Advanced configuration for VMware Infrastructure 3 platforms and Intelligent Management

The retrieveVMwareCertificate.py script can complete all of the steps that are needed to configure VMware Infrastructure 3 platforms and Intelligent Management. However, we can also complete these steps manually by creating the signer certificate and required custom properties in the console.

• Your VMware Infrastructure 3 platforms environment must be on servers that are running Solaris Operating Environment on Intel hardware, Windows, or Linux x86 operating systems.

• We must use VMware products that support VMware Infrastructure 3 platforms. The supported versions are:

  • VMware VirtualCenter Version 2.5

  • VMware ESX Versions 5.0 and 5.5

  • VMware vSphere Version 5.0 and Version 5.5 which include VMware ESXi and VMware vCenter Server

  The documentation generically refers to these servers with the following terminology:

  • ESX server: Refers to VMware ESX Versions 5.0 and 5.5 or a VMware ESXi server in VMware vSphere Version 5.0 and Version 5.5.

  • vCenter server: Refers to VMware VirtualCenter Version 2.5 or a VMware vCenter server in VMware vSphere Version 5.0 and Version 5.5.

Retrieve a signer certificate with a script or in the console, and then define the required custom properties in the console. We can also complete these steps with the script only. For more information, read about configuring VMware Infrastructure 3 platforms and Intelligent Management.

• If we are configuring Intelligent Management to communicate with a vCenter server:
  

  1. Retrieve a signer from the vCenter server and store the signers in the CellDefaultTrustStore key store. To retrieve the signer, we can either use the console or run the retrieveVMwareCertificate.py script.

     To retrieve the signer certificate by running the script:

     ./wsadmin.sh -lang jython -f retrieveVMwareCertificate.py -host:<vmware_virtual_center_host> -port:<vmware_virtual_center_ssl_port_number>

     Where <vmware_virtual_center_host> is the host name of the vCenter and <vmware_virtual_center_ssl_port_number> is the secure SSL port of the vCenter.

     To retrieve the signer certificate using the console:

     1. Navigate to the signer certificates console panel. In the console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.

     2. Enter the host and port information for the vCenter server and an alias or name for the certificate. The alias should follow the syntax: <vmware_virtual_center_short_host>-vmware. For example, if the hostname of the vCenter server is myvmwarevc.foo.net, the alias name would be myvmwarevc-vmware. For Hypertext Transfer Protocol Secure (HTTPS), the default port value is 443.

     3. Click Retrieve signer information.

     4. Click Apply. This action indicates that you accept the credentials of the signer.
     The signer certificate that is retrieved from the vCenter server is stored in the CellDefaultTrustStore keystore.

  2. Configure custom properties for the vCenter server so that Intelligent Management can use Web services to communicate with the VMware Infrastructure SDK (VI SDK). In the console, click Cells > Custom properties > New. Create the following cell-wide custom properties:

     • vmware.service.unique_id.url

     • vmware.service.unique_id.userid

     • vmware.service.unique_id.password

     • vmware.service.unique_id.importMachinesWithWASNodesOnly

     For the vmware.service.unique_id.userid custom property, the following privileges are required by Intelligent Management to read certain properties and to perform various operations:

     • System.Anonymous

     • System.Read

     • System.View

     • Sessions.TerminateSession

     The unique_id value is a unique identifier that represents the vCenter. For example, if the host name of the vCenter server is myvmwarevc.foo.net and the port is 443, the unique_id value would be myvmwarevc_foo_net_443. Following the same example, the names of the custom properties would be:

     vmware.service.myvmwarevc_foo_net_443.url
     vmware.service.myvmwarevc_foo_net_443.userid
     vmware.service.myvmwarevc_foo_net_443.password
     vmware.service.myvmwarevc_foo_net_443.importMachinesWithWASNodesOnly

• If we are configuring Intelligent Management to communicate with ESX servers:
  

  1. Retrieve a signer from the ESX server and store the signers in the CellDefaultTrustStore key store. To retrieve the signer, we can either use the console or run the retrieveVMwareCertificate.py script.

     To retrieve the signer certificate by running the script:

     ./wsadmin.sh -lang jython -f retrieveVMwareCertificate.py -host:<vmware_esx_server_host> -port:<vmware_esx_server_ssl_port_number>

     Where <vmware_esx_server_host> is the host name of the ESX server and <vmware_esx_server_ssl_port_number> is the secure SSL port of the ESX server.

     To retrieve the signer certificate using the console:

     1. Navigate to the signer certificates console panel. In the console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.

     2. Enter the host and port information for the ESX server and an alias name for the certificate. The alias should follow the syntax: <vmware_esx_server_short_host>-vmware. For example, if the hostname of the ESX server is myvmwareesx.foo.net, the alias name would be myvmwareesx-vmware. For Hypertext Transfer Protocol Secure (HTTPS), the default port value is 443.

     3. Click Retrieve signer information.

     4. Click Apply. This action indicates that you accept the credentials of the signer.
     The signer certificate that is retrieved from the ESX server is stored in the CellDefaultTrustStore keystore.

  2. Configure custom properties for the ESX servers so that Intelligent Management can use Web services to communicate with the VMware Infrastructure SDK (VI SDK). In the console, click Cells > Custom properties > New. Create the following cell-wide custom properties:

     • vmware.service.unique_id.url

     • vmware.service.unique_id.userid

     • vmware.service.unique_id.password

     • vmware.service.unique_id.importMachinesWithWASNodesOnly

     The unique_id value is a unique identifier that represents the ESX server. For example, if the host name of the ESX server is myvmwareesx.foo.net and the port is 443, the unique_id value would be myvmwareesx_foo_net_443. Following the same example, the names of the custom properties would be:

     vmware.service.myvmwareesx_foo_net_443.url
     vmware.service.myvmwareesx_foo_net_443.userid
     vmware.service.myvmwarevc_foo_net_443.importMachinesWithWASNodesOnly

  Repeat these steps for each ESX server in our configuration.

Related concepts

VMware Infrastructure 3 platforms and Intelligent Management

Related tasks

Configure VMware Infrastructure 3 platforms and Intelligent Management

Add middleware servers to configurations

Retrieve signers from a remote SSL port

VMware Infrastructure SDK

HTTP transport custom properties for Web services applications

Related information:

Intelligent Management: VMware custom properties