Configure VMware Infrastructure 3 platforms and Intelligent Management
To configure Intelligent Management to work with VMware Infrastructure 3 platforms, configure security so that the servers can communicate with each other and configure custom properties on the deployment manager to define the vCenter or ESX servers.
- The VMware Infrastructure 3 platforms environment must be on servers running Solaris Operating Environment on Intel hardware, Windows, or Linux x86 operating systems.
- We must use VMware products that support VMware Infrastructure 3 platforms. The supported versions are:
- VMware VirtualCenter v2.5
- VMware ESX Versions 5.0 and 5.5
- VMware vSphere Version 5.0 andv5.5 all of which include VMware ESXi and VMware vCenter Server
The documentation generically refers to these servers with the following terminology:
- ESX server: Refers to VMware ESX Versions 5.0 and 5.5 or a VMware ESXi server in VMware vSphere v5.0 and v5.5.
- vCenter server: Refers to VMware VirtualCenter v2.5 or a VMware vCenter server in VMware vSphere v5.0 and v5.5.
When we have multiple nodes running on a physical computer with VMware Infrastructure 3 platforms, Intelligent Management can contact VMware through Web services. We can configure this communication in the administrative console by creating cell-wide custom properties. These custom properties define the URL, user ID, and password for the vCenter or ESX servers. Also configure your key stores to retrieve signers from the vCenter or ESX servers.
The Intelligent Management configuration depends on your VMware configuration. Create the custom properties for the servers in the environment so that Intelligent Management can monitor all of the virtual machines and physical computers. To set the custom properties on the cell level, click...
System administration > Cell > Custom properties.
- If we are using only ESX servers, configure enough of the individual servers to make Intelligent Management aware of the physical servers and virtual machines in the environment.
- If we are using a vCenter server to manage the environment, we can connect to the vCenter server, which establishes communication with all of the virtual machines and servers that the vCenter server manages. We do not need to connect to each ESX server. If a vCenter is available, the best practice is to connect to the vCenter server instead of each ESX server.
- If we are running multiple vCenter servers with a Microsoft Cluster Server (MSCS) to provide high availability, we can configure the key stores and custom properties for each vCenter server.
If we do not configure Intelligent Management to work with VMware Infrastructure 3 platforms, the Intelligent Management environment does not understand that the nodes are on virtual machines, and as a result, the machine processor or memory might be overloaded.
Tasks
- If we are configuring Intelligent Management to communicate with a vCenter server:
- Retrieve a signer from the vCenter server and store the signers in the CellDefaultTrustStore key store. To retrieve the signer, we can either use the administrative console or run the retrieveVMwareCertificate.py script.
To retrieve the signer certificate by running the script:
./wsadmin.sh -lang jython -f retrieveVMwareCertificate.py -host:<vmware_virtual_center_host_name> -port:<vmware_virtual_center_ssl_port_number>Where <vmware_virtual_center_host_name> is the host name of the vCenter and <vmware_virtual_center_ssl_port_number> is the secure SSL port of the vCenter.
To retrieve the signer certificate using the administrative console:
- Navigate to the signer certificates administrative console panel. In the administrative console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.
- Enter the host and port information for the vCenter server and an alias or name for the certificate. The alias should follow the syntax: <vmware_virtual_center_short_host>-vmware. For example, if the hostname of the vCenter server is myvmwarevc.foo.net, the alias name would be myvmwarevc-vmware. For Hypertext Transfer Protocol Secure (HTTPS), the default port value is 443.
- Click Retrieve signer information.
- Click Apply. This action indicates that you accept the credentials of the signer.
The signer certificate retrieved from the vCenter server is stored in the CellDefaultTrustStore keystore.
- Configure custom properties for the vCenter server so that Intelligent Management can use Web services to communicate with the VMware Infrastructure SDK (VI SDK). In the administrative console, click Cells > Custom properties > New. Create the following cell-wide custom properties:
- vmware.service.unique_id.url
- vmware.service.unique_id.userid
- vmware.service.unique_id.password
- vmware.service.unique_id.importMachinesWithWASNodesOnly
For the vmware.service.unique_id.userid custom property, the following privileges are required by Intelligent Management to read certain properties and to perform various operations:
- System.Anonymous
- System.Read
- System.View
- Sessions.TerminateSession
The unique_id value is a unique identifier that represents the vCenter. For example, if the host name of the vCenter server is myvmwarevc.foo.net and the port is 443, the unique_id value would be myvmwarevc_foo_net_443. Following the same example, the names of the custom properties would be:
vmware.service.myvmwarevc_foo_net_443.url vmware.service.myvmwarevc_foo_net_443.userid vmware.service.myvmwarevc_foo_net_443.password vmware.service.myvmwarevc_foo_net_443.importMachinesWithWASNodesOnly
- If we are configuring Intelligent Management to communicate with ESX servers:
- Retrieve a signer from the ESX server and store the signers in the CellDefaultTrustStore key store. To retrieve the signer, we can either use the administrative console or run the retrieveVMwareCertificate.py script.
To retrieve the signer certificate by running the script:
./wsadmin.sh -lang jython -f retrieveVMwareCertificate.py -host:<vmware_esx_server_host_name> -port:<vmware_esx_server_ssl_port_number>Where <vmware_esx_server_host_name> is the host name of the ESX server and <vmware_esx_server_ssl_port_number> is the secure SSL port of the ESX server.
To retrieve the signer certificate using the administrative console:
- Navigate to the signer certificates administrative console panel. In the administrative console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.
- Enter the host and port information for the ESX server and an alias name for the certificate. The alias should follow the syntax: <vmware_esx_server_short_host>-vmware. For example, if the hostname of the ESX server is myvmwareesx.foo.net, the alias name would be myvmwareesx-vmware. For Hypertext Transfer Protocol Secure (HTTPS), the default port value is 443.
- Click Retrieve signer information.
- Click Apply. This action indicates that you accept the credentials of the signer.
The signer certificate retrieved from the ESX server is stored in the CellDefaultTrustStore keystore.
- Configure custom properties for the ESX servers so that Intelligent Management can use Web services to communicate with the VMware Infrastructure SDK (VI SDK). In the administrative console, click Cells > Custom properties > New. Create the following cell-wide custom properties:
- vmware.service.unique_id.url
- vmware.service.unique_id.userid
- vmware.service.unique_id.password
- vmware.service.unique_id.importMachinesWithWASNodesOnly
The unique_id value is a unique identifier that represents the ESX server. For example, if the host name of the ESX server is myvmwareesx.foo.net and the port is 443, the unique_id value would be myvmwareesx_foo_net_443. Following the same example, the names of the custom properties would be:
vmware.service.myvmwareesx_foo_net_443.url vmware.service.myvmwareesx_foo_net_443.userid vmware.service.myvmwareesx_foo_net_443.password vmware.service.myvmwareesx_foo_net_443.importMachinesWithWASNodesOnlyRepeat these steps for each ESX server in the configuration.
By configuring Intelligent Management to work with vCenter or ESX, you obtain better service differentiation management results than using vCenter or ESX alone. With Intelligent Management, we can add application-level goals and characteristics, so that the autonomic managers can perform the necessary flow control in your virtualized environment.
What to do next
If timeout errors occur, we can increase the com.ibm.websphere.webservices.http.connectionTimeout and com.ibm.websphere.webservices.http.SocketTimeout custom property values from the default of 300 seconds to 600 seconds. Consider making this change when we have a virtualized environment with a large number of physical and virtual machines. For example, if the environment has 400 physical machines, when requests are sent from Intelligent Management to the hypervisor for configuration information, the hypervisor contacts each of the 400 physical machines. If each request takes 1 second to complete, the default timeout of 300 seconds is not long enough to process all of the requests, and a read timeout results. For more information about the custom properties, read about HTTP transport custom properties for Web services applications.
Configure middleware servers on the WebSphere nodes.
Subtopics
- VMware Infrastructure 3 platforms and Intelligent Management
Intelligent Management uses the VMware Infrastructure SDK (VI SDK) to communicate through Web services with VMware Infrastructure 3 platforms. Any VMware Infrastructure 3 platforms that expose the VMware Infrastructure SDK (VI SDK) as a Web service and can work with Intelligent Management, such as ESX or vCenter.VMware software provides operating system level virtualization, while Intelligent Management provides virtualization at an application level.- Intelligent Management: VMware custom properties
Use custom properties to configure the product to connect to the VMware Infrastructure SDK (VI SDK) web service endpoints.- (Linux) (Windows) (Solaris) Advanced configuration for VMware Infrastructure 3 platforms and Intelligent Management
The retrieveVMwareCertificate.py script can complete all of the steps needed to configure VMware Infrastructure 3 platforms and Intelligent Management. However, we can also complete these steps manually by creating the signer certificate and required custom properties in the administrative console.
Retrieving signers from a remote SSL port Add middleware servers to configurations HTTP transport custom properties for Web services applications VMware Infrastructure SDK Intelligent Management: VMware custom properties