This is part of my “back to basics” series, I’m covering typical post-configuration tasks you would expect to carry out after the install of vCenter has completed. These typical include tasks such as:
- Creating Datacenters
- Adding ESX hosts
- Creating a vCenter Inventory Folder Structure
- Licensing both vCenter and the VMware ESXi hosts
I’m going to show how this all done by the web client, the replacement of the vSphere client. The next “back to basics” article will be about automating this process with PowerCLI.
This post was recently updated with a video demoing the common post-configuration changes, and it was record in late January, 2014.
Note: If your are watching the video on youtube, be sure to enter a full-screen view, and change the settings to HD/720p for best quality. Alternatively, the Native Quality video is available on mikelaverick.com
Using to the vSphere Web-Client
The Legacy C# vSphere Client:
The All-New vSphere Web Client:
The vSphere Web Client is VMware’s replacement of the desktop installed vSphere Client (commonly referred to the C# vSphere Client. Although vSphere5.5 supports both the web-client and the vSphere Client since vSphere 5.1, new features and options are being exposed to the web-client only. Currently, the vSphere Client has a warning about this period of transition. The vSphere Client is still used currently for VMware VUM and a few other solutions such as Site Recovery Manager and vCloud Connector. Another ancillary use of the legacy vSphere Client is to establish direct connections to the VMware ESX host in environments where vCenter is not in use, unavailable or yet to be deployed.
For the web-client to work the web-browser will need Adobe Flash installed, and at the logon screen there is an installer for “Client Integration Plug-in”. This needs to be downloaded and installed in order for the web-client to be able to connect a console to the virtual machine. Additionally, the plug in is required as part of the process of enabling the “Windows Session Authentication” feature. This allows the web client to accept the local logon credentials from a Windows system
Whilst a wide range of web-browsers work with the vSphere Web Client, many users in the community prefer Mozilla FireFox, as it appears to handle untrusted certificates generated by the installer in an easier way than
Adding Microsoft Active Directory and Delegating Responsibility
With a clean installation vCenter use its own internal director service called “Single Sign-On” (SSO) as the primary authentication domain. The default username is administrator@vsphere.local. It is possible add the Active Directory domain to SSO, and enable user accounts and groups from it as the logon to the web-client.
1. Login to the vSphere Web Client as administrator@vsphere.local
2. From the home location, navigate to >>Administration >>Singe Sign-on >>Configuration
Note: Click the green + to update the configuration.
3. Select the radio button – “Active Directory (Integrated Windows Authentication”.
Note: This type of authentication enables the pass-though of your logged on local credentials from the Windows domain to the web-client.
Note: In a simple installation of vCenter, SSO should pick up on the single domain that vCenter is joined to.
4. After clicking OK, this should add the domain to the list
Next we can add in accounts to the vCenter to delegate responsibility. The best method it create a group in Active Directory called “vCenter Admins”, and populate it with user accounts from the administration team.
5. Navigate to >>vCenter >> vCenter Servers
6. Select the Manage tab, and the Permissions category
Note: Click the green + to update the configuration.
7. Click Add, in the subsequent dialog box select the domain, and from the second pull-down list “Show Groups First”. Select the group created – and click Add
8. Finally, assign the “Administrator” role and click OK
Once enabled, you should be able to enable the “Use Windows Session Authentication” option at the web-client:
Creating vCenter Datacenters (Web Client)
A “Datacenter” in vCenter is a logical construct which could be compared to an object like a “domain” in Active Directory. It acts as an administrative boundary, separating generally one site from another. Therefore its not uncommon for datacenters to be named after locations like “New York” and “New Jersey”. Whether one vCenter instance will be sufficient for organisation with many sites is large dependent on factors outside of the control of VMware. These include the quality of the network links from one site to another – as well as the internal politics of a given organization. It may have always been the case that the West Coast of the USA is managed independently of the East Coast of the USA – this might reflect the timezone difference between the regions. Similarly in a European context each country within the EU maybe administrated separately because of language differences, and that fact that despite existence of European Law, systems of data protection, compliance and audit rule still differ from one member state to another.
Note: Screen grab from the vSphere 5.5 Configuration Maximum guide.
One datacenter can contain many clusters, and clusters can contain many VMware ESX hosts. This means vCenter scales quite well for large datacenters which have been packed with a large number of servers to maximise economies of scale. Nonetheless, vCenter like VMware ESX has its own configurable maximums. This might force organizations to adopt a multiple vCenters because they are rubbing up to those configurable maximums. It’s salutatory to remember that increasingly these maximums are only of theoretical interest. The numbers are now so large, most customers will find they run out of physical resource on the host before they hit the configurable maximums.
VMware publishes a list of configurable maximums of vSphere which is well worth consulting if you know your organization is going to have many hundreds of ESX hosts, and many thousands of VMs. The configuration maximum guide for vSphere 5.5 is located here:
http://www.vmware.com/pdf/vsphere5/r55/vsphere-55-configuration-maximums.pd
Creating a datacenter
1. Select the Go to vCenter button
2. In the Inventory List, select Datacenters
3. Click the New Datacetner icon
4. In the New Datacenter dialog box, type in a friendly name for the datacenter – in this case “New York”
Note: You must select a vCenter Server or folder (if one exists) to create the datacenter.
Adding VMware ESX hosts
Once a datacenter object is created in vCenter, you can start to add VMware ESX hosts. This then allows you to perform further post-configuration tasks such as managing the network and storage layers, ready for creating a VM. Adding a VMware ESX hosts is relatively simple affair, but not a terrifically exciting task, so you may wish to automate this process with a PowerCLI script if you dealing with a rollout of large number of servers.
1. In the Datacenter view, select the datacenter
2. Click the Actions button, and from the menu select Add Host
3. In the Add Host wizard, type the FQDN of the ESX host
4. Type in the root account and password
Note: You should prompted by warning that the ESX host certificate is untrusted (as it was auto-generated during the installation), together with its SHA1 Thumbprint.
Once the certificate is accepted the host information page should be refreshed with a table of data that shows – the FQDN, Vendor and Model of Server, and ESX version and build number. If the host has virtual machines present on it these will be listed as well.
5. Assign a license to the host if these have been inputed, alternative continue to use the evaluation period.
6. Enabled Lockdown Mode [OPTIONAL]
This is an optional configuration. Lockdown mode does improve security, but at the expense of ease of management. Consult the policies of your organization if any.
7. Select a VM location – This maybe blank on clean system. But on existing system with virtual machine folder hierachy, and with a host with pre-existing VMs on it, the option can be used to control where VMs are located in the vCenter Inventory
8. Click Next and Finish to add the host.
Creating vCenter Folder Structure
vCenter supports the creation of folder structure for virtual machines and templates, as well for datastores. Like a folder structure on hard disk or an OU structure in Active Directory – the intention is to create a layout that allows the administration team to collect and sort objects in such a way that makes them easy to find. Additionally, these folder structures can be used to hold permissions – and limit the view of a user or groups to a subset objects. The folder structure is entirely free form, and its entirely up to your organization how to lay these folders out. It’s useful to have these folders created upfront as it means VMs are being sorted and categorised from day one. However, its entirely possible to create and modify these folder structures after the fact, and move VMs from one folder to another at will. It’s worth mentioning that some technologies from VMware (and others) such as Horizon View and vCloud Director will automatically create folders for you, as these management systems create new objects in the vCenter inventory.
Typically, the folders top-level might reflect departmental subgroups
- Templates
- Sales
- Accounts
- Distribution
or they may reflect the servers operational role
- Templates
- Web Servers
- Databases
alternatively they may reflect the relationship between the VMs
- Templates
- CRM Application
- Horizon EUC
- Sharepoint
In a more “cloud” like environment each of the top-level folders may reflect different “tenants” within the system. For example imagine “Corp, Inc” has four distinct subsidiaries – the Corporate Headquarters (CorpHQ), Corp Overseas Investment Group, Inc (CIOG), iStocks Inc, (a stocks and shares, day trading company) and Quark AlgoTrading, Inc (a company that trades on the international exchanges using the latest algorithms for the short-selling of stocks). Using this folder structure keep the tenants separate from each other, and allows permissions to reflect the appropriate rights needed to manage them.
Each subsidiary might be top-level folder
- Templates
- CorpHQ
- COIG
- Quark
- iStocks
Creating these folders is as easy as creating a folder on a hard-drive.
1. Select VMs & Templates within the Web Client
2. Select the appropriate datacenter
3. Click the Actions button
4. Select in the menu – All vCenter Actions, and New “VM Template and Folder
5. Type in a friendly label for your folder name
Note: You may notice a folder called “Discovered virtual machines”. This is created by default when new hosts are added into vCenter. It is used to hold VMs that have been found to be pre-existing on the VMware ESX host. Additionally, it maybe used if a rogue administrator bypasses vCenter, and creates a VM directly on the VMware ESX host. Once you have a VM folder created, selecting it makes subfolders.
Finally, it is possible to create folders in the “Host & Clusters”, Network and Storage View. Depending on the size, scale and complexity of your environment you may or may not find these useful.
Licensing vCenter and ESX Hosts
Most VMware products are licensed by text string. For vCenter integrated technologies these licenses are stored and inputted in the licensing section of the vCenter server. Other technologies store these strings under the context of their management front-end. For example VMware Horizon View, the companies “Virtual Desktop” solutions stores the license string inside its dedicate management portal. Without a valid license key most VMware technologies expire on their evaluation by 60s day. When this occurs assets like VMware ESX hosts become disconnected and unmanageable.
Currently, two license policies dominate – either licensing by the number of physical CPU sockets (as is the case with vSphere) or by the number of VMs (as is the case with VMware Site Recovery Manager). Within the vSphere product different SKUs exist for SMB as well as Enterprize – with each progressively offering more features and functionality. Somewhat confusingly the “vCloud Suite Enterprize” edition contains the “Enterprize Plus” version of vSphere. The terminology is little skewed by the inherited history of previous editions, flavours and licensing models used in the past.
vCenter is licensed by the number of instances of vCenter that you have running in your environment.
Pricing and Packaging of VMware Technologies is an endless evolving process – we recommend you consult VMware’s online documentation for up to the minute data. vSphere Enterprise Plus (the most functional version of vSphere) is available as part of the vCloud Suite – which offers not just vSphere but other components required to build the “cloud” or the new “Software Defined Datacenter”.
This white paper (PDF) offers a high level view of vCloud Suite licensing for version 5.5:
http://www.vmware.com/files/pdf/vCloud-Suite-Pricing-Packaging-Whitepaper.pdf
Adding Licenses to vCenter:
1. Navigate to >> Licensing >> License
2. Click the Green + symbol to add a license
3. Type your license key into the edit box.
4. The key should then be validated – and report the Product Type, Capacity, and expiration date (if applicable)
5. Next we can assign these license keys to the appropriate asset. In this case these are VMware ESX host licenses. Select the Host tab
6. Select the all the VMware ESX hosts, and click the Assign License Key button
7. In the subsequent dialog box, select the license key to be assigned
Note: This self same workflow can be used to input the vCenter license and assign them to the vCenter. Once the license have been inputted and assigned, the licensing node shows a very simple view of what licenses have been used, and how much free is available.
In this case 1 vCenter license has been assign, and there is 1 vCenter license left. Three VMware ESX hosts with two physical CPU sockets completed – consume 6 CPU license in total, leave 10 CPU socket license left. This would allow for another 5 VMware ESX host of this specification to be added before the organization would run out license allocation.