VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION User's Guide

VMware vCenter Configuration Manager Installationand Getting Started GuidevCenter Configuration Manager 5.4This document supports the version of each

vCenter Configuration Manager Installation and Getting Started Guide10 VMware, Inc.

Use the following steps to install the Agent.1. Verify that the machine on which you intend to install the agent has enough free disk space. For morei

inflating: CSIInstall/scripts/AltSource_ftp.shinflating: CSIInstall/scripts/AltSource_rcp.shinflating: CSIInstall/scripts/AltSource_sftp.shinflating:

Installation Options with DefaultValuesDescriptionCSI_CREATE_USER=YRecommend keeping default value.The user is being created. This value indicates whe

Installation Options with DefaultValuesDescriptionCSI_CREATE_LOCAL_SERVICE=YRecommend keeping default value.Setting CSI_CREATE_LOCAL_SERVICE to Y allo

values specified in csi.config without prompting for input. To run the installation in silentmode, enter:# ./CSIInstall/InstallCMAgent -sYou might use

drwxr-x--- 3 root cfgsoft 4096 Jul 2 17:34 Agentdrwxr-x--- 3 root cfgsoft 4096 Jul 2 17:34 CFC-rw-rw---- 1 root cfgsoft 49993 Jul 2 17:34 CSIRegistry-

1. (Optional) Copy csi.config, the file that contains all of the custom configuration settings, to a safelocation. (This file can be found in <path

instead of the default collection options, and then select the UNIX Patch Assessment filter set. For moreinformation, see the "UNIX Patch Assessm

Note that several other UNIX Dashboards are also available. Take time to familiarize yourself with theremainder of the UNIX Dashboards. UNIX Collectio

When you select the node, you see a Summary Report as displayed above of the data type that youselected. Click View data grid to go directly to the da

About This BookAbout This BookThe VMware vCenter Configuration Manager Installation and Getting Started Guide describes the stepsnecessary for a succe

Like Dashboards, Reports are run real time against the current data available in the CMDB for themachines in the active machine group, and therefore t

Adding Mac OS X MachinesBefore you can collect data from your Mac OS X machines, they must be displayed in the Available UNIXMachines list located in

4. Enter the Machine and the Domain, and then select DNS for Type. For Machine Type, select theappropriate operating system. Modify the port number if

5. Click Next. The Product License Details page appears.6. The licensed machine count has increased by the number of machines that you have selected t

4. Use chmod u+x <filename> to change the permissions on the agent binary file.5. In the directory where you copied the file, execute the agent

Installation Options with DefaultValuesDescription• +H means only for HP-UX• +L means only for Linux• +D means only for Darwin (Mac OS X)• + means for

Installation Options with DefaultValuesDescriptionCSI_REFRESH_INETD=YKeep default value only if you arerunning your agent as inetd. If youare running

mode, enter:# ./CSIInstall/InstallCMAgent -sYou might use this method if you have manually edited the csi.config file, if you havemodified the csi.con

drwxr-x--- 3 root cfgsoft 4096 Jul 2 17:34 Agentdrwxr-x--- 3 root cfgsoft 4096 Jul 2 17:34 CFC-rw-rw---- 1 root cfgsoft 49993 Jul 2 17:34 CSIRegistry-

NOTE Consider these points when uninstalling an Agent:• The uninstall reverses all changes made by installation, however the installation log files ar

Technical Support and Education ResourcesThe following technical support resources are available to you. To access the current version of this bookand

The data classes and filters for Mac OS X include the following:nMachines > GeneralnFile System > File StructurenSystem Logs > syslog eventsn

4. The Data Types dialog box appears. Select the Select All check box, then confirm that the Use defaultfilters option button is also selected. Click

When you select the node, you see a Summary Report as displayed above of the data type that youselected. Click View data grid to go directly to the da

ReportsAn alternate way to view your collected Mac OS X data is by running VCM Reports or creating your owncustom reports using VCM ’s reporting wizar

To get started with VCM for Oracle, follow these steps:1. Add UNIX machines hosting Oracle and install the Agent.2. Discover Oracle Instances.3. Creat

1. In Administration > Machines Manager > Additional Components > VCM for Oracle, click Add.The Add Oracle Instances wizard opens.2. Select t

nMachine NamenOracle Home (Collected)nOracle Home (Override)nOracle SIDnOracle Software Owner (Override)nOracle Software Owner (Override)nOracle User3

3. On the Files Wizard page, select the InstallOracleCollectionUserAccount.sh file.4. Run the job as root. If desired, select the option of storing re

f. If the option was chosen to store results in a local directory, the job status (success or failure)will be returned here.1 After the Oracle OS-auth

chmod o+rx $ORACLE_HOME/nlschmod o+rx $ORACLE_HOME/nls/datachmod o+r $ORACLE_HOME/nls/data/lx1boot.nlbchmod o+r $ORACLE_HOME/nls/data/*chmod o+rx $ORA

Preparing for Installation1Preparing for InstallationUse this information to help you prepare to install VCM components and tools in your enterprise.n

For Oracle 9i Online Documentation, see:(http://www.oracle.com/pls/db92/db92.docindex?remark=homepage)For Oracle 10g Online Documentation, see:(http:/

How to Set Up and Use VCM AuditingThe VCM Auditing capability tracks all changes in the security aspects of VCM. Security-related events arewritten to

vCenter Configuration Manager Installation and Getting Started Guide132 VMware, Inc.

Getting Started with VCM for Virtualization7Getting Started with VCM for VirtualizationVCM collects virtualization configuration information for virtu

Figure 1. Virtual Environments Configuration DiagramESX/ESXi Server CollectionsWhen collecting from ESX and ESXi servers, you must configure at least

vCenter Server CollectionsWhen collecting data from vCenter Server, you must license the Windows machine running the vCenterServer and install a VCM A

Procedure1. Select Administration > Machines Manager > Licensed Machines > Licensed Windows Machines.2. Select the vCenter Server machines an

Procedure1. Download and install the appropriate version of PowerShell 2.0 included in the Windows ManagementFramework.2. Reboot the vCenter Server ma

Troubleshooting vCenter Server Data CollectionsIf you encounter problems with vCenter collections, review the troubleshooting options.vCenter Data Mis

Procedure1. Determine if the Collector is licensed by selecting Administration > Machines Manager > AvailableMachines > Available Windows Mac

Use Installation ManagerUse Installation Manager to perform new installations as well as upgrades. Installation Manager provides ahighly simplified pr

PrerequisitesnVerify that at least one Agent Proxy machine is configured. See "Configure the Collector as an AgentProxy" on page 138.nLicens

Option DescriptionnIgnore untrusted SSL Certificate: Connection allowed even whencertificates are not verified as trusted.4. On the Important page, re

Option DescriptionServers passes the SSH and Web Services user information to the target machines.Configure ESXiServers Passes the Web Services to th

You can monitor the collection job in Job Manager. When the collection is completed, the data is availablefor reports and compliance assessments.What

PrerequsitesnVerify you are using VMware vCenter 4 Server.nVerify the VMware vSphere Client is installed.nVerify the VMware Tools are installed on the

Procedure1. Select Administration > Settings > Integrated Products > VMware > vSphere Client VCM Plug-In.2. Select the setting you want to

PrerequisitesUnregister the previous version of the vSphere Client VCM Plug-In. See "Unregister the Previous Versionof the vSphere Client VCM Plu

HTTPS/SSL Is Not Configured on the CollectorIf the VCM Summary and VCM Actions tabs are not displayed, the settings are improperly configured.ProblemI

vCenter Configuration Manager Installation and Getting Started Guide148 VMware, Inc.

Getting Started with VCM Remote8Getting Started with VCM RemoteGetting Started with VCM RemoteMany workstations come and go from the network. This tra

Understand Tools InstallationSeveral tools are installed with automatically VCM. These tools include:nFoundation CheckernImport/Export Tool and Conten

Before Collecting Remote DataBegin using VCM Remote by following the steps outlined below. For more information, click any step tojump to the related

The VCM Remote Client can be installed using any of several methods, including a manual installation(provided below), "Installing the Remote Clie

4. Accept the default installation location, or click Change to enter a different location. Click Next.5. Type the name of the Collector machine and t

7. Configure or select one of the following certificate options:nIf you copied the VCM-generated Enterprise certificate to the CM Remote Client, to lo

msiexec.exe /qn /i "[path]\cm remote client.msi" COLLECTOR="YourCollectorName"PATHTOASP="VCMRemote/ecmremotehttp.asp" IN

1. On your VCM Collector, copy ...\VMware\VCM\AgentFiles\CM Remote Client.msito...\VMware\VCM\WebConsole\L1033\Files\Remote_Command_Files.2. On your V

sAddRemove = 1 'Whether or not VCM remote should appear in the Add/Removeprograms List, should be 0 = hide, 1 = showsMSIPackageName = "CM Re

sVirDir = Trim(sVirDir)End IfIf sInstallDir = "" ThensInstallDir = "c:\vcm remote client"ElsesInstallDir = Trim(sInstallDir)End If

nRun Action now: This option immediately installs VCM Remote Client on the target machines.nSchedule the Action to run later: This option allows you t

1. In VCM, click Administration > Settings > General Settings > VCM Remote. The default selection forthe Broadband, Dialup, and LAN collectio

The Local System account named NT AUTHORITY\System has unrestricted access to all local systemresources. This account is a member of the Windows Admin

vCenter Configuration Manager Installation and Getting Started Guide160 VMware, Inc.

Getting Started with VCM Patching9Getting Started with VCM PatchingVCM Patching for Windows and UNIX/LinuxVCM Patching is the VCM patch assessment, de

VCM Patching for UNIX/LinuxVCM Patching for UNIX/Linux provides several features that help you deploy patches to remediateUNIX/Linux machines:nBulleti

Getting Started with VCM PatchingVMware, Inc. 163

vCenter Configuration Manager Installation and Getting Started Guide164 VMware, Inc.

10Getting Started with VCM PatchingYou can use VCM Patching to assess the state of managed Windows and UNIX/Linux machines anddeploy patches to those

VCM displays a dialog box communicating the status of your request. Follow the prompts to updateyour bulletins, force an update to the bulletins, or c

6. Review all of the bulletins to include in the assessment template.7. To create a template that includes all of the bulletins for patches to deploy,

select Enable/Disable Summary to enable the Summary view, and click the template node again.The Summary view displays a graph of the patch status for

12. Click Next to either schedule the deploy job or to instruct VCM Patching to execute the jobimmediately.13. On the Reboot Options page, select to n

To be valid, a Collector certificate must be:nLocated in the local machine personal certificate store.nValid for Server Authentication. If any Enhance

PrerequisitePlace patch bulletin files on the local machine to load the bulletin updates from a local file.Procedure1. Select Patching > UNIX/Linux

nThe VCM Agent must be installed on the machine.nThe machine must be licensed for VCM Patching.nIf you choose Filters in the following procedure, you

Procedure1. Select Patching > UNIX/Linux Platform > Assessment Results > All Bulletins to display the patchstatus of all of the machines that

Machine Group MappingWhen you define an alternate patch location for a particular machine group, you must select that machinegroup in VCM before you d

9. On the Patch Deployment Schedule page, set the timing for the patch deployment job.10. On the Reboot Options page, select the options to reboot the

Customize Your Environment for VCM PatchingPerform routine maintenance on your VCM configuration management database to fine-tune the visibilityof con

vCenter Configuration Manager Installation and Getting Started Guide176 VMware, Inc.

Getting Started with Operating System Pro-visioning11Getting Started with Operating SystemProvisioningOperating system (OS) provisioning is the proces

Provision Machines WorkflowThe process of provisioning operating systems to target machines includes the following general tasks,underlying actions, a

5. Reboot the target machines. As each machine requests an IP address from the DHCP server and thenrequests a PXE boot, OS Provisioning Server checks

nThe Collector Certificate is used to initiate and secure a TLS communication channel with an HTTPAgent. The Agent must be able to establish that the

Alternately, you can manually add machines to the list rather than use the OS Provisioning Serverdiscovery process. To manually add machines, select A

8. (Optional) (Available only for Windows, Red Hat, and SUSE Linux Enterprise Server) On the Post-install Script page, type a Script Name and the scri

Change Agent CommunicationThe VCM Agent is installed by the OS Provisioning Server with default settings. After the machine isprovisioned, you can cha

NOTE Static IP addressing is recommended when deploying ESX or ESXi hosts. If DHCP is used, theESX or ESXi machine’s host name will be set to localhos

vCenter Configuration Manager Installation and Getting Started Guide184 VMware, Inc.

Getting Started with Software Provisioning12Getting Started with Software ProvisioningIntroduction to VCM Software ProvisioningSoftware provisioning i

Software Provisioning Component RelationshipsThe following diagram displays the general relationship between Package Studio, repositories, andPackage

nSoftware Repository for Windows: Installed on at least one Windows machine in your environment,and installed on the same machine with Package Studio.

PrerequisitesnTo uninstall the application, you must use the same version of the Repository.msi that was used toinstall the application.Procedure1. Co

PrerequisitesnTarget machine meets the supported hardware requirements, operating system, and softwarerequirements. See VCM Hardware and Software Requ

For more information about Installing the Agent on UNIX/Linux Machines and UNIX/Linux packages andplatforms, refer to section Installing the VCM Agent

Install Package Manager on Managed MachinesThe Package Manager is automatically installed on target machines when the 5.3 VCM Agent or later isinstall

Creating PackagesA software package provides the files and metadata necessary to install and remove programs. One of themost useful features of a pack

a. Click Add Platforms to add a platform.b. Select a platform, and then click Add Sections.c. Select a section, and then click Publish Package.d. Sele

nYou have created software provisioning packages using VMware vCenter Configuration ManagerPackage Studio and published the packages to the repositori

8. Review the information, resolve any conflicts, and then click Finish. You can monitor the process inthe Jobs Manager. See "Viewing Provisionin

Install PackagesThe process of installing packages includes identifying and processing dependencies and conflicts, runningany specified prescripts, ru

Related Software Provisioning ActionsYou can use the following management options in VCM when working with software provisioning:nJob Manager: Display

In this example the Compliance rule checks whether the source, where platform=Any and section=Release,was added to selected Package Managers as a sour

In this example, you want to determine if a software application named XSoftware is correctly installed. Ifthe software is installed correctly, a serv

21. Select one of the following Security Options:This option determines if a package is installed or removed based on the state of the signature. Sele

CopyrightYou can find the most up-to-date technical documentation on the VMware Web site at:http://www.vmware.com/support/The VMware Web site also pro

Cryptography used in VCM Software ComponentsVCM uses various software components that also use cryptography. Microsoft IIS, Internet Explorer, andSCha

vCenter Configuration Manager Installation and Getting Started Guide200 VMware, Inc.

Getting Started with VCM ManagementExtensions for Assets13Getting Started with VCM ManagementExtensions for AssetsGetting Started with VCM Management

3. Consider whether the fields are listed in the order in which you want them to appear in the Console. Ifnot, click Column Order in the data grid vie

2. Click VCM Devices or Other Devices, depending on the type of field you want to delete.3. If you are editing an existing field, select the field, an

1. Click Administration > Settings > Asset Extension Settings > Hardware Configuration Items.2. Click VCM Devices or Other Devices, depending

5. If you have defined this field as a lookup, the wizard prompts you to define or edit the lookup values.Enter the required information, and then cli

4. Select the fields to edit, and then click Next.5. Enter a value for each of the fields displayed, and then click Next.6. Confirm your change, and t

NOTE If you want to change only the values for that device, and not the device name or descriptionitself, click Edit Values, instead of Edit. The Edit

1. Select the record, and then click Delete.2. Click OK to confirm your deletion. VCMMXA deletes the requested record from the SoftwareConfiguration I

Getting Started with VCM Service DeskIntegration14Getting Started with VCM Service DeskIntegrationGetting Started with Service Desk IntegrationVCM Ser

Installing VCM2Installing VCMUse Installation Manager to install VCM and all of its components and tools.To install only the VCM tools, follow the ins

Service Desk Integration in Job ManagerWhen VCM Service Desk Integration is licensed and activated, it suspends any requested change to aVCM-managed m

NOTE Jobs for VCM Patching-managed machines appear in the Patching Job Manager, not the VCM JobManager. Locate these jobs at: Patching > Administra

vCenter Configuration Manager Installation and Getting Started Guide212 VMware, Inc.

Getting Started with VCM for Active Direc-tory15Getting Started with VCM for ActiveDirectoryVCM for Active Directory (AD) collects AD objects across D

Confirming the Presence of DomainsPrior to setting up VCM for Active Directory, you must confirm that all fully-qualified DNS Domains thatyou want to

Adding and Assigning Network Authority AccountsBefore you can perform any type of action (Discovery, Collection, and so forth), the Collector must gai

4. Select By Browse List, then click Next. The Discovery Filters page appears.5. Select Only discover machines in the Browse List that match these cri

Verifying Domain Controller Machines in Available MachinesOnce your Domain Controller discovery is completed, verify that your Domain Controllers are

9. Verify the method used for communication. The default communication method is DCOM. For mostVCM for Active Directory configurations, the default va

4. Click the Tools tab.5. In the Tool Name list, select Disable UAC.6. Click Launch. A Command window displays the running action. When the command is

1. Select one of these options:nRun Installation Manager. Starts Installation Manager and begins the installation.nView Help. Displays the Installatio

7. On the Domains/OUs tab, select the domain/OU to which the target machines belong, and then clickOK.8. On the Select Group Policy Object dialog box,

IMPORTANT Click Administration > Job Manager > History > Instant Collections > Past 24 Hours toverify that all jobs have completed before

NOTE VCM for AD will operate with only a single domain controller configured with VCM for AD asboth the FDS/RDS (Forest Data Source/Replication Data S

6. Upon completing the Setup DCs action, a collection will be submitted to the selected DCs. Forestinformation will be displayed in the Administration

3. Select a Forest Data Source (FDS) for each Forest to be managed in VCM for Active Directory, andthen click Next. The Select the Replication Data So

Performing an Active Directory Data CollectionYou are now ready to perform your first collection of Active Directory objects using the same collection

NOTE The delta collection feature makes subsequent collections run faster and more efficiently thanthe initial collection. For the initial collection,

11. Expand the Enterprise tree, and then select an AD Location.12. Click OK, to close the page.13. On the Location page, click Next.14. Click Finish.I

Note that several other Active Directory Dashboards are available. Take time to familiarize yourself withthe remainder of the VCM for AD Dashboards.Ac

NOTE The default view is the Summary Report. At any time, however, you may switch the default viewto go directly to the data grid by using the Enable/

Installing and Configuring the OS Pro-visioning Server and Components3Installing and Configuring the OSProvisioning Server and ComponentsThe Operating

Active Directory ReportsAn alternative way to view your collected AD data is by running VCM Reports or creating your owncustom reports using VCM’s rep

Accessing Additional Compliance Content16Accessing Additional Compliance ContentVMware provides several additional VCM Compliance Content Packages rel

If the particular Content Package(s) you have imported contains filter sets, they will appear underAdministration > Collection Filters > Filter

Installing and Getting Started with VCMTools17Installing and Getting Started with VCMToolsSeveral VCM components and tools were automatically installe

The VCM tool or tools are now installed on this machine. Proceed to the following sections in this chapterto get started using the tools.NOTE The VCM

IMPORTANT Use of the CLI should be restricted to advanced users who exercise caution when testing outtheir scripts.Import/Export and CW were automatic

NOTE VMware recommends that you refer to Import/Export Help to gain a thorough understanding ofthe logging of Content that is not imported by Import/E

Maintaining VCM After Installation18Maintaining VCM After InstallationAfter you have performed the initial setup and familiarized yourself with VCM an

In addition to several general global settings, these components have specific settings that should beconsidered if you licensed the component.nAsset

Configure Database File GrowthAfter VCM is installed, the installer creates a single 2GB data file and a 1GB log file. As data is added toVCM through

Procedure1. Mount the VCM-OS-Provisioning-Server-<version number>.iso by either attaching to the media imageor mounting the image.When mounting

Configure Database Recovery SettingsSQL Server supports these recovery models, which you can set differently for each database:nSimple. In Simple reco

2. Open the Management folder, right-click Maintenance Plans and select Maintenance Plan Wizard.3. Click Next. The Select Plan Properties page appears

4. Enter a maintenance plan name, select Single schedule for the entire plan or no schedule, and clickChange.5. In the Job Schedule Properties - Maint

7. On the Select Maintenance Tasks page, select the maintenance tasks to be performed, including CheckDatabase Integrity, Rebuild Index, Update Statis

9. On the Define Database Check Integrity Task page, click the Databases drop down menu and select theCSI_Domain, VCM, VCM_Coll, VCM_Raw, and VCM_UNIX

10. On the Define Rebuild Index Task page, specify how the Maintenance Plan should rebuild the Index.Click the Databases drop down menu, select the CS

11. On the Define Update Statistics Task page, specify how the Maintenance Plan should update thedatabase statistics. Click the Databases drop down me

13. On the Select Report Options page, select Write a report to a text file, specify the folder location tosave a record of the maintenance plan actio

15. When the Maintenance Plan Wizard completes, verify that the actions were successful.16. To view, save, copy, or send the report, click Report and

Troubleshooting Problems with VCMATroubleshooting Problems with VCMThis chapter provides important information that will help you troubleshoot issues

# su - fsrepo[fsrepo@<machine name>~]$ create-repository11. When the action completes, run the [fsrepo@<machine name>~]$ exit command.If n

oSupport for additional UNIX platforms was added in 5.1, along with the automateddistribution of bulletin information to Agent machines.nThe process o

1. Open a command prompt.2. Navigate to the C:\Program Files (x86)\VMware\VCM\AgentData\protected directory, anddelete these files: ECMv.csi.pds and E

1. Log into VCM and select Administration > Settings > General Settings > Database.2. In the Database settings, click to highlight the settin

Index%%Systemroot% environment variable 79AAbout Patching 161about this book 11access by user 61accessingcompliance content 231accountapplication serv

collection resultsAD 227Oracle 129Remote 159UNIX/Linux 107virtualization 143collection scriptscustom for WCI 93collection user accountcreating, Config

collection resultsOracle 129UNIX/Linux 107virtualization 143Windows 84imported content 231Remote collection results 159Ffilter setsimported content 23

collection 119collection results 121licensing 112maintenanceafter installation 237backup/disaster recovery plan 248configure database file growth 239c

assets 208Oracle 129Service Desk 211registeringvSphere Client Plug-in 59, 143, 145remediationcompliance rulesoftware provisioning 197Remotecollection

check for Windows 165updatingIIS settings 251virtual directory 251upgrading 45agent 53agent proxy 57agent proxy manually 58automatic 54failed, trouble

Whether you use a private provisioning network or a shared network you can use either the OSProvisioning Server DHCP server or a separate DHCP server;

3. On the corporate DHCP server, update the dhcpd.conf file with the following options:allow bootp;allow booting;next-server <IP address of the OS

[Thu Jul 22 08:57:08 IST 2010] UNINSTALL-ME: Command : /sbin/service FastScalestopShutting down FSnetfs: [ OK ]Shutting down FSsyslog: [ OK ]Shutting

Option DescriptionProvisioningServerPublic IP><OSProvisioningServerPrivate IP>OS Provisioning Server's Private Interface IP Address. The

ContentsUpdated Information 9About This Book 11Preparing for Installation 13Use Installation Manager 14Understand Installation Configurations 14Unders

For example, # cp -R /media/cdrom/Win2003-R2-SP2-Standard /tmp/Win2003-R2-SP2-Standard3. Replace the first CD with the second CD and type:# cp -R /med

8. The script runs as follows with a specific example:Importing data into repository...Importing source data...No recipes are accessible.Adding new re

7. The script runs as follows:Importing data into repository...Importing source data...No recipes are accessible.Adding new recipe ESX4.0ulBasicRecipe

nAll private keys are RSA keys.nCertificates are created or obtained, and copied to the required locations using industry best practices.nOn the VCM C

; The hash can be obtained with the command: openssl x509 -noout -incert.pem -hashCApath = /opt/FastScale/var/certsclient = noforeground = nooutput =

Procedure1. Place the VCM Stunnel certificate in[C:]\Program Files (x86)\VMware\VCM\Tools\sTunnel\certs\vcm_stunnel_cert.pem.2. Place the VCM Stunnel

;; verify = level;; level 1 - verify peer certificate if present;; level 2 - verify peer certificate;; level 3 - verify peer with locally installed ce

Procedure1. From the VCM Collector, start Internet Explorer and go to http://localhost:21307/.If the connection is properly configured, the following

Procedure1. Log in as the fsrepo user.# su - fsrepo2. Run the backup command to backup the repository files to /temp/fs-backup.[fsrepo@localhost~]$ mk

[fsrepo@localhost~]$ db2 CONNECT RESET;[fsrepo@localhost~]$ db2 RESTORE DATABASE FSREPO FROM /tmp/fs-backup TAKEN AT<timestamp> WITH 2 BUFFERS B

vCenter Configuration Manager Installation and Getting Started GuideUpgrade and Migration Scenarios 45Prerequisites 46Back up Your Databases 47Back up

key = /opt/FastScale/var/certs/private/service.key; Either CAfile or CAPath, but not both, should be defined; CAfile = /opt/FastScale/var/certs/ca-cer

PrerequisitesnBefore placing the VCM Stunnel certificate and the VCM Stunnel private key, you must ensure thefiles are secured according to your corpo

;; cert (the first 4 bytes of the MD5 hash in least significant byte order).;; The hash can be obtained with the command: openssl x509 -noout -in cert

PrerequisitesnConfigure Stunnel on the OS Provisioning Server as described in "Configure Stunnel on the OSProvisioning Server " on page 39.n

vCenter Configuration Manager Installation and Getting Started Guide44 VMware, Inc.

Upgrading or Migrating vCenter Con-figuration Manager4Upgrading or Migrating vCenterConfiguration ManagerWhen you migrate vCenter Configuration Manage

PrerequisitesVCM 5.4 now supports 64-bit environments only, which include 64-bit hardware, a 64-bit operatingsystem, and SQL Server 2008 R2. If you mi

Back up Your DatabasesBack up all of the databases used in your configuration. Depending on which version you migrate, thedatabase names differ slight

Migration ProcessYou can migrate these environments to support VCM 5.4:n"Migrate a 32-bit environment running VCM 5.3 or earlier to VCM 5.4"

Replace your existing 32-Bit Environment with the Supported 64-bitEnvironmentA 32-bit environment must be functional before you migrate to VCM 5.4. Be

ContentsGetting Started with VCM for Mac OS X 110Adding Mac OS X Machines 111Licensing Mac OS X Machines 112Installing the Agent on Mac OS X Machines

Migrate a 32-bit environment running VCM 5.3 or earlier to VCM 5.4Your 32-bit environment must be functional before you migrate to VCM 5.4.CAUTION Bef

For information about the sp_changedbowner stored procedure, see SQL Server 2008 R2 Books Online.Migrate a 64-bit environment running VCM 5.3 or earli

11. During the installation, do not select SSL unless your machine is already configured for SSL.12. After the upgrade completes, copy the contents of

To upgrade to VCM 5.4:1. Upgrade the operating system to Windows Server 2008 R2.2. Uninstall the 32-bit version of SQLServer Reporting Services (SSRS

nWill fail for any machine on which an Agent does not already exist.nWill use an Agent's current settings. For example, if the Agent uses DCOM, t

Platforms Not Supported for Upgrade to 5.4 AgentInstalling or upgrading on the following platforms is supported only to the 5.1.3 UNIX Agent. You cani

To Upgrade the UNIX Agent(s) with a Remote PackageThis method sends the upgrade package with the remote command to execute on the UNIX machine. Thefol

CAUTION When upgrading VCM for Virtualization, take the following precautions:Do not change the password for the CSI Communication Proxy service. Doin

7. Click Next. The Important page appears. Review the contents, click Back to make any necessaryalterations.8. Click Finish. The Agent Proxy is upgrad

6. The installer proceeds with the installation. When the VCM Windows Agent has been successfullyinstalled, click Finish.7. Copy the following executa

vCenter Configuration Manager Installation and Getting Started GuideRunning VCM Patching Reports 174Customize Your Environment for VCM Patching 175Get

Procedure1. Go to https://vCenter machine name/mob/?moid=ExtensionManager.vCenter machine name represents the name of your vCenter Server 4.0 instance

Getting Started with VCM Componentsand Tools5Getting Started with VCM Components andToolsThis chapter covers global getting started procedures for VCM

All VCM user accounts must have the following rights on the VCM Collector machine:nAbility to log on locally to access IIS.nRead access to the System3

2. Depending on your browser security settings, you may have to supply your user network credentials.3. (Optional) Select Automatically log on using t

General Information BarThe general information bar displays the VCM Collector’s (active SQL Server) name, your VCM username and active Role, and these

The Copy button is used to copy information from the selected rows in the data gridto the clipboard.The Copy link to clipboard button is used to copy

Select: If you want to:nView Active Directory Group Policy Container Settings.nView information about Active Directory Domains, DCs, and Trusts.nTrack

Where to Go NextYou are now ready to proceed to Getting Started with VCM to start using VCM and all of its componentsand tools.After you have complete

vCenter Configuration Manager Installation and Getting Started Guide68 VMware, Inc.

Getting Started with VCM6Getting Started with VCMBefore you can begin using VCM to manage the machines in your enterprise, you must complete thefollow

ContentsMaking VCM Aware of Domain Controllers 213Confirming the Presence of Domains 214Adding and Assigning Network Authority Accounts 215Discovering

If the Windows machines that you want to manage belongs to a domain that is not shown in this list, thenyou must add that domain manually. Click Add,

1. Click Administration > Settings > Network Authority > Available Accounts.2. If you need to add a new account, click Add and follow the pro

The following procedure illustrates how to assign Network Authority to accounts by NetBios domain.However, you can also assign Network Authority by Ac

Your initial discovery can take anywhere from one afternoon to a couple of days, depending on the size ofyour network. You may not have a 100% success

3. Type a Name and Description for this new Discovery Rule, then click Next. The Discovery Methodpage appears.4. If you have Active Directory in your

8. Create the filter. For more specific filtering of machines for discovery and other advanced features,refer to the online Help. Click Next. The Impo

VCM requires that you specify the machines you want to manage. Remember, the number of licenses youhave purchased may not match the number of machines

4. Leave the Install VCM Agents for the selected machines box unchecked during your first pass atlicensing machines. Once you have more experience lic

3. Click Install and follow the prompts.NOTE To use advanced options such as HTTP communication for your agent, or to deploy the agentfrom an alternat

1. On your Collector, navigate to the Agent files directory at:C:\Program Files (x86)\VMware\VCM\AgentFiles2. Locate the CMAgentInstall.exe file, and

vCenter Configuration Manager Installation and Getting Started Guide8 VMware, Inc.

NOTE For Vista, Windows7, and Windows 2008 only: If you set compatibility mode on any Agentexecutables to a prior version of Windows, the operating sy

nPORTNUMBER: Installs the Windows Agent on the port number specified, using HTTP instead ofDCOM. For HTTP installs, where PORTNUMBER is set, you must

8. Restart the machine to apply the changes.9. Install the Agent as specified in Licensing and Deploying the VCM Agent.10. After installing the Agent

Performing an Initial CollectionYou are now ready to collect data. VMware recommends using the default filter set, which collects ageneral view of the

5. For initial collections, there should be no conflicts with previously scheduled or running jobscontaining the same data types. Click Finish.6. Veri

1. Begin by looking at the Windows Operating Systems Dashboard under Console > Dashboards >Windows > Operating Systems.2. Note that several o

4. When you select the node, you will see a Summary Report as displayed above of the data class thatyou selected. Click View Data Grid to go directly

TIP The default view is the Summary Report; however, at any time you may switch the defaultview to go directly to the data grid by using the ’Enable/D

Getting Started Collecting Windows Custom InformationAs a System Administrator, you can extend the data that VCM can collect by using a script, which

nYou must obtain or write a PowerShell script that will return data in a VCM-compatible element-normal XML format.nThe VCM agent (for VCM 5.3 or later

Updated InformationUpdated InformationVCM Installation and Getting Started Guide is updated with each release of the product or when necessary.This ta

11. Click Next and then Finish.12. Run a collection using your new collection filter.13. Ensure the job completes.14. View data in the Custom Informat

The Job History Machine Detail view displays a single row for each WCI filter included in the collectionjob. These rows provide information about the

Executing PowerShell ScriptsPowerShell contains built-in policies, which limit its use as an attack vector. The primary policy is for scriptexecution.

For additional information about Windows PowerShell and signing scripts, see:nScripting with Windows PowerShell: http://technet.microsoft.com/en-us/sc

nThe default WCI filter returns PowerShell version information from VCM-managed machines.nDo not include any formatting white space. For example, do n

The <schtasks> top-level name is an arbitrary name picked to distinguish the results of this script fromothers. A couple of additional challenge

the task name is used as the element name for task rows, but the “increment” option is selected forduplicate handling when creating a collection filte

Discover, License, and Install UNIX/Linux MachinesThe following steps must be performed before collecting data from UNIX/Linux machines:1. Add UNIX/Li

3. Select Basic, and then click Next. The Manually Add Machines - Basic page appears.NOTE When you expand your UNIX/Linux collections to a broader set

NOTE Remember, discovered machines with an indeterminate Machine Type will not be licensed ifthey are included in your selection.2. Select the machine