Advanced configuration for VMware Infrastructure 3 platforms and Intelligent Management
The retrieveVMwareCertificate.py script can complete all of the steps that are needed to configure VMware Infrastructure 3 platforms and Intelligent Management. However, we can also complete these steps manually by creating the signer certificate and required custom properties in the console.
- Your VMware Infrastructure 3 platforms environment must be on servers that are running Solaris Operating Environment on Intel hardware, Windows, or Linux x86 operating systems.
- We must use VMware products that support VMware Infrastructure 3 platforms. The supported versions are:
- VMware VirtualCenter Version 2.5
- VMware ESX Versions 5.0 and 5.5
- VMware vSphere Version 5.0 and Version 5.5 which include VMware ESXi and VMware vCenter Server
The documentation generically refers to these servers with the following terminology:
- ESX server: Refers to VMware ESX Versions 5.0 and 5.5 or a VMware ESXi server in VMware vSphere Version 5.0 and Version 5.5.
- vCenter server: Refers to VMware VirtualCenter Version 2.5 or a VMware vCenter server in VMware vSphere Version 5.0 and Version 5.5.
Retrieve a signer certificate with a script or in the console, and then define the required custom properties in the console. We can also complete these steps with the script only. For more information, read about configuring VMware Infrastructure 3 platforms and Intelligent Management.
- If we are configuring Intelligent Management to communicate with a vCenter server:
- Retrieve a signer from the vCenter server and store the signers in the CellDefaultTrustStore key store. To retrieve the signer, we can either use the console or run the retrieveVMwareCertificate.py script.
To retrieve the signer certificate by running the script:
./wsadmin.sh -lang jython -f retrieveVMwareCertificate.py -host:<vmware_virtual_center_host> -port:<vmware_virtual_center_ssl_port_number>
Where <vmware_virtual_center_host> is the host name of the vCenter and <vmware_virtual_center_ssl_port_number> is the secure SSL port of the vCenter.
To retrieve the signer certificate using the console:
The signer certificate that is retrieved from the vCenter server is stored in the CellDefaultTrustStore keystore.
- Navigate to the signer certificates console panel. In the console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.
- Enter the host and port information for the vCenter server and an alias or name for the certificate. The alias should follow the syntax: <vmware_virtual_center_short_host>-vmware. For example, if the hostname of the vCenter server is myvmwarevc.foo.net, the alias name would be myvmwarevc-vmware. For Hypertext Transfer Protocol Secure (HTTPS), the default port value is 443.
- Click Retrieve signer information.
- Click Apply. This action indicates that you accept the credentials of the signer.
- Configure custom properties for the vCenter server so that Intelligent Management can use Web services to communicate with the VMware Infrastructure SDK (VI SDK). In the console, click Cells > Custom properties > New. Create the following cell-wide custom properties:
- vmware.service.unique_id.url
- vmware.service.unique_id.userid
- vmware.service.unique_id.password
- vmware.service.unique_id.importMachinesWithWASNodesOnly
For the vmware.service.unique_id.userid custom property, the following privileges are required by Intelligent Management to read certain properties and to perform various operations:
- System.Anonymous
- System.Read
- System.View
- Sessions.TerminateSession
The unique_id value is a unique identifier that represents the vCenter. For example, if the host name of the vCenter server is myvmwarevc.foo.net and the port is 443, the unique_id value would be myvmwarevc_foo_net_443. Following the same example, the names of the custom properties would be:
vmware.service.myvmwarevc_foo_net_443.url vmware.service.myvmwarevc_foo_net_443.userid vmware.service.myvmwarevc_foo_net_443.password vmware.service.myvmwarevc_foo_net_443.importMachinesWithWASNodesOnly
- If we are configuring Intelligent Management to communicate with ESX servers:
Repeat these steps for each ESX server in our configuration.
- Retrieve a signer from the ESX server and store the signers in the CellDefaultTrustStore key store. To retrieve the signer, we can either use the console or run the retrieveVMwareCertificate.py script.
To retrieve the signer certificate by running the script:
./wsadmin.sh -lang jython -f retrieveVMwareCertificate.py -host:<vmware_esx_server_host> -port:<vmware_esx_server_ssl_port_number>
Where <vmware_esx_server_host> is the host name of the ESX server and <vmware_esx_server_ssl_port_number> is the secure SSL port of the ESX server.
To retrieve the signer certificate using the console:
The signer certificate that is retrieved from the ESX server is stored in the CellDefaultTrustStore keystore.
- Navigate to the signer certificates console panel. In the console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.
- Enter the host and port information for the ESX server and an alias name for the certificate. The alias should follow the syntax: <vmware_esx_server_short_host>-vmware. For example, if the hostname of the ESX server is myvmwareesx.foo.net, the alias name would be myvmwareesx-vmware. For Hypertext Transfer Protocol Secure (HTTPS), the default port value is 443.
- Click Retrieve signer information.
- Click Apply. This action indicates that you accept the credentials of the signer.
- Configure custom properties for the ESX servers so that Intelligent Management can use Web services to communicate with the VMware Infrastructure SDK (VI SDK). In the console, click Cells > Custom properties > New. Create the following cell-wide custom properties:
- vmware.service.unique_id.url
- vmware.service.unique_id.userid
- vmware.service.unique_id.password
- vmware.service.unique_id.importMachinesWithWASNodesOnly
The unique_id value is a unique identifier that represents the ESX server. For example, if the host name of the ESX server is myvmwareesx.foo.net and the port is 443, the unique_id value would be myvmwareesx_foo_net_443. Following the same example, the names of the custom properties would be:
vmware.service.myvmwareesx_foo_net_443.url vmware.service.myvmwareesx_foo_net_443.userid vmware.service.myvmwarevc_foo_net_443.importMachinesWithWASNodesOnly
Related concepts
VMware Infrastructure 3 platforms and Intelligent Management
Related tasks
Configure VMware Infrastructure 3 platforms and Intelligent Management Add middleware servers to configurations Retrieve signers from a remote SSL port HTTP transport custom properties for Web services applications
Related information:
Intelligent Management: VMware custom properties