VMware vSphere - 6.0.1 User Manual
vCenter Server Appliance Configuration
Update 1
vSphere 6.0
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions of
this document, see http://www.vmware.com/support/pubs.
EN-001785-06
vCenter Server Appliance Configuration
You can find the most up-to-date technical documentation on the VMware Web site at:
hp://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2009–2016 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About vCenter Server Appliance Conguration 5
Updated Information 7
vCenter Server Appliance Overview 9
1
Using the Appliance Management Interface to Congure the
2
vCenter Server Appliance 11
Log In to the vCenter Server Appliance Management Interface 11
View the vCenter Server Appliance Health Status 12
Reboot or Shut Down the vCenter Server Appliance 12
Export a Support Bundle 13
Enable or Disable SSH and Bash Shell Access 13
Congure the DNS, IP Address, and Proxy Seings 13
Congure the System Time Zone and Time Synchronization Seings 15
Change the Password and Password Expiration Seings of the Root User 15
Using the vSphere Web Client to Congure the vCenter Server Appliance 17
3
Join the vCenter Server Appliance to an Active Directory Domain 17
Leave an Active Directory Domain 19
Add a User to the SystemConguration.BashShellAdministrators Group 20
Edit Access Seings to the vCenter Server Appliance 20
Edit the DNS and IP Address Seings of the vCenter Server Appliance 21
Edit the Firewall Seings of the vCenter Server Appliance 23
Edit the Startup Seings of a Service 24
Start, Stop, or Restart Services in the vCenter Server Appliance 24
View the Health Status of Services and Nodes 25
Edit the Seings of Services 25
Export a Support Bundle 26
Redirect vCenter Server Appliance Log Files to Another Machine 27
VMware, Inc.
Using the Appliance Shell to Congure the vCenter Server Appliance 29
4
Access the Appliance Shell 29
Enable Bash Shell Access From the Appliance Shell 30
Keyboard Shortcuts for Editing Commands 30
Get Help About the Plug-Ins and API Commands in the Appliance 31
Plug-Ins in the vCenter Server Appliance Shell 31
API Commands in the vCenter Server Appliance Shell 33
Browse the Log Files by Using the showlog Plug-In 36
Conguring SNMP for the vCenter Server Appliance 36
Conguring Time Synchronization Seings in the vCenter Server Appliance 43
3
vCenter Server Appliance Configuration
Managing Local User Accounts in the vCenter Server Appliance 45
Monitor Health Status and Statistics in the vCenter Server Appliance 47
Using the vimtop Plug-In to Monitor the Resource Usage of Services 48
Using the Direct Console User Interface to Congure the
5
vCenter Server Appliance 51
Log In to the Direct Console User Interface 51
Change the Password of the Root User 52
Congure the Management Network of the vCenter Server Appliance 52
Restart the Management Network of the vCenter Server Appliance 53
Enable Access to the Appliance Bash shell 53
Access the Appliance Bash Shell for Troubleshooting 54
Export a vCenter Server Support Bundle for Troubleshooting 54
Index 55
4 VMware, Inc.
About vCenter Server Appliance Configuration
vCenter Server Appliance Conguration provides information about conguring the vCenter Server Appliance.
Intended Audience
This information is intended for anyone who wants to use the vCenter Server Appliance. The information is
wrien for experienced Windows or Linux system administrators who are familiar with virtual machine
technology and data center operations.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For denitions
of terms as they are used in VMware technical documentation, go to
hp://www.vmware.com/support/pubs.
VMware, Inc.
5
vCenter Server Appliance Configuration
6 VMware, Inc.
Updated Information
This vCenter Server Appliance Conguration is updated with each release of the product or when necessary.
This table provides the update history of the vCenter Server Appliance Conguration.
Revision Description
EN-001785-06
EN-001785-05 Updated topic “Join the vCenter Server Appliance to an Active Directory Domain,” on page 17 to
EN-001785-04 Updated topics “Congure the DNS, IP Address, and Proxy Seings,” on page 13 and “Edit the DNS
EN-001785-03 Updated topic “Log In to the vCenter Server Appliance Management Interface,” on page 11 to add a
EN-001785-02 Updated topic “Create a Local User Account in the vCenter Server Appliance,” on page 45 to correct the
EN-001785-01
EN-001785-00 Initial release.
Updated topic “Plug-Ins in the vCenter Server Appliance Shell,” on page 31 to add the cmsso-util and
psc-restore plug-ins.
improve the information about enabling Windows session authentication (SSPI) for Active Directory
users when using the vSphere Web Client and the vSphere Client to connect to a vCenter Server instance.
and IP Address Seings of the vCenter Server Appliance,” on page 21 to add a prerequisite for changing
the IP address of the appliance.
prerequisite for enabling TLS 1.0 and 1.1 if using Internet Explorer.
command syntax by adding a required parameter.
Updated Chapter 1, “vCenter Server Appliance Overview,” on page 9 to state that customization of
n
the vCenter Server Appliance is unsupported except for adding memory and CPU.
Updated “Join the vCenter Server Appliance to an Active Directory Domain,” on page 17 to state
n
that this procedure aaches users and groups from an Active Directory domain to the vCenter Single
Sign-On domain, Active Directory domains with read-only domain controllers (RODC) are
unsupported, and the organizational unit text box requires the canonical name of the organizational
unit. Also, added information in step 11 about the identity source seings of the joined Active
Directory domain.
VMware, Inc. 7
vCenter Server Appliance Configuration
8 VMware, Inc.
vCenter Server Appliance Overview 1
The vCenter Server Appliance is a precongured Linux virtual machine, which is optimized for running
vCenter Server and the associated services on Linux.
You can download the vCenter Server Appliance installer, install the VMware Client Integration Plug-In,
and deploy the vCenter Server Appliance. During the deployment of the appliance, you select whether you
want to deploy vCenter Server Appliance with an external Platform Services Controller or
vCenter Server Appliance with an embedded Platform Services Controller. You can also join the
vCenter Server Appliance to the same vCenter Single Sign-On domain as another vCenter Server Appliance
or vCenter Server on Windows. See vSphere Installation and Setup.
The vCenter Server Appliance is supported on ESXi 5.0 and later. The appliance package contains the
following software:
SUSE Linux Enterprise Server 11 Update 3 for VMware, 64-bit edition.
n
PostgreSQL database.
n
vCenter Server 6.0 and vCenter Server 6.0 components.
n
Platform Services Controller that contains all of the necessary services for running vCenter Server such
n
as vCenter Single Sign-On, License service, and VMware Certicate Authority.
For detailed information about the Platform Services Controller, see vSphere Installation and Setup.
VMware, Inc.
Customization of the vCenter Server Appliance is unsupported except for adding memory and CPU.
The vCenter Server Appliance has the following default user names:
root user with the password that you set during the deployment of the virtual appliance. You use the
n
root user to log in to the vCenter Server Appliance Management Interface and to the appliance Linux
operating system.
I The password for the root account of the vCenter Server Appliance expires after 365 days
by default. For information about how to change the root password and congure the password
expiration seings, see “Change the Password and Password Expiration Seings of the Root User,” on
page 15.
administrator@your_domain_name which is the vCenter Single Sign-On user with the password and
n
domain name that you set during the deployment of the appliance.
In vSphere 5.5, this user is administrator@vsphere.local. In vSphere 6.0, when you install vCenter Server
or deploy the vCenter Server Appliance with a new Platform Services Controller, you can change the
vSphere domain. Do not use the same domain name as the domain name of your Microsoft Active
Directory or OpenLDAP domain name.
9
vCenter Server Appliance Configuration
Initially, only the user administrator@your_domain_name has the privileges to log in to the
vCenter Server system in the vCenter Server Appliance. By default, the
administrator@your_domain_name user is a member of the SystemConguration.Administrators group
and can add an identity source in which additional users and groups are dened to vCenter Single
Sign-On or give permissions to the users and groups. For more information, see vSphere Security.
You can access the vCenter Server Appliance and edit the vCenter Server Appliance seings in four ways:
Use the vCenter Server Appliance Management Interface.
n
You can edit the system seings of the vCenter Server Appliance such as access, network, time
synchronization, and the root password seings. This is the preferred way for editing the appliance.
Use the vSphere Web Client.
n
You can navigate to the system conguration seings of the vCenter Server Appliance and join the
appliance to an Active Directory domain, manage the services that are running in the
vCenter Server Appliance, and modify various seings such as access, network, and rewall seings.
Use the appliance shell.
n
You can use TTY1 to log in to the console or can use SSH and run conguration, monitoring, and
troubleshooting commands in the vCenter Server Appliance.
Use the Direct Console User Interface.
n
You can use TTY2 to log in to the vCenter Server Appliance Direct Console User Interface to change the
password of the root user, congure the network seings, or enable access to the Bash shell or SSH.
10 VMware, Inc.
Using the Appliance Management
Interface to Configure the
vCenter Server Appliance 2
After you deploy the vCenter Server Appliance that contains vCenter Server with an embedded
Platform Services Controller, vCenter Server with an external Platform Services Controller, or a
Platform Services Controller, you can log in to the vCenter Server Appliance Management Interface and edit
the appliance seings.
For information about patching the vCenter Server Appliance and enabling automatic checks for
vCenter Server Appliance patches, see the vSphere Upgrade documentation.
This chapter includes the following topics:
“Log In to the vCenter Server Appliance Management Interface,” on page 11
n
“View the vCenter Server Appliance Health Status,” on page 12
n
“Reboot or Shut Down the vCenter Server Appliance,” on page 12
n
“Export a Support Bundle,” on page 13
n
“Enable or Disable SSH and Bash Shell Access,” on page 13
n
“Congure the DNS, IP Address, and Proxy Seings,” on page 13
n
“Congure the System Time Zone and Time Synchronization Seings,” on page 15
n
“Change the Password and Password Expiration Seings of the Root User,” on page 15
n
Log In to the vCenter Server Appliance Management Interface
Log in to the vCenter Server Appliance Management Interface to access the vCenter Server Appliance
conguration seings.
N The login session expires if you leave the vCenter Server Appliance Management Interface idle for 10
minutes.
Prerequisites
Verify that the vCenter Server Appliance is successfully deployed and running.
n
If you are using Internet Explorer, verify that TLS 1.0 and 1.1 are enabled in the security seings.
n
Procedure
1 In a Web browser, go to the vCenter Server Appliance Management Interface, hps://appliance-IP-
address-or-FQDN:5480.
2 Log in as root.
The default root password is the password you set while deploying the vCenter Server Appliance.
VMware, Inc.
11
vCenter Server Appliance Configuration
View the vCenter Server Appliance Health Status
You can use the vCenter Server Appliance Management Interface to view the overall health status of the
vCenter Server Appliance and health messages.
The overall health status of the vCenter Server Appliance is based on the status of the hardware components
such as memory, CPU, storage, and network, as well as that of the update component, which shows whether
the software packages are up to date according to the last check for available patches.
I If you do not perform regular checks for available patches, the health status of the update
component might become out-of-date. For information about how to check for vCenter Server Appliance
patches and enable automatic checks for vCenter Server Appliance patches, see vSphere Upgrade.
For information about how to view the individual status, see “Monitor Health Status and Statistics in the
vCenter Server Appliance,” on page 47.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
Procedure
1 In the vCenter Server Appliance Management Interface, click Summary.
2 In the Health Status pane, view the Overall Status badge.
Table 2‑1. Health Status
Badge Icon Description
Good. All components in the appliance are
healthy.
Warning. One or more components in the
appliance might become overloaded soon.
View the details in the Health Messages
pane.
Alert. One or more components in the
appliance might be degraded. Nonsecurity
patches might be available.
View the details in the Health Messages
pane.
Critical. One or more components in the
appliance might be in an unusable status and
the appliance might become unresponsive
soon. Security patches might be available.
View the details in the Health Messages
pane.
Unknown. No data is available.
Reboot or Shut Down the vCenter Server Appliance
You can use the vCenter Server Appliance Management Interface to restart or power o the virtual machine
running.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
12 VMware, Inc.
Procedure
1 In the vCenter Server Appliance Management Interface, click Summary.
2 Click Reboot or Shutdown to restart or power o the virtual machine.
3 In the conrmation dialog window, click Yes to conrm the operation.
Export a Support Bundle
You can export a support bundle that contains the log les for the vCenter Server instance running in the
appliance. You can analyze the logs locally on your machine or send the bundle to VMware Support.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
Procedure
1 In the vCenter Server Appliance Management Interface, click Summary.
2 Click Create Support Bundle, and save the bundle on your local machine.
The support bundle is downloaded as a .tgz le on your local machine.
Chapter 2 Using the Appliance Management Interface to Configure the vCenter Server Appliance
Enable or Disable SSH and Bash Shell Access
You can use the vCenter Server Appliance Management Interface to edit the access seings to the appliance.
You can enable or disable an SSH administrator login to the appliance. You can also enable access to the
vCenter Server Appliance Bash shell for a specic time interval.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
Procedure
1 In the vCenter Server Appliance Management Interface, click Access, and click Edit.
2 Edit the access seings for the vCenter Server Appliance.
Option Description
Enable SSH login
Enable Bash shell
3 Click OK to save the seings.
Enables SSH access to the vCenter Server Appliance.
Enables Bash shell access to the vCenter Server Appliance for the number
of minutes that you enter.
Configure the DNS, IP Address, and Proxy Settings
You can assign static IPv4 and IPv6 addresses, edit the DNS seings, and dene the proxy seings for the
vCenter Server Appliance.
Prerequisites
To change the IP address of the appliance, verify that the system name of the appliance is an FQDN. If,
n
during the deployment of the appliance, you set an IP address as a system name, you cannot change the
IP address after the deployment, because the system name is used as a primary network identier.
Log in to the vCenter Server Appliance Management Interface as root.
n
VMware, Inc. 13
vCenter Server Appliance Configuration
Procedure
1 In the vCenter Server Appliance Management Interface, click Networking.
2 In the Hostname, Name Servers, and Gateways pane, click Edit.
3 In the Name Servers section, congure the DNS seings.
Option Description
Obtain DNS settings automatically
Enter settings manually
4 In the Networking Interfaces pane, click Edit.
5 Expand the network interface name to edit the IP address seings.
6 Edit the IPv4 address seings.
Option Description
No IPv4 settings
Obtain IPv4 settings automatically
Use the following IPv4 settings
7 Edit the IPv6 seings.
Obtains the DNS seings automatically from the network.
Lets you set the DNS address seings manually. If you select this option,
you must provide the following information:
The IP address of the preferred DNS server.
n
(Optional) The IP address of the alternative DNS server.
n
Disables the IPv4 address. The appliance uses only an IPv6 address.
Obtains the IPv4 address for the appliance automatically from the
network .
Uses an IPv4 address that you set manually. You must enter the IP address,
subnet prex length, and the default gateway.
Option Description
Obtain IPv6
automatically through DHCP
Obtain IPv6
automatically through Router
Advertisement
Static IPv6 addresses Uses static IPv6 addresses that you set up manually.
Assigns IPv6 addresses to the appliance automatically from the network by
using DHCP.
Assigns IPv6 addresses to the appliance automatically from the network by
using router advertisement.
1 Click the Add icon.
2 Enter the IPv6 address and the subnet prex length.
3 Click OK.
4 (Optional) Edit the default gateway.
You can congure the appliance to obtain the IPv6 seings automatically through both DHCP and
router advertisement. You can assign static IPv6 address at the same time.
8 To congure a proxy server, in the Proxy Seings pane, click Edit.
9 Select Use a Proxy Server, enter the proxy server seings, and click OK.
14 VMware, Inc.
Chapter 2 Using the Appliance Management Interface to Configure the vCenter Server Appliance
Configure the System Time Zone and Time Synchronization Settings
After you deploy the vCenter Server Appliance, you can change the system time zone and time
synchronization seings.
When you deploy the vCenter Server Appliance, you either use the time seings of the ESXi host on which
the appliance is running or you congure the time synchronization based on an NTP server. If the time
seings in your vSphere network change, you can edit the time zone and time synchronization seings in
the appliance.
I If the vCenter Server Appliance is using an external Platform Services Controller, you must
congure both the vCenter Server Appliance and the Platform Services Controller to use the same time
synchronization source. Otherwise, authentication with vCenter Single Sign-On might fail.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
Procedure
1 In the vCenter Server Appliance Management Interface, click Time.
2 Congure the system time zone seings.
a In the Time zone pane, click Edit.
b From the Time zone drop-down menu, select a location or time zone and click OK.
3 Congure the time synchronization seings.
a In the Time Synchronization pane, click Edit.
b From the Mode drop-down menu, congure the time synchronization method.
Option Description
Disabled
Host
NTP
c Click OK.
No time synchronization. Uses the system time zone seings.
Enables VMware Tools time synchronization. Uses VMware Tools to
synchronize the time of the appliance with the time of the ESXi host.
Enables NTP synchronization. You must enter the IP address or FQDN
of one or more NTP servers.
Change the Password and Password Expiration Settings of the Root User
When you deploy the vCenter Server Appliance, you set the initial password of the root user, which expires
after 365 days by default. For security reasons, you can change the root password, as well as the password
expiration seings.
Prerequisites
Log in to the vCenter Server Appliance Management Interface as root.
Procedure
1 In the vCenter Server Appliance Management Interface, click Administration.
2 In the Change root password pane, change the root password and click Submit.
VMware, Inc. 15
vCenter Server Appliance Configuration
3 Congure the password expiration seings for the root user.
a In the Root password expires section, set the password expiration policy.
Option Description
Yes
No
b In the Password expiry seings pane, click Submit to apply the new password expiry seings.
In the Password expires on text box, you can see the new expiration date.
The password of the root user expires after a particular number of
days. You must provide the following information:
Root password validity (days)
n
The number of days after which the password expires.
Email for expiration warning
n
The email address to which the vCenter Server Appliance sends a
warning message before the expiration date.
The password of the root user never expires.
16 VMware, Inc.
Using the vSphere Web Client to
Configure the
vCenter Server Appliance 3
After you deploy the vCenter Server Appliance, you can perform some conguration operations from the
vSphere Web Client such as joining the appliance to an Active Directory domain, managing the services that
are running in the vCenter Server Appliance, networking, and other seings.
This chapter includes the following topics:
“Join the vCenter Server Appliance to an Active Directory Domain,” on page 17
n
“Leave an Active Directory Domain,” on page 19
n
“Add a User to the SystemConguration.BashShellAdministrators Group,” on page 20
n
“Edit Access Seings to the vCenter Server Appliance,” on page 20
n
“Edit the DNS and IP Address Seings of the vCenter Server Appliance,” on page 21
n
“Edit the Firewall Seings of the vCenter Server Appliance,” on page 23
n
“Edit the Startup Seings of a Service,” on page 24
n
“Start, Stop, or Restart Services in the vCenter Server Appliance,” on page 24
n
“View the Health Status of Services and Nodes,” on page 25
n
“Edit the Seings of Services,” on page 25
n
“Export a Support Bundle,” on page 26
n
“Redirect vCenter Server Appliance Log Files to Another Machine,” on page 27
n
Join the vCenter Server Appliance to an Active Directory Domain
You can join a Platform Services Controller appliance or a vCenter Server Appliance with an embedded
Platform Services Controller to an Active Directory domain and aach the users and groups from this Active
Directory domain to your vCenter Single Sign-On domain.
I Joining a Platform Services Controller appliance or a vCenter Server Appliance with an
embedded Platform Services Controller to an Active Directory domain with a read-only domain controller
(RODC) is unsupported. You can join a Platform Services Controller or a vCenter Server Appliance with an
embedded Platform Services Controller only to an Active Directory domain with a writable domain
controller.
If you want to congure permissions for users and groups from an Active Directory domain to access the
vCenter Server components, you must join its associated embedded or external Platform Services Controller
instance to the Active Directory domain.
VMware, Inc.
17
vCenter Server Appliance Configuration
For example, to enable an Active Directory user to log in to the vCenter Server instance in a
vCenter Server Appliance with an embedded Platform Services Controller by using the vSphere Web Client
with Windows session authentication (SSPI), you must join the vCenter Server Appliance to the Active
Directory domain and assign the Administrator role to this user. To enable an Active Directory user to log in
to a vCenter Server instance that uses an external Platform Services Controller appliance by using the
vSphere Web Client with SSPI, you must join the Platform Services Controller appliance to the Active
Directory domain and assign the Administrator role to this user.
N If you want to enable an Active Directory user to log in to a vCenter Server instance by using the
vSphere Client with SSPI, you must join the vCenter Server instance to the Active Directory domain. For
information about joining a vCenter Server Appliance with an external Platform Services Controller to an
Active Directory domain, see the VMware knowledge base article at hp://kb.vmware.com/kb/2118543.
Prerequisites
Verify that the user name you use to log in to the vCenter Server instance in the vCenter Server Appliance is
a member of the SystemConguration.Administrators group in vCenter Single Sign-On.
Procedure
1 Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance
in the vCenter Server Appliance.
The address is of the type hp://appliance-IP-address-or-FQDN/vsphere-client.
2 Under Deployment, click System .
3 Under System Conguration, click Nodes.
4 Under Nodes, select a node and click the Manage tab.
5 Under Advanced, select Active Directory, and click Join.
6 Enter the Active Directory details.
Option Description
Domain
Organizational unit
User name
Password
Active Directory domain name, for example, mydomain.com. Do not
provide an IP address in this eld.
Optional. The canonical name of the organizational unit, for example,
mydomain.com/MyOrganizationalUnit/mycomputer.
I Use this eld only if you are familiar with LDAP.
User name in User Principal Name (UPN) format, for example,
jchin@mydomain.com.
I Down-level login name format, for example,
DOMAIN\UserName, is unsupported.
Password of the user.
7 Click OK to join the vCenter Server Appliance to the Active Directory domain.
The operation silently succeeds and you can see that the Join buon turned to Leave.
8 Right-click the node you edited and select Reboot to restart the appliance so that the changes are
applied.
I If you do not restart the appliance, you might encounter problems when using the
vSphere Web Client.
9 Navigate to Administration > Single Sign-On > .
10 On the Identity Sources tab, click the Add Identity Source icon.
18 VMware, Inc.
Loading...