Table of Contents
vCenter 5.1 Installation
This is a report of a vCenter 5.1 simple install. There is nothing wrong with that, except when you need to do a linked mode setup later on. This will not work. You'll need a SSO multisite setup, which is only possible when installing all components one by one. If you do not need that, you can follow this page, otherwise you'll have to think with all the extra questions.
Prerequisites and Reading Stuff
Reading Stuff
First of all, read the best practice provided by VMware.
About this Article and the Setup
This article is based on the installation of vCenter 5.1 on a Windows Server 2008 R2 Enterprise SP1 using this media:
- VMware-VIMSetup-all-5.1.0-799735.iso
Also, the database is installed on a separate database server. The only work done on that server (also Windows Server 2008 R2 Enterprise SP1) is installing the MS SQL 2008 R2 SP1. Furthermore, the installation is being performed with a user account that has the sysadmin role on that database server. My DBA has set that up for me, and afterwards these permissions will be revoked.
Also note that both servers should be listed correctly in DNS, both A and PTR records.
Installing Required Software
You'll need quite some additional software to have all installations completed succesfully:
- Microsoft .Net 3.5 SP1
- The SQL Native Client from the “Microsoft SQL Server 2008 R2 SP1 Feature Pack”
- Adobe Flash (Optional)
.Net
Installing .Net 3.5 is quite easy since this is a Windows Server Feature. You can do so by going to server manager and selecting it from the installation list:
Keep all settings default.
SQL Native Client
Download the SQL Native Client by pointing your browser to the Microsoft SQL Server 2008 R2 SP1 Feature Pack website and download the “1033\x64\sqlncli.msi” file. Keep all settings default.
Adobe Flash
This one is (luckily) optional, but you need Adobe flash to access the web client, which you'll need to configure the Single Sign On Service. If you follow this article the Single Sign On service will be configured automatically for the correct domain, but I've listed it here to let you know before you get started. If you decide you want to use the web client go to the Adobe Flash website and click Download Now.
Configuring Accounts
You'll need the following accounts:
- Active Directory vCenter service account which will perform the following duties:
- vCenter will run it's services under this account
- Used for database Windows Authentication for the vCenter database
- Owns the vCenter database (dbowner role)
- Database users RSA_DBA and RSA_USER for the Single Sign On service
- RSA_DBA is used to set up the Single Sign On database schema
- RSA_USER is used to perform postinstallation steps
The database users will be created when doing the database configurations. The vCenter service account needs to be created in Active Directory and needs the following configuration:
- Member of the Domain User group
- User cannot change password
- Password never expires
- A password compliant with your password policy
- Member of the local Administrators group on BOTH the database server and the vCenter server
- Navigate to Configuration –> Local Users and Groups –> Groups and open the Administrators group
- Add the service account to the local administrators group
- “Log on as a service” permission on the vCenter server (will be asigned automatically or can be assigned the same way as explained below for “Act as part of the operating system”)
- “Act as part of the operating system” permission on the vCenter server (tested as not required, works well without)
- Open gpedit.msc, navigate to the Group Policy Editor under Computer Configuration
- Navigate to Windows Settings → Security Settings → Local Policies → User Rights Assignment
- Add the service account to the appropriate permissions.
Configuring Databases
You need to configure two databases:
- Single Sign On database
- vCenter database
- You'll also need to create a DSN for this database on the vCenter server
Single Sign On Database
Note that Windows Authentication for the Single Sign On database is not supported as stated here.
To configure the database for the Single Sign On service go to your CD/ISO of the installation and navigate to this directory:
\Single Sign On\DBScripts\SSOServer\schema\mssql
You need two scripts here, the rsaIMSLiteMSSQLSetupTablespaces.sql and the rsaIMSLiteMSSQLSetupUsers.sql file. You need to make small modifications, these are the final scripts/queries I used:
Setup database: rsaIMSLiteMSSQLSetupTablespaces.sql:
USE MASTER GO CREATE DATABASE RSA ON PRIMARY( NAME='RSA_DATA', FILENAME='D:\MSSQL\DATA\RSA_DATA.mdf', MAXSIZE=UNLIMITED, FILEGROWTH=10%), FILEGROUP RSA_INDEX( NAME='RSA_INDEX', FILENAME='D:\MSSQL\DATA\RSA_INDEX.ndf', MAXSIZE=UNLIMITED, FILEGROWTH=10%) LOG ON( NAME='translog', FILENAME='D:\MSSQL\DATA\translog.ldf', MAXSIZE=UNLIMITED, FILEGROWTH=10% ) GO -- Set recommended perform settings on the database EXEC SP_DBOPTION 'RSA', 'autoshrink', TRUE GO EXEC SP_DBOPTION 'RSA', 'trunc. log on chkpt.', TRUE GO CHECKPOINT GO
To execute the script open SQL Server Management Studio, where you'll automatically get a prompt to connect to the local database server. After connecting click “New Query” and paste the text above in the query field, then click “Execute”:
Setup users: rsaIMSLiteMSSQLSetupUsers.sql:
USE MASTER GO CREATE LOGIN RSA_DBA WITH PASSWORD = 'XXXXXXXXXX', DEFAULT_DATABASE = RSA GO CREATE LOGIN RSA_USER WITH PASSWORD = 'XXXXXXXXXX', DEFAULT_DATABASE = RSA GO USE RSA GO ALTER AUTHORIZATION ON DATABASE::RSA TO [RSA_DBA] GO CREATE USER RSA_USER FOR LOGIN [RSA_USER] GO CHECKPOINT GO
vCenter Database
For vCenter we'll use the Windows Authentication (with the created service account) so we'll have to configure this. We'll use a script for this as well:
USE [master] GO CREATE DATABASE [VCDB] ON PRIMARY (NAME = N'vcdb', FILENAME = N'D:\MSSQL\DATA\VCDB.mdf', FILEGROWTH = 10% ) LOG ON (NAME = N'vcdb_log', FILENAME = N'D:\MSSQL\DATA\VCDB.ldf', FILEGROWTH = 10%) COLLATE SQL_Latin1_General_CP1_CI_AS GO USE VCDB GO sp_grantlogin @loginame=[SHIFT\SRV-vCENTER02SQL-VC] GO sp_defaultdb @loginame=[SHIFT\SRV-vCENTER02SQL-VC], @defdb='VCDB' GO ALTER LOGIN [SHIFT\SRV-vCENTER02SQL-VC] WITH DEFAULT_LANGUAGE = us_english; GO CREATE USER [SHIFT\SRV-vCENTER02SQL-VC] FOR LOGIN [SHIFT\SRV-vCENTER02SQL-VC] GO sp_addrolemember @rolename = 'db_owner', @membername = 'SHIFT\SRV-vCENTER02SQL-VC' GO USE MSDB GO CREATE USER [SHIFT\SRV-vCENTER02SQL-VC] FOR LOGIN [SHIFT\SRV-vCENTER02SQL-VC] GO sp_addrolemember @rolename = 'db_owner', @membername = 'SHIFT\SRV-vCENTER02SQL-VC' GO
This script uses three settings that need to be adjusted to your environment:
- D:\MSSQL\DATA\VCDB.mdf' = The location of the database
- D:\MSSQL\DATA\VCDB.ldf' = The location of the log
- SHIFT\SRV-vCENTER02SQL-VC = The vCenter service account name with the domain name (NETBIOS format)
This script basically does:
- Create a database named VCDB.
- Add the domain service account we created to the SQL server
- Set the default database for the service account
- Set the default language for the service account
- Give service account db_owner permissions to VCDB
- Give service account db_owner permissions to msdb
Creating DSN on vCenter server
Note: All DSN created on a 64-bit system are also 64-bits by default.
On the vCenter Server perform the following steps to configure a correct DSN:
- Navigate to Start → Administrative Tools → Data Sources (ODBC) and open the “System DSN tab”
- Click Add
- Select the “SQL Server Native Client 10.0” (version 2009.100.2500.00). If this one is not listed you forgot to install the SQL Native Client (see above under required software)
- Provide a descriptive name and the server you want to connect to:
- Keep the “With Integrated Windows Authentication” option and keep all other defaults as well:
- Set the default database to VCDB and keep all other defaults:
- Keep all other options default, and at the end review your settings and click the “Test Data Source” button. The result should say that the tests completed successfully.
You now have a valid DSN you can use.
vCenter Simple Installation
So now we're ready for vCenter installation. When you start the installation program you'll notice there is something called a simple install. Now that's only simple when you've everything prepared and ready to go, otherwise you'll be doing a lot of work while the installer is open and waiting for you, instead of the other way around:
The installation process starts with the installation of the “vCenter Single Sign On” service: Go through the initial screens, accept the license agreement until you get to the screen where you can enter the administrator account for Single Sign On. This account is always named the “admin@System-Domain” and cannot be changed. The password is located in KeePass:
Then select to use an existing database, since we've already created one:
Then configure the database connection according to what you've done during the preparation:
Accept the FQDN of the server if it's correct and keep the default regarding the network service account (shown below) and the installation directory:
Also, keep the default port (7444):
Then, the actual installation starts, which is automatically followed by the installation for the inventory service, which you don't have to configure anything for:
This is automatically followed by the installation for vCenter which starts by allowing you to enter the vCenter license. I'm keeping it blank for now, since you get 60 days to do so afterwards. In the next screen you'll see the option to select the DSN connection to the database you've created:
Verify the databse setup and continue to the next screen. Here you select the account under which vCenter will run. Now I've started the installation with my own admin sccount, making it impossible to change anything here, and giving me another step afterwards to change this to the vCenter service account:
Keep all the default ports:
Then select the size of your environment so the amount of memory for the JVM can be configured. From my own experience I would select one a little higher than actually your case:
Then the installation will start which will finish a little while later.
vSphere Client
If you want to you can install the vSphere client on the vCenter server as well, which is always a good idea in my opinion. You can install it from the vCenter installation cd, as well as from the start screen as from “<CDROOT>\vsphere-client\vmware-viclient”.
vCenter Web Client
Start the installation for the vSphere Web Client from the start screen from the CD, and accept the license agreement as well as the default installation directory. Keep the default ports, and write them down because you need them to access the web client server afterwards:
Then enter the Single Sign On information requested:
Then the installation starts. If the installation is finished you can point your browser to https://localhost:9443/vsphere-client/ which will give you a logon screen.
Using the Web Client to Check SSO Identity Source
Go into the Web Client to access the Single Sign On service using the credentials you created during the installation of the Single Sign On service:
Then browse to Administration → Sign-On and Discovery → Configuration which will show you the current Identity Sources:
This is the configuration of the source:
Post Installation
Now the only thing left to do is changing the account vCenter runs on. Go into Windows Services (services.msc) and change these two services to run under the vCenter service account you created during preparations:
- VMware VirtualCenter Server
- VMware VirtualCenter Management Webservices
To do so, right click the service and select properties. Go to the tab “Log On” and enter the correct details:
Restart the services and you're all done. If everything went correct you can now login using both the vSphere web client as the vSphere client.