vCenter Server Appliance Configuration
Update 1
vSphere 6.0
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions of
this document, see http://www.vmware.com/support/pubs.
EN-001785-06
vCenter Server Appliance Configuration
You can find the most up-to-date technical documentation on the VMware Web site at:
hp://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2009–2016 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About vCenter Server Appliance Conguration 5
Updated Information 7
vCenter Server Appliance Overview 9
1
Using the Appliance Management Interface to Congure the
2
vCenter Server Appliance 11
Log In to the vCenter Server Appliance Management Interface 11
View the vCenter Server Appliance Health Status 12
Reboot or Shut Down the vCenter Server Appliance 12
Export a Support Bundle 13
Enable or Disable SSH and Bash Shell Access 13
Congure the DNS, IP Address, and Proxy Seings 13
Congure the System Time Zone and Time Synchronization Seings 15
Change the Password and Password Expiration Seings of the Root User 15
Using the vSphere Web Client to Congure the vCenter Server Appliance 17
3
Join the vCenter Server Appliance to an Active Directory Domain 17
Leave an Active Directory Domain 19
Add a User to the SystemConguration.BashShellAdministrators Group 20
Edit Access Seings to the vCenter Server Appliance 20
Edit the DNS and IP Address Seings of the vCenter Server Appliance 21
Edit the Firewall Seings of the vCenter Server Appliance 23
Edit the Startup Seings of a Service 24
Start, Stop, or Restart Services in the vCenter Server Appliance 24
View the Health Status of Services and Nodes 25
Edit the Seings of Services 25
Export a Support Bundle 26
Redirect vCenter Server Appliance Log Files to Another Machine 27
VMware, Inc.
Using the Appliance Shell to Congure the vCenter Server Appliance 29
4
Access the Appliance Shell 29
Enable Bash Shell Access From the Appliance Shell 30
Keyboard Shortcuts for Editing Commands 30
Get Help About the Plug-Ins and API Commands in the Appliance 31
Plug-Ins in the vCenter Server Appliance Shell 31
API Commands in the vCenter Server Appliance Shell 33
Browse the Log Files by Using the showlog Plug-In 36
Conguring SNMP for the vCenter Server Appliance 36
Conguring Time Synchronization Seings in the vCenter Server Appliance 43
3
vCenter Server Appliance Configuration
Managing Local User Accounts in the vCenter Server Appliance 45
Monitor Health Status and Statistics in the vCenter Server Appliance 47
Using the vimtop Plug-In to Monitor the Resource Usage of Services 48
Using the Direct Console User Interface to Congure the
5
vCenter Server Appliance 51
Log In to the Direct Console User Interface 51
Change the Password of the Root User 52
Congure the Management Network of the vCenter Server Appliance 52
Restart the Management Network of the vCenter Server Appliance 53
Enable Access to the Appliance Bash shell 53
Access the Appliance Bash Shell for Troubleshooting 54
Export a vCenter Server Support Bundle for Troubleshooting 54
Index 55
4 VMware, Inc.
About vCenter Server Appliance Configuration
vCenter Server Appliance Conguration provides information about conguring the vCenter Server Appliance.
Intended Audience
This information is intended for anyone who wants to use the vCenter Server Appliance. The information is
wrien for experienced Windows or Linux system administrators who are familiar with virtual machine
technology and data center operations.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For denitions
of terms as they are used in VMware technical documentation, go to
hp://www.vmware.com/support/pubs.
VMware, Inc.
5
vCenter Server Appliance Configuration
6 VMware, Inc.
Updated Information
This vCenter Server Appliance Conguration is updated with each release of the product or when necessary.
This table provides the update history of the vCenter Server Appliance Conguration.
Revision Description
EN-001785-06
EN-001785-05 Updated topic “Join the vCenter Server Appliance to an Active Directory Domain,” on page 17 to
EN-001785-04 Updated topics “Congure the DNS, IP Address, and Proxy Seings,” on page 13 and “Edit the DNS
EN-001785-03 Updated topic “Log In to the vCenter Server Appliance Management Interface,” on page 11 to add a
EN-001785-02 Updated topic “Create a Local User Account in the vCenter Server Appliance,” on page 45 to correct the
EN-001785-01
EN-001785-00 Initial release.
Updated topic “Plug-Ins in the vCenter Server Appliance Shell,” on page 31 to add the cmsso-util and
psc-restore plug-ins.
improve the information about enabling Windows session authentication (SSPI) for Active Directory
users when using the vSphere Web Client and the vSphere Client to connect to a vCenter Server instance.
and IP Address Seings of the vCenter Server Appliance,” on page 21 to add a prerequisite for changing
the IP address of the appliance.
prerequisite for enabling TLS 1.0 and 1.1 if using Internet Explorer.
command syntax by adding a required parameter.
Updated Chapter 1, “vCenter Server Appliance Overview,” on page 9 to state that customization of
n
the vCenter Server Appliance is unsupported except for adding memory and CPU.
Updated “Join the vCenter Server Appliance to an Active Directory Domain,” on page 17 to state
n
that this procedure aaches users and groups from an Active Directory domain to the vCenter Single
Sign-On domain, Active Directory domains with read-only domain controllers (RODC) are
unsupported, and the organizational unit text box requires the canonical name of the organizational
unit. Also, added information in step 11 about the identity source seings of the joined Active
Directory domain.
VMware, Inc. 7
vCenter Server Appliance Configuration
8 VMware, Inc.
vCenter Server Appliance Overview 1
The vCenter Server Appliance is a precongured Linux virtual machine, which is optimized for running
vCenter Server and the associated services on Linux.
You can download the vCenter Server Appliance installer, install the VMware Client Integration Plug-In,
and deploy the vCenter Server Appliance. During the deployment of the appliance, you select whether you
want to deploy vCenter Server Appliance with an external Platform Services Controller or
vCenter Server Appliance with an embedded Platform Services Controller. You can also join the
vCenter Server Appliance to the same vCenter Single Sign-On domain as another vCenter Server Appliance
or vCenter Server on Windows. See vSphere Installation and Setup.
The vCenter Server Appliance is supported on ESXi 5.0 and later. The appliance package contains the
following software:
SUSE Linux Enterprise Server 11 Update 3 for VMware, 64-bit edition.
n
PostgreSQL database.
n
vCenter Server 6.0 and vCenter Server 6.0 components.
n
Platform Services Controller that contains all of the necessary services for running vCenter Server such
n
as vCenter Single Sign-On, License service, and VMware Certicate Authority.
For detailed information about the Platform Services Controller, see vSphere Installation and Setup.
VMware, Inc.
Customization of the vCenter Server Appliance is unsupported except for adding memory and CPU.
The vCenter Server Appliance has the following default user names:
root user with the password that you set during the deployment of the virtual appliance. You use the
n
root user to log in to the vCenter Server Appliance Management Interface and to the appliance Linux
operating system.
I The password for the root account of the vCenter Server Appliance expires after 365 days
by default. For information about how to change the root password and congure the password
expiration seings, see “Change the Password and Password Expiration Seings of the Root User,” on
page 15.
administrator@your_domain_name which is the vCenter Single Sign-On user with the password and
n
domain name that you set during the deployment of the appliance.
In vSphere 5.5, this user is administrator@vsphere.local. In vSphere 6.0, when you install vCenter Server
or deploy the vCenter Server Appliance with a new Platform Services Controller, you can change the
vSphere domain. Do not use the same domain name as the domain name of your Microsoft Active
Directory or OpenLDAP domain name.
9
vCenter Server Appliance Configuration
Initially, only the user administrator@your_domain_name has the privileges to log in to the
vCenter Server system in the vCenter Server Appliance. By default, the
administrator@your_domain_name user is a member of the SystemConguration.Administrators group
and can add an identity source in which additional users and groups are dened to vCenter Single
Sign-On or give permissions to the users and groups. For more information, see vSphere Security.
You can access the vCenter Server Appliance and edit the vCenter Server Appliance seings in four ways:
Use the vCenter Server Appliance Management Interface.
n
You can edit the system seings of the vCenter Server Appliance such as access, network, time
synchronization, and the root password seings. This is the preferred way for editing the appliance.
Use the vSphere Web Client.
n
You can navigate to the system conguration seings of the vCenter Server Appliance and join the
appliance to an Active Directory domain, manage the services that are running in the
vCenter Server Appliance, and modify various seings such as access, network, and rewall seings.
Use the appliance shell.
n
You can use TTY1 to log in to the console or can use SSH and run conguration, monitoring, and
troubleshooting commands in the vCenter Server Appliance.
Use the Direct Console User Interface.
n
You can use TTY2 to log in to the vCenter Server Appliance Direct Console User Interface to change the
password of the root user, congure the network seings, or enable access to the Bash shell or SSH.
10 VMware, Inc.
Using the Appliance Management
Interface to Configure the
vCenter Server Appliance 2
After you deploy the vCenter Server Appliance that contains vCenter Server with an embedded
Platform Services Controller, vCenter Server with an external Platform Services Controller, or a
Platform Services Controller, you can log in to the vCenter Server Appliance Management Interface and edit
the appliance seings.
For information about patching the vCenter Server Appliance and enabling automatic checks for
vCenter Server Appliance patches, see the vSphere Upgrade documentation.
This chapter includes the following topics:
“Log In to the vCenter Server Appliance Management Interface,” on page 11
n
“View the vCenter Server Appliance Health Status,” on page 12
n
“Reboot or Shut Down the vCenter Server Appliance,” on page 12
n
“Export a Support Bundle,” on page 13
n
“Enable or Disable SSH and Bash Shell Access,” on page 13
n
“Congure the DNS, IP Address, and Proxy Seings,” on page 13
n
“Congure the System Time Zone and Time Synchronization Seings,” on page 15
n
“Change the Password and Password Expiration Seings of the Root User,” on page 15
n
Log In to the vCenter Server Appliance Management Interface
Log in to the vCenter Server Appliance Management Interface to access the vCenter Server Appliance
conguration seings.
N The login session expires if you leave the vCenter Server Appliance Management Interface idle for 10
minutes.
Prerequisites
Verify that the vCenter Server Appliance is successfully deployed and running.
n
If you are using Internet Explorer, verify that TLS 1.0 and 1.1 are enabled in the security seings.
n
Procedure
1 In a Web browser, go to the vCenter Server Appliance Management Interface, hps://appliance-IP-
address-or-FQDN:5480.
2 Log in as root.
The default root password is the password you set while deploying the vCenter Server Appliance.
VMware, Inc.
11
vCenter Server Appliance Configuration
View the vCenter Server Appliance Health Status
You can use the vCenter Server Appliance Management Interface to view the overall health status of the
vCenter Server Appliance and health messages.
The overall health status of the vCenter Server Appliance is based on the status of the hardware components
such as memory, CPU, storage, and network, as well as that of the update component, which shows whether
the software packages are up to date according to the last check for available patches.
I If you do not perform regular checks for available patches, the health status of the update
component might become out-of-date. For information about how to check for vCenter Server Appliance
patches and enable automatic checks for vCenter Server Appliance patches, see vSphere Upgrade.
For information about how to view the individual status, see “Monitor Health Status and Statistics in the
vCenter Server Appliance,” on page 47.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
Procedure
1 In the vCenter Server Appliance Management Interface, click Summary.
2 In the Health Status pane, view the Overall Status badge.
Table 2‑1. Health Status
Badge Icon Description
Good. All components in the appliance are
healthy.
Warning. One or more components in the
appliance might become overloaded soon.
View the details in the Health Messages
pane.
Alert. One or more components in the
appliance might be degraded. Nonsecurity
patches might be available.
View the details in the Health Messages
pane.
Critical. One or more components in the
appliance might be in an unusable status and
the appliance might become unresponsive
soon. Security patches might be available.
View the details in the Health Messages
pane.
Unknown. No data is available.
Reboot or Shut Down the vCenter Server Appliance
You can use the vCenter Server Appliance Management Interface to restart or power o the virtual machine
running.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
12 VMware, Inc.
Procedure
1 In the vCenter Server Appliance Management Interface, click Summary.
2 Click Reboot or Shutdown to restart or power o the virtual machine.
3 In the conrmation dialog window, click Yes to conrm the operation.
Export a Support Bundle
You can export a support bundle that contains the log les for the vCenter Server instance running in the
appliance. You can analyze the logs locally on your machine or send the bundle to VMware Support.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
Procedure
1 In the vCenter Server Appliance Management Interface, click Summary.
2 Click Create Support Bundle, and save the bundle on your local machine.
The support bundle is downloaded as a .tgz le on your local machine.
Chapter 2 Using the Appliance Management Interface to Configure the vCenter Server Appliance
Enable or Disable SSH and Bash Shell Access
You can use the vCenter Server Appliance Management Interface to edit the access seings to the appliance.
You can enable or disable an SSH administrator login to the appliance. You can also enable access to the
vCenter Server Appliance Bash shell for a specic time interval.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
Procedure
1 In the vCenter Server Appliance Management Interface, click Access, and click Edit.
2 Edit the access seings for the vCenter Server Appliance.
Option Description
Enable SSH login
Enable Bash shell
3 Click OK to save the seings.
Enables SSH access to the vCenter Server Appliance.
Enables Bash shell access to the vCenter Server Appliance for the number
of minutes that you enter.
Configure the DNS, IP Address, and Proxy Settings
You can assign static IPv4 and IPv6 addresses, edit the DNS seings, and dene the proxy seings for the
vCenter Server Appliance.
Prerequisites
To change the IP address of the appliance, verify that the system name of the appliance is an FQDN. If,
n
during the deployment of the appliance, you set an IP address as a system name, you cannot change the
IP address after the deployment, because the system name is used as a primary network identier.
Log in to the vCenter Server Appliance Management Interface as root.
n
VMware, Inc. 13
vCenter Server Appliance Configuration
Procedure
1 In the vCenter Server Appliance Management Interface, click Networking.
2 In the Hostname, Name Servers, and Gateways pane, click Edit.
3 In the Name Servers section, congure the DNS seings.
Option Description
Obtain DNS settings automatically
Enter settings manually
4 In the Networking Interfaces pane, click Edit.
5 Expand the network interface name to edit the IP address seings.
6 Edit the IPv4 address seings.
Option Description
No IPv4 settings
Obtain IPv4 settings automatically
Use the following IPv4 settings
7 Edit the IPv6 seings.
Obtains the DNS seings automatically from the network.
Lets you set the DNS address seings manually. If you select this option,
you must provide the following information:
The IP address of the preferred DNS server.
n
(Optional) The IP address of the alternative DNS server.
n
Disables the IPv4 address. The appliance uses only an IPv6 address.
Obtains the IPv4 address for the appliance automatically from the
network .
Uses an IPv4 address that you set manually. You must enter the IP address,
subnet prex length, and the default gateway.
Option Description
Obtain IPv6
automatically through DHCP
Obtain IPv6
automatically through Router
Advertisement
Static IPv6 addresses Uses static IPv6 addresses that you set up manually.
Assigns IPv6 addresses to the appliance automatically from the network by
using DHCP.
Assigns IPv6 addresses to the appliance automatically from the network by
using router advertisement.
1 Click the Add icon.
2 Enter the IPv6 address and the subnet prex length.
3 Click OK.
4 (Optional) Edit the default gateway.
You can congure the appliance to obtain the IPv6 seings automatically through both DHCP and
router advertisement. You can assign static IPv6 address at the same time.
8 To congure a proxy server, in the Proxy Seings pane, click Edit.
9 Select Use a Proxy Server, enter the proxy server seings, and click OK.
14 VMware, Inc.
Chapter 2 Using the Appliance Management Interface to Configure the vCenter Server Appliance
Configure the System Time Zone and Time Synchronization Settings
After you deploy the vCenter Server Appliance, you can change the system time zone and time
synchronization seings.
When you deploy the vCenter Server Appliance, you either use the time seings of the ESXi host on which
the appliance is running or you congure the time synchronization based on an NTP server. If the time
seings in your vSphere network change, you can edit the time zone and time synchronization seings in
the appliance.
I If the vCenter Server Appliance is using an external Platform Services Controller, you must
congure both the vCenter Server Appliance and the Platform Services Controller to use the same time
synchronization source. Otherwise, authentication with vCenter Single Sign-On might fail.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
Procedure
1 In the vCenter Server Appliance Management Interface, click Time.
2 Congure the system time zone seings.
a In the Time zone pane, click Edit.
b From the Time zone drop-down menu, select a location or time zone and click OK.
3 Congure the time synchronization seings.
a In the Time Synchronization pane, click Edit.
b From the Mode drop-down menu, congure the time synchronization method.
Option Description
Disabled
Host
NTP
c Click OK.
No time synchronization. Uses the system time zone seings.
Enables VMware Tools time synchronization. Uses VMware Tools to
synchronize the time of the appliance with the time of the ESXi host.
Enables NTP synchronization. You must enter the IP address or FQDN
of one or more NTP servers.
Change the Password and Password Expiration Settings of the Root User
When you deploy the vCenter Server Appliance, you set the initial password of the root user, which expires
after 365 days by default. For security reasons, you can change the root password, as well as the password
expiration seings.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
Procedure
1 In the vCenter Server Appliance Management Interface, click Administration.
2 In the Change root password pane, change the root password and click Submit.
VMware, Inc. 15
vCenter Server Appliance Configuration
3 Congure the password expiration seings for the root user.
a In the Root password expires section, set the password expiration policy.
Option Description
Yes
No
b In the Password expiry seings pane, click Submit to apply the new password expiry seings.
In the Password expires on text box, you can see the new expiration date.
The password of the root user expires after a particular number of
days. You must provide the following information:
Root password validity (days)
n
The number of days after which the password expires.
Email for expiration warning
n
The email address to which the vCenter Server Appliance sends a
warning message before the expiration date.
The password of the root user never expires.
16 VMware, Inc.
Using the vSphere Web Client to
Configure the
vCenter Server Appliance 3
After you deploy the vCenter Server Appliance, you can perform some conguration operations from the
vSphere Web Client such as joining the appliance to an Active Directory domain, managing the services that
are running in the vCenter Server Appliance, networking, and other seings.
This chapter includes the following topics:
“Join the vCenter Server Appliance to an Active Directory Domain,” on page 17
n
“Leave an Active Directory Domain,” on page 19
n
“Add a User to the SystemConguration.BashShellAdministrators Group,” on page 20
n
“Edit Access Seings to the vCenter Server Appliance,” on page 20
n
“Edit the DNS and IP Address Seings of the vCenter Server Appliance,” on page 21
n
“Edit the Firewall Seings of the vCenter Server Appliance,” on page 23
n
“Edit the Startup Seings of a Service,” on page 24
n
“Start, Stop, or Restart Services in the vCenter Server Appliance,” on page 24
n
“View the Health Status of Services and Nodes,” on page 25
n
“Edit the Seings of Services,” on page 25
n
“Export a Support Bundle,” on page 26
n
“Redirect vCenter Server Appliance Log Files to Another Machine,” on page 27
n
Join the vCenter Server Appliance to an Active Directory Domain
You can join a Platform Services Controller appliance or a vCenter Server Appliance with an embedded
Platform Services Controller to an Active Directory domain and aach the users and groups from this Active
Directory domain to your vCenter Single Sign-On domain.
I Joining a Platform Services Controller appliance or a vCenter Server Appliance with an
embedded Platform Services Controller to an Active Directory domain with a read-only domain controller
(RODC) is unsupported. You can join a Platform Services Controller or a vCenter Server Appliance with an
embedded Platform Services Controller only to an Active Directory domain with a writable domain
controller.
If you want to congure permissions for users and groups from an Active Directory domain to access the
vCenter Server components, you must join its associated embedded or external Platform Services Controller
instance to the Active Directory domain.
VMware, Inc.
17
vCenter Server Appliance Configuration
For example, to enable an Active Directory user to log in to the vCenter Server instance in a
vCenter Server Appliance with an embedded Platform Services Controller by using the vSphere Web Client
with Windows session authentication (SSPI), you must join the vCenter Server Appliance to the Active
Directory domain and assign the Administrator role to this user. To enable an Active Directory user to log in
to a vCenter Server instance that uses an external Platform Services Controller appliance by using the
vSphere Web Client with SSPI, you must join the Platform Services Controller appliance to the Active
Directory domain and assign the Administrator role to this user.
N If you want to enable an Active Directory user to log in to a vCenter Server instance by using the
vSphere Client with SSPI, you must join the vCenter Server instance to the Active Directory domain. For
information about joining a vCenter Server Appliance with an external Platform Services Controller to an
Active Directory domain, see the VMware knowledge base article at hp://kb.vmware.com/kb/2118543.
Prerequisites
Verify that the user name you use to log in to the vCenter Server instance in the vCenter Server Appliance is
a member of the SystemConguration.Administrators group in vCenter Single Sign-On.
Procedure
1 Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance
in the vCenter Server Appliance.
The address is of the type hp://appliance-IP-address-or-FQDN/vsphere-client.
2 Under Deployment, click System .
3 Under System Conguration, click Nodes.
4 Under Nodes, select a node and click the Manage tab.
5 Under Advanced, select Active Directory, and click Join.
6 Enter the Active Directory details.
Option Description
Domain
Organizational unit
User name
Password
Active Directory domain name, for example, mydomain.com. Do not
provide an IP address in this eld.
Optional. The canonical name of the organizational unit, for example,
mydomain.com/MyOrganizationalUnit/mycomputer.
I Use this eld only if you are familiar with LDAP.
User name in User Principal Name (UPN) format, for example,
jchin@mydomain.com.
I Down-level login name format, for example,
DOMAIN\UserName, is unsupported.
Password of the user.
7 Click OK to join the vCenter Server Appliance to the Active Directory domain.
The operation silently succeeds and you can see that the Join buon turned to Leave.
8 Right-click the node you edited and select Reboot to restart the appliance so that the changes are
applied.
I If you do not restart the appliance, you might encounter problems when using the
vSphere Web Client.
9 Navigate to Administration > Single Sign-On > .
10 On the Identity Sources tab, click the Add Identity Source icon.
18 VMware, Inc.
Chapter 3 Using the vSphere Web Client to Configure the vCenter Server Appliance
11 Select Active Directory (Integrated Windows Authentication), enter the identity source seings of the
joined Active Directory domain, and click OK.
Table 3‑1. Add Identity Source Settings
Field Description
Domain name FDQN of the domain. Do not provide an IP address in
this eld.
Use machine account Select this option to use the local machine account as the
SPN. When you select this option, you specify only the
domain name. Do not select this option if you expect to
rename this machine.
Use Service Principal Name (SPN ) Select this option if you expect to rename the local
machine. You must specify an SPN, a user who can
authenticate with the identity source, and a password for
the user.
Service Principal Name (SPN) SPN that helps Kerberos to identify the Active Directory
service. Include the domain in the name, for example,
STS/example.com.
You might have to run setspn -S to add the user you
want to use. See the Microsoft documentation for
information on setspn.
The SPN must be unique across the domain. Running
setspn -S checks that no duplicate is created.
User Principal Name (UPN) Name of a user who can authenticate with this identity
source. Use the email address format, for example,
jchin@mydomain.com. You can verify the User Principal
Name with the Active Directory Service Interfaces Editor
(ADSI Edit).
Password Password for the user who is used to authenticate with
this identity source, which is the user who is specied in
User Principal Name. Include the domain name, for
example, jdoe@example.com.
On the Identity Sources tab, you can see the joined Active Directory domain.
What to do next
You can congure permissions for users and groups from the joined Active Directory domain to access the
vCenter Server components. For information about managing permissions, see the vSphere Security
documentation.
Leave an Active Directory Domain
After you joined the vCenter Server Appliance, you can log in to the vSphere Web Client and set up the
vCenter Server Appliance to leave the Active Directory domain.
Prerequisites
Verify that the user name you use to log in to the vCenter Server instance in the vCenter Server Appliance is
a member of the SystemConguration.Administrators group in vCenter Single Sign-On.
Procedure
1 Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance
in the vCenter Server Appliance.
The address is of the type hp://appliance-IP-address-or-FQDN/vsphere-client.
2 On the vSphere Web Client Home page, click System .
VMware, Inc. 19
vCenter Server Appliance Configuration
3 Under System Conguration, click Nodes.
4 Under Nodes, select a node and click the Manage tab.
5 Under Advanced, select Active Directory and click Leave.
6 Type the Active Directory user name and password.
7 Click OK to leave the Active Directory domain.
8 Click the Actions menu, and select Reboot to restart the appliance so that the changes are applied.
Add a User to the SystemConfiguration.BashShellAdministrators Group
To enable access to the vCenter Server Appliance Bash shell by using the vSphere Web Client, the user you
use to log in must be a member of the SystemConguration.BashShellAdministrators group. By default, this
group is empty and you must add a user to the group manually.
Prerequisites
Verify that the user you use to log in to the vCenter Server instance is a member of the
SystemConguration.Administrators group in the vCenter Single Sign-On domain.
Procedure
1 Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance
in the vCenter Server Appliance.
The address is of the type hp://appliance-IP-address-or-FQDN/vsphere-client.
2 Click Administration.
3 Under Single Sign-On, click Users and Groups.
4 On the Groups tab, select the group.
5 In the Group Members pane click the Add member icon.
6 Double-click users from the list or type names in the Users text box.
7 Click OK.
Edit Access Settings to the vCenter Server Appliance
You can use the vSphere Web Client to enable local and remote access to the appliance.
Prerequisites
Verify that the user name you use to log in to the vCenter Server instance in the vCenter Server Appliance is
a member of the SystemConguration.Administrators group in vCenter Single Sign-On.
To enable access to the vCenter Server Appliance Bash shell, verify that the user name you use to log in to
the vCenter Server instance in the vCenter Server Appliance is a member of the
SystemConguration.BashShellAdministrators group. For information about adding a user to the
SystemConguration.BashShellAdministrators group, see “Add a User to the
SystemConguration.BashShellAdministrators Group,” on page 20.
Procedure
1 Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance
in the vCenter Server Appliance.
The address is of the type hp://appliance-IP-address-or-FQDN/vsphere-client.
20 VMware, Inc.
Chapter 3 Using the vSphere Web Client to Configure the vCenter Server Appliance
2 On the vSphere Web Client Home page, click System .
3 Under System Conguration, click Nodes.
4 Under Nodes, select a node and click the Manage tab.
5 Under Common, select Access and click Edit.
6 Select how you can access the vCenter Server Appliance.
Option Description
Enable local login
Enable SSH login
Enable Bash shell access
Enables local login to the vCenter Server Appliance console.
Enables SSH access to the vCenter Server Appliance.
Enables Bash shell access to the vCenter Server Appliance for the number
of minutes that you enter.
This option is available only when the user name you use to log in to the
vCenter Server instance in the vCenter Server Appliance is a member of
the SystemConguration.BashShellAdministrators group.
7 Click OK to save the seings.
Edit the DNS and IP Address Settings of the vCenter Server Appliance
After you deploy the vCenter Server Appliance, you can edit the DNS seings and specify which DNS
server to use. You can also edit the IP address seings of the vCenter Server Appliance, specify whether to
use IPv4 and IPv6 or only IPv6, and how the appliance obtains the IP address.
You can edit these seings by using the vSphere Web Client.
Prerequisites
To change the IP address of the appliance, verify that the system name of the appliance is an FQDN. If,
n
during the deployment of the appliance, you set an IP address as a system name, you cannot change the
IP address after the deployment, because the system name is used as a primary network identier.
Verify that the user name you use to log in to the vCenter Server instance in the
n
vCenter Server Appliance is a member of the SystemConguration.Administrators group in vCenter
Single Sign-On.
Procedure
1 Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance
in the vCenter Server Appliance.
The address is of the type hp://appliance-IP-address-or-FQDN/vsphere-client.
2 On the vSphere Web Client Home page, click System .
3 Under System Conguration, click Nodes.
4 Under Nodes, select a node and click the Manage tab.
5 Under Common , select Networking, and click Edit.
VMware, Inc. 21
vCenter Server Appliance Configuration
6 Expand DNS and edit the seings.
Option Description
Obtain DNS server address
automatically
Enter settings manually
7 Expand the network interface name to edit the IP address seings.
8 Edit the IPv4 address seings.
Obtains the DNS seings automatically from the network.
Lets you specify the DNS address seings manually. If you select this
option, you must provide:
Hostname
n
Name of the vCenter Server Appliance machine.
Preferred DNS server
n
IP address of the preferred DNS server.
Alternate DNS server
n
IP address of the alternate DNS server.
Search domains
n
Restricts the domain when looking up an address. Domains that you
type, are searched in the order you list them, and the search stops
when a valid name is found.
Option Description
No IPv4 settings
Obtain IPv4 settings automatically
Use the following IPv4 settings
Disables the IPv4 address. The appliance uses only an IPv6 address.
Obtains the IPv4 address for the appliance automatically from the
network .
Uses an IPv4 address that you set manually. You must enter the IP address,
subnet prex length, and the default gateway.
9 Edit the IPv6 seings.
Option Description
Obtain IPv6
automatically through DHCP
Obtain IPv6
automatically through Router
Advertisement
Static IPv6 addresses Uses static IPv6 addresses that you set up manually.
Assigns IPv6 addresses to the appliance automatically from the network by
using DHCP.
Assigns IPv6 addresses to the appliance automatically from the network by
using router advertisement.
1 Click the Add icon.
2 Enter the IPv6 address and the subnet prex length.
3 Click OK.
4 (Optional) Edit the default gateway.
You can congure the appliance to obtain the IPv6 seings automatically through both DHCP and
router advertisement. You can assign static IPv6 address at the same time.
10 (Optional) Delete a dynamic IPv6 address.
a Click Remove addresses.
b
Select the IP address to delete and click the Delete icon ( ).
c Click OK.
11 Click OK to save your edits.
22 VMware, Inc.
Chapter 3 Using the vSphere Web Client to Configure the vCenter Server Appliance
Edit the Firewall Settings of the vCenter Server Appliance
After you deploy the vCenter Server Appliance, you can edit the rewall seings of the
vCenter Server Appliance and can create rewall rules. You can edit the rewall seings by using the
vSphere Web Client.
By using the rewall rules, you can allow or block the trac between the vCenter Server Appliance and
specic servers, hosts, or virtual machines. You cannot block specic ports, you block all of the trac.
Prerequisites
Verify that the user name you use to log in to the vCenter Server instance in the vCenter Server Appliance is
a member of the SystemConguration.Administrators group in vCenter Single Sign-On.
Procedure
1 Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance
in the vCenter Server Appliance.
The address is of the type hp://appliance-IP-address-or-FQDN/vsphere-client.
2 On the vSphere Web Client Home page, click System .
3 Under System Conguration, click Nodes.
4 Under Nodes, select a node and click the Manage tab.
5 Under Advanced, select Firewall and click Edit.
6 Edit the rewall seings.
Option Action
Add a firewall rule
Edit a firewall rule
Prioritize the rules
Delete a firewall rule
a
Click the Add icon ( ) to create a new rewall rule.
b Select a network interface of the virtual machine .
c Type an IP address of the network to apply this rule on.
The IP address can be IPv4 and IPv6 address.
d Type a subnet prex length.
e From the Action drop-down menu, select whether to block or to allow
the connection between the vCenter Server Appliance and the network
that you specied.
f Click OK.
a
Click the Edit icon ( ) to edit a rewall rule.
b Edit the seings of the rule.
c Click OK.
a Click the down or up arrows to move a rule downwards or upwards in
the list of rules.
a
Select a rule from the list, and click the Delete icon ( ).
b Click OK.
7 Click OK to save your edits.
VMware, Inc. 23
vCenter Server Appliance Configuration
Edit the Startup Settings of a Service
The Message Bus Conguration, ESXi Dump Collector, and Auto Deploy services are optional services in
the vCenter Server Appliance and they are not running by default. You can edit the startup seings of these
services in the vCenter Server Appliance.
Prerequisites
Verify that the user name you use to log in to the vCenter Server instance in the vCenter Server Appliance is
a member of the SystemConguration.Administrators group in vCenter Single Sign-On.
Procedure
1 Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance
in the vCenter Server Appliance.
The address is of the type hp://appliance-IP-address-or-FQDN/vsphere-client.
2 On the vSphere Web Client Home page, click System .
3 Under System Conguration click Nodes and select a node from the list.
4 Click the Related Objects tab.
You see the list of services running in the node you selected.
5 Right-click a service, such as Auto Deploy, ESXi Dump Collector, or Message Bus
Service, and select Edit Startup Type.
6 Select how the service should start.
Option Description
Automatic
Manual
Disabled
The service starts automatically when the Operating System starts.
The service should be started manually after the Operating System starts.
The service is disabled.
7 Click OK.
Start, Stop, or Restart Services in the vCenter Server Appliance
In the vSphere Web Client, you can start, stop, or restart the services that are running in the
vCenter Server Appliance.
Prerequisites
Verify that the user you use to log in to the vCenter Server instance is a member of the
SystemConguration.Administrators group in the vCenter Single Sign-On domain.
Procedure
1 Log in as administrator@your_domain_name to the vCenter Server instance in the
vCenter Server Appliance by using the vSphere Web Client.
2 On the vSphere Web Client Home page, click System .
3 Under System Conguration click Nodes and select a node from the list.
4 Click the Related Objects tab.
You see a list of services running in the node you selected.
24 VMware, Inc.
Chapter 3 Using the vSphere Web Client to Configure the vCenter Server Appliance
5 From the Actions menu, select an operation.
You can start, stop, and restart the service.
View the Health Status of Services and Nodes
In the vSphere Web Client, you can view the health status of vCenter Server services and nodes.
vCenter Server instances and machines that run vCenter Server services are considered nodes. Graphical
badges represent the health status of services and nodes.
Prerequisites
Verify that the user you use to log in to the vCenter Server instance is a member of the
SystemConguration.Administrators group in the vCenter Single Sign-On domain.
Procedure
1 Log in as administrator@your_domain_name to the vCenter Server instance by using the
vSphere Web Client.
2 On the vSphere Web Client Home page, click System .
You can view the health status badges for the services and nodes.
Table 3‑2. Health States
Badge Icon Description
Good. The health of the object is normal.
3 (Optional) In the Services Health and Nodes Health panes, click the hyperlink next to the health badge
to view all services and nodes in this health state.
For example, in the Services Health pane, click the hyperlink of the Warning health status, and in the
dialog box that pops up, select a service to view more information about the service and aempt to
resolve the health issues of the service.
Edit the Settings of Services
The vSphere Web Client lists all manageable services running on vCenter Server. You can edit the seings
for some of the services.
The vSphere Web Client displays information about all manageable services running in vCenter Server and
the vCenter Server Appliance. A list of the default services is available for each vCenter Server instance.
Prerequisites
Verify that the user you use to log in to the vCenter Server instance is a member of the
SystemConguration.Administrators group in the vCenter Single Sign-On domain.
Warning. The object is experiencing some
problems.
Critical. The object is either not functioning
properly or will stop functioning soon.
Unknown. No data is available for this
object.
VMware, Inc. 25
vCenter Server Appliance Configuration
Procedure
1 Log in as administrator@your_domain_name to the vCenter Server instance by using the
vSphere Web Client.
2 On the vSphere Web Client Home page, under Administration, click System .
3 Under System Conguration click Nodes and select a node from the list.
4 Click the Related Objects tab.
You see the list of services running in the node you selected. Editable seings are not available for all
manageable services.
5 Right-click a service from the list and click .
Editable seings are not available for all manageable services.
6 On the Manage tab click the Edit buon.
7 Edit the service conguration properties.
8 Click OK to save the seings.
9 (Optional) From the Actions menu, select Restart.
You should restart the service only if a restart of the service is required so that the conguration
changes are applied.
Export a Support Bundle
If you have deployed the vCenter Server Appliance with an embedded Platform Services Controller, you
can export a support bundle containing the log les for a specic product included in the
vCenter Server Appliance or for a specic service in the Platform Services Controller. If you have deployed
the vCenter Server Appliance with an external Platform Services Controller, you can export support bundles
for specic services or for specic products, depending on the node that you select in the
vSphere Web Client.
Prerequisites
Verify that the user name you use to log in to the vCenter Server instance in the vCenter Server Appliance is
a member of the SystemConguration.Administrators group in vCenter Single Sign-On.
Procedure
1 Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance
in the vCenter Server Appliance.
The address is of the type hp://appliance-IP-address-or-FQDN/vsphere-client.
2 On the vSphere Web Client Home page, click System .
3 Under System Conguration, click Nodes.
4 Select a node from the list.
5 Click the Actions menu and select Export Support Bundle.
6 In the Export Support Bundle window, expand the trees to view the services running in the appliance
and deselect the services for which you do not want to export log les.
All of the services are selected by default. If you want to export the support bundle and send it to
VMware Support, leave all check boxes selected. The services are separated in two categories: a Cloud
infrastructure category, which contains the services of specic products in the appliance, and a Virtual
appliance category, which contains the services specic for the appliance and the vCenter Server
product.
26 VMware, Inc.
Chapter 3 Using the vSphere Web Client to Configure the vCenter Server Appliance
7 Click the Export Support Bundle and save the bundle on your local machine.
You saved the support bundle to your machine and can explore it.
Redirect vCenter Server Appliance Log Files to Another Machine
You can redirect the vCenter Server Appliance log les to another machine for example, when you want to
preserve storage space on the vCenter Server Appliance.
Prerequisites
Verify that the user you use to log in to the vCenter Server instance is a member of the
SystemConguration.Administrators group in the vCenter Single Sign-On domain.
Procedure
1 Log in as administrator@your_domain_name to the vCenter Server instance in the
vCenter Server Appliance by using the vSphere Web Client.
2 On the vSphere Web Client Home page, click System .
3 Under System Conguration click Nodes and select a node from the list.
4 Click the Related Objects tab.
You see a list of services running in the node you selected.
5 Right-click VMware Syslog Service and select .
6 Click Edit.
7 From the Common Log Level drop-down menu select the log les to redirect.
Option Description
*
info
notice
warn
error
crit
alert
emerg
All log les are redirected to the remote machine.
Only informational log les are redirected to the remote machine.
Only notices are redirected to the remote machine.
Notice indicates normal but signicant condition.
Only warnings are redirected to the remote machine.
Only error messages are redirected to the remote machine.
Only critical log les are redirected to the remote machine.
Only alerts are redirected to the remote machine.
Alert indicates that action must be taken immediately.
Only emergency log les are redirected to the remote machine.
Emergency indicates that the system stopped responding and cannot be
used.
8 In the Remote Syslog Host text box, enter the FQDN or IP address of the machine on which you want
to export the log les.
9 In the Remote Syslog Port text box enter the port number to use for communication with the machine
on which you want to export the log les.
VMware, Inc. 27
vCenter Server Appliance Configuration
10 From the Remote Syslog Protocol drop-down select the protocol to use.
Option Description
TCP
UDP
TLS
11 Click OK.
12 From the Actions menu, click Restart so that the conguration changes are applied.
Transmission Control Protocol
User Datagram Protocol
Transport Layer Security
28 VMware, Inc.
Using the Appliance Shell to
Configure the
vCenter Server Appliance 4
You can access all of the vCenter Server Appliance API commands and plug-ins that you can use for
monitoring, troubleshooting, and conguring the appliance by using the appliance shell.
You can run all commands in the appliance shell with or without the pi keyword.
This chapter includes the following topics:
“Access the Appliance Shell,” on page 29
n
“Enable Bash Shell Access From the Appliance Shell,” on page 30
n
“Keyboard Shortcuts for Editing Commands,” on page 30
n
“Get Help About the Plug-Ins and API Commands in the Appliance,” on page 31
n
“Plug-Ins in the vCenter Server Appliance Shell,” on page 31
n
“API Commands in the vCenter Server Appliance Shell,” on page 33
n
“Browse the Log Files by Using the showlog Plug-In,” on page 36
n
“Conguring SNMP for the vCenter Server Appliance,” on page 36
n
“Conguring Time Synchronization Seings in the vCenter Server Appliance,” on page 43
n
“Managing Local User Accounts in the vCenter Server Appliance,” on page 45
n
“Monitor Health Status and Statistics in the vCenter Server Appliance,” on page 47
n
“Using the vimtop Plug-In to Monitor the Resource Usage of Services,” on page 48
n
Access the Appliance Shell
To access the plug-ins included in the appliance shell and to be able to see and use all of the API commands,
rst access the appliance shell.
Procedure
1 Access the appliance shell.
If you have direct access to the appliance console, press Alt+F1.
n
If you want to connect remotely, use SSH or another remote console connection to start a session to
n
the appliance.
2 Enter a user name and password recognized by the appliance.
You are logged in to the appliance shell and can see the welcome message.
VMware, Inc.
29
vCenter Server Appliance Configuration
Enable Bash Shell Access From the Appliance Shell
If you log in to the appliance shell as a user who has a super administrator role, you can enable access to the
Bash shell of the appliance, by using the appliance shell.
Procedure
1 Access the appliance shell and log in as a user who has a super administrator role.
The default user with a super administrator role is root.
2 Run the command to enable access the Bash shell.
shell.set --enabled true
3 To access the Bash shell run shell or pi shell.
Keyboard Shortcuts for Editing Commands
You can use various keyboard shortcuts to enter and edit commands in the appliance Bash shell.
Table 4‑1. Keyboard Shortcuts and Function
Keyboard Shortcut Details
Tab Completes the current command. If you enter a part of the command name and press
the Tab key, the system completes the command name.
To view the commands that match a set of characters that you enter, type a character
and press the Tab key.
Enter (at the command line) Runs the command that you entered.
Enter (at the --More-- prompt) Displays the next page of output.
Delete or Backspace Deletes the character that is on the left of the cursor.
Left arrow or Ctrl+B Moves the cursor one character to the left.
When you enter a command that extends beyond a single line, you can press the Left
Arrow or Ctrl-B keys to go back to the beginning of the command.
Right arrow or Ctrl+F Moves the cursor one character to the right.
Esc, B Moves the cursor one word back.
Esc, F Moves the cursor one word forward.
Ctrl+A Moves the cursor to the beginning of the command line.
Ctrl+E Moves the cursor to the end of the command line.
Ctrl+D Deletes the character on which the cursor is.
Ctrl+W Deletes the word next to the cursor.
Ctrl+K Deletes the line forward. When you press Ctrl+K, everything that you entered starting
from the character on which the cursor is till the end of the command line is deleted.
Ctrl+U or Ctrl+X Deletes the line backward. When you press Ctrl+U, everything from the beginning of
the command line till the character on which the cursor is deleted.
Ctrl+T Changes the places of the character to the left of the cursor with the character on
which the cursor is.
Ctrl+R or Ctrl+L Displays the system prompt and command line.
Ctrl+V or Esc, Q Inserts a code to indicate to the system that the following keystroke must be treated as
a command entry, not as an editing key.
Up arrow, or Ctrl+P Recalls commands in the history buer, beginning with the most recent command.
30 VMware, Inc.
Chapter 4 Using the Appliance Shell to Configure the vCenter Server Appliance
Table 4‑1. Keyboard Shortcuts and Function (Continued)
Keyboard Shortcut Details
Down arrow or Ctrl+N Returns to more recent commands in the history buer after you use the Up arrow or
Ctrl+P to recall commands.
Ctrl+Y Recalls the most recent entry in the delete buer. The delete buer contains the last ten
items you have cut or deleted.
Esc, Y Recalls the next entry in the delete buer. The delete buer contains the last ten items
you have cut or deleted. Press Ctrl+Y rst to recall the most recent entry, and then
press Esc, Y up to nine times to recall the remaining entries in the buer.
Esc, C Capitalizes the character on which the cursor is.
Esc, U Changes the casing for all characters in the word on which the cursor is, up to the next
space, to uppercase.
Esc, L Changes the capitalized leers in a word from the character on which the cursor is till
the end of the word to lowercase.
Get Help About the Plug-Ins and API Commands in the Appliance
You can access the vCenter Server Appliance plug-ins and API commands from the appliance shell. You can
use the plug-ins and commands for monitoring, troubleshooting, and conguring the appliance.
You can use the Tab key to autocomplete API commands, plug-in names, and API parameters. Plug-in
parameters do not support autocompletion.
Procedure
1 Access the appliance shell and log in.
2 To get help about the plug-ins, run the help pi list or the ? pi list command.
You receive a list with all of the plug-ins in the appliance.
3 To get help about the API commands, run the help api list or the ? api list command.
You receive a list with all of the API commands in the appliance.
4 To get help about a particular API command, run the help api api_name or the ? api api_name
command.
For example, to receive help about the com.vmware.appliance.version1.timesync.set command, run
help api timesync.set or ? api timesync.set.
Plug-Ins in the vCenter Server Appliance Shell
The plug-ins in the vCenter Server Appliance provide you with access to various administrative tools. The
plug-ins reside in the CLI itself. The plug-ins are standalone Linux or VMware utilities, which do not
depend on any VMware service.
Table 4‑2. Plug-Ins Available in the vCenter Server Appliance
Plug-In Description
com.vmware.clear
com.vmware.cmsso-util
com.vmware.dcli
A plug-in that you can use to clear the terminal screen.
A plug-in that you use for orchestrating changes to PNID,
Machine Certicate, unregistering a node from Component
Manager, vCenter Single Sign-On, reconguring
vCenter Server with an embedded
Platform Services Controller and repointing vCenter Server
to an external Platform Services Controller.
vAPI based CLI client.
VMware, Inc. 31
vCenter Server Appliance Configuration
Table 4‑2. Plug-Ins Available in the vCenter Server Appliance (Continued)
Plug-In Description
com.vmware.nslookup
com.vmware.ntpq
com.vmware.pgrep
com.vmware.pgtop
com.vmware.ping
com.vmware.ping6
com.vmware.portaccess
com.vmware.ps
com.vmware.psc-restore
com.vmware.rvc
com.vmware.service-control
com.vmware.shell
com.vmware.showlog
com.vmware.shutdown
com.vmware.software-packages
com.vmware.support-bundle
com.vmware.top
com.vmware.tracepath
com.vmware.tracepath6
com.vmware.vimtop
A plug-in that you can use to query the Domain Name
System (DNS) to obtain domain name or IP address
mapping or for any other specic DNS record.
A standard NTP query program.
A plug-in that you can use to search for all named
processes.
A plug-in that you can use to monitor the PostgreSQL
database.
A plug-in that you can use to ping a remote host. Accepts
the same arguments as bin/ping.
A plug-in that you can use to ping a remote host. Accepts
the same arguments as bin/ping6.
A plug-in that you can use to troubleshoot the port access
of a host.
A plug-in that you can use to see statistics on running
processes.
A plug-in that you use for restoring an external
Platform Services Controller instance.
Ruby vSphere Console
A plug-in that you can use to manage VMware services.
A plug-in that allows access to the appliance Bash shell.
A plug-in that you can use to browse the log les.
A plug-in that you can use to restart or power o the
appliance.
A plug-in that you can use to update the software packages
in the appliance.
A plug-in that you can use to create a bundle on the local
le system and export it to a remote Linux system. If you
use the plug-in with the stream command, the support
bundle is not created on the local le system, but is directly
exported to the remote Linux system.
A plug-in that displays process information. Accepts the
same arguments as /usr/bin/top/.
A plug-in that traces path to a network host. Accepts the
same arguments as /sbin/tracepath.
A plug-in that traces path to a network host. Accepts the
same arguments as /sbin/tracepath6.
A plug-in that you can use to view a list of vSphere services
and their resource usage.
32 VMware, Inc.
Chapter 4 Using the Appliance Shell to Configure the vCenter Server Appliance
API Commands in the vCenter Server Appliance Shell
The API commands in the vCenter Server Appliance let you perform various administrative tasks in the
vCenter Server Appliance. The API commands are provided by appliance management service in the
vCenter Server Appliance. You can edit time synchronization seings, monitor processes and services, set
up the SNMP seings, and so on.
Table 4‑3. API Commands Available in the vCenter Server Appliance
API Command Description
com.vmware.appliance.version1.access.consolecli.get
com.vmware.appliance.version1.access.consolecli.set
com.vmware.appliance.version1.access.dcui.get
com.vmware.appliance.version1.access.dcui.set
com.vmware.appliance.version1.access.shell.get
com.vmware.appliance.version1.access.shell.set
com.vmware.appliance.version1.access.ssh.get
com.vmware.appliance.version1.access.ssh.set
com.vmware.appliance.version1.localaccounts.user.add
com.vmware.appliance.version1.localaccounts.user.delete
com.vmware.appliance.version1.localaccounts.user.get
com.vmware.appliance.version1.localaccounts.user.list
com.vmware.appliance.version1.localaccounts.user.password.updat
e
com.vmware.appliance.version1.localaccounts.user.set
com.vmware.appliance.version1.monitoring.snmp.disable
com.vmware.appliance.version1.monitoring.snmp.enable
com.vmware.appliance.version1.monitoring.snmp.get
com.vmware.appliance.version1.monitoring.snmp.hash
com.vmware.appliance.version1.monitoring.snmp.limits
com.vmware.appliance.version1.monitoring.snmp.reset
com.vmware.appliance.version1.monitoring.snmp.set
com.vmware.appliance.version1.monitoring.snmp.test
Get information about the state of the
console-based controlled CLI (TTY1).
Set enabled state of console-based
controlled CLI (TTY1).
Get information about the state of the
Direct Console User Interface (DCUI
TTY2).
Set enabled state of the Direct Console
User Interface (DCUI TTY2).
Get information about the state of Bash
shell, that is, access to Bash shell from
within the controlled CLI.
Set enabled state of Bash shell, that is,
access to Bash shell from within the
controlled CLI.
Get enabled state of the SSH-based
controlled CLI.
Set enabled state of the SSH-based
controlled CLI.
Create a new local user account.
Delete a local user account.
Get the local user account information.
List local user accounts .
Update the password of a logged in
user or of the user that you specify in
the username parameter.
Update local user account properties,
such as role, full name, enabled status,
and password.
Stop an enabled SNMP agent.
Start a disabled SNMP agent.
Return an SNMP agent conguration.
Generate localized keys for secure
SNMPv3 communications.
Get SNMP limits information.
Restore seings to factory defaults.
Set SNMP conguration.
Send a warmStart notication to all
congured traps and inform
destinations (see RFC 3418).
VMware, Inc. 33
vCenter Server Appliance Configuration
Table 4‑3. API Commands Available in the vCenter Server Appliance (Continued)
API Command Description
com.vmware.appliance.version1.networking.dns.domains.add
com.vmware.appliance.version1.networking.dns.domains.list
com.vmware.appliance.version1.networking.dns.domains.set
com.vmware.appliance.version1.networking.dns.hostname.get
com.vmware.appliance.version1.networking.dns.hostname.set
com.vmware.appliance.version1.networking.dns.servers.add
com.vmware.appliance.version1.networking.dns.servers.get
com.vmware.appliance.version1.networking.dns.servers.set
com.vmware.appliance.version1.networking.firewall.addr.inbound.
add
com.vmware.appliance.version1.networking.firewall.addr.inbound.
delete
com.vmware.appliance.version1.networking.firewall.addr.inbound.
list
com.vmware.appliance.version1.networking.interfaces.get
com.vmware.appliance.version1.networking.interfaces.list
com.vmware.appliance.version1.networking.ipv4.get
com.vmware.appliance.version1.networking.ipv4.list
com.vmware.appliance.version1.networking.ipv4.renew
com.vmware.appliance.version1.networking.ipv4.set
com.vmware.appliance.version1.networking.ipv6.get
com.vmware.appliance.version1.networking.ipv6.list
com.vmware.appliance.version1.networking.ipv6.set
com.vmware.appliance.version1.networking.routes.add
com.vmware.appliance.version1.networking.routes.delete
com.vmware.appliance.version1.networking.routes.list
Add domains to DNS search domains.
Get a list of DNS search domains.
Set DNS search domains.
Get the Fully Qualied Domain Name.
Set the Fully Qualied Domain Name.
Add a DNS server. This method fails if
you use DHCP.
Get DNS server conguration.
Set the DNS server conguration. If
the host is congured to acquire DNS
servers and host name by using DHCP,
a DHCP refresh is forced.
Add a rewall rule to allow or deny
access from an incoming IP address.
Delete a specic rule at a given
position or delete all rules.
Get an ordered list of inbound IP
addresses that are allowed or denied
by a rewall rule .
Get information about a particular
network interface.
Get a list of available network
interfaces, including those that are not
yet congured.
Get IPv4 network conguration for
interfaces.
Get IPv4 network conguration for all
congured interfaces.
Renew IPv4 network conguration on
interfaces. If the interface is congured
to use DHCP for IP address
assignment, the lease of the interface
will be renewed.
Set IPv4 network conguration for an
interface.
Get IPv6 network conguration for
interfaces.
Get IPv6 network conguration for all
congured interfaces.
Set IPv6 network conguration for an
interface.
Add static routing rules. A
destination/prex of the type 0.0.0.0/0
(for IPv4) or ::/0 (for IPv6) refers to the
default gateway.
Delete static routing rules.
Get routing table. A destination/prex
of the type 0.0.0.0/0 (for IPv4) or ::/0
(for IPv6) refers to the default gateway.
34 VMware, Inc.
Chapter 4 Using the Appliance Shell to Configure the vCenter Server Appliance
Table 4‑3. API Commands Available in the vCenter Server Appliance (Continued)
API Command Description
com.vmware.appliance.version1.networking.proxy.delete
com.vmware.appliance.version1.networking.proxy.get
com.vmware.appliance.version1.networking.proxy.set
com.vmware.appliance.version1.ntp.get
com.vmware.appliance.version1.ntp.server.add
com.vmware.appliance.version1.ntp.server.delete
com.vmware.appliance.version1.ntp.server.set
com.vmware.appliance.version1.resources.cpu.stats.get
com.vmware.appliance.version1.resources.load.health.get
com.vmware.appliance.version1.resources.load.stats.get
com.vmware.appliance.version1.resources.mem.health.get
com.vmware.appliance.version1.resources.mem.stats.get
com.vmware.appliance.version1.resources.net.stats.get
com.vmware.appliance.version1.resources.net.stats.list
com.vmware.appliance.version1.resources.processes.stats.list
Delete the proxy conguration for a
protocol that you provide as input.
Get proxy conguration information
for all protocols.
Set proxy conguration for a protocol
that you provide as input.
Get NTP conguration seings. If you
run the tymesync.get command, you
can retrieve the current time
synchronization method (by using
NTP or VMware Tools) . The ntp.get
command always returns the NTP
server information, even when the
time synchronization method is not set
to NTP. If time synchronization
method is not set by using NTP, the
NTP status is displayed as down.
Add NTP servers. This command adds
NTP servers to the conguration. If the
time synchronization is NTP-based,
then NTP daemon is restarted to
reload the new NTP servers.
Otherwise, this command just adds
servers to the NTP conguration.
Delete NTP servers. This command
deletes NTP servers from the
conguration. If the time
synchronization mode is NTP-based,
the NTP daemon is restarted to reload
the new NTP conguration.
Otherwise, this command just deletes
servers from the NTP conguration.
Set NTP servers. This command
deletes old NTP servers from the
conguration and sets the input NTP
servers in the conguration. If the time
synchronization is set by using NTP,
the NTP daemon is restarted to reload
the new NTP conguration.
Otherwise, this command just replaces
the servers in NTP conguration with
the NTP servers that you provide as
input.
Get CPU statistics.
Get load health .
Get load averages (over 1, 5, and 15
minute intervals).
Get memory health.
Get memory statistics.
Get network statistics.
Get network statistics for all interfaces
that are up and running.
Get statistics on all processes.
VMware, Inc. 35
vCenter Server Appliance Configuration
Table 4‑3. API Commands Available in the vCenter Server Appliance (Continued)
API Command Description
com.vmware.appliance.version1.resources.softwarepackages.health
.get
com.vmware.appliance.version1.resources.storage.health.get
com.vmware.appliance.version1.resources.storage.stats.list
com.vmware.appliance.version1.resources.swap.health.get
com.vmware.appliance.version1.resources.swap.stats.get
com.vmware.appliance.version1.resources.system.health.get
com.vmware.appliance.version1.resources.system.stats.get
com.vmware.appliance.version1.resources.system.time.get
com.vmware.appliance.version1.services.list
com.vmware.appliance.version1.services.restart
com.vmware.appliance.version1.services.status.get
com.vmware.appliance.version1.services.stop
com.vmware.appliance.version1.system.update.get
com.vmware.appliance.version1.system.update.set
com.vmware.appliance.version1.system.version.get
com.vmware.appliance.version1.timesync.get
com.vmware.appliance.version1.timesync.set
Get the health of the update
component.
Get storage health statistics.
Get storage statistics for each logical
disk.
Get swap health.
Get swap statistics.
Get the overall health of the system.
Get the system status.
Get the system time.
Get list of all known services.
Restart a service.
Get the status of a service.
Stop a service.
Get the URL-based patching
conguration.
Set the URL-based patching
conguration.
Get the version of the appliance.
Get the time synchronization
conguration.
Set the time synchronization
conguration.
Browse the Log Files by Using the showlog Plug-In
You can browse the log les in the vCenter Server Appliance to examine them for errors.
Procedure
1 Access the appliance shell and log in.
2 Type the showlog command, add a space, and press the Tab key to view all the contents of the /var/log
folder.
3 Run the command for viewing the rstboot log les of the vCenter Server Appliance.
showlog /var/log/firstboot/cloudvm.log
Configuring SNMP for the vCenter Server Appliance
The vCenter Server Appliance includes an SNMP agent that can send trap notications and receive GET,
GETBULK, and GETNEXT requests.
You can use the appliance shell API commands to enable and congure the vCenter Server Appliance SNMP
agent. You congure the agent dierently depending on whether you want to use SNMP v1/v2c or SNMP
v3.
In vSphere 6.0 SNMP v3 informs are not supported. The vCenter Server Appliance supports only
notications such as v1 and v2c traps, as well as v3 traps with all security levels.
36 VMware, Inc.
Chapter 4 Using the Appliance Shell to Configure the vCenter Server Appliance
Configure the SNMP Agent for Polling
If you congure the vCenter Server Appliance SNMP agent for polling, it can listen for and respond to
requests from SNMP management client systems, such as GET, GETNEXT, and GETBULK requests.
By default, the embedded SNMP agent listens on UDP port 161 for polling requests from management
systems. You can use the snmp.set --port command to congure an alternative port. To avoid conicts
between the port for the SNMP agent and the ports of other services, use a UDP port that is not dened
in /etc/services.
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 Run the snmp.set --port command to congure the port.
For example, run the following command:
snmp.set --port port
Here port is the port for the SNMP agent to use for listening for polling requests.
I The port you specify must not be already in use by other services. Use IP addresses from
the dynamic range, port 49152 and up.
3 (Optional) If the SNMP agent is not enabled, enable it by running the snmp.enable command.
Configure the vCenter Server Appliance for SNMP v1 and v2c
When you congure the vCenter Server Appliance SNMP agent for SNMP v1 and v2c, the agent supports
sending notications and receiving GET requests.
In SNMP v1 and v2c, community strings are namespaces that contain one or more managed objects.
Namespaces can act as a form for authentication, but this does not secure the communication. To secure the
communication, use SNMP v3.
Procedure
1 Congure SNMP Communities on page 37
To enable the vCenter Server Appliance SNMP agent to send and receive SNMP v1 and v2c messages,
you must congure at least one community for the agent.
2 Congure the SNMP Agent to Send v1 or v2c Notications on page 38
You can use the vCenter Server Appliance SNMP agent to send virtual machine and environmental
notications to management systems.
Configure SNMP Communities
To enable the vCenter Server Appliance SNMP agent to send and receive SNMP v1 and v2c messages, you
must congure at least one community for the agent.
An SNMP community denes a group of devices and management systems. Only devices and management
systems that are members of the same community can exchange SNMP messages. A device or management
system can be a member of multiple communities.
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
VMware, Inc. 37
vCenter Server Appliance Configuration
2 Run the snmp.set --communities command to congure an SNMP community.
For example, to congure public, east, and west network operation center communities, run the
following command:
snmp.set --communities public,eastnoc,westnoc
Each time you specify a community with this command, the seings you specify overwrite the previous
conguration.
To specify multiple communities, separate the community names with a comma.
Configure the SNMP Agent to Send v1 or v2c Notifications
You can use the vCenter Server Appliance SNMP agent to send virtual machine and environmental
notications to management systems.
To send SNMP v1 and v2c notications with the SNMP agent, you must congure the target, that is the
receiver, unicast address, community, and an optional port. If you do not specify a port, the SNMP agent
sends notications to UDP port 162 on the target management system by default.
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 Run the snmp.set --targets command:
snmp.set --targets target_address@port/community
Here target_address, port, and community are the address of the target system, the port number to send
the notications to, and the community name, respectively. The port value is optional. If you do not
specify a port, the default port,161, is used.
Each time you specify a target with this command, the seings you specify overwrite all previously
specied seings. To specify multiple targets, separate them with a comma.
For example, run the following command for conguring the targets 192.0.2.1@678/targetcommunity
and 2001:db8::1/anothercom:
snmp.set --targets 192.0.2.1@678/targetcommunity,2001:db8::1/anothercom
3 (Optional) If the SNMP agent is not enabled, enable it by running the snmp.enable command.
4 (Optional) To send a test trap to verify that the agent is congured correctly, run the snmp.test
command.
The agent sends a warmStart trap to the congured target.
Configure vCenter Server Appliance for SNMP v3
When you congure the SNMP agent for SNMP v3, the agent supports sending traps. SNMP v3 also
provides stronger security than v1 or v2c, including cryptographic authentication and encryption.
In vSphere 6.0 SNMP v3 informs are not supported. The vCenter Server Appliance supports only
notications such as v1/v2c traps and v3 traps with all security levels.
Procedure
1 Congure the SNMP Engine ID on page 39
Every SNMP v3 agent has an engine ID, which serves as a unique identier for the agent. The engine
ID is used with a hashing function to generate localized keys for authentication and encryption of
SNMP v3 messages.
38 VMware, Inc.
Chapter 4 Using the Appliance Shell to Configure the vCenter Server Appliance
2 Congure SNMP Authentication and Privacy Protocols on page 39
SNMP v3 optionally supports authentication and privacy protocols.
3 Congure SNMP Users on page 40
You can congure up to ve users who can access SNMP v3 information. User names must be no more
than 32 characters long.
4 Congure SNMP v3 Targets on page 41
Congure SNMP v3 targets to allow the SNMP agent to send SNMP v3 traps.
Configure the SNMP Engine ID
Every SNMP v3 agent has an engine ID, which serves as a unique identier for the agent. The engine ID is
used with a hashing function to generate localized keys for authentication and encryption of SNMP v3
messages.
If you do not specify an engine ID before you enable the SNMP agent, when you enable the standalone
SNMP agent, an engine ID is generated.
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 Run the snmp.set --engineid command to congure the target.
For example, run the following command:
snmp.set --engineid 80001adc802417e202b8613f5400000000
Here, 80001adc802417e202b8613f5400000000 is the ID, a hexadecimal string between 5 and 32 characters
in length.
Configure SNMP Authentication and Privacy Protocols
SNMP v3 optionally supports authentication and privacy protocols.
Authentication is used to ensure the identity of users. Privacy allows for encryption of SNMP v3 messages
to ensure condentiality of data. The privacy protocols provide a higher level of security than is available in
SNMP v1 and v2c, which use community strings for security.
Both authentication and privacy are optional. However, you must enable authentication if you plan to
enable privacy.
The SNMP v3 authentication and privacy protocols are licensed vSphere features and might not be available
in some vSphere editions.
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 (Optional) Run the snmp.set --authentication command to congure authentication.
For example, run the following command:
snmp.set --authentication protocol
Here, protocol must be either none, for no authentication,SHA1, or MD5.
VMware, Inc. 39
vCenter Server Appliance Configuration
3 (Optional) Run the snmp.set --privacy command to congure privacy protocol.
For example, run the following command:
snmp.set --privacy protocol
Here, protocol must be either none, for no privacy, or AES128.
Configure SNMP Users
You can congure up to ve users who can access SNMP v3 information. User names must be no more than
32 characters long.
While conguring a user, you generate authentication and privacy hash values based on the user's
authentication and privacy passwords and on the SNMP agent's engine ID. After conguring users, if you
change the engine ID, the authentication protocol, or the privacy protocol, the users are no longer valid and
must be recongured.
Prerequisites
Verify that you have congured the authentication and privacy protocols before conguring users.
n
Verify that you know the authentication and privacy passwords for each user that you plan to
n
congure. Passwords must be at least seven characters long. Store these passwords in les on the host
system.
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 If you are using authentication or privacy, get the authentication and privacy hash values for the user by
the running snmp.hash --auth_hash --priv_hash command.
For example, run the following command:
snmp.hash --auth_hash secret1 --priv_hash secret2
Here, secret1 is the path to the le containing the user's authentication password and secret2 is the path
to the le containing the user's privacy password. Alternatively, you can specify the ag --raw-secret
and specify the passwords directly on the command line.
The authentication and privacy hash values are displayed.
3 Congure the user by running snmp.set --users.
For example, run the following command:
snmp.set --users userid/authhash/privhash/security
The parameters in the command are as follows.
Parameter Description
userid Replace with the user name.
authhash Replace with the authentication hash value.
privhash Replace with the privacy hash value.
security
Replace with the level of security enabled for that user, which can be auth, for authentication only,
priv, for authentication and privacy, or none, for no authentication or privacy.
40 VMware, Inc.
Chapter 4 Using the Appliance Shell to Configure the vCenter Server Appliance
Configure SNMP v3 Targets
Congure SNMP v3 targets to allow the SNMP agent to send SNMP v3 traps.
You can congure a maximum of three SNMP v3 targets, in addition to a maximum of three SNMP v1 or
v2c targets.
To congure a target, you must specify a host name or IP address of the system that will receive the traps, a
user name, a security level, and whether to send traps. The security level can be either none, for no security,
auth, for authentication only, or priv, for authentication and privacy.
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 Run the snmp.set --v3targets command to set up the SNMP v3 target.
For example, run the following command:
snmp.set --v3targets hostname@port/userid/secLevel/trap
The parameters in the command are as follows.
Parameter Description
hostname Replace with the host name or IP address of the management system that will receive the traps.
port Replace with the port on the management system that will receive the traps. If you do not specify a
port, the default port, 161, is used.
userid Replace with the user name.
secLevel
Replace with either none, auth, or priv to indicate the level of authentication and privacy you have
congured. Use auth if you have congured authentication only, priv if you have congured both
authentication and privacy, and none if you have congured neither.
3 (Optional) If the SNMP agent is not enabled, enable it by running the snmp.enable command.
4 (Optional) To send a test trap to verify that the agent is congured correctly, run the snmp.test
command.
The agent sends a warmStart trap to the congured target.
Configure the SNMP Agent to Filter Notifications
You can congure the vCenter Server Appliance SNMP agent to lter out notications if you do not want
your SNMP management software to receive those notications.
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 Run the snmp.set --notraps command to lter traps.
To lter specic traps, run the following command:
n
snmp.set --notraps oid_list
VMware, Inc. 41
vCenter Server Appliance Configuration
Here, oid_list is a list of object IDs for the traps to lter, separated by commas. This list replaces any
object IDs that were previously specied using this command.
To clear all trap lters, run the following command:
n
snmp.set --notraps reset
3 (Optional) If the SNMP agent is not enabled, enable it by running the snmp.enable command.
The traps identied by the specied object IDs are ltered out of the output of the SNMP agent, and are not
sent to SNMP management software.
Configure SNMP Management Client Software
After you have congured the vCenter Server Appliance to send traps, you must congure your
management client software to receive and interpret those traps.
To congure your management client software, specify the communities for the managed device, congure
the port seings, and load the VMware MIB les. See the documentation for your management system for
specic instructions for these steps.
Prerequisites
Download the VMware MIB les from the VMware Web site:
hp://communities.vmware.com/community/developer/managementapi.
Procedure
1 In your management software, specify the vCenter Server Appliance as an SNMP-based managed
device.
2 If you are using SNMP v1 or v2c, set up appropriate community names in the management software.
These names must correspond to the communities set for the SNMP agent on the
vCenter Server Appliance.
3 If you are using SNMP v3, congure users and authentication and privacy protocols to match those
congured on the vCenter Server Appliance.
4 If you congured the SNMP agent to send traps to a port on the management system other than the
default UDP port 162, congure the management client software to listen on the port you congured.
5 Load the VMware MIBs into the management software to view the symbolic names for the
vCenter Server Appliance variables.
To prevent lookup errors, load these MIB les in the following order before loading other MIB les:
a VMWARE-ROOT-MIB.mib
b VMWARE-TC-MIB.mib
c VMWARE-PRODUCTS-MIB.mib
The management software can now receive and interpret traps from the vCenter Server Appliance.
Reset SNMP Settings to Factory Defaults
You can reset SNMP seings to factory defaults. You can also reset the value of a specic argument to the
factory default.
You can reset a specic arguments, such as the communities, targets, and so on. You can also reset the SNMP
conguration to the factory defaults.
42 VMware, Inc.
Chapter 4 Using the Appliance Shell to Configure the vCenter Server Appliance
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 To reset specic arguments, run the command snmp.set --arguments reset.
For example, to reset the communities that you congured, run the following command:
snmp.set --communities reset
3 To reset the whole SNMP conguration to the factory defaults, run the command snmp.reset.
Configuring Time Synchronization Settings in the vCenter Server Appliance
You can change the time synchronization seings in the vCenter Server Appliance after deployment.
When you deploy the vCenter Server Appliance, you can choose the time synchronization method to be
either by using an NTP server or by using VMware Tools. In case the time seings in your vSphere network
change, you can edit the vCenter Server Appliance and congure the time synchronization seings by using
the commands in the appliance shell.
When you enable periodic time synchronization, VMware Tools sets the time of the guest operating system
to be the same as the time of the host.
After time synchronization occurs, VMware Tools checks once every minute to determine whether the
clocks on the guest operating system and the host still match. If not, the clock on the guest operating system
is synchronized to match the clock on the host.
Native time synchronization software, such as Network Time Protocol (NTP), is typically more accurate
than VMware Tools periodic time synchronization and is therefore preferred. You can use only one form of
periodic time synchronization in the vCenter Server Appliance. If you decide to use native time
synchronization software, vCenter Server Appliance VMware Tools periodic time synchronization is
disabled, and the reverse.
Use VMware Tools Time Synchronization
You can set up the vCenter Server Appliance to use VMware Tools time synchronization.
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 Run the command to enable VMware Tools time synchronization.
timesync.set --mode host
3 (Optional) Run the command to verify that you successfully applied the VMware Tools time
synchronization.
timesync.get
The command returns that the time synchronization is in host mode.
The time of the appliance is synchronized with the time of the ESXi host.
VMware, Inc. 43
vCenter Server Appliance Configuration
Add or Replace NTP Servers in the vCenter Server Appliance Configuration
To set up the vCenter Server Appliance to use NTP-based time synchronization, you must add the NTP
servers to the vCenter Server Appliance conguration.
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 Add NTP servers to the vCenter Server Appliance conguration by running the ntp.server.add
command.
For example, run the following command:
ntp.server.add --servers IP-addresses-or-host-names
Here IP-addresses-or-host-names is a comma-separated list of IP addresses or host names of the NTP
servers.
This command adds NTP servers to the conguration. If the time synchronization is based on an NTP
server, then the NTP daemon is restarted to reload the new NTP servers. Otherwise, this command just
adds the new NTP servers to the existing NTP conguration.
3 (Optional) To delete old NTP servers and add new ones to the vCenter Server Appliance conguration,
run the ntp.server.set command.
For example, run the following command:
ntp.server.set --servers IP-addresses-or-host-names
Here IP-addresses-or-host-names is a comma-separated list of IP addresses or host names of the NTP
servers.
This command deletes old NTP servers from the conguration and sets the input NTP servers in the
conguration. If the time synchronization is based on an NTP server, the NTP daemon is restarted to
reload the new NTP conguration. Otherwise, this command just replaces the servers in NTP
conguration with the servers that you provide as input.
4 (Optional) Run the command to verify that you successfully applied the new NTP conguration
seings.
ntp.get
The command returns a space-separated list of the servers congured for NTP synchronization. If the
NTP synchronization is enabled, the command returns that the NTP conguration is in Up status. If the
NTP synchronization is disabled, the command returns that the NTP conguration is in Down status.
What to do next
If the NTP synchronization is disabled, you can congure the time synchronization seings in the
vCenter Server Appliance to be based on an NTP server. See “Synchronize the Time in the vCenter Server
Appliance with an NTP Server,” on page 44.
Synchronize the Time in the vCenter Server Appliance with an NTP Server
You can congure the time synchronization seings in the vCenter Server Appliance to be based on an NTP
server.
Prerequisites
Set up one or more Network Time Protocol (NTP) servers in the vCenter Server Appliance conguration.
See “Add or Replace NTP Servers in the vCenter Server Appliance Conguration,” on page 44.
44 VMware, Inc.
Chapter 4 Using the Appliance Shell to Configure the vCenter Server Appliance
Procedure
1 Access the appliance shell and log in as a user who has the administrator or super administrator role.
The default user with super administrator role is root.
2 Run the command to enable NTP-based time synchronization.
timesync.set --mode NTP
3 (Optional) Run the command to verify that you successfully applied the NTP synchronization.
timesync.get
The command returns that the time synchronization is in NTP mode.
Managing Local User Accounts in the vCenter Server Appliance
If you log in to the appliance shell as a super administrator, you can manage the local user accounts in the
vCenter Server Appliance by running commands in the appliance shell. The default user with a super
administrator role is root.
User Roles in the vCenter Server Appliance
There are three main user roles in the vCenter Server Appliance.
The local users of the vCenter Server Appliance have the rights to perform various tasks in the
vCenter Server Appliance. Three user roles are available in the vCenter Server Appliance:
Operator
Administrator
Super Administrator
Local users with the operator user role can read the appliance conguration.
Local users with the administrator user role can congure the appliance.
Local users with the super administrator user role can congure the
appliance, manage the local accounts, and use the Bash shell.
Get a List of the Local User Accounts in the vCenter Server Appliance
You can see the list of the local user accounts so that you can decide which user account to manage from the
appliance shell.
Procedure
1 Access the appliance shell and log in as a user who has a super administrator role.
The default user with a super administrator role is root.
2 Run the localaccounts.user.list command.
You can see a list of the local users. The information about a user includes the user name, status, role,
status of the password, full name and email.
N The list of local users includes only the local users who have their default shell as appliance
shell.
Create a Local User Account in the vCenter Server Appliance
You can create a new local user account in the vCenter Server Appliance.
For information about the user roles, see “User Roles in the vCenter Server Appliance,” on page 45.
VMware, Inc. 45
vCenter Server Appliance Configuration
Procedure
1 Access the appliance shell and log in as a user who has a super administrator role.
The default user with a super administrator role is root.
2 Run the localaccounts.user.add -- role --username --password command.
For example, to add the local user account test with the operator user role, run the following command:
localaccounts.user.add --role operator --username test --password
You can also set up a new local user account and specify an email and the full name of the user. For
example, to add the local user account test1 with the operator user role, full name TestName and the
email address test1@mymail.com, run the following command:
localaccounts.user.add --role operator --username test1 --password --fullname TestName --
email test1@mymail.com
You cannot use spaces in full names.
3 Enter and conrm the password of the new local user when prompted.
You created a new local user in the appliance.
Update the Password of a Local User in the vCenter Server Appliance
You can update the password of a local user in the vCenter Server Appliance for security reasons.
Procedure
1 Access the appliance shell and log in as a user who has a super administrator role.
The default user with a super administrator role is root.
2 Run the localaccounts.user.password.update --username command.
For example, to change the password of a user with user name test, run the following command:
localaccounts.user.password.update --username test
3 Enter and conrm the new password when prompted.
Update a Local User Account in the vCenter Server Appliance
You can update an existing local user account in the vCenter Server Appliance.
For information about the user roles, see “User Roles in the vCenter Server Appliance,” on page 45.
Procedure
1 Access the appliance shell and log in as a user who has a super administrator role.
The default user with a super administrator role is root.
2 Run the localaccounts.user.set --username command to update an existing local user.
To update the role of the local user, run the following command:
n
localaccounts.user.set --username user name --role new role
Here, user name is the name of the user that you want to edit and new role is the new role. The role
can be operator, admin, or superAdmin.
To update the email of the local user, run the following command:
n
localaccounts.user.set --username user name --email new email address
46 VMware, Inc.
Chapter 4 Using the Appliance Shell to Configure the vCenter Server Appliance
Here, user name is the name of the user that you want to edit and new email address is the new email
address.
To update the full name of the local user, run the following command:
n
localaccounts.user.set --username user name --fullname new full name
Here, user name is the name of the user that you want to edit and new full name is the new full name
of the user.
To update the status of the local user, run the following command:
n
localaccounts.user.set --username user name --status new status
Here, user name is the name of the user that you want to edit and status is the new status of the local
user. The status can be either disabled or enabled.
Delete a Local User Account in the vCenter Server Appliance
You can delete a local user account in the vCenter Server Appliance.
Procedure
1 Access the appliance shell and log in as a user who has a super administrator role.
The default user with a super administrator role is root.
2 Run the localaccounts.user.delete --username command.
For example, to delete the user with user name test, run the following command:
localaccounts.user.delete --username test
The user is deleted.
Monitor Health Status and Statistics in the vCenter Server Appliance
You can monitor the hardware health status of the vCenter Server Appliance by using the API commands in
the appliance shell. You can also monitor the health status of the update component for information about
available patches.
You can view the status of the hardware components such as memory, CPU, storage, and network, as well as
the update component that shows if the software packages are up to date according to the last check for
available patches.
A particular health status can be green, yellow, orange, red, or gray. For more information, see “View the
vCenter Server Appliance Health Status,” on page 12.
For a complete list of the API commands that you can use for monitoring statistics and health of the
vCenter Server Appliance system, see “API Commands in the vCenter Server Appliance Shell,” on page 33.
Procedure
1 Access the appliance shell and log in.
The user name that you use to log in can be of a user with an operator, administrator, or super
administrator user role.
2 View the health status of a particular component.
To view the health of the memory in the vCenter Server Appliance, run the mem.health.get
n
command.
To view the health of the storage in the vCenter Server Appliance, run the storage.health.get
n
command.
VMware, Inc. 47
vCenter Server Appliance Configuration
To view the health of the swap in the vCenter Server Appliance, run the swap.health.get
n
command.
To view the health of the update component in the vCenter Server Appliance, run the
n
softwarepackages.health.get command.
I If you do not perform regular checks for available patches, the health status of the
update component might become out-of-date. For information on how to check for
vCenter Server Appliance patches and enable automatic checks for vCenter Server Appliance
patches, see vSphere Upgrade.
To view the overall health of the vCenter Server Appliance system, run the system.health.get
n
command.
3 To view statistics about a particular hardware component, run the respective command.
For example, to view storage statistics for each logical disk, run the storage.stats.list command.
Using the vimtop Plug-In to Monitor the Resource Usage of Services
You can use the vimtop utility plug-in to monitor vSphere services that run in the vCenter Server Appliance.
vimtop is a tool similar to esxtop, which runs in the environment of the vCenter Server Appliance. By using
the text-based interface of vimtop in the appliance shell, you can view overall information about the
vCenter Server Appliance, and a list of vSphere services and their resource usage.
Monitor Services by Using vimtop in Interactive Mode on page 48
n
You can use the vimtop plug-in to monitor services in real time.
Interactive Mode Command-Line Options on page 48
n
You can use various command-line options when you run the vimtop command to enter the plug-in
interactive mode.
Interactive Mode Single-Key Commands for vimtop on page 49
n
When running in interactive mode, vimtop recognizes several single-key commands.
Monitor Services by Using vimtop in Interactive Mode
You can use the vimtop plug-in to monitor services in real time.
The default view of the vimtop interactive mode consists of the overview tables and the main table. You can
use single-key commands in interactive mode to switch the view from processes to disks or network.
Procedure
1 From an SSH client program, log in to the vCenter Server Appliance shell.
2 Run the vimtop command to access the plug-in in interactive mode.
Interactive Mode Command-Line Options
You can use various command-line options when you run the vimtop command to enter the plug-in
interactive mode.
Table 4‑4. Interactive Mode Command-Line Options
Option Description
-h Prints help for the vimtop command-line options.
-v Prints the vimtop version number.
48 VMware, Inc.
Chapter 4 Using the Appliance Shell to Configure the vCenter Server Appliance
Table 4‑4. Interactive Mode Command-Line Options (Continued)
Option Description
-c lename Loads a user-dened vimtop conguration le. If the -c option is not used, the default
conguration le is /root/vimtop/vimtop.xml.
You can create your own conguration le, specifying a dierent le name and path by using
the W single-key interactive command.
-n number Sets the number of performed iterations before the vimtop exits interactive mode. vimtop
updates the display number number of times and exits. The default value is 10000.
-p / -d seconds
Sets the update period in seconds.
Interactive Mode Single-Key Commands for vimtop
When running in interactive mode, vimtop recognizes several single-key commands.
All interactive mode panels recognize the commands listed in the following table.
Table 4‑5. Interactive Mode Single-Key Commands
Key Names Description
h Show a help menu for the current panel, giving a brief summary of commands, and the status of
secure mode.
i
t Show or hide the Tasks section, which displays information in the overview panel about the tasks
m Show or hide the Memory section in the overview panel.
f Show or hide the CPU section which displays information in the overview panel about all
g Show or hide the CPUs section which displays information in the overview panel about the top 4
spacebar Immediately refreshes the current pane.
p Pause the displayed information about the services resource usage in the current panels.
r Refresh the displayed information about the services resource usage in the current panels.
s Set refresh period.
q
k Displays the Disks view of the main panel.
o Switch the main panel to Network view.
Esc Clear selection or return to the Processes view of the main panel.
Enter Select a service to view additional details.
n Show or hide names of the headers in the main panel.
u Show or hide the measurement units in the headers in the main panel.
left, right arrows Select columns.
up, down arrows Select rows.
<,> Move a selected column.
Delete Remove selected column.
c Add a new column to the current view of the main panel. Use spacebar to add or remove columns
a Sort the selected column in ascending order.
Show or hide the top line view of the overview panel of the vimtop plug-in.
currently running on the vCenter Server instance .
available CPUs.
physical CPUs.
Exit the interactive mode of the vimtop plug-in .
from the displayed list.
VMware, Inc. 49
vCenter Server Appliance Configuration
Table 4‑5. Interactive Mode Single-Key Commands (Continued)
Key Names Description
d Sort the selected column in descending order.
z Clear the sort order for all columns.
l Set width for the selected column.
x Return the column widths to their default values.
+ Expand selected item.
- Collapse selected item.
w
Write the current setup to a vimtop conguration le. The default le name is the one specied by
-c option, or /root/vimtop/vimtop.xml if the -c option is not used. You can also specify a
dierent le name on the prompt generated by the w command.
50 VMware, Inc.
Using the Direct Console User
Interface to Configure the
vCenter Server Appliance 5
After you deploy the vCenter Server Appliance, you can recongure the network seings and enable access
to the Bash shell for troubleshooting. To access the Direct Console User Interface, you must log in as root.
The home page of the Direct Console User Interface contains a link to the support bundle of the
vCenter Server Appliance. The link to the support bundle is of the type hps://appliance-host-name:
443/appliance/support-bundle.
This chapter includes the following topics:
“Log In to the Direct Console User Interface,” on page 51
n
“Change the Password of the Root User,” on page 52
n
“Congure the Management Network of the vCenter Server Appliance,” on page 52
n
“Restart the Management Network of the vCenter Server Appliance,” on page 53
n
“Enable Access to the Appliance Bash shell,” on page 53
n
“Access the Appliance Bash Shell for Troubleshooting,” on page 54
n
“Export a vCenter Server Support Bundle for Troubleshooting,” on page 54
n
Log In to the Direct Console User Interface
The Direct Console User Interface lets you interact with the appliance locally by using text-based menus.
Procedure
1 Browse to the vCenter Server Appliance in the vSphere Web Client or the vSphere Client inventory.
2 On the Summary tab, click Launch Console.
3 Click inside the console window and press F2 to customize the system.
4 Type the password for the root user of the appliance and press Enter.
I If you enter invalid credentials thrice, the root account is locked for ve minutes.
You logged in to the Direct Console User Interface. You can change the password of the root user of the
vCenter Server Appliance, edit the network seings, and enable access to the vCenter Server Appliance Bash
shell.
VMware, Inc.
51
vCenter Server Appliance Configuration
Change the Password of the Root User
To prevent unauthorized access to the vCenter Server Appliance Direct Console User Interface, you can
change the password of the root user.
The default root password for the vCenter Server Appliance is the password you enter during deployment
of the virtual appliance.
I The password for the root account of the vCenter Server Appliance expires after 365 days. You
can change the expiry time for an account by logging as root to the vCenter Server Appliance Bash shell, and
running chage -M number_of_days -W warning_until_expiration user_name. To increase the expiration
time of the root password to innity, run the chage -M -1 -E -1 root command.
Procedure
1 Browse to the vCenter Server Appliance in the vSphere Web Client or the vSphere Client inventory.
2 On the Summary tab, click Launch Console.
3 Click inside the console window and press F2 to customize the system.
4 To log in to the Direct Console User Interface, type the current password of the root user and press
Enter.
5 Select Root Password and press Enter.
6 Type the old password of the root user, and press Enter.
7 Set up the new password and press Enter.
8 Press Esc until you return to the main menu of the Direct Console User Interface.
You changed the password of the root user of the appliance.
Configure the Management Network of the vCenter Server Appliance
The vCenter Server Appliance can obtain networking seings from a DHCP server, or use static IP
addresses. You can change the networking seings of the vCenter Server Appliance from the Direct Console
User Interface. You can change the IPv4, IPv6, and DNS conguration.
Prerequisites
To change the IP address of the appliance, verify that the system name of the appliance is an FQDN. If,
during the deployment of the appliance, you set an IP address as a system name, you cannot change the IP
address after the deployment, because the system name is used as a primary network identier.
Procedure
1 Log in to the Direct Console User Interface of the vCenter Server Appliance.
2 Select Management Network and press Enter.
3 Change the IPv4 seings from IP .
Option Description
Use dynamic IP address and
network configuration
Set static IP address and network
configuration
Obtains networking seings from a DHCP server if one is available on
your network
Sets static networking conguration
52 VMware, Inc.
Chapter 5 Using the Direct Console User Interface to Configure the vCenter Server Appliance
4 Change the IPv6 seings from IPv6 .
Option Description
Enable IPv6
Use DHCP stateful configuration
Use ICMP stateless configuration
Enables or disables IPv6 on the appliance
Uses a DHCP server to obtain IPv6 addresses and networking seings
Uses a Stateless Address Autoconguration (SLAAC) to obtain IPv6
addresses and network seings
5 Change the DNS seings from DNS .
Option Description
Obtain DNS server address and
hostname automatically
Use the following DNS server
address and hostname
Obtains the DNS server address and host name automatically.
Use this option if the IP seings of the appliance are obtained
automatically from a DHCP server .
Sets the static IP address and host name for the DNS server.
6 Set custom DNS suxes from Custom DNS .
If you do not specify any suxes, a default sux list is derived from the local domain name.
7 Press Esc until you return to the main menu of the Direct Console User Interface.
Restart the Management Network of the vCenter Server Appliance
Restart the management network of the vCenter Server Appliance to restore the network connection.
Procedure
1 Log in to the Direct Console User Interface of the vCenter Server Appliance.
2 Select Restart Management Network and press Enter.
3 Press F11.
Enable Access to the Appliance Bash shell
You can use the appliance Direct Console User Interface to enable local and remote access to the appliance
Bash shell. Bash shell access enabled through Direct Console User Interface remains enabled for 3600
seconds.
Procedure
1 Log in to the Direct Console User Interface of the vCenter Server Appliance.
2 Select Troubleshooting Options and press Enter.
3 From the Troubleshooting Mode Options menu, select to enable either Bash shell or SSH.
4 Press Enter to enable the service.
5 Press Esc until you return to the main menu of the Direct Console User Interface.
What to do next
Access the vCenter Server Appliance Bash shell for troubleshooting.
VMware, Inc. 53
vCenter Server Appliance Configuration
Access the Appliance Bash Shell for Troubleshooting
Log in to the vCenter Server Appliance shell for troubleshooting purposes only.
Procedure
1 Access the appliance shell using one of the following methods.
If you have direct access to the appliance, press Alt+F1.
n
If you want to connect remotely, use SSH or another remote console connection to start a session to
n
the appliance.
2 Enter a user name and password recognized by the appliance.
3 In the appliance shell, enter the command pi shell or shell to access the Bash shell.
Export a vCenter Server Support Bundle for Troubleshooting
If you want to export the support bundle of the vCenter Server instance in the vCenter Server Appliance for
troubleshooting, you can do that by using the URL displayed on the DCUI home screen.
You can also collect the support bundle from the vCenter Server Appliance Bash shell, by running the vc-
support.sh script.
The support bundle is exported in .tgz format.
Procedure
1 Log in to the Windows host machine on which you want to download the bundle.
2 Open a Web browser and enter the URL to the support bundle displayed in the DCUI.
hps://appliance-fully-qualied-domain-name:443/appliance/support-bundle
3 Enter the user name and password of the root user.
4 Click Enter.
The support bundle is downloaded as .tgz le on your Windows machine.
54 VMware, Inc.
Index
A
accessing Bash shell 30
Active Directory domain, leaving 19
Active Directory domain, joining 17
API commands in the vCenter Server Appliance,
getting help 31
APIs 33
appliance console, logging in 51
appliance password, changing 15, 52
appliance shell
accessing 29
using to edit the vCenter Server Appliance 29
appliance troubleshooting, enabling 53
appliance
configure DNS settings 52
configure IPv4 52
configure IPv6 52
configure management network 52
configure static IP 52
appliance Bash shell
enabling access 53
logging in 54
appliance DCUI, changing password 52
appliance Direct Console User Interface, logging
in 51
appliance password expiry settings,
changing 15
Auto Deploy, setting up startup settings 24
E
email of a local user, changing in the vCenter
Server Appliance 46
enabling Bash shell access in the vCenter
Server Appliance 13, 20
enabling HTTP port forwarding in the vCenter
Server Appliance 20
enabling local login in the vCenter Server
Appliance 20
enabling SSH in the vCenter Server
appliance 13, 20
ESXi Dump Collector, setting up startup
settings 24
F
filtering traps, SNMP agent 41
firewall, configuring in the vCenter Server
Appliance 23
firewall rules
adding in the vCenter Server Appliance 23
editing in the vCenter Server Appliance 23
G
GET requests
configuring the vCenter Server Appliance 37
configuring the vCenter Server Appliance
SNMP agent 37
glossary 5
B
Bash shell
accessing 30
accessing for troubleshooting 54
enabling access 30
enabling for troubleshooting 53
enabling users to edit access 20
keyboard shortcuts 30
browsing the log files, showlog plug-in 36
C
command-line management of the appliance 29
D
DCUI, logging in 51
Direct Console User Interface, vCenter Server
Appliance 51
DNS settings, editing in the vCenter Server
Appliance 13, 21
VMware, Inc. 55
H
hardware health status, in the vCenter Server
Appliance 47
I
intended audience 5
interactive mode, running vimtop 48
IP address 13, 21
IPv4 address, setting up for the appliance 13, 21
IPv6 address, setting up for the appliance 13, 21
L
local user accounts
listing in the appliance 45
managing in the appliance 45
vCenter Server Appliance 45
local user account
creating in the appliance 45
vCenter Server Appliance Configuration
deleting from the vCenter Server
Appliance 47
updating in the vCenter Server Appliance 46
log bundle, exporting 13
log bundles, exporting 26
log files 36
M
management network, restarting 53
Message Bus Configuration, setting up startup
settings 24
monitoring
health status, services, nodes 25
health status, vCenter Server Appliance 12
N
new local user account, vCenter Server
Appliance 45
NTP servers, adding 44
NTP-based time synchronization 44
O
overview of, vCenter Server appliance 9
P
password
changing 15, 52
updating for a local user 46
password expiry settings, changing 15
Platform Services Controller
joining to an Active Directory domain 17
leaving an Active Directory domain 19
plug-ins, vCenter Server Appliance 31
plug-ins in the vCenter Server Appliance, getting
help 31
polling, configuring in the vCenter Server
Appliance 37
proxy server, setting up for the vCenter Server
Appliance 13
R
redirecting, log files 27
S
services
monitoring in interactive mode 48
restarting 24
starting 24
startup settings 24
stopping 24
showlog plug-in 36
SNMP
configuring in the vCenter Server
Appliance 36
management software 42
SNMP agent in the vCenter Server Appliance,
configuring for polling 37
SNMP authentication, configuring in the vCenter
Server Appliance 39
SNMP configuration 36
SNMP privacy, configuring in the vCenter Server
Appliance 39
SNMP agent
clearing all traps 41
configuring for sending v1 or v2c traps 38
filtering traps 41
SNMP communities, configuring 37
SNMP settings, resetting 42
SNMP users 40
SNMP v1 and v2c, configuring in the vCenter
Server Appliance 37
SNMP v1 and v2c configuration 37
SNMP v3, configuring the vCenter Server
Appliance 38
SNMP v3 agent engine ID, configuring 39
SNMP v3 targets, configuring 41
specifying DNS settings, vCenter Server
Appliance 13, 21
SSH, enabling 53
startup settings of a service 24
startup settings, editing 24
status of a local user, changing in the vCenter
Server Appliance 46
support bundle, exporting 13, 54
support bundles 26
system configuration, editing service settings 25
SystemConfiguration.BashShellAdministrators
group, adding members 20
T
time synchronization
NTP-based 44
VMware Tools-based 43
time synchronization settings 15, 43
U
updated information 7
user roles, vCenter Server Appliance 45
V
vCenter Server Appliance
accessing the vCenter Server Appliance
Management Interface 11
adding a local user account 45
adding NTP servers 44
API commands 33
changing the email address of a user 46
changing the full name of a user 46
changing the password expiry settings 15
56 VMware, Inc.
Index
changing the role of a user account 46
changing the root password 15
configuration 51
configuring a proxy server 13
configuring access settings 13, 20
configuring IP address 13, 21
configuring SNMP 36
configuring SNMP authentication 39
configuring SNMP communities 37
configuring SNMP privacy protocols 39
configuring SNMP users 40
configuring SNMP v1 and v2c 37
configuring SNMP v3 engine ID 39
configuring SNMP v3 targets 41
deleting a local user account 47
editing DNS settings 13, 21
enabling or disabling a local user account 46
exporting a support bundle 13
exporting support bundle 54
filtering traps 41
getting help 31
health monitoring 47
joining to an Active Directory domain 17
leaving an Active Directory domain 19
local user accounts 45
managing by using the vCenter Server
Appliance management interface 11
managing by using the vSphere Web
Client 17
managing local user accounts 45
managing through the appliance shell 29
NTP-based time synchronization 44
rebooting 12
redirecting log files 27
resetting settings to factory defaults 42
restarting management network 53
shutting down 12
time synchronization settings 15, 43
updating a local user account 46
updating the password of a local user,
vCenter Server Appliance 46
user roles 45
utilities 31
VMware Tools-based time synchronization 43
vCenter Server Appliance, configuring for
polling 37
vCenter Server Appliance CLI 33
vCenter Server Appliance DCUI 51
vCenter Server Appliance firewall settings 23
vCenter Server Appliance management
interface, using to edit the vCenter
Server Appliance 11
vCenter Server Appliance Management
Interface, accessing 11
vCenter Server Appliance, configuring the SNMP
agent to send traps 38
vCenter Server Appliance, editing 11, 17
vCenter Server Appliance, configuring for SNMP
v3 38
vCenter Sever Appliance, replacing NTP
servers 44
viewing firstboot log files 36
vimtop
command-line options 48
interactive mode single-key commands 49
overview 48
using 48
VMware Tools-based time synchronization 43
vSphere Web Client, using to edit the vCenter
Server Appliance 17
W
Windows, export the support bundle 54
VMware, Inc. 57
vCenter Server Appliance Configuration
58 VMware, Inc.
Loading...