Configuring vSphere Update Manager

In last post we learn how to configure UMDS and how to enable VUM to use shared repository for downloading patches. If you are new to VUM/UMDS and by mistake landed directly on this page, I would encourage reading about them first from below links:

1: Installing vSphere Update Manager and Update Manager Download Service

2: Configure Update Manager Download Service

Also in past I have written one blog post on Creating Esxi hosts baselines and how to remediate host. You can read that post from here.

In this post I will be covering below objectives:

  • Configure hosts/cluster settings
  • Create VUM baseline group
  • Manually download updates to a patch repository
  • Import Host upgrade images and upgrade Esxi hosts.
  • Configure Smart Rebooting for vApps

Lets get started.

1: Configure hosts/cluster settings

To configure hosts  maintenance mode settings, Login to Web Client and Click on  Update Manager icon from home page and naviate to Manage > Settings > Host and clusters settings >> Edit.Read More

Configure Update Manager Download Service for VUM

Last year I wrote a post on how to install and configure VUM and UMDS, but never got chance to connect UMDS to VUM and ended up downloading patches directly on VUM server via internet.

Once again I am playing with UMDS in lab and in this post we will cover why we need UMDS and how to configure it.

I am not covering steps for installing VUM/UMDS here because they are pretty straight forward and if you are new to these things, you can read the instructions about installation steps from here.

What is Update Manager Download Service?

Update Manager Download Service (UMDS) is an optional component which you can deploy with update manager. We can download upgrades for virtual appliances, patch metadata, patch binaries and notifications etc using UMDS.

Why we need UMDS when VUM is there?

Its a obvious question to ask that why we need UMDS when VUM is capable of downloading and installing patches on Esxi hosts/vApps.Read More

Split vCenter Servers configured in an Enhanced Linked Mode

Yesterday while reading about Enhanced linked mode I stumbled across this blogpost by William Lam where he have demonstrated how to split vCenters which are configured in linked mode.

I thought to give it a try in my lab also as these days I am playing around PSC’s and repointing, ELM things etc.

In my lab I have 2 PSC nodes and 2 vCenter server nodes each pointing to one of the PSC. Both PSC nodes are in same SSO domain/site

Both PSC are replicating to each other. Also I have verified that I do not have any stale entries for any PSC nodes from my existing lab activities.Read More

vCenter Server Advance Settings Configuration

vCenter Advance settings is used to modify the vpxd.cfg configuration file. To view the configuration options available with Advance settings, login to Web Client and select vCenter server from vCenter Inventory list and navigate to Manage > Settings > Advanced Settings as sown below.

You can use Advanced Settings to add/edit entries to the vpxd.cfg file, but can’t delete them. A user should have Global.Settings privileges to make any configuration change from here. 

For e.g to see list of available options for certificate related settings, type certmgmt in search box and hit enter.

Some of the commonly used advanced settings are listed in below table:

For more information on vCenter Advance Settings, please see below articles

Advanced settings for vSphere 5.5 & 6.0

vpxd.cfg advance configuration

vCenter Certificate Management Default Values

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing.Read More

Configure Linked Mode in vSphere 6

Linked Mode was first introduced in vSphere 4.x and it has come a long way with vSphere 6.0.

Enhanced linked mode (ELM) allows administrators to manage multiple vCenter servers from one place using vSphere Web client. vCenter servers in ELM can replicate roles, permissions, licenses and policies between them.

ELM also enables Cross vCenter vMotion i.e you can migrate virtual machines across clusters on separate vCenter instances; subject to network limitations.

Previously linked mode configuration was only possible with Windows based VC as ADAM was used as the replication engine between the VC’s.

ELM in vSphere 6.0 don’t rely on ADAM anymore but have its own replication system which is a multi-master replication technology also called VMDir based on Open LDAP which means replication now works across Windows vCenter as well as vCenter appliances.

Note: All vCenters configured in ELM can be managed only from Web Client. If you are using vSphere C# client then you can only manage that vCenter server to which you are connected.Read More

Reconfigure Embedded vCenter to External PSC

Prior to vSphere 6.0 U1 it was only possible to repoint vCenter Server which was deployed with external PSC to another PSC in same SSO domain. With vSphere 6.0U1, you can now reconfigure embedded vCenter server deployment to an external deployment.

Components of PSC which resides in embedded node are demoted and the repoints vCenter server to an external PSC node which resides in the same Single Sign On (SSO) domain as the source embedded node.

VMware made it possible by introducing an utility named cmsso-util and there are two main uses for cmsso-util:

Reconfigure

  • Reconfigure is used when you want to point your vCenter server from embedded PSC to an externally deployed PSC.
  • The source and target PSC should be in same SSO domain.

Repoint

  • This is used when a vCenter is deployed with external PSC and you have one more external PSC and you want to move vCenter from source PSC to target PSC.
Read More

Configure Identity Sources for Single Sign-On

VMware introduced SSO with vSphere 5.1 and over the release SSO has matured very much. SSO can now be connected to multiple authentication domains, like active directory and ldap, so that it can exchange authentication for tokens which are used to access multiple vSphere services.

An Identity Source is a collection of user and group data, which is stored in either Active Directory, OpenLDAP or locally in the OS.

At the time of PSC/vCenter deployment we create one identity source (SSO domain) and after vCenter installation is completed, only the users defined under this SSO domain or localos can login to vCenter. This identity source is internal to vCenter SSO.

A SSO administrator can add additional identity sources for centralized authentication, can define the default identity source, and create users and groups in the default identity source.

In this post we will focus on below tasks:

  • Define Identity sources for single sign-on.
Read More

Remove PSC from SSO Domain

In this post we will learn how to decommision/remove a PSC from SSO domain. I am covering steps needed for VCSA in this post. Steps for a Windows based vCenter server are very similar and is explained in VMware KB-2106736.

Why I need to do so?

In my lab I was doing a lot of new things with PSC deployments and repointing my vCenter server from one PSC to other. If you are new to how to repoint a vCenter server amongst PSC’s, please read below 2 articles:

1: How to repoint vCenter Server 6.x between External PSC within a site

2: Repointing vCenter Server 6.0 to External PSC’s across sites

At present I have 3 PSC’s namely psc02.alex.local,psc03.alex.local and psc03.alex.local. I have one vCenter server which was originally deployed with psc02 as external psc. First I moved my vCenter server from psc02 to psc03 (they were in same domain/site) and then I moved VC from psc03 to psc04 (they were in same domain but different site)

You can see in output of below command that which PSC is replicating to which other PSC

Read More

Repointing vCenter Server 6.0 to External PSC’s across sites

In my last post I have demonstrated how to move a vCenter server from one PSC to another. In this article we will learn to repoint vCenter Server 6.0 between Platform Service Controllers (PSC) which are in same domain but different sites.

Before vSphere 6.0 U1, it was not possible to repoint vCenter server amongst PSC’s which were not in same site (but being in same domain). With vSphere 6.0 U1, VMware made this possible by introducing a new utility called cmsso-util. 

VMware KB-2131191 article outline the steps for achieving this goal.The steps outlined in the KB are for vCenter server with external PSC deployment architecture.

Note: If you have an embedded vCenter 6.0, then you can use cmsso-util to change embedded deployment model to an external PSC model. The old PSC will be decommissioned during this process. Go ahead with this configuration only if  you have no plans for using your old PSC again.Read More

How to repoint vCenter Server 6.x between External PSC within a site

In this post we will learn how to repoint a vcenter server with extenal psc to a new psc. Before doing that lets first understand about PSC high availability.

As we know with vSphere 6.0, VMware introduced the concept of PSC. PSC deals with identity management for administrators and applications that interact with the vSphere platform. PSC contains common infrastructure services such as vCenter Single Sign-On (SSO), VMware Certificate Authority (VMCA) and licensing etc.

To know more about PSC please read VMware KB-2113115

Since these important features lies within PSC, it is an very important to make sure PSC 100% availability of PSC server. PSC can be made highly available by deploying 2 nodes and then configuring a load balancer for the 2 nodes so that in case of failure, connections can be switched to other node.

Now what if you don’t have a load balancer with you to configure failover.Read More