VMware VCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE CONTENT REPOSITORY TOOL GUIDE Guía de instalación

VMware vCenter Configuration ManagerAdministration GuidevCenter Configuration Manager 5.7This document supports the version of each product listed and

Technical Support and Education ResourcesThe following technical support resources are available to you. To access the current version of this bookand

Column Names Include SpacesRunning the schtasks command without any options displays a column name of Next Run Time.Because this name includes spaces,

To preserve the user-friendly name, use the task name as the element name for the task rows. When youcreate a collection filter that uses your script,

nIn-line: The default WCI filter uses an in-line script to collect basic information about the PowerShellversion, .NET version, and execution policy s

The schtasks command returns basic information about scheduled tasks. The data returned byschtasks includes multiple rows. PowerShell structures the $

function ToCMBase64String([string]$input_string){return [string]("cmbase64-" + [System.Convert]::ToBase64String([System.Text.Encoding]::UNIC

{$hostcol = $j++}else{if (([string]$cols[$j]).toupper() -eq "TASKNAME"){$namecol = $j++}else{$j++}}}#save first column name, to check for re

if ($task[0] -ne $firstcol){#if we did not find a TaskName column, just tag eachrow as Task-nif ($namecol -gt -1){$clTasks += "<" + [stri

} #end row loop}$clTasks += ("</Scheduled_Tasks>")write-host $clTasks5. After you generate your PowerShell script, perform the followi

Collecting Windows Custom InformationTo collect Windows Custom Information (WCI) using script-based filters, you create and verify yourcustom PowerShe

WCI internally stores data in a hierarchy, so your collection script must provide the complete datastructure in the standard tree view. The root eleme

Getting Started with VCM1Getting Started with VCMWhen you use VCM, you must understand user access and how to start VCM from any physical or virtualma

What to do nextInstall PowerShell on your VCM managed machines. See "Install PowerShell" on page 110.Install PowerShellVerify that PowerShel

CAUTION Do not limit collections to deltas when you select a data type in the Collect wizard. If youlimit collections to deltas, VCM purges all existi

Procedure1. On your VCM Collector, click Collect.2. On the Collection Type page, select Machine Data and click OK.3. On the Machines page, select the

Procedure1. On your VCM Collector, click Administration.2. Select Job Manager > History > InstantCollections > Past 24 Hours.3. In the Insta

Procedure1. On your Collector, click Console.2. Select Windows > Operating System > Custom Information.3. Select a view of the collected WCI dat

Troubleshooting Custom PowerShell ScriptsIf you encounter problems when you run custom PowerShell scripts, run the script as a .ps1 file andcorrect an

vCenter Configuration Manager Administration Guide116VMware, Inc.

Configuring Linux, UNIX, and Mac OS XMachines8Configuring Linux, UNIX, and Mac OS XMachinesTo manage machines running Linux, UNIX, and Mac OS X operat

Figure 8–1. Linux, UNIX, and Mac OS X Managed Machines DiagramInstallation Delegates for Linux, UNIX, and Mac OS X Agent InstallationsThe Installation

Linux, UNIX, or Mac OS X Installation CredentialsThe installation credentials required to install the VCM Agent on Linux, UNIX, or Mac OS X machines m

nRemote command executionnChange actions against target managed machinesnChange rollbacknCompliance enforcementnPatch deploymentnSoftware deploymentnO

1. Installation wizard Object level credentials2. Installation wizard Job level credentials3. Administrative parameter Machine context credentials4. A

5. "Install the VCM Agent on Linux, UNIX, and Mac OS X Operating Systems" on page 125To enable communication between the Collector and the m

PrerequisitesVerify that the Installation Delegate machine is licensed and that it has the VCM Agent 5.5 or laterinstalled. See "Configure Window

Enable Installation Delegate Machines for Linux Agent InstallationInstallation Delegate machines must be enabled to perform the necessary communicatio

When you use VCM to install the Agent, the installation process uses SSH to copy the Agent files from theInstallation Delegate machine to the target m

a. Configure machine information.Option ActionMachine Type the name of the machine.You can use NetBIOS or Fully-Qualified Domain Name (FQDN) notation

This procedure uses VCM to install the Agent on your target machines. You might also use a manualprocess. See the online Help for the steps to manuall

If you select User Name, Password, and Root Password at the object level, you configure each targetmachine individually. If you select the options at

Installation Options with DefaultValuesDescriptionCSI_BIND_IPBinds the Agent to a single IP address.This value is only honored in daemon mode.CSI_NO_L

Installation Options with DefaultValuesDescriptionCSI_USER=csi_acctKeep the default value. The user assigned to the cfgsoftgroup. The CSI listener pro

Procedure1. To connect to VCM from a physical or virtual machine on your network, open Internet Explorer andtype http://<name-or-IP-address-of-Coll

Installation Options with DefaultValuesDescriptionCSI_PARENT_LOG_DIRECTORY=defaultSpecifies where agent operational log files are kept. The logdirecto

Installation Options with DefaultValuesDescriptionCSI_LOCALE=Keep the locale configuration option unspecified in thecsi.config file when installing th

Installation Options with DefaultValuesDescriptionscripts use the previous precedence rules to evaluate andgenerate a default value that is displayed

What to do nextnReview the collected data from the managed machines. See "Linux, UNIX, and Mac OS X CollectionResults" on page 133.n(Optiona

This action is not required, but scheduling your collections improves your configuration managementefficiency.PrerequisitesVerify that your Linux, UNI

12. To add more than one operating system to your filter, select or for the Connect the conditions belowwith option.13. Click Add, configure the filte

Procedure1. Click Administration.2. Select Job Manager > Scheduled.3. Click Add.4. Select Collection and click Next.5. Type a job name and descript

Patching Managed Machines9Patching Managed MachinesVCM patch assessment, deployment, and verification ensures continuous security in your environmentt

Deploying patches to Linux, UNIX, or Windows managed machines requires the use of a patch assessmenttemplate. After you patch Linux, UNIX, or Windows

nYou must manage your own patch repository. A temporary expansion of the patches occurs in the/tmp directory. For single-user mode, patches are extrac

nLog Out: Exits the Web Console. The Web Console closes and the VCM Logon screen appears.nAbout: Displays information about how to contact VMware Tech

If you encounter problems during automatic or manual patch deployment, see the VCM TroubleshootingGuide.Requirements to Patch Solaris Machines in Sing

Procedure1. Store the patches in a local location on the target managed machine.You can extract the patches in this location, if desired.On Solaris ma

Figure 9–1. Manually Patching Managed Machines with VCMTo manually patch Linux and UNIXmachines, you can use a Red Hat Linux 6, 64-bit patching repos

Getting Started with VCM Manual PatchingYou can use VCM to manually assess the patching state of Linux, UNIX, and Windows managed machines,and manuall

What to do nextRun patch status reports on Linux, UNIX, and Windows managed machines. See "Running PatchingReports" on page 180.Configuring

Procedure1. Click Patching.2. Select Linux or UNIX platform > Bulletins > By Bulletin.3. Click Check for Update, select an update option, and cl

Linux and UNIX patch assessments require you to collect new patch status data from managed machines.These patch assessments operate differently from V

8. To view the patch assessment results, click Linux or UNIX platform and click Assessment Results >All Bulletins.What to do nextReview the results

Icon Status DescriptionIncorrectMD5MD5 Hash generated from the patch signature (PLS) file, which containsthe content and signature, does not match the

IMPORTANT If a failure occurs at any time during the patch deployment job, the System Administratormust check the status of the system, resolve any is

Navigation SlidersThe navigation sliders on the left side of the Web Console include the items listed and described in thefollowing table. The individ

a. Select Stage patches manually, and set the time and date for patch staging.b. Select whether to have VCM deploy the patches to target managed machi

3. "View Windows Bulletin Details" on page 152You can view detailed information about Windows patch bulletins, including technical details,r

Download Patches for Windows Patch DeploymentYou can download patches for deployment to Windows managed machines based on the bulletinsincluded in a p

What to do nextUse filter sets to collect data from Windows managed machines. See "Collect Data from WindowsMachines by Using the VCM Patching Fi

Procedure1. Click Patching and select Windows > Bulletins > By Bulletin.2. Select a bulletin.3. Click Details, read the technical details for th

The Not Patched column displays machines that require a patch or a reboot for an applied patch.From the Summary view, you can navigate to the affected

11. Click Next again to either schedule the deploy job or to instruct VCM to run the job immediately.12. On the Reboot Options page, select to not reb

Figure 9–2. Automatic Patching of Linux and UNIX Managed Machines with VCMPrerequisitesUnderstand the patch assessment and deployment actions, and per

To ensure that Linux, UNIX, and Windows managed machines always include the latest patches, youcan have VCM deploy patches to the managed machines whe

Procedure1. Download and install the latest version of Java and the Oracle Java Cryptography Extension (JCE),which is used for Software Content Reposi

Slider ActionActiveDirectorynView, export, or print enterprise-wide, summary information for ActiveDirectory objects.nReview alert notifications for t

PrerequisitesVerify that you can access the VCM documentation page athttps://www.vmware.com/support/pubs/vcm_pubs.html.Procedure1. On the VCM document

Procedure1. On the patching repository machine, download the runtime properties files tarball from the same Website where you downloaded the SCR Tool

Follow this procedure for each Red Hat Linux alternate location patch repository machine in yourenvironment.Procedure1. On the Red Hat Linux alternate

Figure 9–3. Staging Linux and UNIX Patches on VCM Managed MachinesTo simplify the configuration for how Linux and UNIX managed machines obtain and ext

nVerify that the machine groups to be used for Linux and UNIX patching are defined in VCM, and addany new machine groups for VCMto patch specific gro

Procedure1. In VCM on the VCM Collector, to set the repository status for the patching repository machine, clickAdministration and click Certificates.

Procedure1. In VCM, click Administration.2. Click Settings > General Settings > Patching > UNIX > Patch Staging.3. Click Add.4. Type a uni

8. (Optional) If you selected Obtain patches from an Alternate Location, you must provide the path andconnection information to copy the patches from

Procedure1. Click Administration and select Settings >General Settings > Patching > Machine Group Mapping.2. Select a machine group and clic

The base path directory contains directories for the SCR Tool binary files, configuration files, logs.PrerequisitesConfigure the machine group mapping

Create a machine group structure that matches the organization of the machines in your environment.With these machine groups, you can manage specific

You can also use VCM's automatic event-driven and scheduled patching for managed Windows machines.For a list of supported machines for VCM patchi

Procedure1. "Generate a Patch Assessment Template" on page 171To configure VCM for automatic, event-driven patch deployment, you must genera

Procedure1. To generate a static or dynamic patch assessment template and include the relevant patch bulletins,click Patching and select All UNIX/Linu

Procedure1. To add patching exceptions for VCM to apply during the automatic deployment of patches to a groupof managed machines, click Patching.2. Se

Procedure1. To modify the automatic patching settings, click Administration.2. Click Settings > General Settings > Patching > UNIX > Addit

What to do nextnGenerate a patch deployment mapping. See "Generate a Patch Deployment Mapping" on page 175.n(Optional) You can schedule an a

What to do nextnAfter VCMtriggers a patch assessment, view the patch assessment results. See the VCM online help.n(Optional) You can schedule an auto

How the Linux and UNIX Patch Staging WorksAs a patch administrator, you can stage patches on target Linux and UNIX managed machines for VCMtodeploy.

Related TopicsnFor steps to stage Linux and UNIX patches for deployment, see "Configuring VCM to Work with thePatching Repository and Alternate L

The patch assessment and deployment process for Linux and UNIX does not use remote commands. Ifyou deploy a patch using a user-created remote command,

vCenter Configuration Manager Administration Guide18VMware, Inc.

Running Patching ReportsVCM uses trends, details, template summaries, bulletins, affected software products, and patchdeployment history to generate p

Running and Enforcing Compliance10Running and Enforcing ComplianceCompliance compares your virtual or physical machines running Linux, UNIX, Mac OS X,

To assist you with managing your environment, you can download compliance templates from theVMware Center for Policy and Compliance. The available tem

You can create your own compliance templates or modify templates that you downloaded from theCenter for Policy and Compliance.PrerequisitesnCollect da

The collection filter set that is selected is used when calculating data age for the rules in the compliancetemplates. The filter set must collect the

Procedure1. Click Compliance.2. Select Machine Group Compliance > Rule Groups > rule group name > Rules.3. Click Add.4. Type the name and des

Procedure1. Click Compliance.2. Select Machine Group > Rule Groups > rule group name > Filters.3. Click Add.4. Type the name and description

Procedure1. Click Compliance.2. Select Machine Group Compliance > Rule Groups.Capacity 5GB - Linux and UNIX is the example in this procedure.3. Sel

Procedure1. Click Compliance.2. Select Machine Group Compliance > Templates.3. Click Add.4. Type the name and description in the text boxes and cli

What to do nextnEvaluate the results and resolve any issues on the noncompliant objects. "Resolve NoncompliantCompliance Template Results" o

Installing and Getting Started with VCMTools2Installing and Getting Started with VCMToolsVCM Installation Manager installs several VCM components and

Procedure1. Click Compliance.2. Select Machine Groups Compliance > Templates > {template name}.3. In the Status column, select the rule results

Manually Enforce Compliance Template ResultsYou can resolve noncompliant results by directly accessing the virtual or physical machine, or by accessin

selected results.In this example, to specify RHEL_60_TestDev as the exception, remove all the property rows, exceptfor the row containing the Machine

6. Select a compliance template and click Next.7. Review the configured actions and click Finish.What to do nextCreate a virtual environments configur

PrerequisitesnSchedule a regular collection of the data types for the machine groups against which you are runningthe machine group compliance templat

vulnerabilitiesTo calculate CVSS scores that apply to your unique environment, go to the CVSS scoring Web site, fillin the form, and click the Update

Run an SCAP AssessmentRun an SCAP assessment that compares your managed machine configuration against a profile in astandard SCAP benchmark.Prerequisi

Upon successful export, VCM creates a file with a name based on the machine name, output format, andtime stamp in the following folder on the Collecto

vCenter Configuration Manager Administration Guide198VMware, Inc.

Provisioning Physical or VirtualMachine Operating Systems11Provisioning Physical or Virtual MachineOperating SystemsOperating system (OS) provisioning

CopyrightYou can find the most up-to-date technical documentation on the VMware Web site at:http://www.vmware.com/support/The VMware Web site also pro

c. To install a subset of tools, clear the Tools check box and select only the individual tools to install.4. Click Next.5. Complete the remaining ins

Figure 11–1. Relationship of OS Provisioning ComponentsPatching the Operating System Provisioning ServerExclude the OS Provisioning Server instances f

provision the target machines.The OS Provisioning Server creates an installation session for the target machines based on theconfigured OS distributio

when the target machines are set to network boot and attempt to PXE boot.5. "Provision Machines with Operating System Distributions" on page

Procedure1. Click Administration.2. Select Certificates.3. Select the OS Provisioning Server machines and click Change Trust Status.4. Add any additio

Procedure1. On target machines, configure the BIOS to network boot.2. Start the machines on your provisioning network.3. In VCM, click Administration.

nIdentify or create any postinstallation scripts that you want to run on the target machine after it isprovisioned with the new operating system. The

7. On the Select OS Distribution page, select the Windows operating system that you are installing on theselected machines and click Next.8. On the Se

Option DescriptionUse DHCP to determineIP addressUse your designated DHCP to assign IP address, subnet,default gateway, and DNS.If not selected, you m

Provision Linux MachinesProvisioning physical or virtual machines with a Linux operating system installs the selected operatingsystem and the VCM Agen

7. On the Select OS Distribution page, select the a Linux operating system that you are installing on theselected machines and click Next.8. On the Se

Run the Content Wizard to Access Additional Compliance ContentUse the Content Wizard to import additional VMware content such as VCM Compliance Conten

Option DescriptionMountPointType the location of the mount point for the partition.For example, /, /boot, /usr, /var/log. You use the first partition

Option DescriptionFileSystemSelect the type of file system.For a swap partition, the mount point and the file system type should be swap.Supported Fil

Option DescriptionGrowpartition touse allremainingspaceSelect the option to allow the logical volume to fill available space up to themaximum size spe

Procedure1. On the Linux machine, log in as root.2. Run the ntpdate -u <ntpserver> command to update the machine clock.For example, ntpdate -u n

Option DescriptionAdministration View administrative details about the OS Provisioning Server.nTo view all provisioned machines, click Administration

9. When you are certain that the selected machines are those you want to reprovision, select the Proceedwith re-provisioning of the operating system o

vCenter Configuration Manager Administration Guide216VMware, Inc.

Provisioning Software on ManagedMachines12Provisioning Software on Managed MachinesSoftware provisioning is the process you use to create software pac

If you are using the software provisioning components in conjunction with VMware vCenterConfiguration Manager (VCM), you can use VCM to add and remove

nSoftware Repository for Windows: Installed on at least one Windows machine in your environment,and installed on the same machine with Package Studio.

Foundation CheckerUse the Foundation Checker tool to verify that a Windows machine designated as a VCM Collector meetsall of the prerequisites necessa

Procedure1. Double-click Repository.msi.2. On the Welcome page, click Next.3. Review the license agreement, select the appropriate options to continue

Procedure1. Double-click PackageStudio.msi.2. On the Welcome page, click Next.3. Review the license agreement, select the appropriate options to conti

The Package Studio is installed to the location specified during installation. The default location isC:\Program Files\VMware\VCM\Tools\Package Studio

PrerequisitesVerify that the target machine meets the supported hardware, operating system, and softwarerequirements. See the VCM Installation Guide f

a. Click Properties and type a Name, Version, Description, and select the Architecture. These fieldsare required. You have the option to update the ot

Procedure1. On a Windows 2008 machines, select Start > All Programs > VMware vCenter ConfigurationManager > Tools.2. Right-click Package Stud

PrerequisitesnPackage Manager is installed on the target machines. Package Manager is installed when you install theVCM 5.3 Agent or later. See "

5. On the Data Types page, expand Windows, and select Software Provisioning - Repositories, andclick Next.6. On the Confirmation page, review the info

nPackage Manager Source Lists: Select this option if you have already added sources to at leastone Package Manager and you want to add the source to o

Determine whether a package is installed or removed based on the state of the signature.Option DescriptionInstall secure signedpackage onlyThe package

Configuring VMware CloudInfrastructure3Configuring VMware Cloud InfrastructureVCM collects information from your instances of vCenter Server, vCloud D

Option DescriptionAdministration Displays current jobs running, and job history. Use the job history whentroubleshooting the processing of a job. See

a. In the IF area, click Add.b. Select Source Repository URI = YourRepository.c. Select Must Exist.d. In the THEN area, click Add and select Platform

6. On the Data Type page, expand Windows, select the data type on which you are basing the rule, andclick Next.The data type does not need to be softw

Configuring Active DirectoryEnvironments13Configuring Active Directory EnvironmentsVCM for Active Directory collects Active Directory objects across d

5. "License Domain Controllers" on page 236To manage domain controllers, you must license them in VCM.6. "Install the VCM Windows Agen

Procedure1. Click Administration.2. Select Settings > Network Authority > Available Accounts.3. To add a new domain account, click Add.4. Type t

NOTE You can use the Discovered Machines Import Tool (DMIT), which imports machines discovered bythe Network Mapper (Nmap), to import many physical an

Procedure1. Click Administration.2. Select Machines Manager > Available Machines.3. Select the domain controllers to license.4. Click License.5. Ve

Procedure1. Click Administration.2. Select Machines Manager > Licensed Machines > Licensed Windows Machines.3. In the data grid, select one or m

Procedure1. On the VCM toolbar, click Collect.2. On the Collection Type page, select and click OK.3. On the Machines page, select the domain controlle

Figure 3–1. Virtual Environments Configuration DiagramManaging Agents Virtual EnvironmentsThe Managing Agent machines must have the 5.5 Agent or later

Install VCM for Active Directory on the Domain ControllersTo use VCM to collect Active Directory data from your environment, install VCM for Active Di

Procedure1. Click Administration.2. Select Machines Manager > Additional Components > VCM for Active Directory.3. Click Determine Forest.4. Move

nActive Directory schema collectionnActive Directory specifier collectionnActive Directory structure collectionThe information obtained from the third

Option DescriptionActive DirectoryDashboardProvides summary and day-to-day information about your ActiveDirectory environment in a graphical format.nT

vCenter Configuration Manager Administration Guide244VMware, Inc.

Configuring Remote Machines14Configuring Remote MachinesThe VCM Remote client is the communication and management mechanism that you use to managemobi

Using Certificates With VCM RemoteThe use of certificates with VCMRemote ensures secure communication between VCM and the VCMRemote client when they

Procedure1. "Create Custom Collection Filter Sets" on page 247You create custom collection filter sets for Dial-up, Broadband, or LAN connec

What to do nextnRepeat the procedure for all the connection types for which you configure filter sets.nAssign the filter sets to the appropriate VCM R

Procedure1. Click Administration.2. Select Settings > General Settings > VCM Remote.3. On the VCM Remote Settings data grid, select each setting

Managing Instances of vCloud Director and vApp Virtual MachinesYou collect data from vCloud Director instances regarding their configurations, resourc

1. "Install the VCM Remote Client Manually" on page 250The manual installation of the VCM Remote client is a wizard-based process that you u

5. On the VCM Remote Client Information page, configure the options and click Next.Option DescriptionCollectorMachineNameName of the Windows machine o

Procedure1. On the target machine, create a folder and copy the files from the Collector to the target folder.File DescriptionCM Remote Client.msiLoca

What to do nextConnect the remote machine to the network to ensure that VCM completes the installation process. See"Connect VCM Remote Client Mac

bInstallCert = 1 'If the value is 1, the Enterprise Certificate isinstalled. If the value is set to 0, the installation of the certificate isskip

Sub CheckVars()If sCollName = "" Then WScript.Quit Else sCollName = Trim(sCollName)End If If sVirDir = "" Then

d. Click Next.7. On the Files page, move the CM Remote Client.msi file and the .pem file to the list on the right, andclick Next.8. On the Important p

Option DescriptionAdministration View administrative details about the VCM Remote client.nTo view the installed Remote client version, click Administr

vCenter Configuration Manager Administration Guide258VMware, Inc.

15Tracking Unmanaged Hardware andSoftware Asset DataTracking Unmanaged Hardware andSoftware Asset DataVCM management extensions for assets integrates

Linux data type and ESX log data from the ESX service console operating system.9. "Configure the vSphere Client VCM Plug-In" on page 56The v

Changing the order of the VCM for assets data field list changes the order of columns when you viewasset data in the VCM Console.6. "Refresh Dyna

4. Click Add.5. Type a name and description for the new asset data field and click Next.The name is the column heading that appears when users view th

5. Click Edit.6. Change the name or description for the data field and click Next.The name is the column heading that appears when users view the data

PrerequisitesnLog in to VCM using an account with the Administrator role.nIdentify the asset data that you want to store about your hardware or softwa

Configure Asset Data Values for VCM MachinesAlthough the asset data for machines that are managed by VCM is collected, you can customize some datathro

Add Other Hardware DevicesUse VCM for assets to keep track of your non-VCM managed hardware by adding information about thehardware devices directly t

PrerequisitesLog in to VCM with a role that has edit permission for asset configuration data.Procedure1. Click Console.2. Select Asset Extensions >

Procedure1. Click Console.2. Select Asset Extensions > Hardware Configuration Items > Other Devices.3. In the data grid, select the asset.4. Cli

Procedure1. Click Console.2. Select Asset Extensions > Software Configuration Items.3. Click Add Software.4. Type a name and description and click

6. Change the data type that VCM for assets will look for to detect the installed software and click Next.The options take you to custom wizard pages

PrerequisitesVerify that the Windows machine that you designated as the Managing Agent is licensed and that it hasthe VCM Agent 5.5 or later installed

Edit Asset Data Values for SoftwareYou can change the details about a specific copy of software when the long term information, such as theapplication

16Managing Changes with Service DeskIntegrationManaging Changes with Service DeskIntegrationVCM Service Desk Integration tracks planned and unplanned

Procedure1. Click Console.2. Select Service Desk.3. Under the Service Desk node, select any subnode.For example, click By RFC to view the data accordi

IndexAabout this book 9accessby user 11compliance content 21active directorycollection results 242configuration 239data collection 242getting started

availble domainsdomain controllers 234Bbadge scorevCenter Operations Manager 74, 76-80base path of SCR Tool 168bulletin detailsmanual patching for Win

configurationActive Directory 239configuration of patch staging 163configureSCR Tool 160configuringalternate location machines 161asset data field 259

exploringRemote collection results 256exportingSCAP assessment 197Ffilter for WCI collections 111filter setsremote 247remove client 247forestactive di

patch deployment 148patching getting started 143running patching reports 180Linux and UNIX patch staging 177Linux and UNIX patching job chain 178logsE

patch stagingconfiguring for managed machines 165how it works 177Linux and UNIX 177patchesSCR Tool 159patching 172administrator privileges 138AIX mach

rearrangingasset data fields 262Red Hat Linux machines for patching 169refreshingdynamic asset data field 263registeringvSphere Client Plug-in 56remed

What to do nextnIf your Collector is not configured to use HTTPS, set the HTTPS bypass. See "Configure HTTPS BypassSetting for Virtual Environmen

run 77schedule 78vCenter Operations Manager 73-74, 76-80Ttemplatedeploy patches, membership changes 174patch assessment 142threshold data agedeploy pa

collectionresults 50settings 48vSphere Client Plug-inconfiguring 57getting started 58overview 56registering 56WWCIchallenges CDATA 101challenges in co

282VMware, Inc.vCenter Configuration Manager Administration Guide

What to do nextnTo maintain secure communication, you need the SSLcertificates from your instances of vCenterServer, vCloud Director, and vShield Man

ContentsAbout This Book 9Getting Started with VCM 11Understanding User Access 11Running VCM as Administrator on the Collector 12Log In to VCM 12Gettin

Procedure1. "Add vCenter Server Instances" on page 30Add the vCenter Server instances to VCM so that you can license and collect vCenter Ser

The machine information is added to the list.7. (Optional) Add other vCenter Server instances as needed.8. When all your vCenter Server are added to t

5. On the Managing Agent and Communication Settings page, configure the settings that are applied toall selected vCenter Server instances and click Ne

Procedure1. Click Administration.2. Select Machines Manager > Licensed Machines > Licensed Virtual Environments.3. Select the vCenter Server ins

Configure vCenter Server Scheduled CollectionsConfigure VCM to regularly collect vCenter Server data from your vCenter Server machine groups toensure

Procedure1. Click Administration.2. Select Job Manager > Scheduled.3. Click Add.4. Select Collection and click Next.5. Type a job name and descript

Procedure1. Click Administration.2. Select Machines Manager > Available Machines > Licensed Virtual Environments.3. Select the vCenter Servers a

What to do nextnFor Windows operating system guest machines on which you installed the Agent, collect from theWindows virtual machines. See "Coll

Procedure1. Click Administration.2. Select Machines Manager > Available Machines.3. Click Add Machines.4. On the Add Machines page, select Basic: N

Procedure1. Click Administration.2. Select Machines Manager > Licensed Machines > Licensed Virtual Environments.3. Select the vCloud Director in

vCenter Configuration Manager Administration GuideDiscover vCloud Director vApp Virtual Machines 43Configure vShield Manager Collections 47Configure E

PrerequisitesConfigure the vCloud Director settings. See "Configure the vCloud Director Settings" on page 38.Procedure1. Click Administratio

Option DescriptionReports Run a configured vCloud Director report. Click Reports and selectMachine Group Reports > Virtual Environments > vCloud

vCloud Director 1.0 and 1.5 support a variety of vApp network configurations. VCM supports thesescenarios.nVCM is located in the vApp with the virtua

In a NATmapped network environment, your best practice is to install the Agent on the vApp templatemachines. You must manually install the Agent with

Option DescriptionMachineNameFormatSelect the format used to display the virtual machine name.You can select the vCenter name for the virtual machine

Option DescriptionUse aproxyserverSelect Yes if you use a proxy server for communication between the Collector andthe Agents on the virtual Windows ma

Option DescriptionvDC NameFilterTo run the query against a virtual datacenter in a vCloud Director instance, typethe name of the virtual datacenter.SQ

Configure vShield Manager CollectionsConfigure collections from your vShield Manager instances so that you can run reports on the collecteddata.Prereq

Option DescriptionMachine Name of the instance of vShield Manager.Domain Domain to which the instance of vShield Manager belongs.Type Domain type.Mach

5. On the Managing Agent and Communication Settings page, configure the settings that are applied toall selected vShield Manager instances and click N

ContentsWindows Custom Information Change Management 107Collecting Windows Custom Information 108Create Your Own WCI PowerShell Collection Script 108V

Procedure1. Click Administration.2. Select Machines Manager > Licensed Machines > Licensed Virtual Environments.3. Select the vShield Manager in

1. "Configure the Collector as an Agent Proxy" on page 51The Agent Proxy machine is a Windows machine configured to communicate with ESX and

4. License the Collector.a. Select Machines Manager > Available Machines.b. Select the Collector in the data grid and click Licensec. On the Machin

Procedure1. Click Administration.2. Select Machines Manager > Licensed Machines > Licensed ESX/ESXi Hosts.3. Select the ESX host and click Confi

What to do nextCopy the copy SSH public key file, the csiprep.py file, and the csiprep.config file to the target ESXmachines. See "Copy Files to

8. (Optional) Configure the default server location.The following settings are automatically configured to the default server locations. If you need t

Virtualization Collection ResultsYou have several options for reviewing and using ESX Logs data in VCM. The data used is only as currentas the last co

PrerequisitesnVerify that you are using VMware vCenter 4 Server.nVerify that the VMware vSphere Client is installed.nVerify that the VMware Tools is i

PrerequisitesVerify that the vSphere Client VCM Plug-In is registered. See "Register the vSphere Client VCM Plug-In"on page 56.Procedure1. S

Running Compliance for the VMwareCloud Infrastructure4Running Compliance for the VMware CloudInfrastructureCompliance templates evaluate the virtual e

vCenter Configuration Manager Administration GuideRunning Machine Group Compliance 181Getting Started with SCAP Compliance 194Conduct SCAP Compliance

The example used in this procedure is whether VMware Tools is running on guest virtual machines on allvCenter Server instances, but excluding vCenter_

What to do nextAdd a rule to the rule group. See "Create and Test Virtual Environment Compliance Rules" on page 61.Create and Test Virtual E

Create and Test Virtual Environment Compliance FiltersYou can create filters that limit the objects on which the templates run to only the objects tha

The example used in this procedure is whether VMware Tools is running on guest virtual machines on allvCenter Server instances, but excluding vCenter_

PrerequisitesCreate a rule group. See "Create and Test Virtual Environment Compliance Rules" on page 61.Procedure1. Click Compliance.2. Sele

What to do nextnIf you find results that you want to temporarily make compliant or noncompliant, create an exception.See "Create Virtual Environm

8. To define the exception values, modify, delete, or add to the properties, operators, and values for theselected results.In this example, you are sp

Procedure1. Click Compliance.2. Select Virtual Environments Compliance > Templates > {template name}.3. In the Status column, identify the rule

To create an exception in this example, a virtual machine, RHEL_60_ProdDev, is approved to be excludedfrom the noncompliant results because you never

PrerequisitesCreate at least on virtual environments compliance template. See "Create and Run Virtual EnvironmentCompliance Templates" on pa

ContentsVCM Remote Management Workflow 245Configuring VCMRemote Connection Types 245Using Certificates With VCM Remote 246Configure and Install the V

PrerequisitesnVerify that you have virtual environment alert rules. See "Create Virtual Environment ComplianceAlert Rules" on page 69.nRevie

Procedure1. Click Administration.2. Select Job Manager > Scheduled.3. Click Add.4. Select Compliance and click Next.5. Type a name and description

vCenter Configuration Manager Administration Guide72VMware, Inc.

Configuring vCenter OperationsManager Integration5Configuring vCenter Operations ManagerIntegrationIntegration of VCM with vCenter Operations Manager

Procedure1. In VCM, click Administration.2. Select Settings > Integrated Products > VMware > vCenter Operations Manager > Change Events.3.

PrerequisitesnEnsure that the VCM adapter is registered with the correct user account in vCenter OperationsManager. See "VCM Registration in vCen

PrerequisitesnUse the Content Wizard tool to download compliance templates created by VMware,for example, thevSphere Hardening Guides and other standa

Option DescriptionRoll Up Type Select the method used to calculate how the score for the templates in amapping is determined. Scores are always betwee

Procedure1. Click Compliance.2. Select vCenter Operations Manager Badge Mapping > Mappings.3. Select a mapping and click Run.4. Click OK.All templa

Procedure1. Click Administration.2. Select Job Manager > Scheduled and click Add.3. Select vCenter Operations Manager Compliance Badge Mapping Run

vCenter Configuration Manager Administration Guide8VMware, Inc.

What to do nextResolve the noncompliant results. See "Resolve Noncompliant Virtual Environments Template Results" onpage 66.Scoring Badges f

Compliance mappings should include templates that evaluate your environment in a way that helps toidentify performance issues. For example, you have a

Simple Rule Percentage is the percentage of compliance rules in the templates that passed as compliant. Ifany of the results are non-compliant, the ru

Templates in Mappings Score ResultsMapping 1 Template 1 80 10,000Mapping 1 Template 2 50 5Mapping 1 Template 3 100 1Mapping 2 Template 4 30 100Mapping

Detail Level Score Midpoint Magnitude Calculation Adjusted Score100 50 10 100-50=5050*10%=5100+5=105100Detail Level Score Midpoint Magnitude Calculati

6Auditing Security Changes in YourEnvironmentAuditing Security Changes in YourEnvironmentThe VCM Auditing capability tracks all changes in the securit

Procedure1. To view the VCM Auditing settings, click Administration.2. Select Settings > General Settings > Auditing.3. To change an auditing se

Configuring Windows Machines7Configuring Windows MachinesTo manage your virtual and physical Windows machines, you must verify domains and accounts, d

Procedure1. Verify Available DomainsAllow VCM access to each domain so that the VCM Collector can interact with the Windows machinesin your environmen

What to do nextVerify that a network authority account is available and create other necessary domain accounts. See"Check the Network Authority&q

About This BookAbout This BookThe VCM Administration Guide describes the steps required to configure VCM to collect and manage datafrom your virtual a

Discover Windows MachinesIn your network, identify the Windows machines that you are managing with VCM.To discover the available Windows machines, VCM

The number of discovered Windows, UNIX, or Linux machines might exceed the number of youravailable licenses. If that happens, the number available goe

Locking the VCM Agent on VCM managed machines is typically done in environments that have multipleVCM Collectors, to help prevent these Agents from be

Option DescriptionInstall using a proxy server For Windows Proxies and Windows Agents only. If the targetmachine is separated from the Collector by a

A delta collection includes only the differences between the data on the target machine and the data storedin the VCM database. If you need a full col

After the initial discovery is finished, perform a weekly discovery to update the list of available Windowsmachines. To schedule a VCM discovery job,

Figure 7–1. Windows Custom Information Collection ProcessTo extend the data collected by VCM from managed Windows machines using other VCM data types,

PrerequisitesnWrite your own PowerShell script to return data in a VCM compatible, element-normal XML format,or obtain PowerShell scripts from VMware

Guidelines in PowerShell Scripting for WCIWhen you develop custom PowerShell scripts to collect the Windows Custom Information (WCI)datatype from VCM

The split method of PowerShell strings in the $schtasks script separates the columns of the $schtasksrows into separate values in arrays.nColumn names