VMware vCenter Operations Management Suite has been released today. This was the major announcement and focus of VMworld Europe 2011 which was billed as “The Biggest VMware Management Launch Ever”.
To recap, the new vCenter Operations Management Suite is made up of two major components:
- vCenter Operations Manager 5.0
- vCenter Infrastructure Navigator 1.0 which is a new product
The suite aspect means there is tight integration between the two components. There are workflows to analyse performance which span both components. The suite now also allows seamless upgrades between different suite editions which are Standard, Advanced and Enterprise.
- vCenter Operations Standard: Performance management with capacity and change awareness for VMware vSphere-virtualized and cloud environments.
- vCenter Operations Advanced: Adds more advanced capacity analytics and planning to vCenter Operations Standard’s performance management for VMware vSphere-virtualized and cloud environments.
- vCenter Operations Enterprise: Performance, capacity and configuration management capabilities for both virtual and physical environments and includes customizable dashboards, smart alerting and application awareness.
Read more…
This is the final post of a 7 part post on managing vSphere 5 Certificates:
- Installing a Root Certificate Authority
- Distributing the root CA certificate to clients
- Creating the default vCenter 5 Server Certificate and including a DNS alias
- Replacing the default vCenter 5 Server Certificate
- Replacing the default vCenter 5 Web Client Server Certificate
- Replacing the default vCenter 5 Inventory Service Certificate
- Replacing the default Update Manager 5 Server Certificate
VMware Update Manager uses a different self-signed certificate to authenticate against vCenter Server which also needs to be replaced. You can use the same vCenter certificate if the Update Manager installation is on the same server as vCenter or create and trust a new certificate using the same procedure with the Update Manager server name if it is on another server.
On the Update Manager Server navigate to the Update Manager installation directory C:\Program Files (x86)\VMware\Infrastructure\Update Manager.
Make a backup copy of the SSL folder.
Copy the same rui.crt, rui.key and rui.pfx certificate files you created as part of the vCenter Server certificate process into the SSL folder if Update Manager is on the same server else use the other ones you have created.
Read more…
This is part 3 of a 7 part post on managing vSphere 5 Certificates:
- Installing a Root Certificate Authority
- Distributing the root CA certificate to clients
- Creating the default vCenter 5 Server Certificate and including a DNS alias
- Replacing the default vCenter 5 Server Certificate
- Replacing the default vCenter 5 Web Client Server Certificate
- Replacing the default vCenter 5 Inventory Service Certificate
- Replacing the default vSphere Update Manager 5 Server Certificate
You should now have a root CA certificate distributed to all clients so you can proceed with creating certificates for vCenter 5 which will be trusted by this root CA certificate. These steps will also allow you to create DNS aliases for your certificate if you need them so you can connect to your vCenter server using any of the aliases and still have a valid certificate.
In order to create certificates you will need an application to generate them, one of the easiest is OpenSSL.
Installing OpenSSL
If you install OpenSSL on a vCenter Server, as vCenter 5 only installs on 64-bit you should download the 64-bit version of Win64OpenSSL_Light-1_0_1b and its pre-requisite Visual C++ 2008 Redistributables (x64)
Install Visual C++ 2008 using all default settings.
Read more…
This is part 2 of a 7 part post on managing vSphere 5 Certificates:
- Installing a Root Certificate Authority
- Distributing the root CA certificate to clients
- Creating the default vCenter 5 Server Certificate and including a DNS alias
- Replacing the default vCenter 5 Server Certificate
- Replacing the default vCenter 5 Web Client Server Certificate
- Replacing the default vCenter 5 Inventory Service Certificate
- Replacing the default vSphere Update Manager 5 Server Certificate
The posts will
Once you have installed the Root Certificate Authority (CA) you may need to distribute the root certificate to clients. The root CA certificate needs to be in the Trusted Root Certification Authorities certificate store on all clients who need to access vCenter for the certificate trust chain to work. If you are not using your own root CA and have used a commercial root CA this certificate is most likely already in your certificate store.
If the root CA is installed using Active Directory Certificate Services on a server that has access to the Active Directory directory service, the root authority’s certificate will automatically be placed in all users’ Trusted Root Certification Authorities certificate store. This means the distribution of the root CA is taken care of by AD and there’s nothing more you need to do.
As I have installed Active Directory Certificate Service on a domain controller with Domain Admin credentials this distribution has taken place. You can check this by going to any server or workstation within the trusted domain forest and after doing a reboot just to ensure the certificate has had time to be copied down check the Trusted Root Certification Authorities list and see if there are certificates in the list for your own CA. In my example you can see that there are two Self-Signed for lab.int certificates in the list so the deployment has been successful.
Read more…
Updated: 27 February 2012 to include vCenter 5 Web Client Server and vCenter 5 Inventory Service
This is the first part of a 7 part post on vSphere 5 Certificates:
- Installing a Root Certificate Authority
- Distributing the root CA certificate to clients
- Creating the default vCenter 5 Server Certificate and including a DNS alias
- Replacing the default vCenter 5 Server Certificate
- Replacing the default vCenter 5 Web Client Server Certificate
- Replacing the default vCenter 5 Inventory Service Certificate
- Replacing the default vSphere Update Manager 5 Server Certificate
The posts will take you through building your own certificate trusting infrastructure and distributing the certificates, creating your own vCenter and Update Manager certificates which can also include DNS aliases and all the steps required to put it all together.
Managing certificates is one of the aspects of a virtualisation environment that is often overlooked or even avoided as it is seen as a hassle and having secure certificates is often not a core requirement of your virtualisation infrastructure.
However there are reasons why you may need to have certificates installed within your environment. Many financial companies, government departments or security sensitive installations require trusted certificates to be installed due to legal regulatory requirements. Public cloud providers need to ensure they are exposing their cloud in a trusted and secure manner and certificates is a part of that. Even if you only have an internal facing infrastructure, Citrix XenDesktop requires the vCenter certificate be installed on the Desktop Delivery Controllers for https access to work.
Even if none of these apply to you, surely the pesky certificate warning that every vSphere Client user gets when launching the client is annoying enough to do something about it!
You can click on Install this certificate and do not display any security warnings but this would bypass any certificate checking and each client would need to do this individually.
Read more…
I have the pleasure today of presenting at the first ever UK VMware User Group. This is a combined meeting of the London, Northern and Scottish VMUGs in the cool National Motorcycle Museum in Solihull which is apparently the “finest and largest motorcycle museum in the world”!
My presentation has nothing whatsoever to do with motorcycles unfortunately but is rather about upgrading your virtual infrastructure from vSphere 4 to 5. In hindsight I should have taken some more inspiration from the surroundings and somehow worked a motorcycle angle into my presentation, I should plan more carefully in the future!
Upgrading to vSphere 5 doesn’t actually have to be a particularly complicated procedure if you have all your ducks in a row and understand all the pre-requisites. This is a good thing as it means you can take advantage of all the cool new features without necessarily having to drastically re-architect your vSphere 4 environment but also means some of the old issues like vCenter availability haven’t changed.
Read more…
Today’s the day that vSphere 5 has officially been released. There are going to be a million other blog posts talking at length about the full release of vCenter, ESXi, new licensing etc. so I’ll avoid repeating what everyone else is saying.
However, as part of the vSphere 5 release, vSphere PowerCLI 5.0 has also been released and since the vSphere 5 announcement, I haven’t noticed anything written as yet about the new PowerCLI. VMware is consolidating their API
vSphere PowerCLI 5.0 can be downloaded from here.
The changelog has a detailed list of all the changes but it’s probablky a little easier to see the Release Notes:
Read more…
Update: I’ve since found out that mattboren actually found out about this before me and posted something on the VMware communities which I missed. Well found Matt.
A fairly common request is to be able to register existing VMs in a datastore in the vCenter inventory.
This can be a life saver if you have had storage issues and have had to present a backup copy of a datastore which has a different name and need to add the VMs to the inventory, a very laborious process if done manually with right-click Add to Inventory.
This can also be useful in a business recovery process when you need to add VMs that have been mirrored by storage replication over to a secondary site and you need to add them into your inventory.
PowerCLI guru, Luc Dekens has developed a fantastic script called Raiders of the Lost VMX which searches a datastore for .VMX files, and adds them to the vCenter inventory. This script has been updated over the years with even more clever functionality.
Adding the VM to the inventory involved running the RegisterVM_Task Method against the VM Folder in VC.
By accident I discovered there’s actually an updated easier way to add existing VMs to the inventory if you have the .VMX file path. I’m not sure when this was added to PowerCLI but I found it when writing a script to add a new VM.
Read more…
VMware has released a new KB article all about investigting the health of a vCenter database.
I’ve blogged before on the major issue with vCenter being a massive single point of failure and also on some steps to work out excessive growth in the database which is now included in this article.
This new KB article does provide good advice and plenty of additional troubleshooting steps for working out where your issues are but the fact still remains that the current design for vCenter is far too monolithic, relying on a database that vCenter itself can corrupt, especially when VDI may require constant availability and more and more management products “bolt-on” to vCenter
Also, alarmingly, the final troubleshooting step is:
Reinitializing the vCenter database
A reinitialization of the vCenter database will reset it to the default configuration as if the vCenter server was newly installed. The following are a few situations which could warrant reseting the database:
- Rebuild of vCenter is required
- Data corruption is suspected
- At the request of VMware Support
Ouch!
VMware has released a useful KB article to help you work out where your vCenter database growth may be coming from.
http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&externalId=1028356
As the vCenter database is the only place for storing all config information, performance data, tasks, events etc. it can grow very quickly especially if you are doing large scale deployments.
The article may point you in the right direction and highlight if you are gathering too much information and/or not purging old data.
You can have a look at your vCenter Server Settings and look at the Statistics and Database Retention Policy settings to see if perhaps you are gethering too much information.
As vCenter becomes critical having a single database holding everything makes your infrastructure management tool too cumbersome.
I would really like VMware to split out the tasks/events/performance data from the critical core configuration/operating data and store it in a separate database so when you have to fix your core installation you are not faced with a massive database of non critical information to work with.
Recent Comments