Monthly Archives: February 2013

Passwordless SSH between the UCS and a remote Linux Server

1. On the remote Linux/Unix server create the user

useradd -m ucsuser -c “UCS user” -d /home/ucsuser

2. Change the directory permissions

chown ucsuser /home/ucsuser

3. Generate SSH key for the new user

ssh-keygen (accept defaults and leave passphrase empty)

4. Copy the public Key to a text file.

cd .ssh/

cat id_rsa.pub

5. SSH to the UCS Manager, at the CLI type the following commands

scope security

create local-user ucsuser

set password

6. Copy the Public Key obtained in step 4 and paste it into the CLI with inverted commas.

set sshkeyssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuo9VQ2CmWBI9/S1f30klCWjnV3lgdXMzO0WUl5iPw85lkdQqap+NFuNmHcb4K

iaQB8X/PDdmtlxQQcawclj+k8f4VcOelBxlsGk5luq5ls1ob1VOIEwcKEL/h5lrdbNlI8y3SS9I/gGiBZ9ARlop9LDpD

m8HPh2LOgyH7Ei1MI8=

commit-buffer

Now you should be able to SSH from the remote linux server to the UCS without entering a password.

VCOPS 5.6 vCloud Director Adapter – Configuration Guide

In this post we’ll go through the basic steps to get VCOPs running with the vCloud Director Adapter, the vCloud instance in this example is running vCloud Director 1.5.

1 .Create an IP Pool and allocate 2 IP addresses, 1 for the UIM server 1 for the Analytics server

 2. From the “Data Center” view select the IP Pools tab and click Add.

      Name the IP Pool and define the IP Subnet Mask and Gateway

 2

3. Enter DNS Details

3

4. Select the relevant Network and hit OK.

4

5. Deploy the OVA

5

6. Select small deployment

6

7. Select ‘Fixed’

7

8. Enter IP the addresses of the UIM and Analytics Virtual Machines and hit Next to finish the deployment.

8

9. Once the Deployment has completed you should see the VCOPS VAPP with 2 VMS.

9

10. Browse to the VCOPS Admin interface on UIM IP address https://10.255.224.28/admin/

Enter username = admin and password = admin to follow the initial set up wizard.

10

11. Enter vCenter Details

11

12. If using self-signed certs, click Yes to trust the vCenter Server certificate

13.  Enter new admin and root passwords for both VMs. Default passwords are Admin/admin and root/vmware

 12

14. Register your vCenter, leave Collector user and password blank.

 13

15. If you need to import data follow this… https://www.vmware.com/support/pubs/vcops-pubs.html

Otherwise click Next.

 14

16. If you are using linked vCenters, select the linked VC from the list, otherwise click Finish to complete the registration.

15

17. Once registration is complete the the VCOPS icon should appear in the solutions and Appplications view of the registered vCenter

16

Register the vCloud Adapter

18. Download the adapter installation PAK file anonymously from  ftp://ftp.integrien.com

19. Save the PAK file on your desktop

20. Browse to the UIM server admin interface –  https://10.255.224.28/admin/

21 . Go to the Update TAB and select the PAK file by browsing to your desktop

17

22. Hit Update and click OK to continue

18

23. The update will take several minutes to complete.

19

24. Log in to the Custom user interface as administrator. – https://10.255.224.28/vcops-custom

25. Browse to Admin>Support

20

26. On the Info tab, find the Adapters Info pane and click the Describe icon, highlighted in yellow on the screen grab below.

22

27. Select Yes to begin the describe process, it should take several minutes to complete.

23

28. The vCloud adapter should now appear in the Adapters Info window.

24

29. To create the adapter Instance – Go to Environment > Configuration > Adapter Instances

26

30. Select Add New Adapter Instance

27

31. Enter vCloud instance IP Address or FQDN

28

32. Add vCloud Director credential, Select Add

29

33. Add vCloud Director login Credentials and hit OK.

30

34.  When you get back to the ‘Add adapter Instance’ page, select ‘Test’ to test the connection to vCloud Director, if the test is successful hit OK to complete the config. VCOPs will access the API so bare this in mind if you’ve got Firewalls or Load Balancers in front of your VCD cells.

31

35. That completes the installation of the vCloud Director adapter.

VCOPs will begin collecting DATA so you can go ahead and start creating some custom dashboards.

32

Configure High Availability for VMware SSO using vShield Edge – Part 3

This guide assumes you have already installed the SSO servers in High Availability mode.

Once you have configured the vShield Edge load balancer, perform the steps below to complete the SSO high availability configuration. 

NOTE: We are not using certificates in this example.

  1. Stop Single Sign-On Services  on both SSO servers 

At Command Prompt execute:

  • SC stop ssoTomcat  
  • SC \\SSO2 stop ssoTomcat 

    2.Copy configuration files from SSO1 to SSO2

Copy <drive>:\Program Files\VMware\Infrastructure\SSOServer\security\server-identity.jks

to….

\\SSO2\<drive>$\Program Files\VMware\Infrastructure\SSOServer\security

Copy <drive>:\Program Files\VMware\Infrastructure\SSOServer\webapps\sso-adminserver\WEB-INF\WEB-INF\web.xml

to……

\\SSO2\<drive>$\Program Files\VMware\Infrastructure\SSOServer\webapps\sso-adminserver\WEB-INF\WEB-INF

3.  Save Keystore password

Open the file :\<drive>$\Program Files\VMware\Infrastructure\SSOServer\conf\server, search for line starting with <Connector SSLEnabled=”true”, on line search for parameter keystorePass and write down the password 

4. SSO2 configuration

Open a Command Prompt on SSO2

At Command Prompt execute:

  • CD <drive>:\Program Files\VMware\Infrastructure\SSOServer\utils
  • SSOCLI.cmd configure-riat -a configure-ssl –keystore-password <password saved above> –keystore-file “<drive>:\Program Files\VMware\Infrastructure\SSOServer\security\server-identity.jks” -m <SSO Administrator Password>

5. Start Single Sign-On Services

At Command Prompt execute:

 SC start ssoTomcat

Configure High Availability for VMware SSO using vShield Edge – Part 2

In Part 1 went through the process of deploying the vShield Edge, next we configure the SSO virtual servers

Configure vShield Edge SSO Virtual Server.

Select the newly deployed Edge and click Actions.

Select Manage

vs1

Select the Load Balancer tab.

Click the plus sign to add a pool.

On the Name & Description screen, enter SSO as the name for this pool.

Click Next.

addpool

On the Services screen, enable HTTPS.

Set the Balancing Method to LEAST_CONN.

Enter 7444 as the port number.

Click Next.

serv

On the Health Check screen, change the Monitor Port to 7444.

Click Next.

health

On the Members screen, click the plus sign to add members to this pool.

Enter the IP address of the SSO1 server.

Click Add, to add it to the pool.

Repeat this step for the SSO2 server.

Click Next.

memb

Click Finish to complete the pool creation.

IMPORTANT: Click Publish Changes in the green bar.

pub

Click the Enable button to enable to pool.

enable

IMPORTANT: Click Publish Changes in the green bar.

pub

Click the Virtual Servers link.

vss

Click the plus sign to add a virtual server.

Enter a name for the virtual server. E.g.. ssl001.localdomain

Enter SSO as the description.

Enter the IP address.

Select the SSO pool.

Enable HTTPS and change the port to 7444.

Select SSL_SESSION_ID as Persistent Method

Click Add.

.virt2

IMPORTANT: Click Publish Changes in the green bar.

pub

Make sure you create a DNS entry in local DNS for the SSO VIP

 

Configure vShield Edge Web Client Virtual Server.

We’re also going to configure the vShield Edge to act as a load balancer for Web Client Service.

Select the new deployed Edge and click Actions.

Select Manage.

vs1

Select the Load Balancer tab.

Click the plus sign to add a pool.

On the Name & Description screen, enter WebClient as the name for this pool.

Click Next.

webcli

On the Services screen, enable HTTPS.

Set the Balancing Method to LEAST_CONN.

Enter 9443 as the port number.

Click Next.

On the Health Check screen, change the Monitor Port to 9443.

Click Next.

ht2

On the Members screen, click the plus sign to add members to this pool.

Enter the IP address of the SSO1 server.

Click Add, to add it to the pool.

Repeat this step for the SSO2 server.

Click Next.
Note SSO1 and SSO2 must have vSphere WebClient software installed.

mem2

Click Finish to complete the pool creation.

IMPORTANT: Click Publish Changes in the green bar

pub

Click the Enable button to enable to pool.

enable

IMPORTANT: Click Publish Changes in the green bar.

pub

Click the Virtual Servers link

setts2

Click the plus sign to add a virtual server.

Enter a name for the virtual server. E.g.

Enter Webclient as the description.

Enter the virtual IP address.

Select the WebClient pool.

Enable HTTPS and change the port to 9443.

Select SSL_SESSION_ID as Persistent Method

Click Add.

wc2

IMPORTANT: Click Publish Changes in the green bar.

pub

 You should now be able to access the SSO service and Web Client using the Virtual IP address, you can check the health of the pools on the ‘Load Balancer’ tab.  In part 3 we will complete the configuration on the SSO servers.

Configure High Availability for VMware SSO using vShield Edge – Part 1

This guide assumes that you have already gone through the SSO server install in high availability, you should currently have 2 SSO servers and a VIP address for load balancing.

  Deploy the vShield Manager template.

 image1

After the OVF file is deployed, power on the vShield Manager virtual machine and open the console.

Log in to the console with the user name admin and password default

At the manager prompt, type enable.

At the Password prompt, type the password default to enable setup mode.

When setup mode is enabled, the prompt string changes to manager#

At the manager# prompt, type setup to begin the setup procedure.

Enter the IP address, subnet mask, default gateway and DNS details.

To change the hostname of vShield Manager.

Type configure terminal

Type hostname xxxxxx

Type exit to exit configure terminal mode

Type copy running-config startup-config

Type reboot to restart vShield Manager

Register vShield Manager with vCenter:

Login to the vShield Manager GUI and Click Settings & Reports.

In the vCenter Server section click on Edit.

Register vShield Manager with vCenter.

2

From vShield Manager GUI.

Click Datacenters.

Select  Datacenter.

Click on the Network Virtualization tab.

Click on the green plus sign to add a vShield Edge.

add vse

Enter Name and Description

Click Next.

4

Configure the credentials for CLI access and enable ssh

Click Next.

6

On the Edge Appliances screen, leave all options at default.

edge appliance

Click on the green plus sign to add the Edge appliance.

Enter vShield Edge placement details

8

Click Add

Click again on the green plus sign to add the Failover Edge appliance.

edge appliance

Select Failover vShield Edge placement details.
Note: Datastore and Host have to be different from the previous ones

10

On the Interfaces screen, click the green plus sign to add the uplink interface.

Enter vnic0 as the name of the interface.

Select the Network to bind ‘connected to’ this will be your management network.

Click the green plus sign to add the IP configuration.

11

Click the plus sign again to add the IP address.

Enter IP address and click OK.

Enter subnet mask and click Save.

Leave everything else default in the parent window.

Click Add.

12

Again on the Interfaces screen, click the green plus sign to add the Internal interface.

Enter int0 as the name of the interface.

Select the Network to bind.

Click the green plus sign to add the IP configuration

int0

Click the plus sign again to add the IP address.

Enter IP address and click OK.
(For IP address use 192.168.2.1)

Enter subnet mask (255.255.255.128) and click Save.

Leave everything else default in the parent window.

Click Add.

Click Next when back on the Interfaces screen.

On the Default Gateway screen, configure the default gateway.

Check Configure Default Gateway.

Enter gateway IP address.

Click Next.

15

On the Firewall & HA screen, check the Configure Firewall default policy checkbox.

Set the Default Traffic Policy to Accept.

We are not going to use firewall capabilities in the loadbalancer.

Click Next.

On the Summary screen, click Finish.

Wait for the Edge deployment process to finish.

fw

That’s the vShield Edge device deployed, in Part 2 we will configure the SSO Virtual Servers