Archive

Posts Tagged ‘vcenter’

vSphere 5 Certificates: 3 – Creating the default vCenter 5 Server Certificate and including a DNS alias

November 30th, 2011 16 comments

This is part 3 of a 7 part post on managing vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default vSphere Update Manager 5 Server Certificate

You should now have a root CA certificate distributed to all clients so you can proceed with creating certificates for vCenter 5 which will be trusted by this root CA certificate. These steps will also allow you to create DNS aliases for your certificate if you need them so you can connect to your vCenter server using any of the aliases and still have a valid certificate.

In order to create certificates you will need an application to generate them, one of the easiest is OpenSSL.

Installing OpenSSL
If you install OpenSSL on a vCenter Server, as vCenter 5 only installs on 64-bit you should download the 64-bit version of Win64OpenSSL_Light-1_0_1b and its pre-requisite Visual C++ 2008 Redistributables (x64)

Install Visual C++ 2008 using all default settings.
imageimage

Read more…

vSphere 5 Certificates: 2 – Distributing the Root CA certificate to clients

November 30th, 2011 No comments

This is part 2 of a 7 part post on managing vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default vSphere Update Manager 5 Server Certificate

The posts will
Once you have installed the Root Certificate Authority (CA) you may need to distribute the root certificate to clients. The root CA certificate needs to be in the Trusted Root Certification Authorities certificate store on all clients who need to access vCenter for the certificate trust chain to work. If you are not using your own root CA and have used a commercial root CA this certificate is most likely already in your certificate store.

If the root CA is installed using Active Directory Certificate Services on a server that has access to the Active Directory directory service, the root authority’s certificate will automatically be placed in all users’ Trusted Root Certification Authorities certificate store. This means the distribution of the root CA is taken care of by AD and there’s nothing more you need to do.

As I have installed Active Directory Certificate Service on a domain controller with Domain Admin credentials this distribution has taken place. You can check this by going to any server or workstation within the trusted domain forest and after doing a reboot just to ensure the certificate has had time to be copied down check the Trusted Root Certification Authorities list and see if there are certificates in the list for your own CA. In my example you can see that there are two Self-Signed for lab.int certificates in the list so the deployment has been successful.

image

Read more…

vSphere 5 Certificates: 1 – Installing a Root Certificate Authority

November 30th, 2011 No comments

Updated: 27 February 2012 to include vCenter 5 Web Client Server and vCenter 5 Inventory Service 

This is the first part of a 7 part post on vSphere 5 Certificates:

  1. Installing a Root Certificate Authority
  2. Distributing the root CA certificate to clients
  3. Creating the default vCenter 5 Server Certificate and including a DNS alias
  4. Replacing the default vCenter 5 Server Certificate
  5. Replacing the default vCenter 5 Web Client Server Certificate
  6. Replacing the default vCenter 5 Inventory Service Certificate
  7. Replacing the default vSphere Update Manager 5 Server Certificate

The posts will take you through building your own certificate trusting infrastructure and distributing the certificates, creating your own vCenter and Update Manager certificates which can also include DNS aliases and all the steps required to put it all together.

Managing certificates is one of the aspects of a virtualisation environment that is often overlooked or even avoided as it is seen as a hassle and having secure certificates is often not a core requirement of your virtualisation infrastructure.
However there are reasons why you may need to have certificates installed within your environment. Many financial companies, government departments or security sensitive installations require trusted certificates to be installed due to legal regulatory requirements. Public cloud providers need to ensure they are exposing their cloud in a trusted and secure manner and certificates is a part of that. Even if you only have an internal facing infrastructure, Citrix XenDesktop requires the vCenter certificate be installed on the Desktop Delivery Controllers for https access to work.

Even if none of these apply to you, surely the pesky certificate warning that every vSphere Client user gets when launching the client is annoying enough to do something about it!

You can click on Install this certificate and do not display any security warnings but this would bypass any certificate checking and each client would need to do this individually.

Image(3)

Read more…

Upgrading vSphere from 4 to 5 – a UK VMUG presentation.

November 3rd, 2011 2 comments

NationalMotorcycleMuseum (1) I have the pleasure today of presenting at the first ever UK VMware User Group. This is a combined meeting of the London, Northern and Scottish VMUGs in the cool National Motorcycle Museum in Solihull which is apparently the “finest and largest motorcycle museum in the world”!

My presentation has nothing whatsoever to do with motorcycles unfortunately but is rather about upgrading your virtual infrastructure from vSphere 4 to 5. In hindsight I should have taken some more inspiration from the surroundings and somehow worked a motorcycle angle into my presentation, I should plan more carefully in the future!

Upgrading to vSphere 5 doesn’t actually have to be a particularly complicated procedure if you have all your ducks in a row and understand all the pre-requisites. This is a good thing as it means you can take advantage of all the cool new features without necessarily having to drastically re-architect your vSphere 4 environment but also means some of the old issues like vCenter availability haven’t changed.

Read more…

Categories: ESX, vCenter, VMUG, VMware Tags: , , , ,

What’s new in VMware vSphere PowerCLI 5.0

August 25th, 2011 No comments

Today’s the day that vSphere 5 has officially been released.  There are going to be a million other blog posts talking at length about the full release of vCenter, ESXi, new licensing etc. so I’ll avoid repeating what everyone else is saying.

However, as part of the vSphere 5 release, vSphere PowerCLI 5.0 has also been released and since the vSphere 5 announcement, I haven’t noticed anything written as yet about the new PowerCLI. VMware is consolidating their API

vSphere PowerCLI 5.0 can be downloaded from here.

The changelog has a detailed list of all the changes but it’s probablky a little easier to see the Release Notes:

Read more…

Investigating the health of a vCenter database server

March 9th, 2011 No comments

VMware has released a new KB article all about investigting the health of a vCenter database.

I’ve blogged before on the major issue with vCenter being a massive single point of failure and also on some steps to work out excessive growth in the database which is now included in this article.

This new KB article does provide good advice and plenty of additional troubleshooting steps for working out where your issues are but the fact still remains that the current design for vCenter is far too monolithic, relying on a database that vCenter itself can corrupt, especially when VDI may require constant availability and more and more management products “bolt-on” to vCenter

Also, alarmingly, the final troubleshooting step is:

Reinitializing the vCenter database
A reinitialization of the vCenter database will reset it to the default configuration as if the vCenter server was newly installed. The following are a few situations which could warrant reseting the database:

  • Rebuild of vCenter is required
  • Data corruption is suspected
  • At the request of VMware Support

Ouch!

Categories: vCenter, VMware Tags: , ,

Determining where growth is occurring in the vCenter Server database

February 4th, 2011 1 comment

VMware has released a useful KB article to help you work out where your vCenter database growth may be coming from.
http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&externalId=1028356

As the vCenter database is the only place for storing all config information, performance data, tasks, events etc. it can grow very quickly especially if you are doing large scale deployments.

The article may point you in the right direction and highlight if you are gathering too much information and/or not purging old data.

You can have a look at your vCenter Server Settings and look at the Statistics and Database Retention Policy settings to see if perhaps you are gethering too much information.

As vCenter becomes critical having a single database holding everything makes your infrastructure management tool too cumbersome.

I would really like VMware to split out the tasks/events/performance data from the critical core configuration/operating data and store it in a separate database so when you have to fix your core installation you are not faced with a massive database of non critical information to work with.

Categories: vCenter, VMware Tags: ,

Why vCenter is letting VMware’s side down

November 25th, 2010 3 comments

I’ve been meaning to write this post for ages and its been gnawing at my brain for months begging to be written so grab a big cuppa and settle down for a long one!

vCenter in my opinion is now the major weakness in VMware’s software lineup.  Unfortunately it is that big fat single point of failure that just doesn’t cut it any more in terms of availability.

Lets think back to when VirtualCenter as it was then called was unleashed on the world in 2003.

At the time it was the wonder application that connected your ESX servers together allowing the game changer that was VMotion. You could easily provision VMs from templates, monitor your hosts and VMs and generate alerts.  The VMware SDK was what allowed the building of PowerCLI, one of the best powershell examples out there.  The VMware management layer was born.

Since then Virtual Center became vCenter and until probably some time last year this was all good. It was a great single pane of glass to look at and manage your virtual environment, hosts, clusters, resource groups, DRS, vMotion, HA etc.

It didn’t need to be highly available.  If vCenter went down vMotion and DRS would be affected and you wouldn’t be able to provision new VMs but your underlying VMs running on the hosts would not be affected.  HA was configured in vCenter but the information was held on the hosts so even if vCenter failed HA would still be able to recover VMs in the event of a host failure.

Now the situation is very different, there are more and more VMware management products that rely on vCenter.  Have a look at the VMware Management Products picture in the VMware Virtualization and Cloud Management solutions overview.

That’s a lot of applications that now rely on vCenter and this doesn’t even cover everything.

Read more…

Getting rid of stale vCenter Plugins

November 17th, 2010 1 comment

ThinkVirt has posted a great way to get rid of those pesky vCenter Plugins you installed ages ago and can’t get rid of.
http://www.thinkvirt.com/?q=node/217

I had installed one from NetApp that just wouldn’t go away after an uninstall so this procedure worked perfectly.

Now its gone!

Categories: VMware Tags: , ,