Zitrox GmbH Technology Blog
Bei der Installation von vCenter, kommt seit der Version 4.1 die Frage, ob es sich um ein kleines, mittleres oder grosses Inventar handelt, welches von vCenter verwaltet werden soll. Klein bedeutet bis zu 100 Hosts, was einen Speicherbedarf von 1024 MB für den Tomcat Server bedeutet.
Um dem Tomcat Server weniger Memory zu geben, kann man die Konfiguration von Tomcat anpassen.
Anschliessen muss nurnoch der Webservice neu gestartet werden und die neuen Limiten sind im Einsatz:
Damit Dataprotection Manager mit Change Block Tracking (CBT) einwandfrei funktioniert, muss der Benutzer mit welchem sich die VMware Data Protection Applicance zum VirtualCenter (vCenter) folgende Berchtigungen haben:
VirtualMachine->Configuration->Disk change tracking
VirtualMachine->Provisioning->Allow read-only disk access
VirtualMachine->Provisioning->Allow VM download
VirtualMachine->State->Create snapshot
VirtualMachine->State->Remove snapshot
Datastore->Allocate space
VirtualMachine->Configuration->Add new disk
VirtualMachine->Configuration->Change resource
VirtualMachine->Configuration->Remove disk
VirtualMachine->Configuration->Settings
Global->License
Damit Windows Server 2008 Virtual Machines für Applikations-konsistente Snapshots verwendet werden können, muss das UUID Attribut Enabled werden:
1 Start the vSphere Client, and log in to a vCenter Server.
2 Select Virtual Machines and Templates and click the Virtual Machines tab.
3 Right-click the Windows 2008 virtual machine for which you are enabling the disk UUID attribute, and
select Power > Power Off.
The virtual machine powers off.
4 Right-click the virtual machine, and click Edit Settings.
5 Click the Options tab, and select the General entry in the settings column.
6 Click Configuration Parameters…
The Configuration Paramters window appears.
7 Click Add Row.
8 In the Name column, enter disk.EnableUUID.
9 In the Value column, enter TRUE.
10 Click OK and click Save.
11 Power on the virtual machine.
Application consistent quiescing is available for this virtual machine now that the UUID property has been
enabled.
Im Jetty Webserver des VMware Updatemanagers, ist eine schwere Sicherheitslücke aufgetaucht. Ein Patch wurde von VMWare bereits bereitgestellt.
http://seclists.org/bugtraq/2010/Jul/166
View Composer 2.x does not support 64 bit operating systems, and as such, is not supported in vSphere vCenter Server 4.1 managed environments. For more information, see the article linked below. KB 1011292
Wie auf der VMWare Seite zu lesen ist, beinhaltet neu die VMWare Essentials Plus Version mit vSphere 4.1 Vmotion Support!
http://www.vmware.com/products/vsphere/buy/small_business_editions_comparison.html
VMWare hat die Version 4.1 von vSphere veröffentlicht und kann unter folgender URL heruntergeladen werden:
http://downloads.vmware.com/d/
ACHTUNG, das vCenter benötigt eine 64Bit Version des Betriebsystems!
They are three different ways to manage the VI with a vma.
If you want to run only a single command use: working without sessionfile
If you want to run commands withing a timeperiod of 30 minutes use: working with sessionfile
If you want to run commands for more than 30 minutes use: vifastpass
working without sessionfile (username and password must be entered for each command)
e.g.
vicfg-nics -l –server server1 –username xxx –vihost xxxx
resxtop –server server1 –username xxx –vihost xxx
working with sessionfile (session lasts for 30 minutes)
Create sessionfile per vcenter server:
1. type cd /usr/share/doc/vmware-cli/samples/session
2. for vcenter-p: ./save_session.pl –savesessionfile /tmp/vcenter1 –server xxx –username xxx
for vcenter-t: ./save_session.pl –savesessionfile /tmp/vcenter2 –server xxx –username xxx
3. run commands:
e.g.
vicfg-nics -l –sessionfile /tmp/vcenter1 –vihost xxx
vicfg-nics -l –sessionfile /tmp/vcenter2 –vihost xxx
resxtop does not work with sessionfile!
working with vifastpass
1. sudo vifp addserver vcenter1 or/and sudo vifp addserver vcenter2
2. run vifp listservers to verify that the vcenter server(s) have been added as target.
3. Inititalize the vcenter server you need to manage (e.g. vifpinit vcenter1)
4. run commands
e.g.
resxtop –vihost xxx (esxhost)
vicfg-nics -l –xxx
I messed around with the official Whitepaper of VMware to replace the VC Certificate with SSL, but this did not work for me.
How i maked it working:
1. Download the openssl binaries on following site:
http://gnuwin32.sourceforge.net/packages/openssl.htm
2. Extract the folder to c:\openssl
3. Create a file: serial in the bin directory, open it and write 10000 into this file
4. Create a file: certindex.txt in the bin directory
5. Create a file openssl.cnf in the bin directory with following content:
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = serial
database = certindex.txt
new_certs_dir = certs
certificate = cacert.pem
private_key = cakey.pem
default_days = 3650
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
# Variable name Prompt string
#————————- ———————————-
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
# Default values for the above, for consistency and less typing.
# Variable name Value
#———————— ——————————
0.organizationName_default = Example Company
localityName_default = Location
stateOrProvinceName_default = ZH
countryName_default = CH
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
6. Open CMD and navigate to the openssl/bin directory
7. Use following command to create the CA Cert:
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
8. Import the cacert.pem to your local Trusted Root CA (use MMC)
9. Create the certificate request for VC
openssl req -new -nodes -out mycsr.csr -config openssl.cnf
10. Send this Request to an official CA or use your newly created CA to sign this request:
openssl ca -out rui.crt -config openssl.cnf -infiles mycsr.csr
11. Rename key.pem to rui.key
12. Create a PFX
openssl pkcs12 -export -in rui.crt -inkey rui.key -passout pass:YOURPASSWORD -out rui.pfx
13. Install the PFX to your local computer account certificates (use mmc)
14. Place the following files to your VC Cert directory:
C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL
- rui.crt
- rui.key
- rui.pfx
15. Restart VC Service and reconnect all your ESX Hosts.
16. Have Fun 
You can also use your Windows CA to generate a VC Cert
On your CA certificate request web form, choose advanced then on Advanced Certificate Request page select Webserver template and type in the name of the server (usually the DNS or FQDN) in Name text box.Certificate Add-in in MMC
Select Mark keys as exportable check box and submit.
You still need to install openssl to export the private key from the certificate .
# Export the private key file from the pfx file
openssl pkcs12 -in rui.pfx -nocerts -out key.pem
# Convert .pem to .key
openssl rsa -in key.pem -out rui.key
