The steps below are to install and configure the vCenter Server Appliance, configure SSO to lookup users in a specific OU in Active Directory, add an Administrator, add your first host, and configure email server settings.
Prerequisites:
- Download the latest version of the vCenter Server Appliance (5.5.0.5201 for this writing) and place it some where that is accessible by the client hosting the vSphere client
- Have the vSphere Thick client installed
- Have a datastore created for the appliance (VM_Appliances for this writing)
- Identify the Fully Qualified Domain name and IP address of the server ahead of time
Steps
-
-
- Login to the vSphere client, choose File then Deploy OVF Template
- Login to the vSphere client, choose File then Deploy OVF Template
-
-
-
- Click “Browse”, locate the OVF/OVA, and click “Open”, then click “Next”
- Click “Browse”, locate the OVF/OVA, and click “Open”, then click “Next”
-
-
-
- Click “Next” after reviewing the template details
- Click “Next” after reviewing the template details
-
-
-
- Name the vCSA, choose the inventory location, and click “Next”
- Name the vCSA, choose the inventory location, and click “Next”
-
-
-
- Choose the datastore and click “Next”
- Choose the datastore and click “Next”
-
-
-
- Verify the datastore name and size and click “Next” (Size is not adjustable)
- Verify the datastore name and size and click “Next” (Size is not adjustable)
-
-
-
- Select the appropriate “Destination Network” and click “Next”
- Select the appropriate “Destination Network” and click “Next”
-
-
-
- Enter the following information and click “Next”
- Hostname = Name of Appliance
- Default Gateway = IP of the gateway of the Destination Network
- DNS = IP of the DNS Server (Separate each DNS server with commas, though it didn’t seem to apply these settings)
- Network 1 IP Address = IP address of the vCenter Server Appliance
- Network 1 Netmark = Subnet mask of the Destination Network
- Enter the following information and click “Next”
-
-
-
- Verify the settings and click “Finish” to begin deployment of the vCSA
- Verify the settings and click “Finish” to begin deployment of the vCSA
-
-
-
- Once deployment is finished, click “Close”
-
- Right click on the vCSA in the vSphere client and choose “Upgrade Virtual Hardware” then click “Yes” to upgrade the configuration
- Right click on the vCSA in the vSphere client and choose “Upgrade Virtual Hardware” then click “Yes” to upgrade the configuration
-
-
-
- Right click on the vCSA and choose “Open Console”
-
- Click the “Power On” button in the console
- Click the “Power On” button in the console
-
-
-
- Once the appliance has finished booting, open a browser and connect to the web interface
(https:// ipaddress:5480)
- Once the appliance has finished booting, open a browser and connect to the web interface
-
-
-
- Click “Continue” to the security warning on your web browser
- Enter the default username and password for the vCSA (username: root, password: vmware)
-
- After login, accept the licensing agreement and click “Next” (this part may take awhile)
- After login, accept the licensing agreement and click “Next” (this part may take awhile)
-
-
-
- Once you get to “Configure Options” press the “Cancel” button (After a few unsuccessful attempts to configure through the wizard, it is easier setting it up manually)
- Once you get to “Configure Options” press the “Cancel” button (After a few unsuccessful attempts to configure through the wizard, it is easier setting it up manually)
-
-
-
- At the home page of the vCSA admin page, click on the “Database” tab
- Change the “Database type” to “embedded” and click “Save Settings” (may take a minute or 2)
- At the home page of the vCSA admin page, click on the “Database” tab
-
-
-
- Click on the “SSO” tab
- Change the “SSO deployment type” to “embedded”
- Set the admin password for the “administrator@vsphere.local” account (Save this information immediately!)
- Click “Save Settings” (will take a few minutes)
- Once you see the message “Operation was successful” you can move on to the next step
- Click on the “SSO” tab
-
-
-
- Click on the “Network” tab
- Ensure the Hostname (must be a FQDN if adding to a domain), IPv4 gateway, preferred & alternate DNS servers, and IPv4 static IP addressing is set. If any entries is missing, add them now
- Once saved, click on the “System” tab and click on “Reboot”
- Ensure the Hostname (must be a FQDN if adding to a domain), IPv4 gateway, preferred & alternate DNS servers, and IPv4 static IP addressing is set. If any entries is missing, add them now
- Click on the “Network” tab
-
-
-
- Log back in (if necessary and continue with the next step)
-
- Click on “Authentication” tab
- Check the box for “Active Directory Enabled”
- Enter the domain name
- Enter a domain admin account for “Administrative user” (Domain admin)
- Enter the password for this account and click “Save Settings” (This will add the appliance to the domain)
- Click on “Authentication” tab
-
-
-
- Click on the “Update” tab then click “Check Updates” to see if there are any available updates
- Install any updates that are available
- Click on “Settings” under “Update”
- Choose “Automatic check for updates”
- Set your frequency (usually once a week) and then click “Save Settings”
- Click on the “Update” tab then click “Check Updates” to see if there are any available updates
-
-
-
- Click on the “Admin” tab
- Enter the current administrator password (default is “vmware”)
- Enter the new administrator password and immediately save it (I use keepass for my passwords)
- Click “Yes” for administrator password expiration
- Enter the password validity time in days
- Enter a group account for email expiration warning
- Click “Submit”
- Click on the “Admin” tab
-
-
-
- Once the settings are saved, click on “System” tab then choose “Reboot”
-
- Once the vCSA is back up, you should be able to login to the vSphere Web Client (https:// IPofvCSA:9443)
- Download and install the “Client Integration Plug-in”
- You’ll need to close your current browser to complete installation. Reopen and enable the Plugins after revisiting the URL above
-
-
-
- Login using the username “administrator@vsphere.local” and the password setup in step 20
-
- Click on “Administration”
- Click on “Administration”
-
-
-
- Click on “Configuration”, then click the “Identity Sources” tab and press the “+” button
- Click on “Configuration”, then click the “Identity Sources” tab and press the “+” button
-
-
-
- Choose the following for setting up Active Directory Auth for a specific group using a service account
- Choose “Active Directory as a LDAP Server”
- Enter the name (Just a reference name)
- Enter the Distinguished name of the OU where users will be located
- Enter the Domain name
- Enter the Domain alias
- Enter the Distinguished name for groups (for us, it’s the same as for users)
- Enter the primary server URL (Format: ldap:\\Dcname.domainname.com:389)
- Enter the secondary server URL (same format as above)
- Username: A domain account in the OU above (do not use a users account, make it a service account)
- Password: Password for domain account
- Press “Test Connection” to ensure it all works and then click “OK”
- Choose the following for setting up Active Directory Auth for a specific group using a service account
-
-
-
- Under “Single Sign-On” on the left, click on “Users and Groups”
- Under “Single Sign-On” on the left, click on “Users and Groups”
-
-
-
- Click the “Groups” tab, then click on “Administrators”
- Click the “Groups” tab, then click on “Administrators”
-
-
-
- Click the “Add Members” button
- Click the “Add Members” button
-
-
-
- Change the Domain to the Domain that was just added. Search for the Domain users/groups that need Administrator access, click on each one and click “Add” followed by “OK”
- Change the Domain to the Domain that was just added. Search for the Domain users/groups that need Administrator access, click on each one and click “Add” followed by “OK”
-
-
-
- Once the users have been added, click on the “Home” button towards the top left
- Once the users have been added, click on the “Home” button towards the top left
-
-
-
- Click on “vCenter”
- Click on “vCenter”
-
-
-
- Under “Inventory Lists”, click on “vCenter Servers”
- Under “Inventory Lists”, click on “vCenter Servers”
-
-
-
- Click on the name of your vCenter Server
- Click on the name of your vCenter Server
-
-
-
- Click the “Manage” tab, followed by the “Permissions” button
- Click the “Manage” tab, followed by the “Permissions” button
-
-
-
- Click the “+” button to add a new administrator.
- When the “Add Permission” box appears, click the “Add” button at the bottom
- Change the Domain to Domain added earlier
- Search for the same users/groups added as vCSA admins, select each one and click “Add” followed by “OK” when completed
- Under “Assigned Role” change from “No access” to “Administrator”. Ensure “Propogate to children” is selected and click “OK”
- Click the “+” button to add a new administrator.
-
-
-
- Once Domain permissions have been assigned, sign out of the web interface as “administrator@vsphere.local” and login with domain credentials (domain\username)
-
- Once logged in as Domain account, click on “vCenter”
- Once logged in as Domain account, click on “vCenter”
-
-
-
- If you see the number “1” next to “vCenter Servers” under “Inventory Lists” then permissions were assigned correctly.
- Click on vCenter Servers, then click on the vCenter server and click the “Manage” button in the middle pane
-
-
-
- Under the “Settings” tab click on “Advanced Settings”
- Under the “Settings” tab click on “Advanced Settings”
-
-
-
- Locate the key “config.registry.key_managedIP” and if the Value is “–“, click the “Edit” button towards the top right
- Locate the key “config.registry.key_managedIP” and if the Value is “–“, click the “Edit” button towards the top right
-
-
-
- Scroll down to that key and enter the IP address of the vCenter Server appliance and click “OK” (Without this entry, in the event of a DNS failure, the hosts will not be able to check in with the vCenter server and could become disconnected. Thanks to Virtual Barker for pointing this out)
- Scroll down to that key and enter the IP address of the vCenter Server appliance and click “OK” (Without this entry, in the event of a DNS failure, the hosts will not be able to check in with the vCenter server and could become disconnected. Thanks to Virtual Barker for pointing this out)
-
-
-
- Click on on the “vCenter” link towards the top left
- Click on on the “vCenter” link towards the top left
-
-
-
- Click on “Datacenters”
- Click on “Datacenters”
-
-
-
- Click the “Create a new datacenter” button
- Click the “Create a new datacenter” button
-
-
-
- Choose a name of the Datacenter (I usually use location), click on the vCenter server instance and click “OK”
- Choose a name of the Datacenter (I usually use location), click on the vCenter server instance and click “OK”
-
-
-
- Click on “vCenter” towards the top left
- Click on “vCenter” towards the top left
-
-
-
- Click on “Hosts” under “Inventory Lists”
- Click on “Hosts” under “Inventory Lists”
-
-
-
- Click the “Add a host” button
- Click the “Add a host” button
-
-
-
- Follow these steps to add a host to your newly created datacenter
- Enter the fully qualified domain name of your host
- Click on the destination datacenter and then click “Next”
- Enter the username and password for the “root” account then click “Next” (Click “Yes” for the security alert)
- Review the details of the Host then click “Next”
- Assign a license key (if available) and click “Next”
- Make sure “Enable lockdown mode” is unchecked and click “Next”
- Click “Next” through “VM location” as we haven’t created a new tag yet
- Click “Finish”
- Follow these steps to add a host to your newly created datacenter
-
-
-
- Click on “vCenter” button towards the top left
- Click on “vCenter Servers” under “Inventory Lists”
- Click on the name of the vCenter server
- Click the “Manage” tab
- Under “vCenter Server Settings” on the General page, click the “Edit” button
- Click the “Mail” link and enter your mail server address and the mail sender address and then click “OK”
- Click on “vCenter” button towards the top left
-
At this point you are ready to start adding more hosts, creating clusters and deploying virtual machines. Before you are ready for production, ensure that you create alerts for monitoring VM and Host health such as CPU and memory usage, CPU ready latency, storage latency and VM snapshot size. I’ll address the common alerts I create in each new build in a later post.