Powerful virtual machine software for the technical professional (326 pages)
Summary of Contents for VMware VCENTER CONFIGURATION MANAGER 5.3
Page 1
Getting Started Guide vCenter Configuration Manager 5.3 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-000456-00...
VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Checking Prerequisites for Installation Hardware and Software Requirements Administration Rights Default Network Authority Account Default Collector Services Account VMware Application Services Account VCM Remote Virtual Directory Secure Communications Certificates Server Authentication Understanding VCM's Use of FIPS Cryptography VCM’s Use of Microsoft Cryptographic Service Providers (CSPs) for Windows Machines...
Page 4
Installing the Agent on the Agent Proxy Machine Performing a Collection Using the Machines Data Type Installing Agent Proxies Configuring ESX/vSphere Servers Copying Files to the ESX/vSphere Server Running Scripts on the ESX/vSphere Server Adding ESX/vSphere Servers to VCM Licensing the ESX/vSphere Server in VCM VMware, Inc.
Page 5
Deploy Patches to UNIX/Linux Machines How the Deploy Action Works Further Reading Getting Started with Software Provisioning VMware vCenter Configuration Manager Package Studio Software Repository for Windows Package Manager for Windows Overview of Component Relationships Installing the Software Provisioning Components...
Page 6
Exploring Active Directory Collection Results Further Reading Getting Started with VCM for SMS Getting Started with VCM for SMS Making VCM Aware of the SMS Servers Performing SMS Server Collections Performing SMS Client Collections Exploring SMS Collection Results VMware, Inc.
Page 7
Updating the IIS Settings in VCM Resolving a Report Parameter Error Configuring a Collector as an Agent Proxy Verifying Membership to CSI_COMM_PROXY_SVC on the Agent Proxy Machine Generating Key Pairs on the Agent Proxy Machine Uploading Keys to the Database Index VMware, Inc.
Page 8
Configuration Manager Installation and Getting Started Guide VMware, Inc.
You also need to fully understand your network’s topology and resource naming conventions. Document Feedback VMware welcomes your suggestions for improving our documentation. If you have comments, send your feedback to docfeedback@vmware.com. VMware VCM Documentation...
Page 10
Customers with appropriate support contracts should use telephone support for priority 1 issues. Go to http://www.vmware.com/support/phone_support.html. To find out how VMware support offerings can help meet your business needs, Support Offerings go to http://www.vmware.com/support/services. VMware Professional...
For an overview of the security precautions you should take before installing VCM, see the VCM Security Environment Requirements Technical White Paper on the VMware vCenter download site. This document assumes that your hardware and software configuration meets the requirements described in VCM Hardware and Software Requirements Guide.
MPORTANT requires you to have your SQL Server data stored on a centralized database server. Split installations are implemented and supported only by VMware Customer Support. Installation instructions are not provided in this manual. Refer to the VCM Hardware and Software Requirements Guide for a detailed diagram of a complete installation.
If you are installing on HP-UX 11.11, Patch PHSS_30966 is required for the HP-UX Agent. If you need assistance, contact VMware Customer Support. Administration Rights The User Account of the person performing your installation or upgrade must be all of the following:...
Click the Identity tab, and then update the password field to reflect your new password. VMware Application Services Account The VMware Application Services Account must be a domain user. Because this account will have full administrative authority for the CSI_Domain database, it should never be used as a VCM login or for any other purpose.
Agents have the Enterprise Certificate in their trusted certificate stores, which they use implicitly to validate any certificate issued by the Enterprise Certificate. All Collector Certificates are expected to be issued by the Enterprise Certificate, which is critical in environments where a single Agent VMware, Inc.
Page 16
Certificate, and all Agents will be able to trust all Collectors. Similarly, all collectors will be able to validate all Agent Certificates. Agent Certificates are used for Mutual Authentication only. Mutual authentication is supported, but requires interaction with VMware Customer Support and a Collector Certificate that also has certificate signing capability.
Windows. In the configurations supported by VCM, these CSPs are FIPS 140-2 validated. Cryptography for UNIX/Linux Platforms On UNIX/Linux platforms, the VCM Agent uses the cryptography of the OpenSSL v0.9.7 module. This cryptographic library is installed with the VCM Agent. VMware, Inc.
For a list of supported Windows and UNIX platforms, and their architectures, see the VCM Hardware and Software Requirements Guide. For information about TLS, see Transport Layer Security (TLS) Implementation for VCM located on the VMware vCenter download site. VMware, Inc.
If you are upgrading VCM or SQL Server, or are upgrading to a 64-bit system, see "Upgrading VCM and Related Components" on page VMware, Inc.
Page 20
CD. You can navigate through the directory structure should you need to access documentation directly. Contact Support: Opens a pop-up dialog box that lists how to contact VMware Customer Support by e-mail and phone, including hours of operation.
Page 21
It may take a few minutes for Installation Manager to identify which components are available for installation. During this time, the Back and Next buttons are inactive until Installation Manager finishes processing. When the evaluation process is completed, the Select Installation Type page appears. VMware, Inc.
Page 22
Configuration Manager Installation and Getting Started Guide 5. When the Select Installation Type page first appears, the VMware vCenter Configuration Manager and Tools options are automatically selected. To view all the components, select the Advanced Installation check box. The list expands to display the individual components.
Page 23
If the Foundation Checker completes the validation successfully, you are notified with the message "Checks were successful!" and the Next button becomes active. Even though the checks were successful, VMware recommends you click the View Results button and read through the results to review any warnings that may represent potential issues for installation.
Page 24
Next. The Specify License Location dialog box appears in front of the Verify Components to be Activated page. 8. Click Browse to locate the license file provided by VMware. When you click OK, the Verify Components to be Activated page appears.
Page 25
Components to page appears. 11. Specify the location for the VCM application files on the machine, and then click Next. The Database Instance and Name configuration page appears, where you will define the location for the VCM database. VMware, Inc.
Page 26
(spindles), and often require the files to be on a drive or partition other than the OS drive/partition. The Install Web Console to configuration page appears. 14. Specify the location if it is other than the default location, and then click Next. The URL to the Application configuration page appears. VMware, Inc.
Page 27
(for example, if the SSRS installation passed, but the foundation checks failed during the validation process), first verify that both "http://localhost/reports" and "http://localhost/reportserver" are accessible through a web browser. If that fails, stop the installation and call VMware Customer Support. The Install Collector Components to configuration page appears. When the validation process completes, click Next.
Page 28
Application Services Account. Additionally, you will need your Virtual Directory credentials if you intend to use VCM Remote.See "Checking Prerequisites for Installation" on page 13 for details. Only the Default Network Authority Account page is displayed below. The other Account pages have the same format but require different account information. VMware, Inc.
Page 29
14, and then click Next. The Application Services Account configuration page appears. 22. Type the account information as specified in "VMware Application Services Account" on page 14, and then click Next. The Select or Generate your Collector Certificate configuration page appears.
Page 30
Installation Manager. For more information about VCM and TLS, see the Transport Layer Security (TLS) Implementation for VCM white paper located on the VMware vCenter download site. 24. Click Next. The Remote Virtual Directory configuration page appears.
Page 31
Installing VCM Using Installation Manager 26. The vSphere Client VCM Plug-in (VCVP) provides VMware vSphere Client users with the ability to Collect, Run Compliance, Run VCM Patching Assessments, and Run Reports on VM Hosts and Guests. To configure the settings: Select Use SSL only if you configured the machine for SSL.
Page 32
Either change the path or click Next. The Virtual Directory page for the Software Repository appears. 31. Enter a name for the virtual directory, and then click Next. The Install Package Studio Components to the Package Studio folder under page appears. VMware, Inc.
Page 33
32. Package Studio Components will be installed in order to support Software Provisioning functionality, including creating and publishing packages. Either change the path or click Next. The Installation Summary page appears. 33. Wait for the components to be installed. The Installation Complete page appears. VMware, Inc.
Page 34
When you click OK, both the pop-up dialog box and Installation Manager close. In this case, read the information about the error in the installation log, capture the log, and contact the VMware Customer Support before proceeding.
The file system to back up is the entire contents of the CMFILES$ share. The default location is C:\Program Files\VMware\VCM\WebConsole\L1033\Files\. If customizations have been made to your collector, or if reports have been exported to a non-default location, you must also ensure that these additional files are backed up.
To recover if the upgrade process is unsuccessful, reinstall the version from which you were upgrading, reconnect the databases from the back up copies, and replace the CMFILES$ share files. Contact VMware Customer Support to assist with identifying possible causes for the unsuccessful upgrade process before again attempting the upgrade.
Performing the Upgrade Use the following procedure to upgrade from VCM 4.11.1 or later to VCM 5.3. 1. Start the upgrade from the VMware vCenter download site or the CD, and select the Upgrade VCM option. The Upgrade, Uninstall, and Repair options are available as follows: Installing directly: When running the installation setup.exe file directly, options to Upgrade...
Programs, the option to repair VCM is available. The Repair option checks for missing files and settings, and then replaces them. You should not invoke Repair unless directed to do so by VMware Customer Support. AUTION Repair requires access to your original installation media.
9. Verify the actions that will be performed and then click Finish. Upgrading Existing Remote Clients VMware recommends that you upgrade your Remote client versions. When the automatic upgrade setting (Will Remote automatically upgrade old Remote clients) is set to Yes, the next client-server contact automatically downloads and install the upgrade files.
Machines list. To manage the machines in VCM, go to Administration | Machines Manager | Available Machines | Available UNIX Machines and re-license the machines using Linux/Mac Workstation licenses. If you are unable to identify your now unmanaged Red Hat machines, contact VMware Customer Support.
This method sends the upgrade package with the remote command to execute on the UNIX machine. The following remote upgrade packages are designed specifically for the various operating systems where the Agent(s) can be upgraded: AIX 4.3.3 Agent Upgrade (use only CMAgent.5.1.0.AIX.4) AIX 5 Agent Upgrade HP-UX (Itanium) Agent Upgrade VMware, Inc.
RetainSecureCommSettings.exe before uninstalling it. Otherwise, the Agent Proxy configuration settings will be removed, and the Agent Proxy will need to be reconfigured. The RetainSecureCommSettings.exe is located at: C:\Program Files\VMware\VCM\Installer\Packages, or in the path relative to where you installed the software.
VCM. To manually upgrade an Agent Proxy machine, you must have already upgraded your Collector machine to VCM 5.3. Then you will uninstall the VCM Agent, select to retain the Secure Communication settings, install the VCM Agent (version 5.3), and then install VCM for Virtualization, as described in the following steps. VMware, Inc.
Page 44
Collector machine is as follows, or is in the path relative to where you installed the software. C:\Program Files\VMware\VCM\AgentFiles\CMAgentInstall.exe Then execute the copied CMAgentInstall.exe on your Agent Proxy machine. 2. The installer detects the previous version of VCM, and then requests permission to uninstall it. Select Yes.
ProvisioningProductInstall.exe from the Collector. Upgrading the vSphere Client VCM Plug-in The vSphere Client VCM Plug-in integrates VMware vCenter Configuration Manager into the vSphere Client to provide VCM data and functionality within vCenter. After upgrading VCM, you must upgrade the Plug-in, which means vCenter users must un-register it and then re-register it.
Page 46
Configuration Manager Installation and Getting Started Guide VMware, Inc.
Ability to log on locally to access IIS. Read access to the System32 folder. Write access to the CMFiles$\Exported_Reports folder for exporting reports. If default permissions have been changed, read access to the C:\Program Files\VMware\VCM\WebConsole directory, along with all subdirectories and files. VMware, Inc.
How to Launch VCM and Log On 1. If you are launching VCM on the Collector Machine, go to Start | All Programs | VMware vCenter Configuration Manager | Web Console. If you prefer to connect to VCM from another machine on your network, you may do so by pointing your browser to http://<name_of_Collector_...
Log Out: Exits the Portal. The Portal closes, and the VCM Logon screen appears again. About: Displays information about how to contact VMware Customer Support. It also displays version information for VCM and all of its components. This information may be important when contacting VMware Customer Support.
Review Active Directory-related changes that occurred from one collection to the next. View collected information about Active Directory objects such as Users, Groups, Contacts, Computers, Printers, Shares, and Organizational Units. Review Active Directory site lists, including Site Links, Site Link Bridges, Subnets, VMware, Inc.
Page 51
* Available only when VCM for Active Directory (AD) is licensed. This slider is viewable based on your role. ** Available only when VCM Patching is licensed. This slider is viewable based on your role. *** Visible only to users with Administrative rights to VCM as part of their VCM role. VMware, Inc.
VCM, you must proceed to the next applicable chapter in this guide relevant to the components you have licensed in your installation. VMware has intentionally ordered the instructions in the remainder of this guide such that they build upon one another as you proceed through this guide;...
During installation, VCM discovered all of the domains that the Network Authority Account you provided had access to. To view a list of these discovered domains in VCM, navigate to Administration | Settings | Network Authority | Available Domains. VCM displays the available domains in the data grid. VMware, Inc.
VCM Installation Manager during installation; you may need to create others. Once an account has been created, it must be assigned to domains or machine groups (see Assign Network Authority Accounts). The following procedure enables you to check for available accounts and add new ones if necessary. VMware, Inc.
VCM offers considerable flexibility in assigning Network Authority Accounts to domains and machine groups. You can assign one account to all domains and machine groups, or assign a different account to each. You can even assign multiple accounts to each domain and machine group. VMware, Inc.
Discovery Rules to discover the machines that are present on your network and available to VCM. The Discovery Rules can be very general to discover many machines, or very precise to discover a particular subset of your machines. VMware, Inc.
Page 57
A Discovered Machines Import Tool (DMIT) is available from VMware Customer Support to assist you with the following process. This tool imports machines discovered by the Network Mapper (Nmap) into the configuration database. To use the tool, contact VMware Customer Support; otherwise, use the following process.
Page 58
3. Type a Name and Description for this new Discovery Rule, then click Next. The Discovery Method page appears. 4. If you have Active Directory in your environment, VMware recommends a discovery that is targeted for Active Directory. Select By Active Directory.
For future scheduled discoveries, VMware suggests checking the box, but not for your initial discovery. 10. Click the Jobs button at the top of the Portal to verify that your discovery job has completed before proceeding to the next step.
Page 60
Available Machines Data Grid found at Administration | Machines Manager | Available Machines | Available Windows Machines. If you need assistance resolving the machine type for machines you plan to license, contact VMware Customer Support for guidance. Use the following procedure to license your Windows machines.
Use the following steps to install the VCM Windows Agent on your licensed Windows machines. 1. Navigate to Administration | Machines Manager | Licensed Machines | Licensed Windows Machines. 2. Select the Windows machine(s) on which you want to install the VCM Windows Agent. To select multiple machines, use Shift-click or Ctrl-click. VMware, Inc.
Page 62
Collector Certificate and its established trust to the Enterprise Certificate) on the Agent machine before a collection/change request is processed. Using the .exe To manually install the VCM Windows base Agent (CMAgentInstall.exe) on a target machine using the .exe file, follow these steps. VMware, Inc.
Page 63
/s indicates a silent install, which means that popups and menus do not appear. When running this command from the command line, VMware recommends using the /s option. When performing a silent install, if the VCM Windows Agent is found locked, the installation will fail.
Page 64
2. Locate the CMAgent[Version].msi file. This file must be accessible by the target machine. 3. Navigate to the collector data directory at: c:\Program Files\VMware\VCM\CollectorData. Locate the VCM Enterprise Certificate .pem file, and then copy this file to the target machine in a secure manner.
Page 65
4. Click the Tools tab. 5. In the Tool Name list, select Disable UAC. 6. Click Launch. A Command window displays the running action. When the command is completed, close the window. 7. Close the System Configuration dialog box. VMware, Inc.
Page 66
14. Install the Agent as specified in the previous section, "Licensing and Deploying the VCM Agent". 15. After installing the Agent on the target machines, re-enable UAC. To enable, perform the steps specified above. In Step 5, change the policies to Enabled. 16. Restart the machine to apply the changes. VMware, Inc.
Getting Started with VCM Performing an Initial Collection You are now ready to collect data. VMware recommends using the default filter set, which collects a general view of the licensed Windows machines in your enterprise configuration, until you are ready to build specific filters and target your collections.
CMDB for machines in the active machine group. Therefore, Dashboard data is only current as of the time when it was collected. In addition, it may take time for the data to display based upon the volume or complexity of the data requested. VMware, Inc.
Page 69
Summary report or data grid format. 3. Now take a look at your Windows Operating System Information by clicking the Windows tab in the Console. Then, click Operating System | Machines. VMware, Inc.
Page 70
4. When you select the node, you will see a Summary Report as displayed above of the data class that you selected. Click View Data Grid to go directly to the data grid, or click an area of the Summary Report to filter the data before the data grid is displayed. VMware, Inc.
Page 71
5. You may now begin to check Compliance for your collected data. To run a Compliance check, click the Compliance slider, then follow the steps as described in the online Help to create rule groups, rules, filters, and templates. VMware, Inc.
XML result file. The Agent then parses the XML result into a format that can be checked for changes (deltas), and then those changes are returned to the Collector. Prerequisites Before collecting Windows Custom Information (WCI), you must ensure the following prerequisites are met. VMware, Inc.
Page 73
Procedure To collect and view Windows Custom Information from VCM-managed machines, follow these steps. 1. Obtain PowerShell script(s) from VMware Professional Services or another source (or you can write your own). For more information about scripts, see Getting Started with PowerShell Scripts.
Page 74
You can view the detailed information in the VCM user interface in the Administration | Job Manager | History node by selecting the executed job and then selecting View Details in the Job History Machine Detail pane of a collection job that includes WCI data. VMware, Inc.
Page 75
XML format, named Element Normal XML, as the output. This topic describes: Executing PowerShell Scripts Developing Custom Collection Scripts Example of Developing a Custom PowerShell Script for Use with the WCI Data Type Troubleshooting Custom PowerShell Filter Scripts VMware, Inc.
Page 76
Out-of-the-box VCM WCI non-in-line collection filters will fail if executed against PowerShell 1.0 client systems. VMware recommends that you upgrade from PowerShell 1.0 to PowerShell 2.0, which introduced a number of useful functions. PowerShell 2.0 is also supported on all platforms that support PowerShell 1.0.
Page 77
[reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.Smo") | out- null The default WCI filter returns PowerShell version information from VCM-managed machines. See also the example below of developing a custom PowerShell script for use with the WCI data type. VMware, Inc.
Page 78
A couple of additional challenges must also be overcome with this data, related to column names returned by the schtasks command, and the fact that the schtasks command does not include any unique and repeatable identifier for specific task entries. Details about these challenges are described next. VMware, Inc.
Page 79
This action allows the collection process to add an incremental entry to a list of multiple entries with the same task name: the first example of GoogleUpdateTaskMachineCore, while the second example will be relabeled as GoogleUpdateTaskMachineCore_1. VMware, Inc.
The following steps must be performed before collecting data from UNIX/Linux machines: 1. Add UNIX/Linux machines. 2. License your UNIX/Linux machines. 3. Install the VCM Agent on your UNIX/Linux machines. 4. Perform an initial UNIX/Linux collection. 5. Explore the UNIX/Linux collection results. VMware, Inc.
A Discovered Machines Import Tool (DMIT) is available from VMware Customer Support to assist you with the following process. This tool imports machines discovered by the Network Mapper (Nmap) into the configuration database. To use the tool, contact VMware Customer Support; otherwise, use the following process.
Machines list. To manage the machines in VCM, go to Administration | Machines Manager | Available Machines | Available UNIX Machines and re-license the machines using Linux/Mac Workstation licenses. If you are unable to identify your now unmanaged Red Hat machines, contact VMware Customer Support.
CMAgent.5.1.0.AIX.4 Red Hat 2.1 5.1.3 CMAgent.5.1.0.Linux.2.1 Solaris 2.5 5.1.3 Contact VMware Customer Support if you are installing or upgrading the Agent on this platform. Solaris 2.6 5.2.1 Contact VMware Customer Support if you are installing or upgrading the Agent on this platform.
Page 84
VCM Hardware and Software Requirements Guide. 2. When VCM is installed on the VCM Collector machine, the necessary Agent packages are created in the following locations: \Program Files (x86)\VMware\VCM\Installer\Packages \Program Files\VMware\VCM\Installer\Packages. The following agent binaries are available in these locations for the associated operating systems: Operating System Version...
Page 85
• +S means only for Solaris • +A means only for AIX • +H means only for HP-UX • +L means only for Linux • +D means only for Darwin (Mac OS X) • + means for all OS VMware, Inc.
Page 86
CSI_CREATE_LOCAL_ Setting this option to Y allows the cfgsoft group to be created. This GROUP=Y Recommend setting allows the system call to groupadd. keeping default value. VMware, Inc.
Page 87
Agent. If your Collector Certificates are stored in an accessible location on this machine, you can use this option to have the certificates put in the Agent location (VMware encourages you to install the Enterprise Certificates so that multiple Collectors collecting from the same set of Agents can be supported).
Page 88
SYSTEM_WARNING: xinetd is not running - the agent will be disabled until it is started. If this message appears, you must either start xinetd, or install the Agent as a daemon. VMware, Inc.
Page 89
Collector that is applicable to the UNIX agent platform since the last agent/collector communication occurred. Manually Uninstalling the UNIX/Linux Agent Every installation generates an uninstall script, UninstallCMAgent, located at: <path>/CMAgent/uninstall Consider these points when uninstalling an Agent: VMware, Inc.
<AgentRoot>/install. <AgentRoot> defaults to the CMAgent directory that was created during installation. Refer to "Locating the Agent Directory" later in this document if necessary. • After executing UninstallCMAgent, VMware recommends that you delete the remaining the CMAgent directory prior to running a new installation.
In addition, it may take time for the data to display based on the volume or complexity of the data requested. Begin by looking at the UNIX Operating System Dashboard under Console | Dashboards | UNIX | Operating Systems. VMware, Inc.
Page 92
This level of reporting is more relevant for day-to-day operations, troubleshooting, and analysis, and can be viewed in a Summary report or data grid format. Look at your UNIX Operating System information by clicking the UNIX tab in the Console. Then, click Operating System | Machines | General. VMware, Inc.
Page 93
An alternate way to view your collected UNIX/Linux data is by running VCM Reports or creating your own custom reports using VCM ’s reporting wizard. To begin exploring the reporting functionality, go to the Reports slider, then click Machine Group Reports | UNIX. VMware, Inc.
A Discovered Machines Import Tool (DMIT) is available from VMware Customer Support to assist you with the following process. This tool imports machines discovered by the Network Mapper (Nmap) into the configuration database. To use the tool, contact VMware Customer Support; otherwise, use the following process.
Page 95
When you expand your Mac OS X collections to a broader set of machines, you may want to use other methods to add your Mac OS X machines. Refer to the online Help for the advanced features such as importing from a file or using IP Discovery. VMware, Inc.
2. Select the machine(s) you want to license. To select multiple machines, use Shift-click or Ctrl-click. 3. Click License. The Machines page appears. 4. The machines that you specified appear in the Selected area. Add or remove machines from the list as needed. VMware, Inc.
VCM Hardware and Software Requirements Guide. 2. When VCM is installed on the VCM Collector machine, the necessary Agent packages are created in the following locations: \Program Files (x86)\VMware\VCM\Installer\Packages \Program Files\VMware\VCM\Installer\Packages. The following agent binaries are available in these locations for the associated operating systems: Operating System Version...
Page 98
If your system has a valid no login shell that is not listed, then append a plus sign and add the no login shell to the list. The following describes the option available for this parameter: • +S means only for Solaris • +A means only for AIX VMware, Inc.
Page 99
CSI_CREATE_LOCAL_ Setting this option to Y allows the cfgsoft group to be created. This GROUP=Y Recommend setting allows the system call to groupadd. keeping default value. VMware, Inc.
Page 100
Agent. If your Collector Certificates are stored in an accessible location on this machine, you can use this option to have the certificates put in the Agent location (VMware encourages you to install the Enterprise Certificates so that multiple Collectors collecting from the same set of Agents can be supported).
Page 101
12. In addition to creating the necessary user and groups, and configuring the machine to run the Agent, the installation also creates a new directory in the <CSI_PARENT_DIRECTORY> named CMAgent (unless this directory was changed in the configuration). This directory contains the following files and subdirectories: # ls –la /CSI_PARENT_DIRECTORY/CMAgent VMware, Inc.
Page 102
<AgentRoot>/install. <AgentRoot> defaults to the CMAgent directory that was created during installation. Refer to "Locating the Agent Directory" if necessary. After executing UninstallCMAgent, VMware recommends that you delete the remaining the CMAgent directory prior to running a new installation. To uninstall the Agent, use the steps in the following procedure. If you want to use a custom configuration file, follow the optional step below before uninstalling the Agent.
<AgentRoot>/install. <AgentRoot> defaults to the CMAgent directory that was created during installation. Refer to "Locating the Agent Directory" later in this document if necessary. • After executing UninstallCMAgent, VMware recommends that you delete the remaining the CMAgent directory prior to running a new installation.
Page 104
IP Information | General IP Information | Routing IP Information | Interfaces (IF) IP Information | Open Ports Security | Users | Current Security | Users | Information Security | Groups Custom Information – subset of CITs Properties files (.plist) VMware, Inc.
Page 105
You can also verify jobs for the past 24 hours if you think that you may have missed your collection job by going to Administration | Job Manager | History | Instant Collections | Past 24 Hours. Refer to the online Help for additional detail regarding Jobs. VMware, Inc.
Summary report or data grid format. Look at your Mac OS X Operating System information by clicking the UNIX tab in the Console. Then, click Operating System | Machines | General. VMware, Inc.
Page 107
The UNIX tab is where the remainder of your collected Mac OS X data is visible through the Portal. The displayed data is based on the collected Mac OS X data classes, also known as data types. See the Help for a list of currently collected data types. Reports VMware, Inc.
Oracle collections can be performed. This account can be created in two ways: 1) using the Config User action, or 2) using the Oracle Account Setup remote command. To get started with VCM for Oracle, follow these steps: VMware, Inc.
SID and Oracle Software Owner from the oratab file, and displays the data in VCM. Review the list of Oracle instances populated in Administration | Machines Manager | Additional Components | VCM for Oracle. Add an Oracle Instance To add an Oracle Instance to a UNIX machine, follow these steps: VMware, Inc.
1. Click Config User. The Select Oracle Instances wizard opens. 2. Select one or more Oracle Instances. You can set a filter on these items. Click Next, and then click Finish. Filter the Oracle Instances based on: VMware, Inc.
Page 111
2. Review the default values for the remote command and edit them with the correct values for your environment. Example values are shown here. a. Type the ORACLE_SID (Oracle instance). b. Type the ORACLE_HOME (path). c. Type the ORACLE_COLLECTION_USER_ACCOUNT. If an account is not specified, the ORACLE_COLLECTION_USER_ACCOUNT named "csiora" will be created by default. VMware, Inc.
Page 112
6. Select to run the remote command now. As the remote command is running, the following actions will be performed: a. Action will be run with root privileges (for example, Setuid - RunHigh) b. The non-privileged OS user account will be deleted. c. Switch or "su" to the ORACLE_SOFTWARE_OWNER_ACCOUNT that was provided. VMware, Inc.
The following views show additional VCM data. For additional information, see the online Help. VCM for Oracle data grid in Administration | Machines Manager | Additional Components | VCM for Oracle Management Views in Console | Enterprise Applications | Oracle | Management Views VMware, Inc.
VCM, refer to online Help, available in the Portal. As always, if you have any questions or problems using VCM, contact VMware Customer Support. Customization of your environment is essential to fine-tune the visibility of configuration information so that the policies you develop and the actions you take are appropriate for your IT infrastructure.
VCM Auditing data grid displays the user’s name in the Last Modified By column. For details about the Auditing settings, and viewing the Windows Event Log, see the Administration: Auditing Settings topic in the online Help. VMware, Inc.
VCM, thus providing a holistic view of your enterprise. Virtual Environment Configuration VCM uses VCM-based communication channels in the form of a Remote Client Proxy to collect data from VMware ESX/ESXi/vSphere Servers and VirtualCenter/vCenter Servers. VMware, Inc.
"Configuring vCenter Server Data Collections" on page 137. Configuring Agent Proxy Virtualization Collections The following table provides a list of installation and configuration procedures to follow when configuring VCM. The steps must be executed in the order presented. MPORTANT VMware, Inc.
Page 119
Step 8: Licensing the ESX Server in VCM Step 9: Licensing ESX Server Machines as Virtual Machine (VM) Hosts Configuring Step 10: Adding the Web Web Services Services User to the for ESX Server Administrator Role Communication Using the VI Client VMware, Inc.
Virtualization Collection Results Results ** A Deployment Tool is available from VMware Customer Support to assist you with this process for ESX 3.x/vSphere 4and ESXi. To use the tool, contact VMware Customer Support; otherwise, follow the steps in the following sections.
Before you can add a machine as an Agent Proxy, you must Collect from the machine using the Machines data type. This process verifies that the Agent Proxy machine meets the minimum requirements to serve as an Agent Proxy machine. VMware, Inc.
Arrow buttons: Select a machine name in one of the panes and use the arrow buttons to move it from one pane to the other. Additionally, you may double-click a machine name to move it between panes. 5. Click Next. The Option page appears. VMware, Inc.
Added the CSI_COMM_Proxy_SVC group, with a local user. If you need to replace a local user in the CSI_COMM_Proxy_SVC group with a new local user, the new account must have full control of [drive]:\Program Files\VMware\VCM and have full control of the Configuresoft registry key (HKEY_LOCAL-MACHINE\Software\Configuresoft).
System under the /tmp directory (for example). A Deployment Tool is available from VMware Customer Support to assist you with the following process for ESX 3.x/vSphere 4 and ESXi. To use the tool, contact VMware Customer Support; otherwise, follow the steps in the following procedure.
Machines if they were not included in a discovery. In VCM: 1. Click Administration | Machines Manager | Available Machines | Available UNIX Machines. 2. Click Add Machines. The Add Machines page of the Discovery Manual Machine Entry wizard appears. VMware, Inc.
For more information on other options for adding Machines (such as an import file or a discovery rule), refer to the online Help. Licensing the ESX/vSphere Server in VCM Licensing the ESX Server uses a UNIX/Linux/Mac Server license. VMware, Inc.
4. Review the licenses. Each ESX/vSphere Server consumes one UNIX/Linux server license and one Virtualization license; however, you are charged only one license fee for each ESX/vSphere Server, and both licenses are included. Click Next. The Agent Proxy and Communication Setting page appears. VMware, Inc.
VirtualCenter Server that manages your ESX/vSphere Server. Although Web Services Settings are optional when first licensing ESX, they impact the types of collections that you can perform against ESX/vSphere Servers. Use the following procedures to configure Web Services: VMware, Inc.
Web Services interface on the VirtualCenter machine. A Deployment Tool is available from VMware Customer Support to assist you with the following process for ESX 3.x/vSphere 4 and ESXi. To use the tool, contact VMware Customer Support; otherwise, follow the steps in the following procedure.
8. To confirm your change, click the Admin tab, then select Administrator as the role. The user name should appear underneath the ha-folder-root directory and ESX/vSphere Server. If you do not want to add the user to the Administrator role, contact VMware Customer Support for details about defining a different role.
Page 131
Internet Explorer displays an error message, indicating a problem with the security certificate. For older versions of Internet Explorer these steps may vary. Ensure you install the certificate as described below. 3. Click Continue to this website. The browser displays the Welcome page. VMware, Inc.
Page 132
4. Click the Certificate Error field on the red-shaded address bar. A dialog box appears with information about the error message. 5. Click View certificates at the bottom of this dialog box. The Certificate dialog box appears with information about the certificate. VMware, Inc.
Page 133
7. Click Place all certificates in the following store, and then click Browse. The Select Certificate Store dialog box appears. 8. Click Show physical stores. Select Third-Party Root Certification Authorities | Local Computer. Click OK. 9. Click Next, and then click Finish. VMware, Inc.
Help for detailed precedures. Be aware that this is not the recommended configuration. The Collector already performs a consistently high level of work. Using the same machine for both your Collector and your Agent Proxy may impact Collector performance. VMware, Inc.
From here, you can view a summary of your VM Guests and Hosts, as well as change management data for your Virtual Environment. Take some time to explore each of these nodes and examine the data available within each node. At any time, click Help for more information. VMware, Inc.
Page 136
Several other categories of information (data types) are available under the Virtual Environments node. This is where the remainder of your collected virtualization data is visible through the Portal. Take some time to explore each node, clicking Help at any time for more information. VMware, Inc.
To configure the Collector for vCenter Server collections you must perform the following prerequisites. The following steps must be performed in the order presented. MPORTANT Removing PowerShell v1.x on the VCM Collector This step can be performed before or after installing VCM. VMware, Inc.
Page 138
Instructions for properly configuring PowerShell are provided later in this procedure. Downloading and Installing VMware vSphere PowerCLI on the Collector Click the following link, and then download and install the VMware vSphere PowerCLI 4.0 or 4.1. You will be required to register on the VMware Web site.
Page 139
"C:\Program Files\VMware\VCM\WebConsole\L1033\Files\Remote_Command_Files" powershell.exe .\Save_MachinePSCredential.ps1 where C:\Program Files\VMware is replaced with your local path if it differs. 3. Press Enter. 4. The prompt displays the following: You must be running PowerShell as the user configured for the EcmAgentStartup DCOM object.
Page 140
3. In the Name text box, revise the name to reflect the name of the vCenter Server from which you are collecting. For example, vCenter Host Profiles collection - vcenterserver1.local. 4. Review the information in the Description text box, and then revise as needed. 5. Click Next. The Remote Command page appears. VMware, Inc.
Selected list. Running more than one command allows you to collect all the data from a particular vCenter Server. The commands are run in the order listed. 8. Click Next. The Schedule page appears. 9. Select one of the following schedule options. VMware, Inc.
Console | Virtual Environments | vCenter Host Profiles Host Status Inventory Console | Virtual Environments | VM Hosts | User and Groups Troubleshooting vCenter Server Data Collections If no data appears in the vCenter Server data grids, review the following troubleshooting options: VMware, Inc.
Registering the vSphere Client VCM Plug-in The registration process configures the URL to the VCM server in the VMware vSphere Client, and makes the VCM Summary and VCM Actions tabs available in the vSphere Client. The plug-in is installed automatically with VCM. Follow the steps below to register the Plug-in with the vSphere Client.
Client VCM Plug-in. 8. After confirming you can access the VCM Summary and VCM Actions tabs, you must configure the vSphere Client VCM Plug-in integration settings in VCM. Click Administration | Settings | Integrated Products | VMWare | vSphere Client VCM Plug-in.
Getting Started with VCM for Virtualization 1. Select Administration | Settings | Integrated Products | VMware | vSphere Client VCM Plug-in. 2. Select the setting you want to configure, and then click Edit Settings. 3. The Settings Wizard page appears. The information to be configured will vary depending on selected setting.
Configuration Manager Installation and Getting Started Guide Upgrading the vSphere Client VCM Plug-in The vSphere Client VCM Plug-in integrates VMware vCenter Configuration Manager into the vSphere Client to provide VCM data and functionality within vCenter. After upgrading VCM, you must upgrade the Plug-in, which means vCenter users must un-register it and then re-register it.
The server-side processing is smart enough to batch work at periodic intervals. This technique avoids the problem of having 15,000 clients come online within ten minutes of one another and creating 15,000 individual requests. Workflow Diagram The basic sequence of actions is represented in the following diagram. VMware, Inc.
Installing the VCM Remote Client Installing VCM Remote involves installation of both the VCM Remote server and VCM Remote Client. The VCM Remote server was installed when the VCM Installation Manager was run. The VCM Remote Client must be installed separately. VMware, Inc.
CM Remote Client.msi: Located on the Collector at [install path]\VMware\VCM\AgentFiles. CM_Enterprise_Certificate_xxx.pem: Located on the Collector at [install path]\VMware\VCM\CollectorData. 2. Double click the CM Remote Client.msi copied to the mobile workstation. The VCM Remote Client Setup installation wizard appears. 3. Click Next. The Installation Folder page appears. VMware, Inc.
Page 150
Path to ASP Page: This path was created in the IIS default web site by the VCM Remote server installation. The <virtual directory name> must match the virtual directory name entered when you installed the server component. 6. Click Next. The Select Certificate page appears. VMware, Inc.
Page 151
152. 1. On the Collector, navigate to the path where you installed the software, which by default is C:\Program Files\VMware\VCM\AgentFiles. 2. Copy CM Remote Client.msi to the target mobile workstation. 3. On the Collector, navigate to the path where you installed the software, which by default is C:\Program Files\VMware\VCM\CollectorData.
Page 152
Configuration Manager Installation and Getting Started Guide msiexec.exe /qn /i "[path]\cm remote client.msi" COLLECTOR="YourCollectorName" PATHTOASP="VCMRemote/ecmremotehttp.asp" INSTALLDIR="c:\Program Files\VMware\VCM Remote Client” CERTIFICATE_ FILE="[path]\YourEnterpriseCertificateName.pem" /log "[path\]filename.log" If the names and paths contain spaces, you must use double quotation marks. See the example above.
Page 153
Getting Started with VCM Remote 1. On your VCM Collector, copy ...\VMware\VCM\AgentFiles\CM Remote Client.msi to...\VMware\VCM\WebConsole\L1033\Files\Remote_Command_Files. 2. On your VCM Collector, copy ...\VMware\VCM\CollectorData\<YourEnterpriseCertificate>.pem to the same location specified in step 1 (to...\VMware\VCM\WebConsole\L1033\Files\Remote_ Command_Files). 3. In VCM, select Console | Windows Remote Commands.
Page 154
AppToRun = AppToRun & "SKIP_CERTIFICATE_FILE=1" End If EcmScriptRuntime.CmdExecute Chr(34) & AppToRun & Chr(34), 10000 End Sub Sub CheckVars() If sCollName = "" Then WScript.Quit Else sCollName = Trim(sCollName) End If If sVirDir = "" Then sVirDir = "vcmremote/ecmremotehttp.asp" Else VMware, Inc.
Page 155
Run. The Windows page of the Remote Commands wizard appears. 14. Select the machines on which you are installing VCM Remote. The VCM Agent must already be installed on the target machines. 15. Click Next. The Schedule page appears. Select one of the following options: VMware, Inc.
LAN. For instance, if the connection speed is only that of Dialup, you might want to create a smaller Filter Set. If a connection type does not have a Filter Set name assigned, no Collection will be initiated when the connection is at that speed. VMware, Inc.
VCM and the VCM Remote Clients running on your Windows machines. Refer to the online Help for more details on the unique capabilities and features of the VCM Remote Client. VMware, Inc.
Page 158
Configuration Manager Installation and Getting Started Guide VMware, Inc.
Step 7: Run another assessment. Check for Updates to Bulletins VMware recommends that you use VCM to check for updates to VCM Patching Bulletins prior to creating an assessment template. To check for updates to VCM Patching Bulletins, follow these steps.
The Patching - Windows Security Bulletins filter set for Windows machines gathers information for all bulletins. However, bulletin filter sets are also available by month. Click any of the monthly filter sets to filter the bulletins released during that month. VMware, Inc.
Run the Assessment Review Bulletins to include in the Assessment Template VMware recommends that you review the details of any bulletin before you include it in a VCM Patching assessment. 1. To review bulletin details, select the bulletin that you are interested in, and then click Details. VCM Patching displays a bulletin detail dialog box describing the technical details, affected products, and vendor recommendations.
Page 162
Configuration Manager Installation and Getting Started Guide 2. Refer to VMware Deployment Summary for a list of issues that might impede distribution of a given bulletin. 3. Click On the Web to link directly to the vendor's information pertaining to this bulletin.
Page 163
3. In the data grid, VCM displays the bulletins listed by product. Select the bulletin to use for the template, and then click Create Template. 4. Type the template name and description, and then click Next. 5. The product that you selected appears in the Selected pane. Click Next. VMware, Inc.
Page 164
VCM PatchingAssessments are run against the data from every VCM-managed Windows MPORTANT machine in the active Machine Group. However, patches can only be deployed to machines managed by VCM Patching. To run the assessment template, follow these steps. VMware, Inc.
To view a data grid containing your VCM Patching-managed machines, click Patching | VCM Patching Administration | Windows | Machines Manager | Licensed Machines. VMware recommends that you evaluate each patch on a case-by-case basis prior to deployment. Test the patches in a pre-production setting to verify that they work successfully within your specific environment.
Page 166
8. Click Next to either schedule the deploy job or to instruct VCM Patching to execute the job immediately. If you have licensed and activated VCM Service Desk Integration, the deploy job must be approved through VCM Orchestrator before it can run. 9. Click Finish to complete the deploy job. VMware, Inc.
Page 167
Patching Security Bulletins filter set so that the assessment information is up-to-date. 10. As a final verification step, VMware recommends that you run a post-deployment assessment to verify that the patches you deployed are now marked as Patched in the node summary.
Getting Started To get started, follow these steps: Step 1: Check for updates to bulletins. Step 2: Collect assessment data. Step 3: Explore the results, and acquire and store the patches. Step 4: Install the patches. VMware, Inc.
Hardware and Software Requirements Guide. Check for Updates to Bulletins VMware recommends that you use VCM to check for updates to VCM Patching Bulletins prior to performing an assessment for UNIX/Linux machines. To check for updates to VCM Patching Bulletins, follow these steps.
Page 170
Machine Assessments are Run Against Known Patches Assessments of UNIX/Linux machines are run against the patches known by VMware at the time the assessment is performed. For more information, contact VMware Customer Support. If machine data has not been collected for a machine, VCM Patching may not display assessment results for the machine, and the machine will not be available for deployment.
Page 171
When assessing UNIX/Linux machines, clicking Collect allows you to specify individual machines for the assessment. To assess UNIX/Linux machines using the Collect wizard, follow these steps. 1. Click Collect in the toolbar. The Collection Type Selection wizard appears. VMware, Inc.
Page 172
UNIX/Linux patching change actions are saved in the VCM change log in Console | Change Management | VCM or Non VCM Initiated Change | By Data Type | Patch Assessment. These change actions are also available to Compliance and Reports. VMware, Inc.
This view displays the patch status of all of the machines that were assessed. 2. Click By Specific Bulletin to display the Patch Assessment Results for a single bulletin. Click a bulletin number in the center pane to display the applicable patch assessment results in the data grid. VMware, Inc.
Page 174
UNIX/Linux machine. For potential additional information about the root cause of the exception, run the Debug Event Viewer (C:\Program Files\VMware\VCM\Tools\ecmDebugEventViewer.exe). Signature Not Found: The .pls patch file is not found on the UNIX/Linux machine, and therefore the patch status cannot be determined for the particular .pls file.
If you do not define an alternate location for the patches using Machine Group Mapping, the default location of /tmp will be used. A temporary expansion of the patches will be performed in the /tmp directory. Deploying the Patches Before deploying patches, see Patch Deployment Notes in the online Help. VMware, Inc.
Runs a pre-install script (remote command) if specified (see note below). Installs the patch that already resides on the VCM-managed machine’s NFS mounted or local file system. Runs a post-install script (remote command) if specified (see note below). Assesses whether the patch was installed on the VCM-managed machine. VMware, Inc.
VCM Patching. Also read Maintaining VCM after Installation for important information regarding additional data retention settings and database maintenance steps that should be taken. While using VCM Patching, refer to the online Help for specific information. VMware, Inc.
Page 178
Configuration Manager Installation and Getting Started Guide VMware, Inc.
Package Manager is configured to use one or more repositories as sources for packages. If you are using the software provisioning components in conjunction with VMware vCenter Configuration Manager (VCM), you can use VCM to add and remove sources, and to install and remove packages.
The software provisioning components should be installed on machines with the following relationships: By default, all the components are installed on the VCM Collector; however, it is recommended you use a separate machine for the Software Repository for Windows and the VMware vCenter Configuration Manager Package Studio.
See VCM Hardware and Software Requirements Guide for currently supported platforms and requirements. Access to the Repository.msi, which is available on the VMware website or in the vCenter Configuration Manager application files.The default location in the VCM application files is C:\Program Files\VMware\VCM\AgentFiles\Products.
/x [path]\Repository.msi /l*v %temp%\Repository.log Install Package Studio The VMware vCenter Configuration Manager Package Studio and the repository must be installed on the same machine. The process installs the application files and specifies the repository to which Package Studio will publish packages.
Page 183
C:\Program Files\VMware\VCM\Tools\Package Studio (on 32-bit machines) or C:\Program Files (x86)\VMware\VCM\Tools\Package Studio (on 64-bit machines). To start Package Studio, select Start | All Programs | VMware vCenter Configuration Manager | Tools | Package Studio, or open the Package Studio folder and double-click PackageStudio.exe.
Configuration Manager Installation and Getting Started Guide You can add the following arguments if you want to specify locations other than the default directories: REPOSITORY_ROOT=C:\Program Files\VMware\VCM\Tools\Repository\ (Defaults to this or uses the Repository’s value if it is already installed) PACKAGESTUDIO_DIR="C:\Program Files\VMware\VCM\Tools\Package Studio\" (defaults to this...
General Process Detailed steps for creating and publishing packages are provided in the Package Studio online Help and in the VCM Software Provisioning Installation and User's Guide. VMware, Inc.
Configuration Manager Installation and Getting Started Guide 1. Start the VMware vCenter Configuration Manager Package Studio. Select Start | All Programs All | VMware vCenter Configuration Manager | Tools | Package Studio. 2. Click Manage Packages. Configure the package contents based on the options on the following tabs: a.
Getting Started with Software Provisioning You have created software provisioning packages using VMware vCenter Configuration Manager Package Studio and published the packages to the repositories. Package Manager is installed on the target machines. Package Manager is automatically installed when you install the VCM 5.3 Agent or later.
The Confirmation page appears. 11. Review the information. If it is correct, click Finish. You can monitor the status of the process using Jobs Manager | Running. The added source is displayed in the Package Manager - Sources data grid. VMware, Inc.
12. Review the information, resolve any conflicts, and then click Finish. You can monitor the process in the Jobs Manager. See "Viewing Provisioning Jobs in the Job Manager" on page 190 for more information. The package is displayed as Installed in the Package Manager - Packages data grid. VMware, Inc.
Creating Compliance Rules based on Provisioning Data A Compliance rule based on Provisioning data can detect any packages or sources that are out of compliance. You can also configure remediation actions to bring the machines back into compliance. VMware, Inc.
If it is not, the source is added to the machines Package Manager. Creating Compliance Rules containing Provisioning Remediation Actions When configuring a Compliance rule, you can configure the rule to perform a remediation based on a software provisioning action -- Install Package, Remove Package, Add Source, Remove Source. VMware, Inc.
Page 192
18. Select Install Package in the drop-down list, and then click Define Action. The Software Provisioning Compliance Remediation page appears. 19. Select the XSoftware package to install if the rule you are configuring fails. 20. Configure the version options to use the selected version, specify a different version, or install the latest version. VMware, Inc.
When the Compliance Template is run, if the check for XService running fails, the XSoftware package is installed. Further Reading For more information about software provisioning, see VCM online Help, the VCM Software Provisioning Components Installation and User's Guide, and the Package Studio online Help. VMware, Inc.
Page 194
Configuration Manager Installation and Getting Started Guide VMware, Inc.
VCMMXA and determine if they satisfy the needs of your organization. If not, create, modify, or delete the fields according to your needs. VCMMXA Administration functionality is available only to users logged in with the Admin role. To view the fields, follow these steps. VMware, Inc.
2. Before users populate these fields with asset data, review the fields, and then add, edit, or delete them as desired. Add or Edit a Hardware Configuration Item Field To add or edit a hardware configuration item field, follow these steps. VMware, Inc.
Page 197
3. If you are editing an existing field, select the field, and then click Edit. Otherwise, to add a field, click Add. The Add:Edit Fields wizard appears. 4. Enter the name and description of the field, and then click Next. This name appears as the column heading in Console | Asset Extensions | Hardware Configuration Items. VMware, Inc.
4. Click OK to confirm. VCM deletes the field from VCMMXA. Modifying Software Configuration Item Fields Use VCMMXA to manage your software assets. Add, edit, and delete the software configuration items to maintain asset data for your software. VMware, Inc.
Page 199
Next. If you are editing a field, you cannot change this information. For more information, click Help. Otherwise, click Next. 5. If you have defined this field as a lookup, the wizard prompts you to define or edit the lookup values. Enter the required information, and then click Next. VMware, Inc.
To add information specific to the VCM-managed machines: 1. Click Console | Asset Extensions | Hardware Configuration Items | VCM Devices. 2. Select the machine or group of machines to edit, and then click Edit Values. VCM launches the Edit Hardware CI Values wizard. VMware, Inc.
To add or edit information specific to other devices, follow these steps. 1. Click Console | Asset Extensions | Hardware Configuration Items | Other Devices. 2. If you are adding a device, click Add. If you are editing an existing device, select that device, and then click Edit. VMware, Inc.
Edit Values to change the fields that distinguish the records from one another. Navigate to Console | Asset Extensions | Software Configuration Items, and then click Help for more information. To delete a record from the Software Configuration Items data grid, follow these steps. VMware, Inc.
VCMMXA. You can also read Maintaining VCM after Installation for important information regarding additional data retention settings and database maintenance steps that you should take. When using VCMMXA, refer to the online Help for specific information. VMware, Inc.
Page 204
Configuration Manager Installation and Getting Started Guide VMware, Inc.
Contact VMware Customer Support to determine the requirements for your integration. Once VMware Customer Support has enabled VCM Service Desk Integration, they will give you an overview of how to use the product in your organization. You may also refer to the online Help for more information on how to use VCM Service Desk Integration.
Administration | Job Manager | Pending Response to locate jobs that are currently awaiting approval. Click VCM Patching Administration | Job Manager | Running or VCM Patching Administration | Job Manager | Scheduled to locate approved jobs that are currently running, or are scheduled to run. VMware, Inc.
When using VCM for Service Desk Integration, refer to the Help for specific task information. To access the Help, click the Help button, located on the Portal toolbar. VMware, Inc.
Page 208
Configuration Manager Installation and Getting Started Guide VMware, Inc.
Follow the steps listed below to make VCM aware of your DCs and to perform an initial collection: Confirming the Presence of Domains Adding and Assigning Network Authority Accounts Discovering Domain Controllers Verifying Domain Controller Machines in Available Machines Licensing and Deploy the Agent Performing a Machine Data Type Collection VMware, Inc.
3. If an Active Directory Domain is not listed in the data grid, click Add. The Add Domain dialog box appears. 4. In the Name text box, type a fully-qualified DNS Domain name, 5. Select the AD type. 6. Click OK. Repeat the adding process to add additional Active Directory Domains. VMware, Inc.
Browse List discovery using Domain Controller Type as a filter. 1. Click Administration | Machines Manager | Discovery Rules. 2. Click Add. The Discovery Rules page appears. 3. Type a Name and Description for this new discovery rule, then click Next. The Discovery Method page appears. VMware, Inc.
Page 212
8. For the Would you like to run this Discovery Rule now? option, select Yes. 9. Click Finish. Click Administration | Job Manager | History | Instant Collections | Past 24 Hours to MPORTANT verify that all jobs have completed before proceeding to the next step. VMware, Inc.
6. Click Next. The Product License Details page appears. 7. View your product license details, and then click Next. The Important page appears, reminding you that you are installing the Agent. 8. Click Next. The Options page appears. VMware, Inc.
Page 214
1. On the target Windows 2008 machine, click Start | Run. The Run dialog box appears. 2. Type msconfig in the Open text box. 3. Click OK. The System Configuration dialog box appears. (This dialog box differs for Windows 2008 R2 machines.) VMware, Inc.
Page 215
14. Install the Agent as specified in the previous section, "Licensing and Deploying the VCM Agent". 15. After installing the Agent on the target machines, re-enable UAC. To enable, perform the steps specified above. In Step 5, change the policies to Enabled. 16. Restart the machine to apply the changes. VMware, Inc.
Run the Determine Forest Action Run the Setup DCs Action Deploying VCM for AD to the Domain Controllers Use the following procedure to install VCM for Active Directory on each Domain Controller from which you want to collect data. VMware, Inc.
Page 217
VCM for AD will operate with only a single domain controller configured with VCM for AD as both the FDS/RDS (Forest Data Source/Replication Data Source). However, to collect important non- replicated attributes such as Last Logon, it is essential that you configure as many domain controllers VMware, Inc.
If you have machines that you plan to promote to Active Directory machines, but have not yet done so, you must install VCM for Active Directory manually. Go to Program Files\VMware\VCM\AgentFiles and run the ADProductInstall.exe installer. 4. Click Next. 5. Verify that Run Action now is selected, then click Finish.
Page 219
Next. The Select the Replication Data Source(s) (RDS) page appears. 4. Select a Replication Data Source (RDS) for each Domain that you want to be managed by VCM for Active Directory. Click Next. The Important page appears. VMware, Inc.
Active Directory specified in the default filter set. 1. Click Collect, located on the Portal toolbar. The Collection Type Selection dialog box appears. 2. For the Collection Type, select Active Directory. 3. Click OK. The Collect Now wizard appears, displaying the AD Collection Options page. VMware, Inc.
Page 221
For the initial collection, make sure that you click the check box so that the delta feature is disabled. 6. Click Next.The Data Types page appears. 7. Click Select All. 8. Select the Use default filters is selected option. 9. Click Next. The Location page appears. VMware, Inc.
Page 222
13. On the Location page, click Next. 14. Click Finish. Click Administration | Job Manager | History | Instant Collections | Past 24 Hours to MPORTANT verify that all jobs have completed before proceeding to the next step. VMware, Inc.
Summary report or data grid format. To view a VCM for AD Summary report or data grid, click Active Directory | Objects. Select an object type. VMware, Inc.
Page 224
Help for more information on how to filter and sort your data and get full use of the data grid. Several other categories (called “data classes”) of information regarding your AD Collection are available under the Active Directory Slider. This is where the remainder of your collected AD data is visible through the Portal. VMware, Inc.
Page 225
You may now begin to run Compliance against your collected data. To run a Compliance check, click the Compliance slider, and then follow the steps provided in the online Help to create rule groups, rules, filters, and templates. VMware, Inc.
When using VCM for Active Directory, refer to the Help for specific task information. To access the Help, click the Help button, located on the Portal toolbar. VMware, Inc.
2. Click Administration | Machines Manager | Available Machines | Available Windows Machines. Scan the data grid to locate your SMS Servers. VMware, Inc.
"Performing an Initial Collection" on page 2. Using this procedure, instead of selecting the default filter set, choose the Select a Collection Filter Set to apply to these machines option, and then select Microsoft SMS Server Filters from the Filter Sets list. VMware, Inc.
After performing the initial SMS Server and Client collections, you can explore that data in the portal using the Console and Reports sliders. Viewing SMS Dashboards The SMS Dashboard contains information about your SMS Servers and Clients in a graphical format. VMware, Inc.
2. Click the SMS Client links or the Chart bars to drill down to detailed information on the machine or group of machines. Viewing SMS Server Data The Windows tab of the Console contains information about your SMS Server and Client machines. VMware, Inc.
Server collection, select Console | Enterprise Applications | SMS | SMS Sites | Site Information | Sites. 2. View the list of Servers currently hosting SMS in the data grid. Viewing SMS Client Data The Windows tab of the Console contains information about your SMS Clients. VMware, Inc.
2. View the SMS client machines in the data grid, along with details about the SMS component they contain, the Resource file, and Version number. Viewing SMS Reports An alternative way to view your collected SMS data is by running Reports, or by creating your own custom reports using VCM’s reporting wizard. VMware, Inc.
If all WSUS Servers that you want to manage are present, they have been discovered, but must be licensed in order to make them available for WSUS collections. Refer to "Licensing Windows Machines" on page 59 for instructions on how to license these machines. VMware, Inc.
Now that your WSUS Server Collection is complete, you must perform another collection using the Microsoft WSUS Client Filter in order for VCM to collect WSUS information from your WSUS client machines. Once this collection is complete, you will be able to view all WSUS Server and Client related data through VCM. VMware, Inc.
After performing initial WSUS Server and Client collections, you can explore that data in the portal using the Console and Reports sliders. Viewing WSUS Clients To view information about your WSUS Clients, click Console | Enterprise Applications | WSUS | WSUS Clients | WSUS Client Settings. VMware, Inc.
If you have Internet connectivity from your Collector, you may use the VMware Content Wizard to browse to the latest content and download it directly from VMware. VMware Content Packages are updated frequently and new Content Packages are released on a regular basis. Regardless of your connectivity, VMware recommends that you check back regularly for content updates.
Page 240
These are included in the Content Package. Refer to the online Help for information on how to use a custom filter set. Once the appropriate data has been collected relevant to the Content Package, refer to the online Help to learn more about running Compliance Templates. VMware, Inc.
4. On the Select Installation Type page, select the Advanced Installation check box, and then select Tools. 5. Clear the VMware vCenter Configuration Manager check box. 6. To install all of the tools, leave Tools checked, which will leave all of the individual tools checked as well.
Job Manager tool on a non-Collector machine, see Installing and Getting Started with VCM Tools 1. To start the Job Manager Tool, click Start | All Programs | VMware vCenter Configuration Manager | Tools | Job Manager Tool. VMware, Inc.
These tools do not import or export any collected data. However, they support the migration of any VCM Management Extension for Asset data that has been added to VCM manually. Specifically, the Import/Export Tool supports the following scenarios: VMware, Inc.
VCMinstallation. Import/Export and CW can only be run on a Collector machine. Refer to the following sections to get started with each tool. VCM Import/Export 1. To start Import/Export on your Collector machine, click Start | All Programs | VMware vCenter Configuration Manager | Tools | Import Export Tool. VMware, Inc.
Unlike Import/Export, Content Wizard may be used when no user intervention is required or when you want to connect directly to the VMware website for the latest Content Package updates. To start the CW from your Collector Machine, click Start | All Programs | VMware vCenter Configuration Manager | Tools | Content Wizard.
Page 246
Follow the wizard to completion. Since the Import/Export Merge process is transparent to the user when using CW, you must refer to the error log for any issues regarding the download or import process. VMware, Inc.
Once you have performed initial setup and familiarized yourself with VCM and its components and tools, VMware recommends you step through the specific configuration settings for each licensed component and customize them. Additionally, you should perform routine maintenance on your VCM CMDB just as you would any other SQL database in your enterprise.
Page 248
UNIX Windows For more information on settings specific to those products, refer to the Help associated with each product. To access the Help for any particular Component, navigate to a node within that Component, and then click Help. VMware, Inc.
9. In the Maximum File Size area, select Unrestricted Growth. 10. Click OK to save and close the dialog box. 11. Repeat the same procedures for VCM_Log. 12. Return to the database list and repeat the above procedures for all VCM-related databases. VMware, Inc.
Due to the nature of VCM, it is recommended that the Simple recovery model be used for all VMware databases, and that nightly FULL or INCREMENTAL backups be used. Bulk Logged: In Bulk Logged recovery, the transaction log retains all “normal” transaction information, and effectively discards those that result from a bulk operation.
Page 251
Maintaining VCM After Installation 2. Open the Management folder, right-click Maintenance Plans, and then select Maintenance Plan Wizard. The SQL Server Maintenance Plan Wizard opens. 3. Click Next. The Select Plan Properties page appears. VMware, Inc.
Page 252
6. After you have set the job schedule properties to your own specification, click OK to return to the Select Plan Properties page. Click Next. The Select Maintenance Tasks page appears. VMware, Inc.
Page 253
7. Select the maintenance tasks to be performed. Select Check Database Integrity, Rebuild Index, Update Statistics, and Clean Up History. Click Next. The Select Maintenance Task Order page appears. 8. Specify the order for the maintenance tasks to be performed. Click Next. The Define Database Check Integrity Task page appears. VMware, Inc.
Page 254
Define Rebuild Index Task page appears. Select the databases shown here, including the VCM_Raw database. The VCM_Raw database contains transient data, which is consumed by the other databases. For this reason, you should have the SQL Server 2005 Maintenance Plan check its integrity. VMware, Inc.
Page 255
Specific databases appears in the drop down field. In the Advanced options area of the dialog box, select Sort results in tempdb. Click Next. The Define Update Statistics Task page appears. It is not necessary to rebuild the Index for the VCM_Raw database. VMware, Inc.
Page 256
Define History Cleanup Task page appears. 12. Specify the historical data to be removed from the SQL Server 2005 machine. VMware recommends saving historical data for four months, so set the option to 4 Months. The default setting is four weeks.
Page 257
Click Next. The Complete the Wizard page appears. 14. Verify the selections in the Maintenance Plan Wizard. Expand the tree selections to view the settings. Click Finish. The Maintenance Plan Wizard Progress page appears. VMware, Inc.
Incorporate the VCM CMDB into your Backup/Disaster Recovery Plans Consider your VCM CMDB as you would any other SQL database in your environment. Take the necessary steps to have it incorporated into your corporate strategy for Backup/Disaster Recovery at this time. VMware, Inc.
Support for additional UNIX platforms was added in 5.1, along with the automated distribution of bulletin information to Agent machines. The process of distributing the bulletin information to UNIX Agent machines has failed. VMware, Inc.
When attempting to generate key pairs on the Agent Proxy machine, a protected storage error may occur. For example: CsiCommProxyUtil::wmain(): Failed to get protected storage for VCMv. HRESULT 0x8009000b = Key not valid for use in specified state. If you encounter this type of error, use the workaround below to resolve the problem. VMware, Inc.
Troubleshooting Problems with VCM To Resolve the Problem 1. Open a command prompt. 2. Navigate to the C:\Program Files\VMware\VCM\AgentData\protected directory, and delete these two files: ECMv.csi.pds and ECMv.csi.pds.lck. 3. Execute the following command: GenerateAgentProxyKeys.cmd. 4. Verify that the following files were generated: <machine>_securecomm_public_key.txt...
2. Open the folder where the affected report resides. The VCM Reports. labeled ECM Reports, folders are as follows: ECMAD: Active Directory ECMu: UNIX RSCA: RSCA Service Desk: Service Desk and Change Reconciliation SMS: SMS Standard: Windows reports and Change Management and Compliance SUM: VCM Patching Virtualization: Virtualization VMware, Inc.
Page 263
7. On the Upload File screen, next to the File to Upload text box select Browse. 8. Select the report from the reports directory. 9. Click OK. The report should now include all of the new parameter modifications. VMware, Inc.
Page 264
Configuration Manager Installation and Getting Started Guide VMware, Inc.
If you need to replace a local user in the CSI_COMM_Proxy_SVC group with a new local user, the new account must have full control of [drive]:\Program Files\VMware\VCM and have full control of the Configuresoft registry key (HKEY_LOCAL-MACHINE\Software\Configuresoft). If keys have already been generated, the agentdata\protected folder must be deleted and new keys...
Agent (C:\WINDOWS\CMAgent). 1. Open a Command Prompt on the Agent Proxy machine. 2. Change directory to: [drive:]Program Files\VMware\VCM\Tools\Virtualization. 3. At the command prompt, run the following command: GenerateAgentProxyKeys If you receive an Access is denied error message, then one of the following problems has occurred: 1) You did not add users or groups to the CSI_COMM_PROXY_SVC group OR you did not reboot, or 2) You are not running in a CMD shell as a user in the CSI_COMM_PROXY_SVC group.
OS 84, 97 enterprise CMAgentInstall.exe for Windows Enterprise Certificate installation 16, 61 installing ESX Web Services installation, manually installation, Oracle secure communication installing Web Services agent proxy agent proxy Mac OS X platforms supported 40, 83 VMware, Inc.
Page 268
83, 97 patches, Windows machines lock request deployment tool collector services virtualization account determine forest action compliance running for AD checking Windows developing checking, UNIX/Linux custom collection scripts content, accessing dialup imported content Mac OS X VMware, Inc.
Page 269
ESX Web Services certificate in Remote settings foundation checker Remote maintenance after forest navigating process of run determine forest action preparing forests prerequisites active directory Remote client foundation checker command line installation remote command VMware, Inc.
Page 270
HTTP agent install port number for UNIX agent install 89, 102 create plan portal customize settings familiarizing database recovery settings information bar modifying sliders assets hardware configurations toolbar assets software configurations VMware, Inc.