Home » VMware Manuals » Computer Software » VMware VS4-ENT-PL-A » Manual Viewer

VMware VS4-ENT-PL-A Setup Guide - Page 88

Active Directory Identity Source Settings, What to do next, Table 4

View all VMware VS4-ENT-PL-A manuals

Add to My Manuals
Save this manual to your list of manuals

Page 88 highlights

vSphere Installation and Setup Option OpenLDAP LocalOS Description Use this option for an OpenLDAP identity source. See "Active Directory LDAP Server and OpenLDAP Server Identity Source Settings," on page 89. Use this option to add the local operating system as an identity source. You are prompted only for the name of the local operating system. If you select this option, all users on the specified machine are visible to vCenter Single Sign-On, even if those users are not part of another domain. NOTE If the user account is locked or disabled, authentications and group and user searches in the Active Directory domain will fail. The user account must have read-only access over the User and Group OU, and must be able to read user and group attributes. This is the default Active Directory domain configuration for user permissions. VMware recommends using a special service user. 5 If you configured an Active Directory as an LDAP Server or an OpenLDAP identity source, click Test Connection to ensure that you can connect to the identity source. 6 Click OK. What to do next When an identity source is added, all users can be authenticated but have the No access permission. A user with vCenter Server Modify.permissions privileges can assign permissions to users or groups of users to enable them to log in to vCenter Server. See "Assign Permissions in the vSphere Web Client," on page 89. Active Directory Identity Source Settings If you select the Active Directory (Integrated Windows Authentication) identity source type, you can either use the local machine account as your SPN (Service Principal Name) or specify an SPN explicitly. Select Use machine account to speed up configuration. If you expect to rename the local machine on which vCenter Single Sign-On runs, specifying an SPN explicitly is preferable. Table 4‑1. Add Identity Source Settings Field Domain name Use machine account Use SPN Service Principal Description FDQN of the domain. Do not provide an IP address in this field. Select this option to use the local machine account as the SPN. When you select this option, you specify only the domain name. Do not select this option if you expect to rename this machine. Select this option if you expect to rename the local machine. You must specify an SPN, a user who can authenticate with the identity source, and a password for the user. SPN that helps Kerberos to identify the Active Directory service. Include the domain in the name, for example, STS/example.com. You might have to run setspn -S to add the user you want to use. See the Microsoft documentation for information on setspn. The SPN must be unique across the domain. Running setspn -S checks that no duplicate is created. 88 VMware, Inc.

Section	Page
vSphere Installation and Setup	1
Contents	3
About vSphere Installation and Setup	7
Updated Information	9
Introduction to vSphere Installation and Setup	11
Overview of the vSphere Installation and Setup Process	11
System Requirements	13
ESXi Hardware Requirements	13
Recommendation for Enhanced ESXi Performance	15
Hardware Requirements for vCenter Server, the vSphere Web Client , vCenter Inventory Service, and vCenter Single Sign-On	17
vCenter Server Software Requirements	22
vSphere Web Client Software Requirements	22
Providing Sufficient Space for System Logging	23
Required Ports for vCenter Server	23
Required Ports for the vCenter Server Appliance	25
Conflict Between vCenter Server and IIS for Port 80	26
DNS Requirements for vSphere	26
Supported Remote Management Server Models and Minimum Firmware Versions	27
Before You Install vCenter Server	29
Preparing vCenter Server Databases	30
vCenter Server Database Configuration Notes	30
Create a 64-Bit DSN	31
Confirm That vCenter Server Can Communicate with the Local Database	31
Maintaining a vCenter Server Database	32
Configure Microsoft SQL Server Databases	32
Create a SQL Server Database and User for vCenter Server	33
Set Database Permissions By Manually Creating Database Roles and the VMW Schema	34
Set Database Permissions by Using the dbo Schema and the db_owner Database Role	35
Use a Script to Create a vCenter Server User by Using the dbo Schema and db_owner Database Role	35
Use a Script to Create a Microsoft SQL Server Database Schema and Roles	36
Use a Script to Create Microsoft SQL Server Database Objects Manually	37
Configure a SQL Server ODBC Connection	40
Configure Microsoft SQL Server TCP/IP for JDBC	41
Configure a Microsoft SQL Server Database User to Enable Database Monitoring	42
Configure Oracle Databases	42
Configure an Oracle Database User	43
Use a Script to Create a Local or Remote Oracle Database	44
Use a Script to Create the Oracle Database Schema	44
Configure an Oracle Connection for Local Access	46
Configure an Oracle Database Connection for Remote Access	46
Connect to an Oracle Database Locally	47
Configure an Oracle Database User to Enable Database Monitoring	48
Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server	49
How vCenter Single Sign-On Affects vCenter Server Installation	51
vCenter Single Sign-On Deployment Modes	52
vCenter Single Sign-On and High Availability	54
vCenter Single Sign-On Components	56
Setting the vCenter Server Administrator User	56
Authenticating to the vCenter Server Environment	57
How vCenter Single Sign-On Affects Log In Behavior	57
Identity Sources for vCenter Server with vCenter Single Sign-On	58
Synchronizing Clocks on the vSphere Network	59
Synchronize ESX and ESXi Clocks with a Network Time Server	59
Synchronize the vCenter Server Appliance Clock with an NTP Server	60
Configure a Windows NTP Client for Network Clock Synchronization	60
Download the vCenter Server Installer	61
Using a User Account for Running vCenter Server	61
Installing vCenter Server on IPv6 Machines	61
JDBC URL Formats for the vCenter Server Database	62
Running the vCenter Server Installer from a Network Drive	63
Required Information for Installing or Upgrading vCenter Single Sign-On, Inventory Service, vCenter Server, and the vSphere Web Client	63
Download the vCenter Server Installer	68
Microsoft SQL Database Set to Unsupported Compatibility Mode Causes vCenter Server Installation or Upgrade to Fail	69
Installing vCenter Server	71
vCenter Server Installation and Sign-In Process	71
vCenter Server Components and Support Tools	74
Download the vCenter Server Installer	75
Install vCenter Single Sign-On, the vSphere Web Client , vCenter Inventory Service, and vCenter Server by Using Simple Install	75
Install vCenter Single Sign-On, the vSphere Web Client, and vCenter Inventory Service as Part of a vCenter Server Simple Install	76
Install vCenter Server as Part of a Simple Install	77
Use Custom Install to Install vCenter Server and Required Components	78
Install the First or Only vCenter Single Sign-On Instance in a vCenter Server Deployment	79
Install an Additional vCenter Single Sign-On Node at an Existing Site	80
Install an Additional vCenter Single Sign-On Node at a New Site	81
Install or Upgrade the vSphere Web Client	82
Install vCenter Inventory Service Separately by Using Custom Install	83
Install vCenter Server as Part of a Custom Install	85
Add a vCenter Single Sign-On Identity Source	87
Active Directory Identity Source Settings	88
Active Directory LDAP Server and OpenLDAP Server Identity Source Settings	89
Assign Permissions in the vSphere Web Client	89
Hierarchical Inheritance of Permissions	90
Install or Upgrade vCenter Server Java Components Separately	92
Install or Upgrade vCenter Server tc Server Separately	93
vCenter Single Sign-On Installation Fails	93
Download and Deploy the VMware vCenter Server Appliance	94
Create a Custom Password on the First Boot for the vCenter Server Appliance	96
Configure a vCenter Server Appliance to Use the vCenter Single Sign-On of a Different Virtual Machine	97
Format for the vCenter Server Appliance Configuration File	98
After You Install vCenter Server	101
Install vCenter Server Components and Support Tools	102
Install the Client Integration Plug-In in the vSphere Web Client	102
Install or Upgrade the vSphere Web Client	103
Install a Local Copy of vSphere Web Client Help	104
Install the Update Manager Server	105
Install or Upgrade vSphere ESXi Dump Collector	106
Install or Upgrade vSphere Syslog Collector	108
Install or Upgrade vSphere Auto Deploy	109
Install or Upgrade VMware vSphere Authentication Proxy	110
Uninstall VMware vSphere Components	111
Creating vCenter Server Linked Mode Groups	111
Linked Mode Considerations for vCenter Server	112
Linked Mode Prerequisites for vCenter Server	113
Joining a Linked Mode Group During and After Installation	113
Join a Linked Mode Group After Installation	114
Isolate a vCenter Server Instance from a Linked Mode Group	115
Set the IP Address for a Linked Mode vCenter Server with Multiple Network Interfaces	115
Linked Mode Troubleshooting	116
Configure Firewall Access by Opening Selected Ports	116
Configuring VMware vCenter Server - tc Server Settings in vCenter Server	116
VMware vCenter Management Webservices Service Fails to Start	118
Back Up the Inventory Service Database on Windows	118
Restore an Inventory Service Database Backup on Windows	118
Back Up the Inventory Service Database on Linux	119
Restore an Inventory Service Database Backup on Linux	119
Reset the vCenter Inventory Service Database	120
Enable IPv6 Support for vCenter Inventory Service	121
Before You Install ESXi	123
Options for Installing ESXi	123
Interactive ESXi Installation	123
Scripted ESXi Installation	123
Auto Deploy ESXi Installation	124
Customizing Installations with ESXi Image Builder CLI	124
About ESXi Evaluation and Licensed Modes	124
Media Options for Booting the ESXi Installer	125
Download and Burn the ESXi Installer ISO Image to a CD or DVD	125
Format a USB Flash Drive to Boot the ESXi Installation or Upgrade	125
Create a USB Flash Drive to Store the ESXi Installation Script or Upgrade Script	127
Create an Installer ISO Image with a Custom Installation or Upgrade Script	128
PXE Booting the ESXi Installer	129
About the TFTP Server, PXELINUX, and gPXE	129
Sample DHCP Configuration	130
About PXE Configuration Files	132
PXE Boot the ESXi Installer by Using PXELINUX and a PXE Configuration File	132
PXE Boot the ESXi Installer by Using PXELINUX and an isolinux.cfg PXE Configuration File	133
PXE Boot the ESXi Installer Using gPXE	135
Installing and Booting ESXi with Software FCoE	136
Using Remote Management Applications	136
Required Information for ESXi Installation	136
Installing ESXi	139
Installing ESXi Interactively	139
Install ESXi Interactively	139
Install ESXi on a Software iSCSI Disk	141
Installing, Upgrading, or Migrating Hosts Using a Script	142
Approaches for Scripted Installation	142
Enter Boot Options to Start an Installation or Upgrade Script	142
Boot Options	143
About Installation and Upgrade Scripts	144
About the Default ks.cfg Installation Script	144
Locations Supported for the Installation Script	145
Path to the Installation or Upgrade Script	145
Installation and Upgrade Script Commands	145
Differences Between ESXi 4.x and ESXi 5.x Scripted Installation and Upgrade Commands	153
Disk Device Names	154
About the boot.cfg File	154
Install, Upgrade, or Migrate ESXi from a CD or DVD Using a Script	155
Install, Upgrade, or Migrate ESXi from a USB Flash Drive Using a Script	156
Performing a Scripted Installation or Upgrade of ESXi by PXE Booting the Installer	157
Installing ESXi Using vSphere Auto Deploy	157
Understanding vSphere Auto Deploy	157
Introduction to Auto Deploy	157
Rules and Rule Sets	159
Auto Deploy Boot Process	160
Auto Deploy Roadmap and Cmdlet Overview	164
Auto Deploy Roadmap	164
Auto Deploy PowerCLI Cmdlet Overview	165
Preparing for vSphere Auto Deploy	167
Prepare Your System and Install the Auto Deploy Server	167
Install PowerCLI and Prerequisite Software	170
Using Auto Deploy Cmdlets	170
Set Up Bulk Licensing	171
Managing Auto Deploy with PowerCLI Cmdlets	173
Assign an Image Profile to Hosts	173
Assign a Host Profile to Hosts	174
Assign a Host to a Folder or Cluster	175
Test and Repair Rule Compliance	176
Provisioning ESXi Systems with vSphere Auto Deploy	177
Provision a Host (First Boot)	177
Reprovisioning Hosts	178
Reprovision Hosts with Simple Reboot Operations	178
Reprovision a Host with a New Image Profile	179
Update the Host Customization in the vSphere Web Client	180
Using Auto Deploy for Stateless Caching and Stateful Installs	180
Introduction	181
Understanding Stateless Caching and Stateful Installs	182
Set Up Stateless Hosts to Use Auto Deploy with Caching	184
Prepare for Auto Deploy with Stateless Caching	184
Configure a Host Profile to Use Stateless Caching	185
Enable Stateful Installs for Hosts Provisioned with Auto Deploy	186
Prepare Hosts Provisioned with Auto Deploy for Stateful Installs	186
Configure a Host Profile to Enable Stateful Installs	186
Setting Up an Auto Deploy Reference Host	187
Understanding Reference Host Setup	188
Configuring an Auto Deploy Reference Host	189
Configure ESXi Dump Collector with ESXCLI	189
Configure Host Profiles for an Auto Deploy Reference Host with the vSphere Web Client	190
Set Up ESXi Dump Collector from the Host Profiles Interface in the vSphere Web Client	191
Set Up Syslog from the Host Profiles Interface in the vSphere Web Client	192
Set Up Networking for Your Auto Deploy Host in the vSphere Web Client	193
Consider and Implement Your Partitioning Stategy	193
Advanced Management Tasks	194
Reregister Auto Deploy	194
Set Up Host Profiles for Static IP Addresses in the vSphere Web Client	194
Using Auto Deploy with the VMware vCenter Server Appliance	195
Set Up the vCenter Server Appliance to Use a Standalone Auto Deploy Server	196
Set Up Auto Deploy on the vCenter Server Appliance	196
Host Customization in the vSphere Web Client	197
Auto Deploy Best Practices and Security Consideration	200
Auto Deploy Best Practices	200
Set up a Highly Available Auto Deploy Infrastructure	204
Auto Deploy Security Considerations	205
Troubleshooting Auto Deploy	205
Auto Deploy TFTP Timeout Error at Boot Time	205
Auto Deploy Host Boots with Wrong Configuration	205
Host Is Not Redirected to Auto Deploy Server	206
Auto Deploy Host with a Built-In USB Flash Drive Does Not Send Coredumps to Local Disk	206
Package Warning Message When You Assign an Image Profile to Auto Deploy Host	207
Auto Deploy Host Reboots After Five Minutes	207
Auto Deploy Host Does Not Network Boot	208
Auto Deploy Host Does Not Get a DHCP Assigned Address	208
Auto Deploy Host Cannot Contact TFTP Server	209
Auto Deploy Host Cannot Retrieve ESXi Image from Auto Deploy Server	209
Recovering from Database Corruption on the Auto Deploy Server	210
Problems if You Upgrade vCenter Server But Do Not Upgrade Auto Deploy Server	211
Auto Deploy Proof of Concept Setup	212
Proof of Concept Preinstallation Checklist	212
Install the TFTP Server	213
Install and Set Up vSphere PowerCLI	213
Prepare Auto Deploy Target Hosts	214
Prepare the DHCP Server	215
Prepare the DNS Server	216
Install Auto Deploy Server Software	217
Configure the Auto Deploy and TFTP Environment in the vSphere Web Client	218
Prepare the ESXi Software Depot	219
Set Up the First Host and Provision with Auto Deploy	220
Write Rules for the First Host	220
Provision the First Host	221
Configure the Proof of Concept Reference Host	222
Create and Apply a Host Profile with the vSphere Web Client	223
Create a Rule for Other Target Hosts	223
Provision All Hosts and Set Up Host Customizations	225
Using vSphere ESXi Image Builder CLI	225
Understanding Image Builder	226
Image Builder Overview	226
Software Depots and Their Components	227
Image Builder PowerCLI Overview	227
Image Profiles	228
Acceptance Levels	229
Structure of ImageProfile, SoftwarePackage, and ImageProfileDiff Objects	230
Image Builder Installation and Usage	233
Install Image Builder PowerCLI and Prerequisite Software	233
Using Image Builder Cmdlets	234
Image Builder Common Tasks	235
Create an Image Profile	235
Add VIBs to an Image Profile	236
Export an Image Profile to ISO or Offline Bundle ZIP	237
Preserve Image Profiles Across Sessions	238
Working with Acceptance Levels	239
Change the Host Acceptance Level	240
Set the Image Profile Acceptance Level	241
Image Builder Workflows	242
Examining Depot Contents	242
Creating Image Profiles by Cloning Workflow	243
Creating Image Profiles from Scratch Workflow	244
Editing Image Profiles Workflow	245
Setting Up ESXi	247
ESXi Autoconfiguration	248
About the Direct Console ESXi Interface	248
Configure the Keyboard Layout for the Direct Console	248
Create a Security Banner for the Direct Console	249
Redirecting the Direct Console to a Serial Port	249
Redirect the Direct Console to a Serial Port by Setting the Boot Options Manually	249
Redirect the Direct Console to a Serial Port from the vSphere Web Client	250
Redirect the Direct Console to a Serial Port in a Host Deployed with Auto Deploy	250
Set the Password for the Administrator Account	251
Configuring the BIOS Boot Settings	251
Change the BIOS Boot Setting for ESXi	251
Configure the Boot Setting for Virtual Media	252
Host Fails to Boot After You Install ESXi in UEFI Mode	252
Network Access to Your ESXi Host	253
Configure the Network Settings on a Host That Is Not Attached to the Network	253
Managing ESXi Remotely	254
Configuring Network Settings	254
Choose Network Adapters for the Management Network	254
Set the VLAN ID	255
Configuring IP Settings for ESXi	255
Configure IP Settings from the Direct Console	255
Configure IP Settings from the vSphere Web Client	255
Configuring DNS for ESXi	256
Configure DNS Settings from the Direct Console	256
Configure DNS Suffixes	256
Test the Management Network	256
Restart the Management Agents	257
Restart the Management Network	257
Disable the Management Network	257
Restoring the Standard Switch	258
Test Connectivity to Devices and Networks	258
Storage Behavior	258
About the Scratch Partition	260
Set the Scratch Partition from the vSphere Web Client	260
Host Stops Unexpectedly at Bootup When Sharing a Boot Disk with Another Host	261
View System Logs	261
Configure Syslog on ESXi Hosts	262
Enable Lockdown Mode Using the Direct Console	263
Enable Lockdown Mode Using the vSphere Web Client	263
Enable ESXi Shell and SSH Access with the Direct Console User Interface	264
Set the Host Image Profile Acceptance Level	264
Reset the System Configuration	265
Remove All Custom Packages on ESXi	266
Disable Support for Non-ASCII Characters in Virtual Machine File and Directory Names	266
Disable ESXi	266
After You Install and Set Up ESXi	267
Managing the ESXi Host with the vSphere Web Client	267
Licensing ESXi Hosts	267
About ESXi Evaluation and Licensed Modes	267
Recording the ESXi License Key	268
Access the ESXi License Key from the Direct Console	268
Access the ESXi License Key from the vSphere Web Client	268

Match case Limit results 1 per page

Option

Description

OpenLDAP

Use this option for an OpenLDAP identity source. See

“Active Directory

LDAP Server and OpenLDAP Server Identity Source Settings,”

page 89.

LocalOS

Use this option to add the local operating system as an identity source.

You are prompted only for the name of the local operating system. If you

select this option, all users on the specified machine are visible to vCenter

Single Sign-On, even if those users are not part of another domain.

OTE

If the user account is locked or disabled, authentications and group and user searches in the

Active Directory domain will fail. The user account must have read-only access over the User and

Group OU, and must be able to read user and group attributes. This is the default Active Directory

domain configuration for user permissions. VMware recommends using a special service user.

If you configured an Active Directory as an LDAP Server or an OpenLDAP identity source, click

Test

Connection

to ensure that you can connect to the identity source.

Click

What to do next

When an identity source is added, all users can be authenticated but have the

No access

permission. A user

with vCenter Server

Modify.permissions

privileges can assign permissions to users or groups of users to

enable them to log in to vCenter Server. See

“Assign Permissions in the vSphere Web Client,”

on page 89.

Active Directory Identity Source Settings

If you select the Active Directory (Integrated Windows Authentication) identity source type, you can either

use the local machine account as your SPN (Service Principal Name) or specify an SPN explicitly.

Select

Use machine account

to speed up configuration. If you expect to rename the local machine on which

vCenter Single Sign-On runs, specifying an SPN explicitly is preferable.

Table 4

‑

Add Identity Source Settings

Field

Description

Domain name

FDQN of the domain. Do not provide an IP address in this

field.

Use machine account

Select this option to use the local machine account as the

SPN. When you select this option, you specify only the

domain name. Do not select this option if you expect to

rename this machine.

Use SPN

Select this option if you expect to rename the local

machine. You must specify an SPN, a user who can

authenticate with the identity source, and a password for

the user.

Service Principal

SPN that helps Kerberos to identify the Active Directory

service. Include the domain in the name, for example,

STS/example.com.

You might have to run

setspn -S

to add the user you

want to use. See the Microsoft documentation for

information on

setspn

The SPN must be unique across the domain. Running

setspn -S

checks that no duplicate is created.

vSphere Installation and Setup

VMware, Inc.