Stuff about vCenter Configuration Manager [5.7] (2/3)

This is the last part of this series of posts about VMware vCenter Configuration Manager.

• Part 1
• Part 3

For more information about VMware vCenter Configuration Manager, check documentation.

Managing virtual environments

• Data from components of virtual environment (vCenter, Hosts, Appliances) are collected by managing agent machine (= proxy agent).
• Change trust status for managing agent machine.
• Check if data collection worked: check registry-key: HKLM\software\VMware, Inc.\InstallData\VCM Package manager for Windows.
• If it is not possible to use HTTPS, bypass it to use HTTP.
• To do a more secure installation select the SSL thumbprint (vCenter, ESXi, …) and provide them during installation.
• To install a managing agent
  • Discover machine
  • License machine
  • Change Trust Status of machine (Administration\Certificates)
  • Make it a Managing Agent (Administration\Certificates)
• To add a vCenter to vCM
  • Discover and license machine. vCenter Machine is shown beneath Licensed Virtual Environments.
  • Action required: Configure Settings
    • Select Managing Agent
    • Configure authentication settings
    • Provide SSL thumbprint, if collected
  • Collect Visualization data after installation.
  • Data shown are not in real time! Take a look at column Last Updated.

Managing Active Directory

• Add domain and network authority before add domain controller of the domain.
• Managing AD data can be done at Machine Manager\Additional Components\VCM for Active Directory.
• Install AD Agent
  • Install agent at Manager\Additional Components\VCM for Active Directory like vCM Agent.
  • Determine Forest to collect data about the domain; Forest information should be shown.
  • Set up domain controllers; DC Settings should show FDS and RDS information.
  • Collect Active Directory data
• AD Agent can be installed on all DCs of a domain.

Managing Compliance

• vCM can be used to ensure that managed systems meets a standard configuration.
• VMware worked closely with companies like Microsoft, Oracle, SAP to develop templates for policies.
• Types of compliance
  • Active Directory
  • Machine groups
  • Security Content Automation Protocol
  • vCenter Operations Manager badge mapping
  • Virtual environment compliance
• You can build simple compliance rules (A and/or B …) or more complex ones (if A and/or B then check: C and/or D). When the conditions are not fulfilled, the object is not compliant.
• Before you create rules, check the collected data are up to date.
• You can set Asset Classification to define the importance of objects.
• You can create exception rules. You can even set them es temporary rule by set a time period of validity. For running rules you can choose if objects should be shown as compliant respectively not compliant despite exceptions.
• Standard Remediation means configuration change.
• You can just enforce rules that are enforceable.
• Create compliance rules
  • Create a compliance rule group; this is a combination of filters and rules. The filter selects the objects that are checked against the rule.
  • Create a compliance rule within the created rule group. Select the data type and the values that the data should have.
• You can preview the filter and the rule (the rule with or without the filter). Preview works with data in DB, if they are not up to date, the result could be not like expected!

Managing patches

• It is quite a standard patching tool.
• You can patch Windows, UNIX/Linux, Mac, AIX, Solaris systems
• For UNIX/Linux patching you have to install Software Content Repository (SCR) tool. There are much more sources of patches for UNIX/Linux than for Windows.
• There is the ability to stage patches. This task can be scheduled.
• To patch systems
  • create an Assessment Template with filter for patches
  • Assess the patch. Think about using Machine Groups to filter machines.
  • Deploy patches.