an installation failure.

Solution

1 Verify that all installation setup prerequisites are met.

At the time the installation fails, the installer displays a message similar to ####: Installation failed

due to....

2 At a command line, run the following command to gather a vCenter Single Sign-On support bundle.

C:\Windows\System32\cscript.exe "SSO Server\scripts\sso-support.wsf" /z

3 Click OK

Chapter 4 Installing vCenter Server

VMware, Inc. 93

4 View the logs in %TEMT%\vminst.log for details about the failure and possible solutions.

For a complete list of logs, see VMware Knowledge Base article 2033430.

Download and Deploy the VMware vCenter Server Appliance

As an alternative to installing vCenter Server on a Windows machine, you can download the VMware
vCenter Server Appliance. The vCenter Server Appliance is a preconfigured Linux-based virtual machine
optimized for running vCenter Server and associated services.

The vCenter Server Appliance has the following default user names

n

root@localos with the password vmware.

n

administrator@vsphere.local with the password that you entered during installation for the vCenter

Single Sign-On administrator account in the built-in domain.

You can also create a custom password that the vCenter Server Appliance reads on first boot. See “Create a

Custom Password on the First Boot for the vCenter Server Appliance,” on page 96.

NOTE On a newly deployed version 5.5 vCenter Server Appliance, the root user does not have vCenter
Single Sign-On Administrator privileges. For information about administering vCenter Single Sign-On, see
the vSphere Security documentation.

For external databases, the vCenter Server Appliance supports only Oracle databases, in the same versions
shown in the VMware Product Interoperability Matrix for the version of the vCenter Server Appliance that
you are deploying. See the VMware Product Interoperability Matrix at

http://www.vmware.com/resources/compatibility/sim/interop_matrix.php. Versions 5.0.1 and later of the

vCenter Server Appliance use PostgreSQL for the embedded database instead of IBM DB2, which is used in
vCenter Server Appliance 5.0.

The vCenter Server Appliance does not support Linked Mode configuration.

Version 5.5 of the vCenter Server Appliance is deployed with virtual hardware version 7, which supports
eight virtual CPUs per virtual machine in ESXi. Depending on the hosts that you will manage with the
vCenter Server Appliance, you might want to upgrade the ESXi hosts and update the hardware version of
the vCenter Server Appliance to support more virtual CPUs:

n

ESXi 4.x supports up to virtual hardware version 7 with up to 8 virtual CPUs per virtual machine.

n

ESXi 5.0.x supports up to virtual hardware version 8 with up to 32 virtual CPUs per virtual machine.

n

ESXi 5.1.x supports up to virtual hardware version 9 with up to 64 virtual CPUs per virtual machine.

CAUTION If you update the vCenter Server appliance to hardware version 10, you cannot edit the virtual
machine settings for the appliance using the vSphere Client. This might cause difficulties in managing the
vCenter Server Appliance, because you cannot use the vSphere Web Client to connect directly to the host on
which the vCenter Server Appliance resides to manage it. Do not upgrade the vCenter Server Appliance to
hardware version 10.

For inventory and other configuration limits in the vCenter Server Appliance, see the Configuration
Maximums documentation.

For information about upgrading ESXi hosts, see the vSphere Upgrade documentation. To update the virtual
hardware version of a virtual machine, see the information about virtual machine compatibility levels in the
vSphere Virtual Machine Administration documentation.

For information about configuring the vCenter Server Appliance, see the vCenter Server and Host Management
documentation.

vSphere Installation and Setup

94 VMware, Inc.

To configure networking for the vCenter Server Appliance, you must use the vami_config_net tool, located
at /opt/vmware/share/vami/vami_config_net. Instructions for using this tool are in the document User’s
Guide to Deploying vApps and Virtual Appliances, located at

https://www.vmware.com/support/developer/studio/studio26/va_user.pdf.

NOTE vCenter Server 5.5 supports connection between vCenter Server and vCenter Server components by
IP address only if the IP address is IPv4-compliant. To connect to a vCenter Server system in an IPv6
environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server.
The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if
assigned by DHCP.

The ESXi Dump Collector service, the vSphere Syslog service, and vSphere Auto Deploy must use an IPv4
address to communicate with the vCenter Server Appliance.

Prerequisites

n

Verify that the host machine meets the hardware requirements for the vCenter Server Appliance listed
in “Hardware Requirements for vCenter Server, the vSphere Web Client, vCenter Inventory Service,

and vCenter Single Sign-On,” on page 17.

n

Verify that the hosts are running ESX version 4.x or ESXi version 4.x or later.

n

Synchronize the clocks of all machines on the vSphere network. See “Synchronizing Clocks on the

vSphere Network,” on page 59.

n

If you plan to configure the vCenter Server Appliance from a configuration file, prepare the file and
store it in a location that is accessible from the vCenter Server Appliance host machine. See “Format for

the vCenter Server Appliance Configuration File,” on page 98.

n

See the vSphere Virtual Machine Administration documentation for instructions on deploying OVA files
and OVF templates.

Procedure

1 From the vSphere 5 download page on the VMware Web site, download the .OVA file or the .OVF and

VMDK files for the vCenter Server appliance onto your system.

2 Using the vSphere Web Client, deploy the .OVA file or the .OVF and VMDK files as an OVF template.

If you do not want to commit to using the maximum 80GB of disk space at deployment, deploy the
vCenter Server Appliance with thin provisioning. In the Disk Format panel of the Deploy OVF template
wizard, select Thin provisioned format.

3 Power on the vCenter Server Appliance.

4 Open a console view.

5 Follow the instructions on the welcome screen to open a browser window to the URL shown.

6 Log in to the vCenter Server Appliance and accept the license agreement.

When you log in, the vCenter Server Setup wizard starts.

Chapter 4 Installing vCenter Server

VMware, Inc. 95

7 Select the configuration option for your installation.

Option Description

Configure with default settings

Sets up embedded vCenter Server database in the vCenter Server
Appliance and configures the database and Active Directory with default
settings.

Upload configuration file

To configure the vCenter Server Appliance from a prepared configuration
file.

Set custom configuration

To customize the configuration of the vCenter Server Appliance. The setup
wizard displays separate panels for you to connect the appliance to
embedded or external vCenter Server database, and to configure custom
Active Directory settings.

8 Follow the prompts to complete the wizard.

If you uploaded a configuration file, enter any settings that were not included in the file as you
complete the wizard.

The vCenter Server Appliance is deployed and set up.

What to do next

See the vCenter Server and Host Management documentation for information about using vCenter Server and
the vCenter Server Appliance.

Create a Custom Password on the First Boot for the vCenter Server Appliance

The vCenter Server Appliance has the default user name root@localos and password vmware. You can also
create a custom password that the vCenter Server Appliance reads the first time you boot the appliance.

By creating a custom password the first time you start the vCenter Server Appliance, you ensure that the
default password cannot be used.

NOTE When you change the root vCenter Server Appliance password using the vCenter Server Appliance
Web interface, the GRUB password is changed automatically. However, when you change the vCenter
Server Appliance password using the vCenter Server Appliance console, the GRUB password is not
changed. You must update the vCenter Server Appliance root password using the Web interface to
simultaneously change the GRUB password.

Procedure

1 From a terminal window on your Linux host machine, type the following command to create an MD5

hash of the custom password.

grub-md5-crypt

2 At the prompt, type the new password and press Enter.

The system returns the MD5 hash of the password.

3 Create a CD directory.

mkdir cd

4 Add the MD5 hash to the vCenter Server Appliance configuration file.

echo 'rootPwdHashMD5=hash_password' > cd/vcva.cfg

hash_password is the MD5 hash of the password returned in Step 2. Use single quotes for the echo
command, as shown, because the hash_password contains $ characters that must be escaped otherwise.

vSphere Installation and Setup

96 VMware, Inc.

5 Create an ISO file containing the password.

mkisofs -R -o rootpass.iso cd

6 Attach the CD/DVD drive of the vCenter Server Appliance virtual machine to the rootpass.iso file, and

make sure that Connected at power on is selected.

When you turn on the vCenter Server Appliance, it reads and applies the custom password you created for
the root user.

Configure a vCenter Server Appliance to Use the vCenter Single Sign-On of a
Different Virtual Machine

You can direct one or more vCenter Server Appliances to use a vCenter Single Sign-On instance running on
another virtual machine. This action makes all the vCenter Server instances accessible by each
vSphere Web Client configured with the same vCenter Single Sign-On instance.

You can also set a new vCenter Server Appliance to use an external vCenter Single Sign-On instance when
you run the vCenter Server Setup wizard for a newly deployed vCenter Server Appliance. See “Download

and Deploy the VMware vCenter Server Appliance,” on page 94.

Prerequisites

n

Verify that you have the URL of the Lookup Service for the target instance of vCenter Single Sign-On.

Procedure

1 Connect to the vCenter Server Appliance from a Web browser.

2 On the vCenter Server tab, click SSO.

3 Set the SSO deployment type to external.

4 Under Lookup service location, type the URL of the Lookup Service for the target instance of vCenter

Single-Sign On.

The new vCenter Server Appliance is configured to use the existing vCenter Single Sign-On instance, and
both vCenter Server instances are accessible by the vSphere Web Client of either vCenter Server Appliance.

What to do next

You can repeat this procedure for multiple vCenter Server Appliances.

Chapter 4 Installing vCenter Server

VMware, Inc. 97

Format for the vCenter Server Appliance Configuration File

When you deploy a new vCenter Server Appliance, you can configure the appliance by uploading a
configuration file, instead of entering the settings manually in the vCenter Server Setup wizard.

Configuration File Format

Each line of the configuration file supplies the setting for the corresponding entry in the vCenter Center
Setup wizard. The values shown here are variables that describe acceptable entries.

NOTE You must enter the header exactly as shown below: vCenter Server Preseed Config v1.0.
Otherwise, the file will be rejected.

Passwords in the configuration file are not used. You must enter passwords manually when you complete
the vCenter Setup wizard.

#vCenter Server Preseed Config v1.0

#Database options
VC_DB_TYPE=embedded or oracle
#Additional database options if VC_DB_TYPE=oracle
VC_DB_SERVER=vCenter Server database server IP address
VC_DB_SERVER_PORT=vCenter Server database server port number
VC_DB_INSTANCE=vCenter Server database server instance name
VC_DB_USER=vCenter Server database user name
VC_DB_PASSWORD=

#vCenter Single Sign-On options
SSO_TYPE=embedded or external
#Additional vCenter Single Sign-On options if SSO_TYPE=external
SSO_LS_LOCATION=vCenter Single Sign-On Lookup Service URL
SSO_LS_CERT_THUMBPRINT=vCenter Single Sign-On Lookup Service certificate thumbprint

SSO_REG_ADMIN_USERNAME=fully qualified name of a user with vCenter Single Sign-On administrative

privileges
SSO_REG_ADMIN_PASSWORD=password for above user with vCenter Single Sign-On administrative
privileges
SSO_VC_ADMIN_USERNAME=name of the default principal administrator for vCenter Server. If not
qualified, it is
assumed to be an Operating System principal
SSO_VC_ADMIN_IS_GROUP=true or false. True if above default principal administrator for vCenter
Server is a group.

#Additional vCenter Single Sign-On options if SSO_TYPE=embedded
SSO_ADMIN_PASS=password for the administrator@vsphere.local newly installed embedded vCenter

Single Sign-On service

SSO_ADMIN_PASS2=set to the same string as SSO_ADMIN_PASS
SSO_CALLTYPE=set to "typed" for SSO_ADMIN_PASS to take effect.

#Microsoft Active Directory options
VC_AD_STATUS=0 to disable, 1 to enable
#Additional Microsoft Active Directory option if VC_AD_STATUS=1
VC_AD_DOMAIN=Active Directory fully qualified domain name

vSphere Installation and Setup

98 VMware, Inc.

Example: Example Configuration File

This example shows a configuration file for a vCenter Server Appliance that uses an external Oracle vCenter
Server database and an external vCenter Single Sign-On instance.

#vCenter Server Preseed Config v1.0

#Database options
VC_DB_TYPE=oracle
VC_DB_SERVER=10.111.11.111
VC_DB_SERVER_PORT=1521
VC_DB_INSTANCE=orcl
VC_DB_USER=VCA-6
VC_DB_PASSWORD=

#vCenter Single Sign-On options
SSO_TYPE=external
SSO_LS_LOCATION=https://machinename.corp.com:7444/lookupservice/sdk
SSO_LS_CERT_THUMBPRINT=

#Microsoft Active Directory options
VC_AD_STATUS=0
VC_AD_DOMAIN=

Chapter 4 Installing vCenter Server

VMware, Inc. 99

vSphere Installation and Setup

100 VMware, Inc.