Archive

Posts Tagged ‘UpdateManager’

What’s New in vCloud Suite 5.5: Introduction

August 26th, 2013 1 comment

vmw_logo_1CloudComputing_2 VMware has announced its latest update to version 5.5 of its global virtualisation powerhouse, vCloud Suite.

I would say that this is an evolutionary rather than revolutionary update being the third major release in the vSphere 5 family (5.0,5.1,5.5).

There are however some significant storage additions such as Virtual SAN (VSAN) and VMware Virtual Flash (vFlash) as well as a new vSphere App HA to provide application software high availability which is in addition to vSphere HA.

VMware has also responded to the customer frustration over Single-Sign on (SSO) which is an authentication proxy for vCenter and made some changes to SSO to hopefully make it easier to deploy. Every component of the suite has been updated in some way which is an impressive undertaking to get everything in sync.

Here are all the details:

  1. What’s New in vCloud Suite 5.5: Introduction
  2. What’s New in vCloud Suite 5.5: vCenter Server and ESXi
  3. What’s New in vCloud Suite 5.5: vCenter Server SSO fixes
  4. What’s New in vCloud Suite 5.5: Virtual SAN (VSAN)
  5. What’s New in vCloud Suite 5.5: VMware Virtual Flash (vFlash)
  6. What’s New in vCloud Suite 5.5: vCloud Director
  7. What’s New in vCloud Suite 5.5: vCenter Orchestrator
  8. What’s New in vCloud Suite 5.5: vCloud Networking & Security
  9. What’s New in vCloud Suite 5.5: vSphere App HA
  10. What’s New in vCloud Suite 5.5: vSphere Replication and vCenter Site Recovery Manager
    VMware is certainly evolving their strategy of the software defined data center, this release puts software defined storage (SDS) on the map at least from a VMware perspective, a multi-year project. VMware vVolumes hasn’t made it into this release which shows what a major undertaking it is, we will have to wait for vSphere 6!
    SDS is going to have a huge push this year from VMware and of course all the other storage vendors, expect some exciting innovation.
    Software defined networking is the next traditional IT infrastructure piece to “Defy convention” and is arguably by far the hardest one to change. Another multi-year project is just beginning.

vSphere 5 Certificates: 6 – Replacing the default vCenter 5 Inventory Service Certificate

February 28th, 2012 2 comments

This is part 6 of a 7 part post on managing vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default vSphere Update Manager 5 Server Certificate

vCenter Server actually has three different components which need their certificates updated, vCenter ServervCenter Web Client Server and vCenter 5 Inventory Service. Initially I had only written the vCenter Server certificate steps but luckily Michael Webster (VCDX #66) keeps me on my toes and I’ve now added parts for the other two components.

You should have now created the default vCenter 5 server certificate files, replaced the default vCenter 5 Server certificate, replaced the vCenter 5 Web Client Server certificate and can now go ahead and replace the vCenter 5 Inventory Service Certificate with the same new certificate files you have created.

On the vCenter Server navigate to C:\Program Files\VMware\Infrastructure\Inventory Service\ssl.

Make a backup copy of the SSL folder.

image

Copy the rui.crt, rui.key and rui.pfx files from C:\OpenSSL-Win64\bin into the into the vCenter Inventory Service SSL folder

image

Read more…

vSphere 5 Certificates: 5 – Replacing the default vCenter 5 Web Client Server Certificate

February 28th, 2012 12 comments

This is part 5 of a 7 part post on managing vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default vSphere Update Manager 5 Server Certificate

vCenter Server actually has three different components which need their certificates updated, vCenter ServervCenter Web Client Server and vCenter 5 Inventory Service. Initially I had only written the vCenter Server certificate steps but luckily Michael Webster (VCDX #66) keeps me on my toes and I’ve now added parts for the other two components.

You should have now created the default vCenter 5 server certificate files, replaced the default vCenter 5 Server certificate and can now go ahead and replace the vCenter 5 Web Client Server Certificate with the same new certificate files you have created.

On the vCenter Server navigate to C:\Program Files\VMware\Infrastructure\vSphere Web Client\DMServer\config\.

Make a backup copy of the SSL folder.

image

Copy the rui.crt, rui.key and rui.pfx files from C:\OpenSSL-Win64\bin into the into the vCenter Web Client Server SSL folder

image

Read more…

vSphere 5 Certificates: 4 – Replacing the default vCenter 5 Server Certificate

February 28th, 2012 4 comments

This is part 4 of a 7 part post on managing vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default vSphere Update Manager 5 Server Certificate

vCenter Server actually has three different components which need their certificates updated, vCenter Server, vCenter Web Client Server and vCenter 5 Inventory Service. Initially I had only written the vCenter Server certificate steps but luckily Michael Webster (VCDX #66) keeps me on my toes and I’ve now added parts for the other two components.

You should have now created the default vCenter 5 server certificate files and can now go ahead and replace the existing certificate for vCenter 5 Server with the new certificate files you have created.

On the vCenter Server navigate to C:\ProgramData\VMware\VMware VirtualCenter.

Make a backup copy of the SSL folder.

Image(2)

Copy the rui.crt, rui.key and rui.pfx files from C:\OpenSSL-Win64\bin into the into the vCenter SSL folder

Image(1)

Read more…

vSphere 5 Certificates: 7 – Replacing the default Update Manager 5 Server Certificate

November 30th, 2011 3 comments

This is the final post of a 7 part post on managing vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default Update Manager 5 Server Certificate

VMware Update Manager uses a different self-signed certificate to authenticate against vCenter Server which also needs to be replaced. You can use the same vCenter certificate if the Update Manager installation is on the same server as vCenter or create and trust a new certificate using the same procedure with the Update Manager server name if it is on another server.

On the Update Manager Server navigate to the Update Manager installation directory C:\Program Files (x86)\VMware\Infrastructure\Update Manager.

Make a backup copy of the SSL folder.

image

Copy the same rui.crt, rui.key and rui.pfx certificate files you created as part of the vCenter Server certificate process into the SSL folder if Update Manager is on the same server else use the other ones you have created.

Image(1)_thumb

Read more…

vSphere 5 Certificates: 3 – Creating the default vCenter 5 Server Certificate and including a DNS alias

November 30th, 2011 16 comments

This is part 3 of a 7 part post on managing vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default vSphere Update Manager 5 Server Certificate

You should now have a root CA certificate distributed to all clients so you can proceed with creating certificates for vCenter 5 which will be trusted by this root CA certificate. These steps will also allow you to create DNS aliases for your certificate if you need them so you can connect to your vCenter server using any of the aliases and still have a valid certificate.

In order to create certificates you will need an application to generate them, one of the easiest is OpenSSL.

Installing OpenSSL
If you install OpenSSL on a vCenter Server, as vCenter 5 only installs on 64-bit you should download the 64-bit version of Win64OpenSSL_Light-1_0_1b and its pre-requisite Visual C++ 2008 Redistributables (x64)

Install Visual C++ 2008 using all default settings.
imageimage

Read more…

vSphere 5 Certificates: 2 – Distributing the Root CA certificate to clients

November 30th, 2011 No comments

This is part 2 of a 7 part post on managing vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default vSphere Update Manager 5 Server Certificate

The posts will
Once you have installed the Root Certificate Authority (CA) you may need to distribute the root certificate to clients. The root CA certificate needs to be in the Trusted Root Certification Authorities certificate store on all clients who need to access vCenter for the certificate trust chain to work. If you are not using your own root CA and have used a commercial root CA this certificate is most likely already in your certificate store.

If the root CA is installed using Active Directory Certificate Services on a server that has access to the Active Directory directory service, the root authority’s certificate will automatically be placed in all users’ Trusted Root Certification Authorities certificate store. This means the distribution of the root CA is taken care of by AD and there’s nothing more you need to do.

As I have installed Active Directory Certificate Service on a domain controller with Domain Admin credentials this distribution has taken place. You can check this by going to any server or workstation within the trusted domain forest and after doing a reboot just to ensure the certificate has had time to be copied down check the Trusted Root Certification Authorities list and see if there are certificates in the list for your own CA. In my example you can see that there are two Self-Signed for lab.int certificates in the list so the deployment has been successful.

image

Read more…

vSphere 5 Certificates: 1 – Installing a Root Certificate Authority

November 30th, 2011 1 comment

Updated: 27 February 2012 to include vCenter 5 Web Client Server and vCenter 5 Inventory Service 

This is the first part of a 7 part post on vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default vSphere Update Manager 5 Server Certificate

The posts will take you through building your own certificate trusting infrastructure and distributing the certificates, creating your own vCenter and Update Manager certificates which can also include DNS aliases and all the steps required to put it all together.

Managing certificates is one of the aspects of a virtualisation environment that is often overlooked or even avoided as it is seen as a hassle and having secure certificates is often not a core requirement of your virtualisation infrastructure.
However there are reasons why you may need to have certificates installed within your environment. Many financial companies, government departments or security sensitive installations require trusted certificates to be installed due to legal regulatory requirements. Public cloud providers need to ensure they are exposing their cloud in a trusted and secure manner and certificates is a part of that. Even if you only have an internal facing infrastructure, Citrix XenDesktop requires the vCenter certificate be installed on the Desktop Delivery Controllers for https access to work.

Even if none of these apply to you, surely the pesky certificate warning that every vSphere Client user gets when launching the client is annoying enough to do something about it!

You can click on Install this certificate and do not display any security warnings but this would bypass any certificate checking and each client would need to do this individually.

Image(3)

Read more…