VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION Guide de l'utilisateur

VMware vCenter Configuration ManagerInstallation and Getting Started GuidevCenter Configuration Manager 5.4.1This document supports the version of eac

Technical Support and Education ResourcesThe following technical support resources are available to you. To access the current version of this bookand

###########################################################################-##function ToCMBase64String([string]$input_string){return [string]("c

if (([string]$cols[$j]).toupper() -eq "HOSTNAME"){$hostcol = $j++}else{if (([string]$cols[$j]).toupper() -eq "TASKNAME"){$namecol

#some operating systems will return columns multiple timesin the result setif ($task[0] -ne $firstcol){#if we did not find a TaskName column, just tag

} #end data row that is not columns repeated} #end data row} #end row loop}$clTasks += ("</Scheduled_Tasks>")write-host $clTasksWhat t

nDo not create two filters to collect data on the File Permission With Audit data type from different partsof a managed machine's file system.Col

Create Your Own WCI PowerShell Collection ScriptCreate or modify your Windows Custom Information (WCI) scripts to collect almost any data type that is

Procedure1. On your VCM Collector or managed Windows machine, open a command prompt.2. Run powershell.exe from the command line.3. Paste your script i

CAUTION Do not limit collections to deltas when you select a data type in the Collect wizard. If youlimit collections to deltas, VCM purges all existi

Procedure1. On your VCM Collector, click Collect.2. On the Collection Type page, select Machine Data and click OK.3. On the Machines page, select the

Procedure1. On your VCM Collector, click Administration.2. Select Job Manager > History > InstantCollections > Past 24 Hours.3. In the Insta

Preparing for Installation1Preparing for InstallationYou must prepare your environment before you install VCM components and tools.PrerequisitesnVerif

Procedure1. On your VCM Collector, click Console.2. Select Windows > Operating System > Custom Information.3. Select a view of the collected WCI

Troubleshooting Custom PowerShell ScriptsIf you encounter problems when you run custom PowerShell scripts, run the script as a .ps1 file andcorrect an

Procedure1. "Add UNIX/Linux Machines" on page 112Add UNIX/Linux machines to the Available UNIX Machines list to make the machines available

NOTE The Discovered Machines Import Tool (DMIT) can import many physical and virtual machines atone time into the VCM database. The tool imports machi

License UNIX/Linux MachinesLicense UNIX/Linux machines before you install the Agent and begin to manage them. You license themachines displayed in the

PrerequisitesnVerify that the machine on which you intend to install the Agent has enough free disk space. For moreinformation, see the VCM Hardware a

# ./CMAgent.<version>.SunOSUnZipSFX 5.51 of 22 May 2004, by Info-ZIP (http://www.info-zip.org).creating: CSIInstall/creating: CSIInstall/package

Option ActionSilent mode Run the # ./CSIInstall/InstallCMAgent -scommand.Install the Agent using the silent mode if youmanually edited the csi.config

drwxrwx--- 3 root cfgsoft 4096 Jul 2 17:34 ECMudrwxr-x--- 6 root cfgsoft 4096 Jul 2 17:34 installlrwxrwxrwx 1 root root 20 Jul 2 17:34 log -> /var/

Installation Options with DefaultValuesDescriptionCSI_USER_NO_LOGIN_SHELL=/bin/falseKeep the default valueIndicates the desired no-login shell value t

Installation ConfigurationsUnderstand the installation configurations, configure your hardware, and install the prerequisite software.See the VCM Hard

Installation Options with DefaultValuesDescriptionCSI_CERTIFICATE_PATH=Specifies the path to Collector Certificates. The certificates specifiedat this

Collect UNIX/Linux DataWhen the UNIX/Linux machines are licensed and the Agent is installed, you collect data from thosemachines.Collecting data from

Option DescriptionConsole Displays dashboards and reports based on collected data. You use the Console to viewdata relevant to day-to-day operations,

Add Mac OS X MachinesAdd Mac OS X machines to the Available UNIX Machines list to make the machines available for licensing.If you add a large number

What to do nextLicense the machine. See "License Mac OS X Machines" on page 124.License Mac OS X MachinesLicense Mac OS X machines before yo

nLog on to the target Mac OS X machine as root, or have sudo as root.nSelect the method you want to use to copy files to the target machines. You can

a. Run the chmod u+x csi.config command to add write file permissions if the file has only readpermissions set.b. Modify the csi.config file options b

were installed./CSI_PARENT_DIRECTORY/CMAgent is the default directory. If you changed the directory nameduring installation, modify the ls -la command

Installation Options with DefaultValuesDescriptionCSI_USER_NO_LOGIN_SHELL=/bin/falseKeep the default valueIndicates the desired no-login shell value t

Installation Options with DefaultValuesDescriptionCSI_CERTIFICATE_PATH=Specifies the path to Collector Certificates. The certificates specifiedat this

If the NT AUTHORITY\System account does not have access to the VCM installation binary files, theinstallation results in an “access denied” error. You

Collecting data from machines adds the collected machine information to the VCM database and makesthe machine data available for reporting, running co

nSecurity - Users > CurrentnSecurity - Users > InformationnSecurity - GroupsnProperties files (.plist)nSystem Logs > syslog eventsMac OS X Co

Procedure1. "Discover Oracle Instances" on page 132To discover Oracle instances, you run a collection on supported UNIX/Linux machines where

What to do nextnClick Administration and select Machines Manager > Additional Components > VCM for Oracle andverify that the discovered configur

a. Type the configuration values.Option DescriptionOracle Home File path to the location of the Oracle software for the Oracle instance (user-defined)

Procedure1. Click Administration.2. Select Machines Manager > Additional Components > VCM for Oracle.3. Click Add.4. On the Select Machines page

Create the Oracle Collection User Account with the Config User ActionYou can create an OS-authenticated Oracle collection user account on target Oracl

chmod o+rx /oracle/app/product/10.20.0chmod o+rx /oracle/app/product/10.20.0/db_13. Verify the $ORACLE_HOME environment variable is set and update the

2. On the Collection Type page, select Machine Data and click OK.3. On the Machines page, select the Solaris machines hosting the Oracle instances, se

Customize VCM for your EnvironmentCustomization of your environment is essential to fine-tune the visibility of configuration information sothat the p

Verify the VMware Application Services AccountVerify that the VMware Application Services Account is a domain user. This account has full administrati

NOTE Only users who are assigned and logged in with the Admin role can enable or disable Auditingsettings.1. To view the VCM Auditing settings, click

Getting Started with VCM for Virtualization8Getting Started with VCM for VirtualizationVCM collects virtualization configuration information for virtu

Figure 8–1. Virtual Environments Configuration DiagramESX/ESXi Server CollectionsWhen collecting from ESX and ESXi servers, you must configure at leas

vCenter Server CollectionsWhen collecting data from vCenter Server, you must license the Windows machine running the vCenterServer and install a VCM A

3. "Remove PowerShell v1.x from vCenter Servers" on page 144To collect from vCenter Servers, you must first uninstall PowerShell 1.x from th

Procedure1. On the vCenter server, go to Add/Remove Programs.2. Select Show Updates.The list displays updates associated with installed programs.3. Lo

PrerequisitesnVerify that you completed all the pre-collection prerequisites. See "Configure vCenter Server CollectionPrerequisites" on page

Configure Virtual Machine Host CollectionsTo manage your virtual machine hosts, ESX and ESXi servers, VCM uses an Agent Proxy rather thaninstalling th

Procedure1. Click Administration.2. Select Machines Manager > Available Machines > Licensed Windows Machines.3. Determine if the Collector machi

PrerequisitesnVerify that at least one Agent Proxy machine is configured. See "Configure the Collector as an AgentProxy" on page 147.nLicens

To guarantee the identity of servers and clients, TLS uses certificates that are managed by a public keyinfrastructure (PKI). A certificate is a packa

Option DescriptionnConfirm Password: Retype the password.nIgnore untrusted SSL Certificate: Connection allowed even whencertificates are not verified

7. Select a configuration option:Option DescriptionConfigure ESX 3.xServersConfigures the SSH certificate, the csiprep.py file, the csiprep.config fil

4. For ESX machines only, on the Collection Wizard Data Type page, expand the UNIX node and selectthe Machines - General data type.5. Expand the Virtu

To identify the vCloud Director virtual machines, you configure discovery rules that analyze data collectedfrom the vCloud Director REST API and use t

nVCM is located in the vApp with the virtual machines that it is managing.nThe vApp has a direct connection to the org network.nThe vApp has a direct

In a NATmapped network environment, your best practice is to install the Agent on the vApp templatemachines. You must manually install the Agent with

What to do nextCreate and run a collection filter for each vCloud Director instance. See "Create vCloud Director DataCollection Filters" on

You cannot modify any values.6. On the Windows Custom Information Filter page, configure the script with your vCloud Directorinformation and click Nex

Collect vCloud Director DataYou collect the vCloud Director data using the collection filters configured for each vCloud Directorinstance. You must ru

Procedure1. Click Administration.2. Select Machines Manager > Discovery Rules.3. On the data grid toolbar, click Add.4. On the Discovery Rules page

The CMAgentInstall.exe or CMAgent[version].msi is the manual Agent installer program. Themanual installer requests the location of the Enterprise Cert

Option Descriptionthe virtual machines do not use NAT, you can use HTTP or DCOM.HTTPPort If you selected the HTTP protocol, you must specify the port

Option DescriptionvDC NameFilterTo run the query against a virtual datacenter in a vCloud Director instance, typethe name of the virtual datacenter.SQ

nIf the discovered machines are listed only in the Available Machines list and the virtual machines useNAT mapping, you must manually install the Agen

Configure the vSphere Client VCM Plug-InThe vSphere Client VCM Plug-In provides contextual access to VCM change, compliance, andmanagement functions,

Procedure1. On the VCM Collector, browse to [path]\VMware\VCM\Tools\vSphere Client VCMPlugin\bin and double-click VCVPInstaller.exe.2. In the VCVP Plu

Procedure1. Select Administration > Settings > Integrated Products > VMware > vSphere Client VCM Plug-In.2. Select the setting you want to

You can use troubleshooting options to identify and resolve any problems.Invalid Certificate on a vSphere ClientThe vSphere Client connects to the vCe

Getting Started with VCM Remote9Getting Started with VCM RemoteThe VCM Remote client is the communication and management mechanism that you use to man

Using Certificates With VCM RemoteThe use of certificates with VCMRemote ensures secure communication between VCM and the VCMRemote client when they

Procedure1. "Create Custom Collection Filter Sets" on page 169You create custom collection filter sets for Dial-up, Broadband, or LAN connec

nFIPS 140-2: Security Requirements for Cryptographic ModulesnFIPS 46-3: Data Encryption Standard (DES)nFIPS 81: DES Modes of OperationnFIPS 113: Compu

What to do nextnRepeat the procedure for all the connection types for which you configure filter sets.nAssign the filter sets to the appropriate VCM R

Procedure1. Click Administration.2. Select Settings > General Settings > VCM Remote.3. On the VCM Remote Settings data grid, select each setting

n"Install the VCM Remote Client Manually" on page 172The manual installation of the VCM Remote client is a wizard-based process that you use

5. On the VCM Remote Client Information page, configure the options and click Next.Option DescriptionCollector MachineNameName of the Windows machine

Procedure1. On the target machine, create a folder and copy the files from the Collector to the target folder.File DescriptionCM Remote Client.msiLoca

What to do nextConnect the remote machine to the network to ensure that VCM completes the installation process. See"Connect VCM Remote Client Mac

sCollName = "YourCollectorName" 'Name of your VCM Collector machine inquotesbInstallCert = 1 'If the value is 1, the Enterprise Ce

End SubSub CheckVars()If sCollName = "" ThenWScript.QuitElsesCollName = Trim(sCollName)End IfIf sVirDir = "" ThensVirDir = "v

End Subc. Select the Certain file(s) are required to be on the target machine for this remote commandcheck box.d. Click Next.7. On the Files page, mov

VCM Remote Collection ResultsThe VCM Remote client-specific data is limited to administrative details. All other data collected from theremote machine

SystemPlatformOpenSSLFIPS 1.1.2OpenSSLFIPS 1.1.1OpenSSLCrypt 0.9.7Crypto++ CryptoAPIUNIX Agent HP/UX Installed InstalledAIX Installed InstalledSolaris

vCenter Configuration Manager Installation and Getting Started Guide180 VMware, Inc.

Getting Started with VCM Patching10Getting Started with VCM PatchingVCM Patching for Windows and UNIX/Linux MachinesVCM Patching is the VCM patch asse

VCM Patching for UNIX and Linux MachinesVCM Patching for UNIX and Linux provides several features to deploy patches to remediate UNIX andLinux machine

Figure 10–1. UNIXand Linux Patch Assessment and Deployment ProcessTo verify that VCM supports your UNIX and Linux machines for patch deployment, see

The .pls files use new names. Red Hat file names include Red Hat instead of RH, and SUSE file namesinclude Novell SUSE instead of Novell Linux.Patch A

Procedure1. "Check for Updates to Bulletins" on page 185Use VCM Patching to check the Web for updates to patch bulletins, which you can use

Procedure1. On the toolbar, click Collect.2. Select the Windows machines from which to collect data.3. Select Select a Collection Filter Set to apply

11. On the VCM toolbar, verify that the correct Machine Group is selected.12. Click Patching and select Windows > Assessment Templates.13. Select t

VCM Patching ActionsnAgent Install: VCM Patching installs the Agent component to a machine the first time a patch isdeployed to that machine.nAgents u

Machine Group MappingWhen you define an alternate patch location for a particular machine group, you must select that machinegroup in VCM before you d

Installing VCM2Installing VCMUse Installation Manager to install VCM and all of its components and tools. To install only the VCMtools, see "Inst

Deploying some patches might fail on AIX machines if the patch prerequisites cannot be resolved by VCMusing the downloaded patch bulletin content. Thi

7. Select the machines and patches to deploy and click Next.The Deploy wizard attempts to detect the patch by first checking the Collector, and if fou

VCM saves UNIX and Linux patching change actions in the VCM change log. Click Console and selectChange Management > VCM or Non VCM Initiated Change

nBulletins: Collect patching data using the Patch Assessment collection filter. Because UNIX and Linuxassessments are VCMcollections, you can schedul

7. On the toolbar, click Jobs and view the progress of the collection.The assessment on UNIX and Linux machines uses the Patch Assessment collection f

Icon Status DescriptionPatch-MachineMismatchThe patch OS version or hardware architecture does not match the machine.Patch NotNeededThe machine is up-

Machine Group MappingWhen you define an alternate patch location for a particular machine group, you must select that machinegroup in VCM before you d

9. On the Patch Deployment Schedule page, set the timing for the patch deployment job.10. On the Reboot Options page, select the options to reboot the

Customize Your Environment for VCMPatchingPerform routine maintenance on your VCM configuration management database. With routinemaintenance, you can

Getting Started with Operating System Pro-visioning11Getting Started with Operating SystemProvisioningOperating system (OS) provisioning is the proces

CopyrightYou can find the most up-to-date technical documentation on the VMware Web site at:http://www.vmware.com/support/The VMware Web site also pro

Procedure1. To install VCM, insert the installation disk into the Windows machine.The initial installation screen appears and displays several options

Figure 11–1. Relationship of OS Provisioning ComponentsHow OS Provisioning WorksThe process of provisioning operating systems on physical or virtual m

nYou reboot the target machines.As each target machine requests an IP address from the DHCP server and requests a PXE boot, OSProvisioning Server chec

Procedure1. Click Administration.2. Select Machines Manager > OS Provisioning > OS Distributions.3. Click Refresh.This action collects data from

n"Provision Windows Machines" on page 203Provisioning physical or virtual machines with a Windows operating system installs the selectedoper

6. On the Select OS Distribution page, select the Windows operating system you are installing on theselected machines and click Next.7. On the Setting

8. On the Machine-Specific Settings page, type the HostName and click Next.The HostName is limited to 15 characters.If you did not select Use DHCP to

PrerequisitesnVerify that the operating system you are installing is compatible with the hardware or configuration ofthe target physical or virtual ma

6. On the Select OS Distribution page, select the a UNIX or Linux operating system you are installing onthe selected machines and click Next.7. On the

Option Descriptionn/ and /boot are required mount points.nDuplicate mount points are not allowed.nFor a swap partition, the mount point and the file s

Option DescriptionFile System Select the type of file system.For a swap partition, the mount point and the file system type should be swap.Supported F

Installing, Configuring, and Upgrading theOS Provisioning Server and Components3Installing, Configuring, and Upgrading theOS Provisioning Server and C

Option DescriptionGrow partition touse all remainingspaceSelect the option to allow the logical volume to fill available space up to themaximum size s

Procedure1. On the Linux machine, log in as root.2. Run the ntpdate -u <ntpserver> command to update the machine clock.For example, ntpdate -u n

nVerify that the target machines are discovered and appear in the Provisionable Machines data grid. See"Discover Provisionable Machines" on

9. On the Confirmation page, click Finish.The OS Provisioning Server starts jobs for each of the selected target machines. Each job creates aconfigure

After you provision the target machines, VCM manages them as Window, UNIX/Linux, or ESX/VM Hostmachines. As managed machines, you collect data, add so

1. Click Administration.2. Select Machines Manager > OS Provisioning > Provisioned Machines.3. Select the machines.4. Click Re-provision.5. On t

vCenter Configuration Manager Installation and Getting Started Guide216 VMware, Inc.

Getting Started with Software Provisioning12Getting Started with Software ProvisioningSoftware provisioning is the process you use to create software

Software Provisioning Component RelationshipsThe following diagram displays the general relationship between Package Studio, repositories, andPackage

nSoftware Repository for Windows: Installed on at least one Windows machine in your environment,and installed on the same machine with Package Studio.

1. "Install the OS Provisioning Server" on page 22Using the supplied media or media images, install the OS Provisioning Server and run the c

Procedure1. Double-click Repository.msi.2. On the Welcome page, click Next.3. Review the license agreement, select the appropriate options to continue

Procedure1. Double-click PackageStudio.msi.2. On the Welcome page, click Next.3. Review the license agreement, select the appropriate options to conti

You can add the following arguments if you want to specify locations other than the defaultdirectories:REPOSITORY_ROOT=C:\Program Files (x86)\VMware\V

Installing the VCM AgentIf you are preparing to use software provisioning on machines not previously managed in VCM, youmust first install the VCM Age

Procedure1. Start the VMware vCenter Configuration Manager Package Studio. Select Start > All Programs All >VMware vCenter Configuration Manager

Run Package Studio as AdministratorThe enhanced security on Windows 2008 Server requires you to run Package Studio as an administrator. Ifyou do not,

Collect Package Manager Information from MachinesTo view information about packages and Package Managers in VCM, you must collect Package Managerdata

Procedure1. Click Collect.2. Select Machine Data.3. Click OK.4. On the Machines page, verify that the Selected pane displays all the machines from whi

a. Select either Add source at the beginning of existing source lists or Add source at the end of theexisting source list.b. Click Browse Sources.c. O

6. Select one of the following version options.Option DescriptionInstall VersionInstalls the specified version. By default the operator equals the pac

Procedure1. On the target machine, log in as root.2. Mount the VCM-OS-Provisioning-Server-<version number>.iso by attaching or mounting theimage

Related Software Provisioning ActionsYou can use the following management options in VCM when working with software provisioning.Option DescriptionCon

Create Compliance Rules Based on Software Provisioning DataA Compliance rule based on software provisioning data detects any packages or sources that

Create Compliance Rules Containing Software Provisioning RemediationActionsWhen configuring a Compliance rule, you can configure the rule to perform a

f. Configure the version options to use the selected version, specify a different version, or install thelatest version.g. Select one of the following

vCenter Configuration Manager Installation and Getting Started Guide234 VMware, Inc.

Getting Started with VCM ManagementExtensions for Assets13Getting Started with VCM ManagementExtensions for AssetsVCM Management Extensions for Assets

Review Available Asset Data FieldsVCMMXA is prepopulated with a short list of data fields to get you started. Examples include hardwaredata such as lo

a. Select the way to populate the data.Manually—type free-form textLookup—select from a fixed or query-based list of valuesDynamically—query from othe

When editing, you cannot change the data properties.8. Click Next.9. Select the roles that are allowed to edit the data.Only users assigned to these r

Procedure1. Click Administration.2. Select Settings > Asset Extensions Settings.3. Select one of the following.Hardware Configuration Items > Ot

Uninstall the OS Provisioning ServerUninstalling the OS Provisioning Server removes the provisioning application from the machine on whichit is instal

Procedure1. Click Console.2. Select Asset Extensions > Hardware Configuration Items > VCM Devices.3. In the data grid, select the VCM machine.4.

PrerequisitesnHave an administrator configure the asset data fields that you need. See "Configure Asset Data Fields"on page 235.nLog in to V

Procedure1. Click Console.2. Select Asset Extensions > Hardware Configuration Items > Other Devices.3. In the data grid, select the asset.4. Cli

Configure Asset Data for SoftwareA user with a role that has permission to edit asset data can use VCMMXA to gather information aboutthe software on m

nSoftware Inventory (Windows)—Select a product from the software inventory (SI) list.nRegistry (Windows)—Type or select a Windows Registry path, key,

Edit Asset Data for SoftwareUse VCMMXA to change your software asset records as your enterprise changes.PrerequisitesLog in to VCM with a role that ha

Procedure1. Click Console.2. Select Asset Extensions > Software Configuration Items.3. In the data grid, select the software asset.4. Click Edit Va

Getting Started with VCM Service DeskIntegration14Getting Started with VCM Service DeskIntegrationVCM Service Desk Integration tracks planned and unpl

Procedure1. Click Console.2. Select Service Desk.3. Under the Service Desk node, select any sub-node.For example, click By RFC to view the data accord

Getting Started with VCM for Active Direc-tory15Getting Started with VCM for ActiveDirectoryVCM for Active Directory collects Active Directory objects

Configure DHCPWhen you configure a private, isolated network that is used specifically for provisioning, the OSProvisioning Server uses the DHCP serve

5. "License Domain Controllers" on page 252To manage domain controllers, you must license them in VCM.6. "Install the VCM Windows Agent

Procedure1. Click Administration.2. Select Settings > Network Authority > Available Accounts.3. To add a new domain account, click Add.4. Type t

NOTE The Discovered Machines Import Tool (DMIT) can import many physical and virtual machines atone time into the VCM database. The tool imports machi

Procedure1. Click Administration.2. Select Machines Manager > Available Machines > Available Windows Machines.3. Select the domain controllers t

4. On the Machines page, verify that the target machines appear in the Selected list and click Next.5. On the Install Options page, select the default

This option ensures that a full collection occurs during the initial set up of VCM for Active Directory.5. On the Data Types page, select Machines.6.

Procedure1. Click Administration.2. Select Machines Manager > Additional Components > VCM for Active Directory.3. Click Install.4. Move the doma

nFDS. VCM for Active Directory uses the FDS as a resource for all Forest-level information. You identifyone FDS for each Forest.nRDS. The RDS supplies

Procedure1. From the toolbar, click Collect.2. On the Collection Type page, select Active Directory and click OK.3. On the AD Collection Options page,

Option Descriptionrequested.nTo use the reporting options, click Reports and expand Active DirectoryReports.Compliance Provides preconfigured Active D

4. Run the /opt/FastScale/etc/init.d/FSdhcpd stop command.5. On the corporate DHCP server, update dhcpd.conf to add these options:allow bootp;allow bo

vCenter Configuration Manager Installation and Getting Started Guide260 VMware, Inc.

Installing and Getting Started with VCMTools16Installing and Getting Started with VCMToolsVCM Installation Manager installs several VCM components and

Procedure1. On the non-Collector Windows machine on which you want to install the tools, insert the installationCD.2. In Installation Manager, click R

Run the Import/Export ToolUse the Import/Export Tool to back up your VCM database business objects and import them into a newVCM database or into a re

Procedure1. On the Collector, navigate to C:\Program Files (x86)\VMware\VCM\Tools.2. Copy the DeployUtility-<version>.zip file from the Collecto

Index%%Systemroot% environment variable 85, 87AAbout Patching 181about this book 9access by user 71accessingcompliance content 263accountapplication s

certificates,copyprovisioning, operating system 27change detectionWCI 103checkfor UNIX/Linux updates 192for Windows updates 185checkingnetwork authori

discover, license, install 249discovering 251domain discovery 250licensing 252run setup action 256domain discoverydomain controllers 250Windows machin

InstallCMAgent 116, 126installingPackage Manager for Windows 222Package Studio 220packages 228repositories 219VCM for active directory 255integrationp

PowerShellexecuting for WCI 98for Windows Custom Info 106scripts, troubleshooting 111signing scripts for WCI 98WCI getting started 94prerequisiteschec

PrerequisitesnVerify that the Windows Automated Install Kit (WAIK) 2.0 is installed on the Windows machine onwhich you are creating the boot image.nVe

serverauthentication 14Service Desk integration 247settingscusomizing for components 65database recovery 68remote 168setup actionrunning for active di

vSphere Client Plug-inconfiguring 164getting started 165overview 163registering 163upgrading 63WWCIchange detection 103collection 106custom collection

272 VMware, Inc.vCenter Configuration Manager Installation and Getting Started Guide

PrerequistesEnsure that you have access to the VMware_VCM_Enterprise_Certificate_*.pem file in the\Program Files (x86)\VMware\VCM\CollectorData folder

Configure Stunnel on the OS Provisioning ServerStunnel is used to establish secure communication between VCM and the OS Provisioning Server SOAPservic

ContentsAbout This Book 9Preparing for Installation 11Installation Manager 11Installation Configurations 12Tools Installation 12General Prerequisites

accept = 40610connect = localhost:21310; Authentication stuffverify = 3[fsrepods]accept = 40607connect = 127.0.0.1:21307; Authentication stuffverify =

;; FIPS mode can be enabled as desiredfips = no;; Some performance tuningssocket = l:TCP_NODELAY=1socket = r:TCP_NODELAY=1;; Either CAfile or CAPath,

Option DescriptioncertUpdate C:\Program Files(x86)\VMware\VCM\Tools\sTunnel\certs\vcm_stunnel_cert.pem with the installation location.keyUpdate C:\Pro

Procedure1. On the Collector, start Internet Explorer and type http://localhost:21307/ in the address field.If the connection is properly configured,

Windows distributions are the operating system installation files that you import into the OSProvisioning Server repository. After importing the distr

PrerequisitesnVerify that the distributions you are importing do not include spaces in the filenames. Before youimport, remove the spaces or replace t

If you importing a standard ISO, the distribution is imported. If the ISO is customized, you mustprovide additional information about the distribution

Procedure1. On the OS Provisioning Server, log in as vcmuser.2. Mount the ISO by attaching to the media image or mounting the image.For all UNIX, Linu

What to do nextUsing VCM, you install distributions on target machines. See "Getting Started with Operating SystemProvisioning" on page 199.

The required package lists, whether you are using them for reference, as in the first option, or aremodifying them, as in the second option, are locat

vCenter Configuration Manager Installation and Getting Started GuideUpgrading or Migrating VCM 43Upgrades 43Migrations 43Prerequisites to Migrate VCM

Managing the OS Provisioning Server System LogsThe OS Provisioning Server log files are located in the /opt/FastScale/logs and /var/log directories.Yo

Option Description--restore --dirpath=/<path tobackup directory>Restores the repository and the OS distributions from thespecified--dirpathbacku

vCenter Configuration Manager Installation and Getting Started Guide42 VMware, Inc.

Upgrading or Migrating VCM4Upgrading or Migrating VCMYou can upgrade or migrate your existing VCM environment to VCM 5.4.1, which supports 64-bitenvir

What to do nextUnderstand the prerequisites to prepare and migrate your VCM environment to VCM 5.4.1. See"Prerequisites to Migrate VCM" on p

Back Up Your DatabasesBefore you migrate an existing VCM environment to VCM 5.4.1, back up your databases to avoid anypotential loss of data.Depending

8. In the Add/Remove Snap-in dialog box, click OK.The Certificates (Local Computer) is added to the Console Root.9. Expand Console Root and select Cer

PrerequisitesnUnderstand the scenarios to migrate your VCM environment to VCM 5.4.1. See "Upgrading orMigrating VCM" on page 43.nUnderstand

4. Replace your 32-bit Windows Collector machine with a 64-bit machine.5. Install the 64-bit Windows Server 2008 R2 operating system on the 64-bit Win

5. On your 64-bit Collector, use SQLServer Management Studio Object Explorer to attach or restore theVCM databases to SQL Server 2008 R2.6. On your 6

ContentsCollect UNIX/Linux Data 121UNIX/Linux Collection Results 121Discover, License, and Install Mac OS X Machines 122Add Mac OS X Machines 123Licen

Use this method as part of the VCM 5.4.1 installation process to replace the VCM hardware, change theoperating system version, or install a new operat

CAUTION When you begin the VCMinstallation, do not select the Repair option unless you aredirected by VMware Technical Support. The repair process re

CAUTION Before you begin the migration, to avoid any potential loss of data you must perform theprerequisite steps to back up your files, including th

When the installation begins, VCM Foundation Checker gathers information about the Collectormachine. If errors occur, you must resolve them before you

Procedure1. On your VCM Collector, reinstall the software that was installed before you started the migration.Install the software in the order listed

Upgrade VCMAn upgrade to VCM 5.4.1 uses an existing VCM Collector installation. You can upgrade a 64-bitenvironment that is running VCM 5.3 or earlier

machines to the Selected pane.Option DescriptionAll machines Upgrades the Agent on all machines thatappear in the list of licensed machines.Filtered m

Upgrade Existing UNIX AgentsUse the UNIXAgent upgrade packages to update the VCM Agents on your UNIX machines. You can usea local package or a remote

PrerequisitesnInstall the VCM UNIXAgent on the managed machines to upgrade.nDetermine which Agent version is installed on a UNIX machine. Click Admin

Upgrade UNIX Agents Using a Remote PackageUse VCM remote commands and a remote Agent package to upgrade the VCM UNIX Agent on the UNIXplatforms in you

vCenter Configuration Manager Installation and Getting Started GuideVCM Patching for Windows and UNIX/Linux Machines 181VCM Patching for Windows Machi

Upgrade VCM for VirtualizationTo upgrade vCenter collections, install the VCM 5.4 Agent or later on the Windows machines runningvCenter.When you upgra

Option DescriptionAll Machines Runs the process on all eligible machines.Selected Machines Only Runs the process on all machines listed in the lower p

Procedure1. On your Agent Proxy machine, execute CMAgentInstall.exe.2. When the installer detects the previous version of VCM and requests permission

What to do nextUpgrade the vSphere Client VCM Plug-In. See "Upgrade the vSphere Client VCM Plug-In" on page 63.Upgrade the vSphere Client VC

vCenter Configuration Manager Installation and Getting Started Guide64 VMware, Inc.

Maintaining VCM After Installation5Maintaining VCM After InstallationPerform routine maintenance on your VCM configuration management database (CMDB)

Procedure1. On your VCM Collector, select Administration.2. Click Settings and review the available general and product-specific configuration setting

Option DescriptionNetwork Authority Configures and manages the available domains, available accounts, and assignedaccounts by domain or machine group,

Procedure1. Click Start.2. Select All Programs > Microsoft SQL Server 2008R2 > SQL Server Management Studio.3. Expand the SQL instance.4. Expan

Create a Maintenance Plan for SQL Server 2008 R2To ensure that VCM runs at peak performance and requires little operator intervention during itslifecy

ContentsAdd Software Assets 243Add Multiple Similar Software Assets 244Edit Asset Data for Software 245Edit Asset Data Values for Software 245Delete S

a. Click the Databases drop-down menu.b. Select the following databases and click OK.nCSI_DomainnVCMnVCM_CollnVCM_UNIXDo not rebuild the index for the

Getting Started with VCM Componentsand Tools6Getting Started with VCM Components andToolsWhen you use VCM, you must understand user access, how to sta

nRemote command executionnChange actions against target managed machinesnChange rollbacknCompliance enforcementnPatch deploymentnSoftware deploymentnO

Procedure1. To connect to VCM from a physical or virtual machine on your network, open Internet Explorer andtype http://<name_or_IP_of_Collector_ma

nLog Out: Exits the Portal. The Portal closes and the VCM Logon screen appears.nAbout: Displays information about how to contact VMware Technical Supp

SlidersThe sliders on the left side of the Portal include the items listed and described in the following table. Theindividual items that you see in V

Slider Actionobjects.nView Active Directory Schema information.ReportsnRun out-of-the-box reports against your collected data.nWrite your own SQL and

Getting Started with VCM7Getting Started with VCMBefore you can use VCM to manage the machines in your enterprise, you must complete several steps.1.

Disable User Account Control (UAC) on Windows 7, 2008, 2008 R2, and Vista target machines beforeyou install the VCM Agent.7. Install the VCM Windows A

Procedure1. Click Administration.2. Select Settings > Network Authority > Available Accounts.3. To add a new domain account, click Add.4. Type t

vCenter Configuration Manager Installation and Getting Started Guide8VMware, Inc.

NOTE The Discovered Machines Import Tool (DMIT) can import many physical and virtual machines atone time into the VCM database. The tool imports machi

Procedure1. Click Administration.2. Select Machines Manager > Available Machines > Available Windows Machines.3. Select the Windows machines to

4. In the System Configuration dialog box, click the Tools tab.5. In the Tool Name list, select Disable UAC.6. Click Launch.7. When the command is fin

What to do nextInstall the VCM Windows Agent on licensed Windows machines in your environment, and then re-enablethe group policy on the domain contro

Option DescriptionLock the machine afterinstallationEnsures that VCMwill not uninstall the Agent or replace it with adifferent version.Reinstall Agen

nYou use the EXE file to install the Agent in unattended, silent mode. EXE files detect an existingsoftware version and provide the option to uninstal

Option Action/s Indicates a silent install. When you run CMAgentInstall.exefrom the command line, VMware recommends that you installthe Agent in silen

Procedure1. On your VCM Collector, open Windows Explorer and navigate to the Agent files directory atc:\Program Files (x86)\VMware\VCM\AgentFiles.2. C

Option Actionyou include PORTNUMBER, you must include an EnterpriseCertificate by using the following syntax:CERTIFICATEFILE="<drive>:\[myp

Procedure1. On the VCM managed machine, run%SystemRoot%\CMAgent\Uninstall\Packages\CMAgentInstall\UnCMAgentInstall.exe.This path displays the default

About This BookAbout This BookThe VMware vCenter Configuration Manager Installation and Getting Started Guide describes the stepsnecessary for a succe

6. Click Launch.7. When the command is finished running, click Close and click Close again.8. Restart the Windows 2008 machine to apply the changes.Wh

Windows Collection ResultsContinuous Windows machine management is based on the latest data you collect from target machines.You can view data and run

Getting Started with Windows Custom InformationWindows Custom Information (WCI) is data collected from VCM managed machines that is created byPowerShe

To collect Windows Custom Information (WCI) using script-based filters, you must do the followingtasks:nCreate and verify your custom PowerShell scrip

The WCI data type uses extensions to the VCM Windows Agent. The extensions allow the Agent toinvoke PowerShell scripts. Using the script-based collect

Challenges in PowerShell Scripting for WCIWhen you develop custom collection scripts, understand the challenges that you might encounter whilescriptin

Column Names Include SpacesRunning the schtasks command without any options displays a column name of Next Run Time.Because this name includes spaces,

To preserve the user-friendly name, use the task name as the element name for the task rows. When youcreate a collection filter that uses your script,

nIn-line: The default WCI filter uses an in-line script to collect basic information about the PowerShellversion, .NET version, and execution policy s

The schtasks command returns basic information about scheduled tasks. The data returned byschtasks includes multiple rows. PowerShell structures the $