Veeam v9 – New Feature Annoucements

While the need for backups hasn’t changed, how you use these backups has. Not only that, the speed at which we can recover our data is changing as well. As the cost of downtime continues to grow, having to restore an entire server just to recover one file or a small number of files just won’t cut it. Your backup needs to be backup quickly and restore even faster.

The improvements in Veeam v9 are doing just that. Veeam has been introducing faster and faster ways to backup and restore (and limit the impact on production virtual machines during backups as well) for years and v9 is no exception. There are a few new options I want to touch on that are pain points I’ve experienced in my environments.

1. Backups from Snapmirror/Snapvault destinations.
As a former NetApp admin, I love the idea of minimizing the effect of backups on my virtual machines. By enabling backup from snapmirror destinations, you can get your VMs offsite using built in software on your NetApp array, and then create off-SAN backups that aren’t limited by your snapmirror rentention schedule due to space constraints.

2. Direct NFS Backup Mode
Direct SAN access has been in Veeam Backup & Replication forever, but backing up VMs on your NFS datastores was a different story. A proxied connection was required through an ESXi host to backup these VMs. In v9, a brand new NFS client was written by the engineers at Veeam to connect directly to your NFS volumes and backup VMs without additional host impact, latency, or speed constraints.

3. Per VM-backup File chain
As the size of your backup job grows, the managing of that file gets to be painful. As your backup repository begins to fill up you’re left having to migrate the entire backup file to a new repository. By creating a Per-VM backup file chain, one job can be created for all of your virtual machines, but each VM has its own file chain. This feature is especially useful with the next feature I’ll talk about.

4. Scale-out Backup Repository
Backup repository management has always been one of the largest pain points when managing Veeam backup jobs. I remember my first Veeam setup I was limited to 2TB LUNs on my backup server and I had to create 8 of them to store my backups. As backup jobs couldn’t span repositories, this meant I was creating individual jobs tied to repositories and then rebalancing as repositories began to fill. The Scale-out backup repository feature allows a virtual backup repository to be create on top of your current physical repositories. Now fewer jobs need to be created and you’re able to take advantage of all the space in each repository. Thanks to Luca Dell’Oca for clarifying that maintenance mode and evacuation are also supported. This mean if a repository needs to be taken down (due to SAN maintenance for example) it can be marked as maintenance mode and excluded from the repository during maintenance operations.

For me, these are the 3 big features I’m happy to see in Veeam v9. There are additional features such as explorers for Oracle, Active Directory (support for AD-integrated DNS and GPO restoration!), SQL Server and SharePoint. The entire list of new features can be found at the link below.

Click here for all the feature announcements.

Restore Files & AD Objects From NetApp & Veeam v8

With the release of Veeam Backup & Replication v8 we can restore directly from NetApp Snapshots. Whether it’s an entire VM, individual files, or just some objects in Active Directory, you can do it all from the Veeam console. For a guide on installing and configuring Veeam v8 with NetApp storage, click here

We’ll be testing the restore of individual files and some Active Directory objects for this blog post. In this scenario we have a couple Domain Controllers (2008 R2) and a couple of member servers with some files that we’ll delete. We also have an OU with a couple users, a member server, and a group.

Each of these VMs sit on either of these two volumes, Win_2008 and Win_2012. If you click on “Storage Infrastructure” in the Veeam Backup and Replication console, then expand your NetApp storage you’ll see a list of all the volumes available and their snapshots.
veeamrest120114-part1

1. I’ve taken a snapshot in NetApp System Manager of these volumes. To list these snaps, refresh the volume by right-clicking on the volume and choosing “Rescan volume” or right click on the storage array and choose “Rescan Storage” (Since we have 2 volumes to refresh, we’ll rescan storage.
veeamrest120114-step1
2. A new window will popup showing the progress
veeamrest120114-step2
3. Once completed, we now see the new snapshot I created called “Pre-delete”
veeamrest120114-step3
4.I’m going to delete a file from the server “Lab2008” (on the Win_2008 datastore) and “Lab2012” (on the Win_2012 datastore) that are sitting on my desktop.
veeamrest120114-step4a
veeamrest120114-step4b
5. And let’s also delete the OU “Delete Test” which contains a couple test users, a group they are apart of and the VM “Lab2008”
veeamrest120114-step5
6. Now that those files and OU\objects have been delete, let’s go back to the Veeam console and see what we can recover. We’ll start with the files for the “Lab2012” VM.
7. Expanding “Win_2012” datastore in “Storage Infrastructure” view, click on the name of the snapshot I created earlier and we see the “Lab2012” VM
veeamrest120114-step7
8. We right-click on “Lab2012”, hover over “Restore guest files” and then choose “Microsoft Windows”
veeamrest120114-step8
9. Under the “File Level Restore” screen, click “Customize” in the bottom right corner
veeamrest120114-step9
10. As long as you’re restoring to a vCenter/Host that’s already been added to Veeam, choose the host, resource pool (if any) and folder. Click “OK” then click “Next”
veeamrest120114-step10
11. Enter a reason for the restore and click “Next”
veeamrest120114-step11
12. Click “Finish”
veeamrest120114-step12
13. The restore session will open and mount the snapshot/VM to the chosen host
veeamrest120114-step13
14. In vCenter, we see these 2 tasks of creating a datastore and registering the virtual machine.
veeamrest120114-step14
15. On the host, we see a new powered off VM with the name of “Lab2012” followed by a GUID.
veeamrest120114-step15
16. Back at the Veeam console, the Backup Browser window appears and we can browse to the location of the deleted file
veeamrest120114-step16
17. From here, we can copy the file to our local machine or restore it directly to the Virtual Machine. Right click on the file and choose “Restore” then “Overwrite”
veeamrest120114-step17
18. We’ll pick “Use the following account” and choose my Lab Domain credentials and click “OK”
veeamrest120114-step18
19. The restore process will start and you’ll see this output if you click “Show Details”
veeamrest120114-step19
20. Logging back in to “Lab2012” we can see the file has been restored
veeamrest120114-step20
21. Close the “Restoring files” window in the Veeam console and the “Backup Browser” window. After they’re closed, the VM will be unregistered on the host and the datastore will be unmounted.
22. I’m doing a restore from “Lab2008” but this time I will just copy the file to my local computer instead of restoring to the guest VM. After browsing the datastore snapshots and choosing “Restore Guest Files”, we’ll browse the directory structure, locate the file, right-click and choose “Copy To”
veeamrest120114-step22
23. A window will pop up to choose the folder location on your machine and whether to preserve permissions and ownership. Then click “OK”
veeamrest120114-step23
24. Now in the root of the C: drive we have the “Lab2008-txt” file
veeamrest120114-step24
25. Let’s look at the “Lab2008” VM now. It was in that OU we deleted and after rebooting it and trying to login we receive the message “The security database on the server does not have a computer account for this workstation trust relationship”. We can fix that.
veeamrest120114-step25
26. Back in the Veeam console and the “Pre-delete” snapshot for the “Win_2008” datastore, we’ll locate the “Lab-DC01” VM. Right click on the VM, hover over “Restore application items” and then click “Microsoft Active Directory objects”
veeamrest120114-step26
27. Our host settings are saved from the last restore we did, so click “Next”
veeamrest120114-step27
28. Enter a restore reason and click “Next”
veeamrest120114-step28
29. Review the summary and click “Finish”
veeamrest120114-step29
30. The Veeam Explorer for Microsoft Active Directory window will appear
veeamrest120114-step30
31. Then the VM will be mounted in vCenter
veeamrest120114-step31
32. Once the Veeam Explorer window for AD opens, you’ll be able to browse your Domain object. We’ll expand the “LabOU” object where we see “Delete Test” with the same 2 test users, “Lab2008” server and the group those users belong to.
veeamrest120114-step32
33. Right click the “Delete Test” OU and choose “Restore container to LabDC.local”
veeamrest120114-step33
34. Enter the credentials for the account with access to add objects to the domain and click “OK”
veeamrest120114-step34
35. You’ll see the progress of the restore and then the summary of how many objects were restored
veeamrest120114-step35

(In order for this to work your Veeam server will need network access to the live domain controller)

36. If we refresh the screen for Active Directory Users and Computers on “Lab-DC01” we’ll see the OU is back with all of it’s objects
veeamrest120114-step36
37. In the properties for the users, we can see that group membership was retained. The group “Email Group” is located in another OU and that membership was restored as well
veeamrest120114-step37
38. And now when we try to login to “Lab2008” with domain credentials it works with no issues.

 

How fast can this restore happen? From the time I opened the Veeam console until the time the OU reported as being restored took 3 minutes and 34 seconds. In an emergency where someone accidentally deletes an entire OU, a user account, a server, or anything else, they can all be restored in under 5 minutes time without the need to reset any passwords and everything will work without anyone ever noticing. Veeam is awesome and just keeps getting better and better.

Deploy NetApp OnCommand Balance 4.2

OnCommand Balance is a virtual appliance deployed within vCenter that allows you to monitor the health of your VMware environment at the Virtual Machine, vCenter and Storage level. Having a single place that displays end-to-end performance allows you to spend less time troubleshooting performance issues and trying to correlate data and address potential issues in your environment.

I’ve been using OnCommand Balance (formerly OnCommand Insight Balance) for a few years now and it has saved countless hours finding issues in the environment. We’ve had historical data available to look at growth and performance trends, as well as increased demand on individual servers after code releases/updates. Having access to the information within the VMs (such as drive space filling up) also makes this an invaluable tool.

The following documentation will take you through the deployment process of the Virtual Appliance and initial setup. You will go through adding your vCenter hosts, storage controllers, creating saved credentials, connecting to Active Directory for authentication and provision a Windows proxy service for monitoring Windows Servers.

Prerequisites:
1. A user account with appropriate permissions to vCenter for OnCommand Balance to use
2. A domain account with permissions to access all monitored Windows machines (preferrably a Domain Admin account)
3. A separate Windows Server/VM that will be used as the Proxy service to monitor Windows machines
a. Must have latest version of Java 6 installed and User Account Control disabled
4. Username/password for the NetApps that will be monitored

Steps:
1. Download the latest version of OnCommand Balance (4.2) for this writing from the NetApp website
balance101414-step1
2. Connect to the vSphere web interface, click on “vCenter”, “Hosts and Clusters”, expand the Datacenter, and click on the Cluster/Host that will host OnCommand Balance. Right click and choose “Deploy OVF Template”
balance101414-step2
3. Click “Local file” and then “Browse”
balance101414-step3
4. Locate the OnCommand Balance OVA and click “Open” then click “Next”
balance101414-step4
5. Review the details of the OVF then click “Next”
balance101414-step5
6. Accept the EULA then click “Next”
balance101414-step6
7. Give the appliance a name and choose the folder location of the appliance (if any) and click “Next”
balance101414-step7
8. Set the virtual disk format (I prefer Thin since one of the drives is 220GB) and choose the datastore. Click “Next”
balance101414-step8
9. Choose the appropriate network and then click “Next”
balance101414-step9
10. Review the settings then click “Finish”
balance101414-step10
11. After deployment completes, locate the appliance, right click and choose “Power On”
balance101414-step11
12. Open the console of the VM (Right-click and choose “Open Console”) where you’ll see this countdown to install VMware tools prior to configuring the Balance virtual appliance (If you miss your chance to do this at this point, I was unable to install VMware tools at all on the appliance)
balance101414-step12
13. Right-click on the VM, go to “All vCenter Actions”, then “Guest OS” and then click “Install VMware Tools”
balance101414-step13
14. After the VMware tools dialog box is displayed, click “Mount”
balance101414-step14
15. The Balance virtual appliance should recognize VMware tools ISO has been mounted and proceed with the installation
balance101414-step15
16. After VMware tools install completes, press “y” then enter to configure static Network connection for the management interface
balance101414-step16
17. Enter the following information:

a. Host name
b. Host IP address
c. Netmask
d. Gateway
e. Primary DNS address
f. Secondary DNS address
g. Search domains
balance101414-step17g

18. Review the settings and then press “y” and enter if everything is correct
balance101414-step18
19. Default OnCommand Balance console login is netapp/netapp. Login to the console
balance101414-step19
20. After a few minutes (5-10) the web service will be up and running. Connect to the https://IPofAppliance/bp to begin configuration
21. Enter the name of your organization and click “Continue”
balance101414-step21
22. Choose if you want to participate in AutoSupport and click “Submit”
balance101414-step22
23. Enter the time zone, NTP Server address, the address of the primary Balance admin (preferably a distribution group), and the SMTP server address. Click “Continue” (You can choose to change the password at this time)
balance101414-step23
24. Sit around and wait a couple minutes…
balance101414-step24
25. A blank screen may appear during this time, but eventually should take you to the OnCommand Balance login page. Login with the default credentials of admin/password or whatever password was set in step 23.
balance101414-step25
26. Click the link for “Configure you storage arrays & appliances”
balance101414-step26
27. Choose the type of storage (NetApp FAS in this case), enter the management address for one of the nodes, Enter the name of the filer, enter the credentials (root in my case) and enter a nickname of these credentials as they can be modified later on during password changes. Click “Save”
balance101414-step27
28. Even though DNS is configured correctly, I usually receive this error about the other filer of this HA system not being resolvable. Click “Enter IP address instead” and then enter the IP of the other filer and click “Resolve”
balance101414-step28
29. Click the “Refresh” link on the right side of the page a few times until “Discovery Collection” status changes to “OK”
balance101414-step29
30. Click the “Add storage system” button to add additional storage arrays (Including the HA partners). Click on “Dashboard” then choose “Configure your vCenter Server”
balance101414-step30
31. Enter the FQDN/IP Address of the vCenter server. Click “Add new” next to Credentials to add the credentials for the vCenter server
balance101414-step31
32. Enter the username, password, and nickname for these credentials. Click “Next”
balance101414-step32
33. Choose what you want monitored (though I can’t imagine why you’d choose not to monitor everything) and click “Save”
balance101414-step33
34. Click the “refresh” link until “Discovery Collection” status changes to “OK”
balance101414-step34
35. Click “Add vCenter Server” button to add any additional vCenter servers. Otherwise, hover over “Discovery” and choose “Credentials”
balance101414-step35
36. To monitor the OS’s of your VMs and physical servers, you can add those credentials on this page. I’ll add domain admin credentials for monitoring my Windows domain VMs. Click “Add credentials” button
balance101414-step36
37. Choose the login method, login name (domain\username), password, nickname for the credentials, and a description. Click “Save”
balance101414-step37
38. Once added they will appear on this screen
balance101414-step38
39. Hover over “Discovery” and choose “Proxies”
balance101414-step39
40. A proxy is required to monitor the guest OS status of Windows VMs and Physical servers. This proxy runs on a windows server. Once you’ve determined (or built) the appropriate server for the proxy, enter it’s FQDN or IP address and click “Continue”. Much like the picture below says, UAC MUST be disabled. You’ll beat your head against the wall for hours trying to figure out why it fails without that.
balance101414-step40
41. Download and install the latest 32-bit Java 6 runtime on this proxy server. Then navigate to the link listed on that proxy VM to begin the installation
balance101414-step41
42. Once the Balance Proxy Installer screen appears, click “Next”
balance101414-step42
43. Locate the folder path for the 32-bit java install and click “Next”
balance101414-step43
44. Enter an admin account for the service to be run under. Check the box for “Start service immediately after install” and click “Next”
balance101414-step44
45. Select any additional components you might need for other vendors and click “Next”
balance101414-step45
46. Review the information and click “Install”
balance101414-step46
47. Click “Finish”
balance101414-step47
48. Back at the Balance web interface, click “Validate proxy setup” and if successful, click “Continue”
balance101414-step48a
balance101414-step48b
49. Hover over “Discovery” and click on “Servers”
balance101414-step49
50. Click the link on the right side for “Unmonitored Servers”
balance101414-step50
51. Click the link next the vCenter server for “# guests are not being monitored”
balance101414-step51
52. Check the box next to the VMs you wish to monitor, choose your Credentials from the dropdown box in the center and click “Monitor guest(s)”
balance101414-step52
53. Hover over “Admin” and choose “Configuration”
balance101414-step53
54. Click “Email”. In here you can set authentication for your SMTP server, choose the “From” address for Balance emails. Click “Enable alerts” and then check all the boxes for Critical, Warning, and all categories (I prefer as many alerts as I can get). Click “Update”
balance101414-step54
55. Click on “Active Directory” and click the check box for “Enable Active Directory”
balance101414-step55
56. Enter the IP/hostname of your AD server, enter the Distinguished name of the account used to search Active Directory, and enter the password for that account. Click “Test”
balance101414-step56
57. Once successful, enter the Distinguished Name of the of the OU for the user/group that will have access to login. Enter the Distinguished name of the Group that will be able to login. Enter “sAMAccount” for the search attribute. Click “Update”
balance101414-step57
58. Hover over “Admin” and click “Users”
balance101414-step58
59. Click “Add User”
balance101414-step59
60. Change “Authentication” to “Active Directory”. Enter the username and click “Lookup”. If successfully, configured, it should populate the e-mail address. Choose the appropriate user type (Admin or User) and click “Save”
balance101414-step60

You’re all setup and ready to let OnCommand Balance start collecting data in your environment. You start to receive some information within about 30 minutes, but after 3-5 days you start to get a better understanding of what is going on in your environment and have more useful metrics.

vCenter Server 5.5 Custom Install

In order to install the 4 components of vCenter (SSO, Web Client, Inventory Service, and vCenter Server) onto a secondary drive on the same Server, you must perform a “Custom Install”. This guide will walk you through the process of installing each of these components as well as SQL 2008 Express to the secondary drive of a Server. This can also be used to install the individual components on separate servers. In total, this is just over 100 steps to walk through so it will take some time.

 

Prerequisites:

1. Create a new virtual machine and add it to the domain
2. Add a second hard disk to install vCenter on
3. Add the update manager and vCenter service domain users as a local admins (vudatemanager, vmwareservice for this writing)
4. Mount the ISO for vCenter 5.5
5. Ensure User Account Control is turned off and the server has been rebooted (SQL will fail without this)

 

Install:

1. Open computer, right click on the VMware VIM disk and choose “Open”
VC051814-step1
2. Navigate to \redist\SQLEXPR and double click “SQLEXPR_x64_ENU”
VC051814-step2
3. After files are extracted, choose “New installation or add features to an existing installation”
VC051814-step3
4. Check the box to accept the license terms and click “Next”
VC051814-step4
5. Uncheck “SQL Server Replication” and change the share feature directories to the “D:\” drive and click “Next”
VC051814-step5
6. Name the Instance and change the instance root directory to the D:\ drive. Click “Next”
VC051814-step6
7. SQL Database Engine can run as Network Service, but I prefer using a named account. Click “Next”
VC051814-step7
8. Click on the “Data Directories” tab to ensure all directories are pointed at the secondary drive
VC051814-step8
9. Click on the “Account Provisioning” tab and change the authentication to “Mixed Mode”. Enter an “sa” password (save it immediately), then add any SQL Admins that are required and click “Next”
VC051814-step9
10. Click “Next” through Error Reporting screen
11. Click “Close” once the installation finishes
12. Click Start, then type “cmd”, right-click on cmd.exe and choose “Run as administrator”
VC051814-step12
13. Ensure your current path is “C:\Windows\system32” and type “sqlcmd.exe -S DEN-vCenter01\VCENTERSQLEXPR” (This is to connect to the instance named “VCENTERSQLEXPR” on the server “DEN-vCenter01” which is the server I am currently connected to)
VC051814-step13
14. Run the following commands pressing “enter” after each line (this will create the vCenter Database, add domain\vmwareservice as a use and db_owner, then add as user and db_owner of the msdb database)
CREATE DATABASE [vCenterDB]
GO
ALTER DATABASE [vCenterDB] SET COMPATIBILITY_LEVEL = 100
GO
ALTER DATABASE [vCenterDB] SET RECOVERY SIMPLE
GO
USE [vCenterDB]
GO
CREATE USER [domain\vmwareservice] FOR LOGIN [domain\vmwareservice]
GO
EXEC sp_addrolemember 'db_owner', 'domain\vmwareservice'
GO
USE msdb
GO
CREATE USER [domain\vmwareservice] FOR LOGIN [domain\vmwareservice]
GO
EXEC sp_addrolemember 'db_owner', 'domain\vmwareservice'
GO

VC051814-step14
15. Type “exit” and then close CMD window
16. Login as the vCenter Service account which should be added as a local administrator
17. Go to start, administrative tools, and chooce “Data Source (ODBC)”
VC051814-step17
18. Click the “System DSN” tab and click “Add”
VC051814-step18
19. Choose “SQL Server Native Client 10.0” and click “Finish”
VC051814-step19
20. Enter a useful name, description and browse for the local Instance
VC051814-step20
21. Choose “With Integrated Windows authentication” and click “Next”
VC051814-step21
22. Change the default database to the newly created vCenterDB and click “Next”
VC051814-step22
23. Click “Finish”
VC051814-step23
24. Click “Test Data Source” to ensure connection then click “OK” and “OK”
VC051814-step24
(Running the vCenter Components install failed when logged in as the VMware Service account for me so the rest of these steps can be performed by another admin account for this server.)
25. Open computer and double-click on the VMware VIM disc
VC051814-step25
26. Click “vCenter Single Sign-On” under “Custom Install” and click “Install”
VC051814-step26
27. Click “Next” for vCenter Single Sign-On
VC051814-step27
28. Accept the license agreement and click “Next”
VC051814-step28
29. Review the SSO information and check the box for “Add [DOMAIN] as a Native Active Directory identity source” and click “Next”
VC051814-step29
30. Choose “vCenter Single Sign-On for your first vCenter Server” and click “Next”
VC051814-step30
31. Enter the password for the local account for SSO (this is not the domain admin or your own account, this is a local account to administer SSO in the event the domain is unavailable). Save the password immediately and click “Next”
VC051814-step31
32. Enter a site name (if needed) and click “Next”
VC051814-step32
33. Note the HTTPS port and click “Next”
VC051814-step33
34. Change the destination folder to the secondary drive (D: for this writing) and click “Next”
VC051814-step34
35. Review the options and click “Install”
VC051814-step35
36. Click “Finish” when it’s done installing
VC051814-step36
37. Now click on “vSphere Web Client” under “Custom Install” and click “Install”
VC051814-step37
38. Choose “English” and click “OK”
VC051814-step38
39. Click “Next”
VC051814-step39
40. Accept the license agreement and click “Next”
VC051814-step40
41. Change the install directory to the “D:\” drive and click “Next”
VC051814-step41
42. Note the web client ports and click “Next”
VC051814-step42
43. Enter the password for the administrator@vsphere.local account and click “Next”
VC051814-step43
44. Click “Yes” for the SSL fingerprint
45. Click “Install certificates” when you see the “Certificate Installation for Secure Connection”
VC051814-step45
46. Click “Install”
VC051814-step46
47. Click “Finish”
VC051814-step47
48. Click “OK” for this message about access time for the Web Client
VC051814-step48
49. Click on “vCenter Inventory Service” under “Custom Install” then click “Install”
VC051814-step49
50. Choose “English” and click “OK”
VC051814-step50
51. Click “Next” to begin the Inventory Service installation
VC051814-step51
52. Accept the license agreement and click “Next”
VC051814-step52
53. Change the install directory to the “D:\” drive and click “Next”
VC051814-step53
54. Ensure the FQDN is correct and click “Next”
VC051814-step54
55. Note the ports and click “Next”
VC051814-step55
56. Select the appropriate Inventory size and click “Next”
VC051814-step56
57. Enter the password for the administrator@vsphere.local account and click “Next”
VC051814-step57
58. Click “Yes” for the SSL fingerprint
59. Click “Install” to begin installation
VC051814-step59
60. Click “Finish” once the installation is complete
VC051814-step60
61. Click “vCenter Server” under “Custom Install” and then click “Install”
VC051814-step61
62. Choose “English” and click “OK”
VC051814-step62
63. Click “Next” to begin installation wizard
VC051814-step63
64. Accept the license agreement and click “Next”
VC051814-step64
65. Enter the license key (if available) and then click “Next”
VC051814-step65
66. Click “Use an existing supported database” and select the ODBC connection created earlier and click “Next”
VC051814-step66
67. Click “Next”
VC051814-step67
68. If the JDBC URL fails, restart the SQL Service (Administrative Tools -> Services and locate “SQL Server (InstanceName)”) on the local server and attempt the connection again
VC051814-step68
69. Enter your password to run the vCenter service (but we’ll change this after creation)
VC051814-step69
70. Select “Create a standalone VMware vCenter Server instance” and click “Next”
VC051814-step70
71. Note the provisioned ports and click “Next”
VC051814-step71
72. Select the appropriate inventory size and click “Next”
VC051814-step72
73. Enter the administrator@vsphere.local SSO password and click “Next”
VC051814-step73
74. Click “yes” for the SSL fingerprint
75. Click “Next” to register administrator@vsphere.local as an Administrator
VC051814-step75
76. Confirm the vCenter Inventory URL and click “Next”
VC051814-step76
77. Change the installation to the “D:\” drive and click “Next”
VC051814-step77
78. Click “Install”
VC051814-step78
79. Once installation completes, click “Finish”
VC051814-step79
80. Click Start, Administrative Tools, then choose “Services”
VC051814-step80
81. Locate “VMware VirtualCenter Server” service, right-click and choose “Properties”
VC051814-step81
82. Click on the “Log On” tab and then click on the “Browse” button
VC051814-step82
83. Change the “Location” to your domain then enter the name of the user account that will run the vCenter Service (vmwareservice for this writing) and click “OK”
VC051814-step83
84. Enter the password for this account and then click “OK”
VC051814-step84
85. Click “OK” to grant log on as a service rights then click “OK” about it not taking affect until a service restart
VC051814-step85
86. Locate the “VMware VirtualCenter Management Webservices” service and change it’s logon account to same account we just used for the VirtualCenter Server service (vmwareservice for this writing)
VC051814-step86
87. Right-click on “VMware VirtualCenter Server” service and choose “Restart”. You will be prompted that the “Vmware VirtualCenter Management Webservices” needs to be restarted as well. Click “Yes” for that prompt
VC051814-step87a
VC051814-step87b
88. After the services restart, open your browser and connect to https:// IPofvCenter:9443/vsphere-client and login as administrator@vsphere.local with the password assigned earlier
89. Once logged in, click on “Administrator” on the left pane
VC051814-step89
90. Click on “Users and Groups” under “Single Sign-On”
VC051814-step90
91. Click the “Groups” tab then click on”Administrators” under “Group Name”
VC051814-step91
92. Click the “Add Member” button under “Group Members”
VC051814-step92
93. Change the Domain to your domain, then search for the Active Directory user or group to be added as an Administrator. Click the user/group then click the “Add” button followed by “OK”
VC051814-step93
94. Click the “Home” button towards the top left corner
VC051814-step94
95. Click on “vCenter”
VC051814-step95
96. Click on “vCenter Servers”
VC051814-step96
97. Click on your vCenter server
VC051814-step97
98. Click the “Manage” tab followed by “Permissions”
VC051814-step98
99. Click the “Add Permission” button
VC051814-step99
100. Click the “Add” button towards the lower left then search for the Active Directory user/group to be added as a vCenter Administrator (ensure the Domain is set to your domain). Click the user/group, then click “Add” followed by “OK”
VC051814-step100
101. Changed “Assigned Role” to “Administrator” from the drop-down and then click “OK”
VC051814-step101

 

At this point your vCenter server is installed and configured with an Administrator account added for SSO as well as vCenter itself. To install the Update Manager service, click here to view the steps to install and configure. Your steps will differ as those instructions are for connecting to a mirrored database for Update Manager, but the rest of the steps are similar. You will just need to provision a database and grant the update manager user account db_owner to msdb and the Update Manager database. This can be done the same way as in step 14, just change the database name and the user name.

To complete the vCenter configuration (create a datacenter, add hosts), click here to open the step-by-step guide and scroll to step 44.

Install & Configure vCSA and vCenter 5.5

The steps below are to install and configure the vCenter Server Appliance, configure SSO to lookup users in a specific OU in Active Directory, add an Administrator, add your first host, and configure email server settings.

Prerequisites:

  1. Download the latest version of the vCenter Server Appliance (5.5.0.5201 for this writing) and place it some where that is accessible by the client hosting the vSphere client
  2. Have the vSphere Thick client installed
  3. Have a datastore created for the appliance (VM_Appliances for this writing)
  4. Identify the Fully Qualified Domain name and IP address of the server ahead of time

Steps

      1. Login to the vSphere client, choose File then Deploy OVF Template
        step1
      1. Click “Browse”, locate the OVF/OVA, and click “Open”, then click “Next”
        step2
      1. Click “Next” after reviewing the template details
        step3
      1. Name the vCSA, choose the inventory location, and click “Next”
        step4
      1. Choose the datastore and click “Next”
        step5
      1. Verify the datastore name and size and click “Next” (Size is not adjustable)
        step6
      1. Select the appropriate “Destination Network” and click “Next”
        step7
      1. Enter the following information and click “Next”
        1. Hostname = Name of Appliance
        1. Default Gateway = IP of the gateway of  the Destination Network
        1. DNS = IP of the DNS Server (Separate each DNS server with commas, though it didn’t seem to apply these settings)
        1. Network 1 IP Address = IP address of the vCenter Server Appliance
        1. Network 1 Netmark = Subnet mask of the Destination Network
      1. Verify the settings and click “Finish” to begin deployment of the vCSA
      1. Once deployment is finished, click “Close”
      1. Right click on the vCSA in the vSphere client and choose “Upgrade Virtual Hardware” then click “Yes” to upgrade the configuration
        step11
      1. Right click on the vCSA and choose “Open Console”
      1. Click the “Power On” button in the console
        step13
      1. Once the appliance has finished booting, open a browser and connect to the web interface (https:// ipaddress:5480)
      1. Click “Continue” to the security warning on your web browser
      2. Enter the default username and password for the vCSA (username: root, password: vmware)
      1. After login, accept the licensing agreement and click “Next” (this part may take awhile)
        step17
      1. Once you get to “Configure Options” press the “Cancel” button (After a few unsuccessful attempts to configure through the wizard, it is easier setting it up manually)
        step18
      1. At the home page of the vCSA admin page, click on the “Database” tab
        step19
      •  Change the “Database type” to “embedded” and click “Save Settings” (may take a minute or 2)
        step19a
      1. Click on the “SSO” tab
        • Change the “SSO deployment type” to “embedded”
        • Set the admin password for the “administrator@vsphere.local” account (Save this information immediately!)
        • Click “Save Settings” (will take a few  minutes)
          step20c
        • Once you see the message “Operation was successful” you can move on to the next step
          step20d
      1. Click on the “Network” tab
        • Ensure the Hostname (must be a FQDN if adding to a domain), IPv4 gateway, preferred & alternate DNS servers, and IPv4 static IP addressing is set. If any entries is missing, add them now
        • Once saved, click on the “System” tab and click on “Reboot”
          step21b
      1. Log back in (if necessary and continue with the next step)
      1. Click on “Authentication” tab
        • Check the box for “Active Directory Enabled”
        • Enter the domain name
        • Enter a domain admin account for “Administrative user” (Domain admin)
        • Enter the password for this account and click “Save Settings” (This will add the appliance to the domain)
          step23d
      1. Click on the “Update” tab then click “Check Updates” to see if there are any available updates
        • Install any updates that are available
        • Click on “Settings” under “Update”
        • Choose “Automatic check for updates”
        • Set your frequency (usually once a week) and then click “Save Settings”
          step24d
      1. Click on the “Admin” tab
        • Enter the current administrator password (default is “vmware”)
        • Enter the new administrator password and immediately save it (I use keepass for my passwords)
        • Click “Yes” for administrator password expiration
        • Enter the password validity time in days
        • Enter a group account for email expiration warning
        • Click “Submit”
          step25f
      1. Once the settings are saved, click on “System” tab then choose “Reboot”
      1. Once the vCSA is back up, you should be able to login to the vSphere Web Client (https:// IPofvCSA:9443)
      2. Download and install the “Client Integration Plug-in”
        step28

        • You’ll need to close your current browser to complete installation. Reopen and enable the Plugins after revisiting the URL above
      1. Login using the username “administrator@vsphere.local” and the password setup in step 20
      1. Click on “Administration”
        step30
      1. Click on “Configuration”, then click the “Identity Sources” tab and press the “+” button
      1. Choose the following for setting up Active Directory Auth for a specific group using a service account
        • Choose “Active Directory as a LDAP Server”
        • Enter the name (Just a reference name)
        • Enter the Distinguished name of the OU where users will be located
        • Enter the Domain name
        • Enter the Domain alias
        • Enter the Distinguished name for groups (for us, it’s the same as for users)
        • Enter the primary server URL (Format: ldap:\\Dcname.domainname.com:389)
        • Enter the secondary server URL (same format as above)
        • Username: A domain account in the OU above (do not use a users account, make it a service account)
        • Password: Password for domain account
        • Press “Test Connection” to ensure it all works and then click “OK”
          step32k

 

      1. Under “Single Sign-On” on the left, click on “Users and Groups”
        step33
      1. Click the “Groups” tab, then click on “Administrators”
        step34
      1. Click the “Add Members” button
        step35
      1. Change the Domain to the Domain that was just added. Search for the Domain users/groups that need Administrator access, click on each one and click “Add” followed by “OK”
        step36
      1. Once the users have been added, click on the “Home” button towards the top left
        step37
      1. Click on “vCenter”
        step38
      1. Under “Inventory Lists”, click on “vCenter Servers”
        step39
      1. Click on the name of your vCenter Server
        step40
      1. Click the “Manage” tab, followed by the “Permissions” button
        step41
      1. Click the “+” button to add a new administrator.
        • When the “Add Permission” box appears, click the “Add” button at the bottom
        • Change the Domain to Domain added earlier
        • Search for the same users/groups added as vCSA admins, select each one and click “Add” followed by “OK” when completed
          step42c
        • Under “Assigned Role” change from “No access” to “Administrator”. Ensure “Propogate to children” is selected and click “OK”
          step42d
      1. Once Domain permissions have been assigned, sign out of the web interface as “administrator@vsphere.local” and login with domain credentials (domain\username)
      1. Once logged in as Domain account, click on “vCenter”
        step44
      1. If you see the number “1” next to “vCenter Servers” under “Inventory Lists” then permissions were assigned correctly.
      2. Click on vCenter Servers, then click on the vCenter server and click the “Manage” button in the middle pane
        step46
      1. Under the “Settings” tab click on “Advanced Settings”
        step47
      1. Locate the key “config.registry.key_managedIP” and if the Value is “–“,  click the “Edit” button towards the top right
        step48
      • Scroll down to that key and enter the IP address of the vCenter Server appliance and click “OK” (Without this entry, in the event of a DNS failure, the hosts will not be able to check in with the vCenter server and could become disconnected. Thanks to Virtual Barker for pointing this out)
      1. Click on on the “vCenter” link towards the top left
        step49
      1. Click on “Datacenters”
        step50
      1. Click the “Create a new datacenter” button
        step51
      1. Choose a name of the Datacenter (I usually use location), click on the vCenter server instance and click “OK”
        step52
      1. Click on “vCenter” towards the top left
        step53
      1. Click on “Hosts” under “Inventory Lists”
        step54
      1. Click the “Add a host” button
        step55
      1. Follow these steps to add a host to your newly created datacenter
        • Enter the fully qualified domain name of your host
        • Click on the destination datacenter and then click “Next”
          step56b
        • Enter the username and password for the “root” account then click “Next” (Click “Yes” for the security alert)
          step56c
        • Review the details of the Host then click “Next”
          step56d
        • Assign a license key (if available) and click “Next”
        • Make sure “Enable lockdown mode” is unchecked and click “Next”
        • Click “Next” through “VM location” as we haven’t created a new tag yet
          step56g
        • Click “Finish”
      1. Click on “vCenter” button towards the top left
        • Click on “vCenter Servers” under “Inventory Lists”
        • Click on the name of the vCenter server
        • Click the “Manage” tab
          step57c
        • Under “vCenter Server Settings” on the General page, click the “Edit” button
          step57d
        • Click the “Mail” link and enter your mail server address and the mail sender address and then click “OK”
          step57e

At this point you are ready to start adding more hosts, creating clusters and deploying virtual machines. Before you are ready for production, ensure that you create alerts for monitoring VM and Host health such as CPU and memory usage, CPU ready latency, storage latency and VM snapshot size. I’ll address the common alerts I create in each new build in a later post.