5.2 Installing components for managing VMware vSphere-based
5.2.4 Installing VMware vSphere
You receive the Fujitsu CIM providers either integrated into the Fujitsu VMware vSphere system image or as an individual component for initial installation and upgrades. To learn how to obtain the necessary installation packages see
"Software provision and licensing" on page 27. Take note of the following:
I
From Version 3.5 Update 4, for ESXi/VMware vSphere with a free license, VMware has restricted write privileges to a VMware vSphere- based server. This means that various functions are not available - including starting and stopping virtual machines or correctly displaying the status of the VMware vSphere-based host. If you are unsing VMware vSphere with a free license, you must switch to a version with a paid license -refer to "License for VMware vSphere" on page 30.I
This section describes only those installation and configuration steps required for the purposes of this manual, while the relevant specialist literature and VMware documentation contain detailed information about installing and configuring virtual machines and their hosts.Installing VMware vSphere Installation
Installation
The latest step-by-step description of the installation is available in the VMware documentation at http://pubs.vmware.com/vsp40u1_i/.
The latest installation steps for VMwarevSphere /ESXi 4.0 (as at October 2009) are provided below:
Requirements
– You must set the server hardware clock to UTC (system BIOS).
– You must connect a monitor and keyboard to the server on which you will install the VMware vSphere software.
– You must disconnect the network storage connection. This will shorten the time required by the installation program to search for available hard disk drives.
– Never install VMware vSphere /ESXi Installable and VMware vSphere /ESXi Embedded on the same host.
Installing Vmware
Ê Boot from the installation CD. The welcome screen is displayed.
Ê Follow the user prompts in preparation for the installation. Ê Press F11to start the installation.
Ê When the installation is complete, remove the installation CD from the CD drive.
Ê Press Enter to restart the host.
Ê In BIOS, define the drive on which you have installed VMware vSphere Hypervisor as the start drive.
Installation Installing VMware vSphere
5.2.5
Configuring VMware vSphere
The latest step-by-step description of the installation is available in the VMware documentation at http://pubs.vmware.com/vsp40u1_i/.
VMware VMware vSphere interface options
VMware provides the following interface options vSphere Web Access (free of charge)
A Web interface that provides the basic configuration options for managing and configuring virtual machines. It also provides console access.
The interface is installed on the VMware vSphere host. For detailed information about vSphere Web Access, see
http://pubs.vmware.com/vsp40/.
vSphere Command-Line Interface (free of charge)
A command line interface for configuring a VMware vSphere host. For detailed information about the vSphere command line interface, refer to "vSphere Command Line Interface Installation and Scripting Guide". vSphere Client (subject to a fee)
A convenient user interface (subject to a fee) for creating and managing virtual machines, their resources, and their hosts with console access to virtual machines.
For detailed information about vSphere Web Access, see
http://pubs.vmware.com/vsp40/.
The necessary configuration steps (for use with vSphere Web Access and vSphere CLI) are described below. For detailed information about a
Installing VMware vSphere Installation
The latest installation steps for VMwarevSphere /ESXi 4.0 (as at October 2009) are provided below:
Auto configuration phase
When you have installed and started VMware vSphere for the first time, the host starts the auto configuration phase. The system network and storage devices are configured with default values.
When the host has concluded the auto configuration phase, the direct console is called.
Ê To check the default configuration, press F2.
5.2.5.1 Creating the administrator password and configuring the default network behaviour
The administrative user name for the VMware vSphere host is Root. By default, the administrator password is not set.
Ê In the direct console, choose the option Configure Password and follow the user prompt.
DHCP defines the IP address, subnet mask, and default gateway by default. If your network does not have a DHCP server, manually configure the IP settings for VMware vSphere from the direct console:
Ê Choose the option Configure Management Network and press Enter. Ê Choose the option IP Configuration and press Enter.
Ê Enter an IP address, subnet mask, and default gateway, and press Enter. Ê Finally, press Enter to save the settings and exit the direct console.
5.2.5.2 Enabling use of Fujitsu CIM providers
Ê Open a command line.
Ê Navigate to the directory in which you installed vSphere CLI and run the following command:
vicfg-advcfg <conn_options> -s 1 UserVars.CIMsvsProviderEnabled
For detailed information about usage of the vSphere command line interface, refer to "vSphere Command Line Interface Installation and Scripting Guide".
Installation Installing VMware vSphere
5.2.5.3 Additional Settings
You can use the following settings in the configuration file /etc/scfb/sfcb.conf to considerably improve performance, especially for ServerView RAID Manager: keepaliveTimeout = 10000
keepaliveMaxRequest = 10000
5.2.5.4 Setting up user ID for ServerView on VMware vSphere-based server
To allow ServerView Operations Manager to access the VMware vSphere- based server, a user (any) needs to be set up with Administrator rights for the object ESXi host on the VMware vSphere-based server.
I
For security reasons you should not grant the root user the role ofAdministrator. Take note of further information about users, groups, authorizations and roles on a VMware vSphere-based server in the manual "Manual for Server Configuration for ESXi".
For more information about authentication and user management on a VMware vSphere host refer to the manuals "Manual for Server
Configuration for ESXi" and "vSphere Command-Line Interface Installation and Reference Guide".
See below for a description of how to set up such identification using vSphere CLI:
Ê Open a command line.
Ê Navigate to the directory in which you installed vSphere CLI. Ê Enter the following command:
vicfg-user.pl <conn_options> -e user -o add -l <User> -p <Password> -r administrator
For more information about storing user IDs in the User/Password list of ServerView Operations Manager see "Configuring ServerView Operations Manager to query data of Fujitsu CIM providers" on page 48.
Configuring the iRMC Installation
5.2.6
Configuring the iRMC trap destination
iRMC S2/S3 has its own operating system, acts as a Web server, and provides its own Web interface, which you can use to configure the trap destination for iRMC S2/S3:
I
Detailed information is available in the "iRMC Web interface" chapter in the manual "ServerView Suite.Remote Management.iRMC S2/S3 - integrated Remote Management Controller".Ê Open a Web browser.
Ê Enter the (configured) DNS name or the IP address of iRMC S2/S3. The login screen is displayed.
Ê Enter the login data and confirm the entry.
The iRMC S2/S3 Web interface opens and the Overview page is displayed. Ê In the navigation area, choose the entries Alerting – SNMP Traps.
The SNMP Trap Destinationpage opens. Here, you can view and configure the settings for the SNMP trap destination trap destination (SNMP alarm forwarding):
Installation Configuring the iRMC
Figure 6: Page for SNMP Trap Destination
SNMP Community
Name of the SNMP community
Ê Click Applyto apply the name of the community.
SNMP Server1 .. SNMP Server7 (trap destination addresses)
DNS names or IP addresses of the servers that belong to this SNMP community and are to be configured as trap destinations.
Ê Click Applyto enable the SNMP server as a trap destination. Ê Click Testto test the connection to the SNMP server.
Ê If necessary, click Applyto enable all settings. Ê Close the browser window.
Configuring ServerView Operations Manager Installation
5.2.7
Configuring ServerView Operations Manager
5.2.7.1 Configuring ServerView Operations Manager to query data of Fujitsu CIM providers
In some cases ServerView Operations Manager needs a valid user ID in order to authenticate itself when querying information or performing operations on a managed server. User IDs are required for example to add virtual servers to the server list or to query server data via Fujitsu CIM providers.
Such user IDs on the VMware vSphere-based server must have Administrator rights.
In cases of authentication ServerView Operations Manager provides the option of storing user IDs in a User/Password list. The password is stored encrypted. ServerView Operations Manager will then search this list for a valid user ID. ServerView Operations Manager makes a sequential search through the list. For information about setting up user IDs for ServerView on VMware vSphere- based server see "Setting up user ID for ServerView on VMware vSphere- based server" on page 45.
Storing user IDs in the User/Password list of ServerView Operations Manager
I
For more information about the User/Password list of ServerView Operations Manager refer to the manual "ServerView Suite. ServerView Operations Manager V5.0".Use User/Passwords in the Administration menu to generate a list of the users/passwords stored in ServerView Operations Manager.
Ê Select User/Passwords in the Administration menu. The User Password window will open.
Ê Enter the user name in User name and Password as well as the relevant password set up on the VMware vSphere-based server.
Confirm the password with Confirm Password. Ê Use Apply to confirm your input.
Installation Installing or updating CIM providers
5.2.7.2 Configuring ServerView Operations Manager to support the iRMC
If the ServerView Operations Manager has the iRMC's address of an VMware vSphere host server, you can double-click the ESXi host server list to open the iRMC's Web interface.
I
In case of a VMware vSphere /ESXi V4.0-system with patch 4 or in case of a VMware vSphere /EXSi V3.5-system with patch 19 ServerView Operations Manager detects the iRMC's IP address of a VMware vSphere host server.Without patch 4 installed the IP address has to be configured manually. For details refer to the manual "ServerView Suite. ServerView
Operations Manager", section "Server list".
5.3
Subsequently installing or updating Fujitsu
CIM providers as an individual component
Subsequently installing Fujitsu CIM providers on an existing VMware vSphere system or updating them corresponds to a classical VMware vSphere update. Installing, uninstalling and updating VMware vSphere add-ons is described in detail in the "ESXi - Setup Guide" for VMware.
For information about installing Fujitsu CIM providers as an individual component refer to the manual "Installation ServerView ESXi CIM Provider V5.30. VMware vSphere Hypervisor (ESXi) Version 4.0 or higher".
Important:
Offline packages
For information about the provision of Fujitsu CIM providers see "Fujitsu CIM providers (individual component):" on page 29.
Procedure
VMware offers a number of tools for installing, uninstalling and updating add-ons to VMware vSphere. The following are available: vSphere Host Update Utility, vCenter Update Manager and via vSphere-CLI, the command line utility program vihostupdate.
Installing or updating CIM providers Installation
All necessary information about the vihostupdate command line utility program can be found in the VMware manuals "ESXi - Setup Guide", "vSphere Command-Line Interface. Installation and Scripting Guide" and in the "vSphere Command-Line Interface Reference" at
www.vmware.com.
Important steps following an installation/update
After performing installation/update make sure you at least check the following settings:
– Fujitsu CIM providers enabled
- see"Enabling use of Fujitsu CIM providers" on page 44
– ServerView Operations Manager configured to query data of Fujitsu CIM providers
- seeConfiguring ServerView Operations Manager to query data of Fujitsu CIM providers
For detailed information about setting up an environment for monitoring VMware vSphere-based servers see "Installing components for managing VMware vSphere-based servers" on page 38.
6
Security issues
The "lean" virtualization of the bare metal solution VMware vSphere makes it easier to safeguard the server environment:
– The reduced code basis means that VMware vSphere provides significantly fewer opportunities for attacks and security gaps than other virtualization solutions.
– VMware vSphere is independent of a higher-level partition or a console, which is based on an all-purpose operating system. This results in fewer interfaces, which could also be used for attacks.
– Unstructured, console-based administration interactions are replaced by authenticated and tested interfaces such as the VI client and remote CLI. Virtualization software, like other infrastructure software, requires a possibility to manage the solution components. This is done using a management interface, which combines virtualization ghosts, management servers, IP-based storage and additional services, for example authentication and monitoring. Isolation of virtual machines from the Hypervisor interfaces is the most important step towards achieving secure virtual provision in development and implementation of a strict separation of the management level from other network traffic. This reduces the risk of attacks on virtual machines, with effects on the virtualization levels of the other virtual machines.