Book Image

Implementing VMware vCenter Server

By : Kostantin Kuminsky
Book Image

Implementing VMware vCenter Server

By: Kostantin Kuminsky

Overview of this book

Table of Contents (16 chapters)
Implementing VMware vCenter Server
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Installing the Management Suite


Once all hardware and software prerequisites are met, before running the installer, make sure that:

  • The server's name complies with RFC 952 guidelines and contains not more than 15 characters.

  • The server's fully qualified domain name (FQDN) can be resolved into an IP address using ping or nslookup and the server's name matches the DNS entry.

  • There is an appropriate PTR record for the server's IP address so that it can be resolved back to FQDN.

  • The server's IP address is assigned statically so that clients don't run into any issues trying to connect to vCenter.

    Tip

    vCenter will use IPv6 if the server it's installed on is configured to use IPv6. In this case, the server's IP address should be specified in the IPv6 format when you connect to vCenter or install additional modules.

  • The installation path you will use does not contain any of the following characters: non-ASCII characters, commas (,), periods (.), exclamation points (!), pound signs (#), at signs (@), or percentage signs (%).

  • There is no Network Address Translation (NAT) between the network that vCenter Server will be a part of and the network where hosts will be managed.

  • There is a connection between the server and the domain controller. vCenter can be installed on a server that is a part of a workgroup as well; however, not all functionality will be available in this case.

  • The server is not a domain controller itself.

  • The user account that is used to install vCenter has the following permissions:

    • Member of the Administrators group

    • Act as part of the operating system

    • Log on as a service

      Tip

      It is recommended to use a Windows account to run vCenter Service. This account can be used to connect to the SQL database and also provides more security than the System account built into Windows. This user must be the local administrator on the server and the SQL server has to be configured to allow Windows authentication.

  • The NETWORK SERVICE account has access to the folder where vCenter Server will be installed as well as to the HKLM registry branch.

vCenter Server and vSphere Update Manager require the database server to store its data, and each vCenter Server instance requires its own database. Also, it is recommended to use separate databases for vCenter Server and Update Manager.

vCenter can use DB2, Oracle, or MS SQL database. Microsoft SQL Server 2008 R2 Express can be used for smaller deployments—up to five hosts and up to 50 virtual machines. It will be installed during vCenter setup if you select the bundled database during installation. It's not supported for production environments however. Microsoft SQL Server 2005 or 2008 can be used for larger deployments.

For any supported databases, vCenter needs a 64-bit System DSN. If you are using the Microsoft SQL Server database on a different server, System DNS can be created by navigating to Control Panel | Administrative Tools | Data Sources (ODBC). In the ODBC settings window, go to the System DSN tab. From there, you can either modify the existing ODBC connection or create a new one. To create a new connection, click on Add, select SQL Native client, and then click on Finish.

In the next step, enter the ODBC data source name, an optional description, and the SQL Server name. You may need to type the name in the dropbox if it's not listed there.

In the next step, choose either Integrated Windows Authentication or SQL Server authentication and enter the username and password if necessary. Select the database that will be used and then click on Finish. There is also an option to test the connection.

If you don't have a database ready yet, please refer to the section about setting up a database later in this chapter.

If the server name has been changed, make sure System DSN is configured to use the new name.

Once the vCenter Server database is in use, it's a good idea to perform standard database maintenance regularly. The suggested maintenance tasks are:

  • Monitoring the growth of the logfile and compacting it as needed

  • Scheduling regular backups of the database

  • Backing up the database before any vCenter Server upgrades

Keep in mind that when you install vCenter Server, there are other components that will be installed as well. A list of the components that are installed by default can be found in the VMware documentation at http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-78933728-7F02-43AF-ABD8-0BDCE10418A6.html.

The vCenter Server that is installed is usually downloaded as a ZIP archive. Once it's downloaded and unzipped, run autorun.exe and select vCenter Server.

The next steps of the installation wizard are straightforward. You will be prompted to choose the installer language, accept the end user and license agreement, and enter your username, organization name, and license key.

The license key can be omitted in this step. In this case, vCenter Server will be in the evaluation mode that allows you to use the full feature set for a 60-day evaluation period. You will be able to enter the license key later and convert vCenter Server to the licensed mode.

In the next step, choose the type of database that you want to use:

  • To use the bundled database, click on Install a Microsoft SQL Server 2008 Express instance. This option should be used only for small-scale deployments; up to five hosts and 50 virtual machines.

  • To use an existing database, click on Use an existing supported database and select your database from the list of available DSNs. Enter the username and password for the DSN.

Tip

A dialog box might appear warning you that the DSN points to an older version of a repository that must be upgraded. If you click on Yes, the installer upgrades the database schema making the database irreversibly incompatible with previous VirtualCenter versions.

In the next step, you'll need to set the login information for vCenter Server:

  • For a non-bundled database, enter the administrator name and password that you use when you log in to the system where vCenter Server is being installed. This username and password will be needed to log in to vCenter Server after it's installed.

  • If you are using the bundled SQL Server database, select Use SYSTEM Account.

In the next step, the Fully Qualified Domain Name field of the system that you are installing vCenter Server on is displayed. The installer checks that this FQDN is resolvable. A warning message will be displayed if FQDN is not resolvable. This is a requirement, so you may need to change the entry to a resolvable one. FQDN has to be entered in this step, not an IP address.

In the next step, you can either accept the default destination folders or click on Change to select another location.

Moving forward, select Create a standalone VMware vCenter Server instance or Join Group. When joining a Linked Mode group, you can enable vSphere Client to view, search, and manage data across multiple vCenter Server systems.

Tip

This option is not available when upgrading VirtualCenter or the vCenter Server database schema. You will be able to join a Linked Mode group after the upgrade is complete.

If you join a group, enter the fully qualified domain name and LDAP port number of any remote vCenter Server system. The installer will allow entering IP address as well. However, to make sure that you don't run into any issues in future if the IP address changes, it is recommended to use FQDN.

For IPv6, it's better to use FQDN especially when a local or remote server is not in the IPv6 mode. If the local machine has an IPv4 address and the remote machine has an IPv6 address, make sure the local machine supports IPv4 and IPv6 mixed mode. The domain name server should also be able to resolve both IPv4 and IPv6 addresses if there are servers that use different addressing types in a single Linked Mode group.

In the next step, enter the port numbers that you want to use or accept the default port numbers.

Then, select the size of your vCenter Server inventory, which helps the installer to allocate memory for several Java services that are used by vCenter Server.

Tip

This setting determines the maximum JVM heap settings for VMware VirtualCenter Management Webservices (Tomcat), Inventory Service, and Profile-Driven Storage Service. It can also be changed after installation if the number of hosts in your environment changes.

Optionally, choose Select this option to increase the number of ephemeral ports available option in the Ready to Install the Program window. This option increases the number of available ephemeral ports. In case more than 2000 virtual machines are powered on simultaneously on different hosts managed by vCenter, this option prevents the pool of available ephemeral ports from being exhausted.

Click on Install; once installation is done, click on Finish.

After vCenter Server is installed, you may need to install additional modules. Some of them are listed as follows:

  • Update Manager: It allows updating ESX/ESXi hosts as well as guest operating systems. For more details on the Update Manager module, see Chapter 7, Events, Alarms, and Automated Actions.

  • vSphere ESXi Dump Collector: It allows configuring the ESXi server to dump memory to a network server instead of a local disk. It is installed and enabled by default in vCenter Server Appliance.

  • vSphere Syslog Collector: It enables redirection of ESXi system logs to a remote server on the network.

  • vSphere Auto Deploy: It helps to provision and customize physical hosts by loading the ESXi image directly into memory.

  • vSphere Authentication Proxy: It enables ESXi hosts to join a domain without using Active Directory credentials. It eliminates the need to store Active Directory credentials in the host's configuration and therefore increases the security of PXE-booted hosts and hosts that are provisioned using Auto Deploy.

All the previous modules can be installed by selecting the appropriate option from the Autorun menu of the vCenter Server installer.

If there is a requirement for strong security, it's recommended to replace default vCenter Server certificates with certificates signed by a trusted Certificate Authority (CA). If you don't have a certificate yet, you will need to create a certificate signing request (CSR), submit it to CA, and get a certificate. This can be done with OpenSSL on any Windows or Linux machine. In most cases, OpenSSL needs to be installed on the server.

Once you receive the certificate, you will need to export it as a .pfx file, which combines the certificate and private key. This can be accomplished using the following command:

openssl pkcs12 -export -in <name>.crt -inkey <name>.key -name <name> -passout pass:testpassword -out <name>.pfx

The .crt file contains the certificate and the .key file contains the private key.

If you have a certificate that you can use with vCenter, it's likely a .pfx file already, and you will need to split it into the certificate and private key as shown in the following lines of code :

openssl.exe pkcs12 -in <name>.pfx -nocerts -out <name>.pem
openssl.exe pkcs12 -in <name>.pfx -clcerts -nokeys -out <name>.pem

Eventually, you will have three files: .crt, .key, and .pfx. For vCenter Server 5.0 and later, you must also copy the certificate files to the vSphere Web Client directory and to the Inventory Service directory. Therefore, these files will need to be placed in the following folders:

  • For Windows 2008, the default locations are:

    • C:\Program Data\VMware\VMware VirtualCenter\SSL

    • C:\Program Files\VMware\Infrastructure\Inventory Service\SSL

    • C:\Program Files\VMware\Infrastructure\vSphere Web Client\DMServer\config\ssl

  • For Windows 2003, the default locations are:

    • C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL

    • C:\Documents and Settings\All Users\Application Data\VMware\Infrastructure\Inventory Service\SSL

    • C:\Documents and Settings\All Users\VMware\Infrastructure\vSphere Web Client\DMServer\config\ssl

Linked Mode groups

A Linked Mode group is a group of vCenter servers. It allows administrators to connect to one of them and manage inventories from all vCenter Servers in the group. vCenter Server can be joined to a group either during or after installation. It can also be joined to multiple Linked Mode groups.

There are a few considerations administrators should be aware of before configuring Linked groups:

  • Groups with different versions of vCenter Server are not supported. Therefore, earlier versions of vCenter have to be upgraded before joining a group that has vCenter Server Version 5.

  • If you are upgrading vCenter Server that is a part of a Linked Mode group, it will be removed from the group.

  • A vCenter user has to have appropriate permissions on the other servers to be able to use them.

  • The first vCenter Server of a group has to be installed in the standalone mode. Subsequent servers can be joined to the first one to form a group.

  • vCenter Servers that are members of a Linked group should also be members of a domain. The domain user should be added as an administrator. However, servers don't need to use the same domain user.

  • If you are joining vCenter Server to a group during installation and entering the IP address of the other server from the group, the IP address will be converted to FQDN. However, it is recommended to use FQDN to avoid any issues that can happen if the IP address is changed.

The following prerequisites should be met for each vCenter Server that needs to be joined to a Linked group:

  • A Linked Mode group cannot contain different versions of vCenter Server. Therefore, if you are joining with an older version of vCenter Server, it should be upgraded. You will not be able to join vCenter Server to a group during the upgrade process; it has to be upgraded first and then joined. Also, do not join a Version 5.0 vCenter Server to servers running on earlier versions.

  • vCenter Server must be in the evaluation mode or licensed as a Standard edition. vCenter Server Foundation and vCenter Server Essentials editions do not support Linked Mode groups.

  • Make sure DNS is operational since it is essential for Linked Mode replication to work.

  • If vCenter Servers are members of different domains, there must be a two-way trust relationship between these domains. In other words, if you are joining vCenter Server to a group, its domain must trust the other domains on which vCenter Server instances are installed.

  • The user under whom you are running the vCenter Server installer must be a domain user who is an administrator on both the machines: the target vCenter Server machine as well as the one that is joining the group.

  • All servers must show the correct time and need to have network time synchronization set up and operating correctly. The vCenter Server installer checks that the machine clocks' times are no more than five minutes apart.

If you are joining vCenter Server to a group after installation, go to Start | All Programs | VMware and run vCenter Server Linked Mode Configuration. Follow the wizard prompts.

Select the Modify linked mode configuration option, and in the next step, click on join this vCenter Server instance to an existing linked mode group or another instance and then click on Next.

In the next step, you will be prompted to enter the server name and LDAP port number of a remote vCenter Server instance that is a member of the group.

vCenter Server installer may detect a role conflict. In this case, you will be prompted to choose how to resolve the conflict. There will be two options to choose from:

  • Yes, let VMware vCenter Server resolve the conflicts for me: The role on the system that is joining the group will be renamed to vcenter_namerole_name, where vcenter_name is the name of the vCenter Server system that is joining the Linked Mode group and role_name is the name of the original role.

  • No, I'll resolve the conflicts myself: You will need to resolve conflicts manually by renaming the conflicting role.

vCenter Server needs to be restarted after joining a group.

To remove vCenter Server from a Linked Mode group, perform the following steps:

  1. Navigate to Start | All Programs | VMware.

  2. Run vCenter Server Linked Mode Configuration.

  3. Click on Modify linked mode configuration.

  4. On the next step, click on Isolate this vCenter Server instance from linked mode group and then click on Next.

  5. Once you click on Continue followed by Finish and reboot vCenter Server, it will no longer be a part of the group.