Fresh off the press is an updated version of my vCenter 5.5 SSL certificate Toolkit script. Last year when I did my popular vCenter 5.1 install series the posts contain a series of scripts and CLI commands to replace the SSL certificates. While that process worked for many people, it still was not as easy as it should be.
So yes, after a couple of weeks of pausing on the vSphere 5.5 series I’m back with installing VUM. The VUM install pretty much follows the process we had for vCenter 5.1. In case you haven’t heard, VUM is also growing feathers like the Windows VI client and will soon turn into a dodo bird. VMware hasn’t announced what is replacing it, but I suspect in vSphere 6.0 the new product will make a debut.
Following last year’s pattern of ‘lettered’ vCenter updates, VMware has released vCenter 5.5a. (Note the ‘a’.) This addresses a number of issues, mostly with the SSO service. If you are using vCenter on Windows Server 2012, you will no longer have to download a patched DLL. You can find the full set of release notes here. Given these fixes, I would urge everyone to use the 5.5a media and get rid of your 5.5 GA media. I appreciate VMware releasing fixes, but it’s starting to bring back memories of 5.1 where there were ‘a’ and ‘b’ bug fix releases.
Now that vCenter is fully installed, now it’s time to replace the self-signed certificate for the vCenter service and Orchestrator. Since we’ve already replaced the other certificates (SSO, Inventory, etc.) this process is a piece of cake. If you haven’t been following this series to the letter and have all self-signed certificates, you will need to use the VMware Certificate automation tool planner and follow all 16+ steps. You can only take the ‘short cut’ method if all other certificates have been replaced per my guide.
The previous 14 installments have all been leading up to this, installing vCenter. Yes, we are finally here. In this post we install vCenter, the windows vSphere client, fix profile driven storage, and configure vCenter to support a clustered SQL database. This post is not the end of the road, as we still need to secure vCenter with trusted SSL certificates and secure our ESXi servers.
We are just one post away from installing the actual vCenter service! Now that the rest of the infrastructure is ready, we need to create a service account, databases and DSNs. After all of these steps are completed we can rejoice and very shortly have a working vCenter server.
Remember that database sizing is highly dependent on your environment, and DBA preferences. So be sure to use a sizing tool (such as the one included in vCenter), and the VMware VUM sizing estimator tool. You neither want to way oversize or undersize your databases. I’m also opting to use a Windows service account for the ODBC authentication mechanism. While this is not required, I’ve done this for years and think it’s a best practice.
The vCenter inventory service has two primary purposes in life. First, it’s a cache of objects which the web client accesses. This cache enables the offloading of retrieving objects from the vCenter core service (vpxd). This can also lessen the load on your back-end database if the vCenter service isn’t constantly doing queries (most of which are reads). The legacy Windows VI client does not use the inventory service, which is why it can get pokey in very large environments. It also has an effect of reducing vCenter CPU utilization, allowing more client sessions.
Now that the SSO service and web client are installed, it’s time to do a little SSO configuration. In this installment we will configure the SSO STS certificate chain, add an Active Directory identity and source, and delegate SSO administrative rights to a AD group.
If you recall the vCenter 5.1 installation order, you will realize they’ve now moved up the web client install. This was done consciously so you could troubleshoot/configure the SSO service prior to vCenter being installed. Great idea VMware!
The web client is the new and strongly preferred mechanism to manage your vSphere environment. In fact, the Windows VI client now comes up with a big warning that it’s going the way of the dodo bird when you launch it. I suspect in vSphere 6.0 the Windows VI client as we know it will not exist. Yes, today SRM and parts of VUM still need the Windows client. So we will be installing it later on. Remember the web client is the only way to modify hardware v10 VMs.