Home » VMware Manuals » Computer Software » VMware VS4-ENT-PL-A » Manual Viewer

VMware VS4-ENT-PL-A Setup Guide - Page 89

Active Directory LDAP Server and OpenLDAP Server Identity Source Settings

View all VMware VS4-ENT-PL-A manuals

Add to My Manuals
Save this manual to your list of manuals

Page 89 highlights

Chapter 4 Installing vCenter Server Table 4‑1. Add Identity Source Settings (Continued) Field Description User Principal Name Name of a user who can authenticate with this identity source. Use the email address format, for example, [email protected]. You can verify the User Principal Name with the Active Directory Service Interfaces Editor (ADSI Edit). Password Password for the user who is used to authenticate with this identity source, which is the user who is specified in User Principal Name. Include the domain name, for example, [email protected]. Active Directory LDAP Server and OpenLDAP Server Identity Source Settings The Active Directory as an LDAP Server identity source is available for backward compatibility. Use the Active Directory (Integrated Windows Authentication) option for a setup that requires less input. The OpenLDAP Server identity source is available for environments that use OpenLDAP. Table 4‑2. Active Directory as an LDAP Server and OpenLDAP Settings Field Description Name Base DN for users Domain name Domain alias Base DN for groups Primary Server URL Secondary server URL Username Password Name of the identity source. (Optional) Base domain name for users. FDQN of the domain, for example, example.com. Do not provide an IP address in this field. The domain's NetBIOS name. Add the NetBIOS name of the Active Directory domain as an alias of the identity source if you are using SSPI authentications. (Optional) The base domain name for groups. Primary domain controller LDAP server for the domain. Use the format ldap://hostname:port or ldaps://hostname:port. The port is typically 389 for ldap: connections and 636 for ldaps: connections. For Active Directory multi-domain controller deployments, the port is typically 3268 for ldap: connections and 3269 for ldaps: connections. A certificate that establishes trust for the LDAPS endpoint of the Active Directory server is required when you use ldaps:// in the primary or secondary LDAP URL. (Optional) Address of a secondary domain controller LDAP server that is used for failover. ID of a user in the domain who has a minimum of readonly access to Base DN for users and groups. Password of the user who is specified by Username. Assign Permissions in the vSphere Web Client After you create users and groups and define roles, you must assign the users and groups and their roles to the relevant inventory objects. You can assign the same permissions at one time on multiple objects by moving the objects to a folder and setting the permissions on the folder. Prerequisites Permissions.Modify permission on the parent object of the object whose permissions you want to modify. VMware, Inc. 89

Section	Page
vSphere Installation and Setup	1
Contents	3
About vSphere Installation and Setup	7
Updated Information	9
Introduction to vSphere Installation and Setup	11
Overview of the vSphere Installation and Setup Process	11
System Requirements	13
ESXi Hardware Requirements	13
Recommendation for Enhanced ESXi Performance	15
Hardware Requirements for vCenter Server, the vSphere Web Client , vCenter Inventory Service, and vCenter Single Sign-On	17
vCenter Server Software Requirements	22
vSphere Web Client Software Requirements	22
Providing Sufficient Space for System Logging	23
Required Ports for vCenter Server	23
Required Ports for the vCenter Server Appliance	25
Conflict Between vCenter Server and IIS for Port 80	26
DNS Requirements for vSphere	26
Supported Remote Management Server Models and Minimum Firmware Versions	27
Before You Install vCenter Server	29
Preparing vCenter Server Databases	30
vCenter Server Database Configuration Notes	30
Create a 64-Bit DSN	31
Confirm That vCenter Server Can Communicate with the Local Database	31
Maintaining a vCenter Server Database	32
Configure Microsoft SQL Server Databases	32
Create a SQL Server Database and User for vCenter Server	33
Set Database Permissions By Manually Creating Database Roles and the VMW Schema	34
Set Database Permissions by Using the dbo Schema and the db_owner Database Role	35
Use a Script to Create a vCenter Server User by Using the dbo Schema and db_owner Database Role	35
Use a Script to Create a Microsoft SQL Server Database Schema and Roles	36
Use a Script to Create Microsoft SQL Server Database Objects Manually	37
Configure a SQL Server ODBC Connection	40
Configure Microsoft SQL Server TCP/IP for JDBC	41
Configure a Microsoft SQL Server Database User to Enable Database Monitoring	42
Configure Oracle Databases	42
Configure an Oracle Database User	43
Use a Script to Create a Local or Remote Oracle Database	44
Use a Script to Create the Oracle Database Schema	44
Configure an Oracle Connection for Local Access	46
Configure an Oracle Database Connection for Remote Access	46
Connect to an Oracle Database Locally	47
Configure an Oracle Database User to Enable Database Monitoring	48
Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server	49
How vCenter Single Sign-On Affects vCenter Server Installation	51
vCenter Single Sign-On Deployment Modes	52
vCenter Single Sign-On and High Availability	54
vCenter Single Sign-On Components	56
Setting the vCenter Server Administrator User	56
Authenticating to the vCenter Server Environment	57
How vCenter Single Sign-On Affects Log In Behavior	57
Identity Sources for vCenter Server with vCenter Single Sign-On	58
Synchronizing Clocks on the vSphere Network	59
Synchronize ESX and ESXi Clocks with a Network Time Server	59
Synchronize the vCenter Server Appliance Clock with an NTP Server	60
Configure a Windows NTP Client for Network Clock Synchronization	60
Download the vCenter Server Installer	61
Using a User Account for Running vCenter Server	61
Installing vCenter Server on IPv6 Machines	61
JDBC URL Formats for the vCenter Server Database	62
Running the vCenter Server Installer from a Network Drive	63
Required Information for Installing or Upgrading vCenter Single Sign-On, Inventory Service, vCenter Server, and the vSphere Web Client	63
Download the vCenter Server Installer	68
Microsoft SQL Database Set to Unsupported Compatibility Mode Causes vCenter Server Installation or Upgrade to Fail	69
Installing vCenter Server	71
vCenter Server Installation and Sign-In Process	71
vCenter Server Components and Support Tools	74
Download the vCenter Server Installer	75
Install vCenter Single Sign-On, the vSphere Web Client , vCenter Inventory Service, and vCenter Server by Using Simple Install	75
Install vCenter Single Sign-On, the vSphere Web Client, and vCenter Inventory Service as Part of a vCenter Server Simple Install	76
Install vCenter Server as Part of a Simple Install	77
Use Custom Install to Install vCenter Server and Required Components	78
Install the First or Only vCenter Single Sign-On Instance in a vCenter Server Deployment	79
Install an Additional vCenter Single Sign-On Node at an Existing Site	80
Install an Additional vCenter Single Sign-On Node at a New Site	81
Install or Upgrade the vSphere Web Client	82
Install vCenter Inventory Service Separately by Using Custom Install	83
Install vCenter Server as Part of a Custom Install	85
Add a vCenter Single Sign-On Identity Source	87
Active Directory Identity Source Settings	88
Active Directory LDAP Server and OpenLDAP Server Identity Source Settings	89
Assign Permissions in the vSphere Web Client	89
Hierarchical Inheritance of Permissions	90
Install or Upgrade vCenter Server Java Components Separately	92
Install or Upgrade vCenter Server tc Server Separately	93
vCenter Single Sign-On Installation Fails	93
Download and Deploy the VMware vCenter Server Appliance	94
Create a Custom Password on the First Boot for the vCenter Server Appliance	96
Configure a vCenter Server Appliance to Use the vCenter Single Sign-On of a Different Virtual Machine	97
Format for the vCenter Server Appliance Configuration File	98
After You Install vCenter Server	101
Install vCenter Server Components and Support Tools	102
Install the Client Integration Plug-In in the vSphere Web Client	102
Install or Upgrade the vSphere Web Client	103
Install a Local Copy of vSphere Web Client Help	104
Install the Update Manager Server	105
Install or Upgrade vSphere ESXi Dump Collector	106
Install or Upgrade vSphere Syslog Collector	108
Install or Upgrade vSphere Auto Deploy	109
Install or Upgrade VMware vSphere Authentication Proxy	110
Uninstall VMware vSphere Components	111
Creating vCenter Server Linked Mode Groups	111
Linked Mode Considerations for vCenter Server	112
Linked Mode Prerequisites for vCenter Server	113
Joining a Linked Mode Group During and After Installation	113
Join a Linked Mode Group After Installation	114
Isolate a vCenter Server Instance from a Linked Mode Group	115
Set the IP Address for a Linked Mode vCenter Server with Multiple Network Interfaces	115
Linked Mode Troubleshooting	116
Configure Firewall Access by Opening Selected Ports	116
Configuring VMware vCenter Server - tc Server Settings in vCenter Server	116
VMware vCenter Management Webservices Service Fails to Start	118
Back Up the Inventory Service Database on Windows	118
Restore an Inventory Service Database Backup on Windows	118
Back Up the Inventory Service Database on Linux	119
Restore an Inventory Service Database Backup on Linux	119
Reset the vCenter Inventory Service Database	120
Enable IPv6 Support for vCenter Inventory Service	121
Before You Install ESXi	123
Options for Installing ESXi	123
Interactive ESXi Installation	123
Scripted ESXi Installation	123
Auto Deploy ESXi Installation	124
Customizing Installations with ESXi Image Builder CLI	124
About ESXi Evaluation and Licensed Modes	124
Media Options for Booting the ESXi Installer	125
Download and Burn the ESXi Installer ISO Image to a CD or DVD	125
Format a USB Flash Drive to Boot the ESXi Installation or Upgrade	125
Create a USB Flash Drive to Store the ESXi Installation Script or Upgrade Script	127
Create an Installer ISO Image with a Custom Installation or Upgrade Script	128
PXE Booting the ESXi Installer	129
About the TFTP Server, PXELINUX, and gPXE	129
Sample DHCP Configuration	130
About PXE Configuration Files	132
PXE Boot the ESXi Installer by Using PXELINUX and a PXE Configuration File	132
PXE Boot the ESXi Installer by Using PXELINUX and an isolinux.cfg PXE Configuration File	133
PXE Boot the ESXi Installer Using gPXE	135
Installing and Booting ESXi with Software FCoE	136
Using Remote Management Applications	136
Required Information for ESXi Installation	136
Installing ESXi	139
Installing ESXi Interactively	139
Install ESXi Interactively	139
Install ESXi on a Software iSCSI Disk	141
Installing, Upgrading, or Migrating Hosts Using a Script	142
Approaches for Scripted Installation	142
Enter Boot Options to Start an Installation or Upgrade Script	142
Boot Options	143
About Installation and Upgrade Scripts	144
About the Default ks.cfg Installation Script	144
Locations Supported for the Installation Script	145
Path to the Installation or Upgrade Script	145
Installation and Upgrade Script Commands	145
Differences Between ESXi 4.x and ESXi 5.x Scripted Installation and Upgrade Commands	153
Disk Device Names	154
About the boot.cfg File	154
Install, Upgrade, or Migrate ESXi from a CD or DVD Using a Script	155
Install, Upgrade, or Migrate ESXi from a USB Flash Drive Using a Script	156
Performing a Scripted Installation or Upgrade of ESXi by PXE Booting the Installer	157
Installing ESXi Using vSphere Auto Deploy	157
Understanding vSphere Auto Deploy	157
Introduction to Auto Deploy	157
Rules and Rule Sets	159
Auto Deploy Boot Process	160
Auto Deploy Roadmap and Cmdlet Overview	164
Auto Deploy Roadmap	164
Auto Deploy PowerCLI Cmdlet Overview	165
Preparing for vSphere Auto Deploy	167
Prepare Your System and Install the Auto Deploy Server	167
Install PowerCLI and Prerequisite Software	170
Using Auto Deploy Cmdlets	170
Set Up Bulk Licensing	171
Managing Auto Deploy with PowerCLI Cmdlets	173
Assign an Image Profile to Hosts	173
Assign a Host Profile to Hosts	174
Assign a Host to a Folder or Cluster	175
Test and Repair Rule Compliance	176
Provisioning ESXi Systems with vSphere Auto Deploy	177
Provision a Host (First Boot)	177
Reprovisioning Hosts	178
Reprovision Hosts with Simple Reboot Operations	178
Reprovision a Host with a New Image Profile	179
Update the Host Customization in the vSphere Web Client	180
Using Auto Deploy for Stateless Caching and Stateful Installs	180
Introduction	181
Understanding Stateless Caching and Stateful Installs	182
Set Up Stateless Hosts to Use Auto Deploy with Caching	184
Prepare for Auto Deploy with Stateless Caching	184
Configure a Host Profile to Use Stateless Caching	185
Enable Stateful Installs for Hosts Provisioned with Auto Deploy	186
Prepare Hosts Provisioned with Auto Deploy for Stateful Installs	186
Configure a Host Profile to Enable Stateful Installs	186
Setting Up an Auto Deploy Reference Host	187
Understanding Reference Host Setup	188
Configuring an Auto Deploy Reference Host	189
Configure ESXi Dump Collector with ESXCLI	189
Configure Host Profiles for an Auto Deploy Reference Host with the vSphere Web Client	190
Set Up ESXi Dump Collector from the Host Profiles Interface in the vSphere Web Client	191
Set Up Syslog from the Host Profiles Interface in the vSphere Web Client	192
Set Up Networking for Your Auto Deploy Host in the vSphere Web Client	193
Consider and Implement Your Partitioning Stategy	193
Advanced Management Tasks	194
Reregister Auto Deploy	194
Set Up Host Profiles for Static IP Addresses in the vSphere Web Client	194
Using Auto Deploy with the VMware vCenter Server Appliance	195
Set Up the vCenter Server Appliance to Use a Standalone Auto Deploy Server	196
Set Up Auto Deploy on the vCenter Server Appliance	196
Host Customization in the vSphere Web Client	197
Auto Deploy Best Practices and Security Consideration	200
Auto Deploy Best Practices	200
Set up a Highly Available Auto Deploy Infrastructure	204
Auto Deploy Security Considerations	205
Troubleshooting Auto Deploy	205
Auto Deploy TFTP Timeout Error at Boot Time	205
Auto Deploy Host Boots with Wrong Configuration	205
Host Is Not Redirected to Auto Deploy Server	206
Auto Deploy Host with a Built-In USB Flash Drive Does Not Send Coredumps to Local Disk	206
Package Warning Message When You Assign an Image Profile to Auto Deploy Host	207
Auto Deploy Host Reboots After Five Minutes	207
Auto Deploy Host Does Not Network Boot	208
Auto Deploy Host Does Not Get a DHCP Assigned Address	208
Auto Deploy Host Cannot Contact TFTP Server	209
Auto Deploy Host Cannot Retrieve ESXi Image from Auto Deploy Server	209
Recovering from Database Corruption on the Auto Deploy Server	210
Problems if You Upgrade vCenter Server But Do Not Upgrade Auto Deploy Server	211
Auto Deploy Proof of Concept Setup	212
Proof of Concept Preinstallation Checklist	212
Install the TFTP Server	213
Install and Set Up vSphere PowerCLI	213
Prepare Auto Deploy Target Hosts	214
Prepare the DHCP Server	215
Prepare the DNS Server	216
Install Auto Deploy Server Software	217
Configure the Auto Deploy and TFTP Environment in the vSphere Web Client	218
Prepare the ESXi Software Depot	219
Set Up the First Host and Provision with Auto Deploy	220
Write Rules for the First Host	220
Provision the First Host	221
Configure the Proof of Concept Reference Host	222
Create and Apply a Host Profile with the vSphere Web Client	223
Create a Rule for Other Target Hosts	223
Provision All Hosts and Set Up Host Customizations	225
Using vSphere ESXi Image Builder CLI	225
Understanding Image Builder	226
Image Builder Overview	226
Software Depots and Their Components	227
Image Builder PowerCLI Overview	227
Image Profiles	228
Acceptance Levels	229
Structure of ImageProfile, SoftwarePackage, and ImageProfileDiff Objects	230
Image Builder Installation and Usage	233
Install Image Builder PowerCLI and Prerequisite Software	233
Using Image Builder Cmdlets	234
Image Builder Common Tasks	235
Create an Image Profile	235
Add VIBs to an Image Profile	236
Export an Image Profile to ISO or Offline Bundle ZIP	237
Preserve Image Profiles Across Sessions	238
Working with Acceptance Levels	239
Change the Host Acceptance Level	240
Set the Image Profile Acceptance Level	241
Image Builder Workflows	242
Examining Depot Contents	242
Creating Image Profiles by Cloning Workflow	243
Creating Image Profiles from Scratch Workflow	244
Editing Image Profiles Workflow	245
Setting Up ESXi	247
ESXi Autoconfiguration	248
About the Direct Console ESXi Interface	248
Configure the Keyboard Layout for the Direct Console	248
Create a Security Banner for the Direct Console	249
Redirecting the Direct Console to a Serial Port	249
Redirect the Direct Console to a Serial Port by Setting the Boot Options Manually	249
Redirect the Direct Console to a Serial Port from the vSphere Web Client	250
Redirect the Direct Console to a Serial Port in a Host Deployed with Auto Deploy	250
Set the Password for the Administrator Account	251
Configuring the BIOS Boot Settings	251
Change the BIOS Boot Setting for ESXi	251
Configure the Boot Setting for Virtual Media	252
Host Fails to Boot After You Install ESXi in UEFI Mode	252
Network Access to Your ESXi Host	253
Configure the Network Settings on a Host That Is Not Attached to the Network	253
Managing ESXi Remotely	254
Configuring Network Settings	254
Choose Network Adapters for the Management Network	254
Set the VLAN ID	255
Configuring IP Settings for ESXi	255
Configure IP Settings from the Direct Console	255
Configure IP Settings from the vSphere Web Client	255
Configuring DNS for ESXi	256
Configure DNS Settings from the Direct Console	256
Configure DNS Suffixes	256
Test the Management Network	256
Restart the Management Agents	257
Restart the Management Network	257
Disable the Management Network	257
Restoring the Standard Switch	258
Test Connectivity to Devices and Networks	258
Storage Behavior	258
About the Scratch Partition	260
Set the Scratch Partition from the vSphere Web Client	260
Host Stops Unexpectedly at Bootup When Sharing a Boot Disk with Another Host	261
View System Logs	261
Configure Syslog on ESXi Hosts	262
Enable Lockdown Mode Using the Direct Console	263
Enable Lockdown Mode Using the vSphere Web Client	263
Enable ESXi Shell and SSH Access with the Direct Console User Interface	264
Set the Host Image Profile Acceptance Level	264
Reset the System Configuration	265
Remove All Custom Packages on ESXi	266
Disable Support for Non-ASCII Characters in Virtual Machine File and Directory Names	266
Disable ESXi	266
After You Install and Set Up ESXi	267
Managing the ESXi Host with the vSphere Web Client	267
Licensing ESXi Hosts	267
About ESXi Evaluation and Licensed Modes	267
Recording the ESXi License Key	268
Access the ESXi License Key from the Direct Console	268
Access the ESXi License Key from the vSphere Web Client	268

Match case Limit results 1 per page

Table 4

‑

Add Identity Source Settings (Continued)

Field

Description

User Principal Name

Name of a user who can authenticate with this identity

source. Use the email address format, for example,

[email protected]. You can verify the User Principal

Name with the Active Directory Service Interfaces Editor

(ADSI Edit).

Password

Password for the user who is used to authenticate with this

identity source, which is the user who is specified in User

Principal Name. Include the domain name, for example,

[email protected].

Active Directory LDAP Server and OpenLDAP Server Identity Source Settings

The Active Directory as an LDAP Server identity source is available for backward compatibility. Use the

Active Directory (Integrated Windows Authentication) option for a setup that requires less input. The

OpenLDAP Server identity source is available for environments that use OpenLDAP.

Table 4

‑

Active Directory as an LDAP Server and OpenLDAP Settings

Field

Description

Name

Name of the identity source.

Base DN for users

(Optional) Base domain name for users.

Domain name

FDQN of the domain, for example, example.com. Do not

provide an IP address in this field.

Domain alias

The domain's NetBIOS name. Add the NetBIOS name of

the Active Directory domain as an alias of the identity

source if you are using SSPI authentications.

Base DN for groups

(Optional) The base domain name for groups.

Primary Server URL

Primary domain controller LDAP server for the domain.

Use the format ldap://hostname:port or

ldaps://hostname:port. The port is typically 389 for ldap:

connections and 636 for ldaps: connections. For Active

Directory multi-domain controller deployments, the port is

typically 3268 for ldap: connections and 3269 for ldaps:

connections.

A certificate that establishes trust for the LDAPS endpoint

of the Active Directory server is required when you use

ldaps:// in the primary or secondary LDAP URL.

Secondary server URL

(Optional) Address of a secondary domain controller

LDAP server that is used for failover.

Username

ID of a user in the domain who has a minimum of read-

only access to Base DN for users and groups.

Password

Password of the user who is specified by Username.

Assign Permissions in the vSphere Web Client

After you create users and groups and define roles, you must assign the users and groups and their roles to

the relevant inventory objects. You can assign the same permissions at one time on multiple objects by

moving the objects to a folder and setting the permissions on the folder.

Prerequisites

Permissions.Modify permission

on the parent object of the object whose permissions you want to modify.

Chapter 4 Installing vCenter Server

VMware, Inc.