(Linux) (Windows) (Solaris)

Advanced configuration for VMware Infrastructure 3 platforms and Intelligent Management

The retrieveVMwareCertificate.py script can complete all of the steps needed to configure VMware Infrastructure 3 platforms and Intelligent Management. However, we can also complete these steps manually by creating the signer certificate and required custom properties in the administrative console.

• The VMware Infrastructure 3 platforms environment must be on servers running Solaris Operating Environment on Intel hardware, Windows, or Linux x86 operating systems.

• We must use VMware products that support VMware Infrastructure 3 platforms. The supported versions are:
  • VMware VirtualCenter v2.5
  • VMware ESX Versions 5.0 and 5.5
  • VMware vSphere Version 5.0 andv5.5 all of which include VMware ESXi and VMware vCenter Server

  The documentation generically refers to these servers with the following terminology:

  • ESX server: Refers to VMware ESX Versions 5.0 and 5.5 or a VMware ESXi server in VMware vSphere v5.0 and v5.5.
  • vCenter server: Refers to VMware VirtualCenter v2.5 or a VMware vCenter server in VMware vSphere v5.0 and v5.5.

We can retrieve a signer certificate with a script or in the administrative console, and then define the required custom properties in the administrative console. We can also complete these steps with the script only. See configuring VMware Infrastructure 3 platforms and Intelligent Management.

Tasks

• If we are configuring Intelligent Management to communicate with a vCenter server:

  1. Retrieve a signer from the vCenter server and store the signers in the CellDefaultTrustStore key store. To retrieve the signer, we can either use the administrative console or run the retrieveVMwareCertificate.py script.

     To retrieve the signer certificate by running the script:

     ./wsadmin.sh -lang jython -f retrieveVMwareCertificate.py 
       -host:<vmware_virtual_center_host_name> -port:<vmware_virtual_center_ssl_port_number>
     

     Where <vmware_virtual_center_host_name> is the host name of the vCenter and <vmware_virtual_center_ssl_port_number> is the secure SSL port of the vCenter.

     To retrieve the signer certificate using the administrative console:

     1. Navigate to the signer certificates administrative console panel. In the administrative console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.

     2. Enter the host and port information for the vCenter server and an alias or name for the certificate. The alias should follow the syntax: <vmware_virtual_center_short_host>-vmware. For example, if the hostname of the vCenter server is myvmwarevc.foo.net, the alias name would be myvmwarevc-vmware. For Hypertext Transfer Protocol Secure (HTTPS), the default port value is 443.

     3. Click Retrieve signer information.

     4. Click Apply. This action indicates that you accept the credentials of the signer.

     The signer certificate retrieved from the vCenter server is stored in the CellDefaultTrustStore keystore.

  2. Configure custom properties for the vCenter server so that Intelligent Management can use Web services to communicate with the VMware Infrastructure SDK (VI SDK). In the administrative console, click Cells > Custom properties > New. Create the following cell-wide custom properties:
     • vmware.service.unique_id.url
     • vmware.service.unique_id.userid
     • vmware.service.unique_id.password
     • vmware.service.unique_id.importMachinesWithWASNodesOnly

     For the vmware.service.unique_id.userid custom property, the following privileges are required by Intelligent Management to read certain properties and to perform various operations:

     • System.Anonymous
     • System.Read
     • System.View
     • Sessions.TerminateSession

     The unique_id value is a unique identifier that represents the vCenter. For example, if the host name of the vCenter server is myvmwarevc.foo.net and the port is 443, the unique_id value would be myvmwarevc_foo_net_443. Following the same example, the names of the custom properties would be:

     vmware.service.myvmwarevc_foo_net_443.url
     vmware.service.myvmwarevc_foo_net_443.userid
     vmware.service.myvmwarevc_foo_net_443.password
     vmware.service.myvmwarevc_foo_net_443.importMachinesWithWASNodesOnly
     

• If we are configuring Intelligent Management to communicate with ESX servers:

  1. Retrieve a signer from the ESX server and store the signers in the CellDefaultTrustStore key store. To retrieve the signer, we can either use the administrative console or run the retrieveVMwareCertificate.py script.

     To retrieve the signer certificate by running the script:

     ./wsadmin.sh -lang jython -f retrieveVMwareCertificate.py 
       -host:<vmware_esx_server_host_name> -port:<vmware_esx_server_ssl_port_number>
     

     Where <vmware_esx_server_host_name> is the host name of the ESX server and <vmware_esx_server_ssl_port_number> is the secure SSL port of the ESX server.

     To retrieve the signer certificate using the administrative console:

     1. Navigate to the signer certificates administrative console panel. In the administrative console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.

     2. Enter the host and port information for the ESX server and an alias name for the certificate. The alias should follow the syntax: <vmware_esx_server_short_host>-vmware. For example, if the hostname of the ESX server is myvmwareesx.foo.net, the alias name would be myvmwareesx-vmware. For Hypertext Transfer Protocol Secure (HTTPS), the default port value is 443.

     3. Click Retrieve signer information.

     4. Click Apply. This action indicates that you accept the credentials of the signer.

     The signer certificate retrieved from the ESX server is stored in the CellDefaultTrustStore keystore.

  2. Configure custom properties for the ESX servers so that Intelligent Management can use Web services to communicate with the VMware Infrastructure SDK (VI SDK). In the administrative console, click Cells > Custom properties > New. Create the following cell-wide custom properties:
     • vmware.service.unique_id.url
     • vmware.service.unique_id.userid
     • vmware.service.unique_id.password
     • vmware.service.unique_id.importMachinesWithWASNodesOnly

     The unique_id value is a unique identifier that represents the ESX server. For example, if the host name of the ESX server is myvmwareesx.foo.net and the port is 443, the unique_id value would be myvmwareesx_foo_net_443. Following the same example, the names of the custom properties would be:

     vmware.service.myvmwareesx_foo_net_443.url
     vmware.service.myvmwareesx_foo_net_443.userid
     vmware.service.myvmwarevc_foo_net_443.importMachinesWithWASNodesOnly
     

  Repeat these steps for each ESX server in the configuration.

Related:

VMware Infrastructure 3 platforms and Intelligent Management

Configure VMware Infrastructure 3 platforms and Intelligent Management

Add middleware servers to configurations

Retrieving signers from a remote SSL port

VMware Infrastructure SDK

HTTP transport custom properties for web services applications

Intelligent Management: VMware custom properties