To follow up on my previous post:
Deploying VMware vSphere 5.1 Single Sign On, Inventory Service and vCenter Server
http://terenceluk.blogspot.com/2013/02/deploying-vsphere-51-single-sign-on.html
… this post serves to continue the deployment by installing an additional vCenter and configuring both vCenters in Linked Mode. Since this is a continuation of a more detailed post, I will be omitting the amount of explanation for each component.
Prerequisites
Begin by granting the same Active Directory service account used for the first vCenter the same Act as part of the operating system permissions to the second vCenter server. As with the first node, I will use the Local Computer Policy so open up the Run prompt and run:
gpedit.msc
Navigate to Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Assignment
Edit the Act as part of the operating system policy and add the vCenter service account in:
Next, add the vCenter service account into the local Administrators group on the vCenter server:
With the permissions for the service account set, proceed with adding the .NET Framework 3.5.1. feature onto the server by opening PowerShell ane executing the following cmdlet:
Import-Module ServerManager
Add-WindowsFeature as-net-framework
You can use the Server Manager to confirm that it is installed by navigating to the Features node:
Set up Single Sign On (SSO) Database
Assuming you’ve extracted the installation files to your C drive, navigate to the following directory containing the scripts you’ll need to set up the SSO database:
C:\VMware-VIMSetup-all-5.1.0-880471\Single Sign On\DBScripts\SSOServer\schema\mssql
The scripts we’ll be using are:
- rsaIMSLiteMSSQLSetupTablespaces.sql
- rsaIMSLiteMSSQLSetupUsers.sql
Begin by launching SQL Server Management Studio and opening the first script:
rsaIMSLiteMSSQLSetupTablespaces.sql
Edit the script as required and execute it to create the database:
With the database created, the next step is to set up the 2 user objects required for accessing the RSA database. To so do, use the following script:
rsaIMSLiteMSSQLSetupUsers.sql
Executing the script above should create the user accounts and assign the appropriate permissions to the RSA database:
Note the 2 accounts located under Security –> Logins:
- RSA_DBA
- RSA_USER
Set up vCenter Database and ODBC
The first step for setting up the vCenter database is to create the database with the following script found on page 205 in the installation guide (http://pubs.vmware.com/vsphere-51/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-51-installation-setup-guide.pdf):
use [master]
go
CREATE DATABASE [VCDB] ON PRIMARY
(NAME = N'vcdb', FILENAME = N'C:\VCDB.mdf', SIZE = 2000KB, FILEGROWTH = 10% )
LOG ON
(NAME = N'vcdb_log', FILENAME = N'C:\VCDB.ldf', SIZE = 1000KB, FILEGROWTH = 10%)
COLLATE SQL_Latin1_General_CP1_CI_AS
go
use VCDB
go
sp_addlogin @loginame=[vpxuser], @passwd=N'vpxuser!0', @defdb='VCDB',
@deflanguage='us_english'
go
ALTER LOGIN [vpxuser] WITH CHECK_POLICY = OFF
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go
use MSDB
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go
As well as assign the appropriate permissions to the database for the vpxuser account that the vCenter service will use to access the database. Modify the fields such as the database path and password in the following script to create the vCenter database, create the vpxuser account and grant it permissions:
use [master]
go
CREATE DATABASE [VCDB] ON PRIMARY
(NAME = N'vcdb', FILENAME = N'K:\Databases\VCDB.mdf', SIZE = 2000KB, FILEGROWTH = 10% ) LOG ON
(NAME = N'vcdb_log', FILENAME = N'L:\Logs\VCDB.ldf', SIZE = 1000KB, FILEGROWTH = 10%) COLLATE SQL_Latin1_General_CP1_CI_AS
go
use VCDB
go
sp_addlogin @loginame=[vpxuser], @passwd=N'P@ssw0rd', @defdb='VCDB',
@deflanguage='us_english'
go
ALTER LOGIN [vpxuser] WITH CHECK_POLICY = OFF
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go
sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
go
use MSDB
go
CREATE USER [vpxuser] for LOGIN [vpxuser]
go
sp_addrolemember @rolename = 'db_owner', @membername = 'vpxuser'
With the database created, the next step is to create the 64-bit ODBC DSN Connection by opening up the Start menu, navigate to Administrative Tools –> Data Sources (ODBC) then select the System DSN tab and click Add:
Select the SQL Server Native Client 10.0 as the driver:
Fill in the following fields:
Name: This is just a logical name and can be anything you want.
Description: Logical description.
Server: You can either put the NetBIOS or FQDN of the server name. I personally prefer the FQDN.
Since we’re not using a domain service account, select the radio button for With SQL Server authentication using a login ID and password entered by the user and enter the credentials for the account you configured during the database creation:
Make sure you change the default database to your vCenter database that you created earlier. The name in the installation guide is VCDB:
Leave the following settings as default and click Finish:
A window is now presented that allows you to test the ODBC connection. Proceed with clicking on the Test Data Source button to test connecting over to the vCenter database with the SQL Authentication credentials entered in one of the previous screens:
Confirm that the test completes successfully:
Once you click finish, you will now see your new ODBC DSN:
Install vCenter Single Sign On Service (SSO)
Begin by launching the VMware vCenter Installer and selecting vCenter Single Sign On:
Select Join an existing vCenter Single Sign On installation:
Select Multisite and fill in the following fields:
Fully Qualified Domain name or IP address <—The FQDN of the first vCenter node you’re going to link to
Https port <— Use the default 7444 port unless it has been changed
Password <— The password for the SSO administrator in the first node
Proceed with clicking on Install Certificates:
Type in the SSO admin@System-Domain password:
Fill in the fields with the appropriate information for the database that was prepared for this second node:
**Note that I’ve been asked in the past whether the fields should point to the SSO database used by the first node and the answer is NO. The information above should point to the SSO database created for the second node. The Fully Qualified Domain Name or IP address for the Local System Information should be automatically populated but prior to proceeding, click on the Back button:
To get back to the database information prompt to add the following to the JDBC URL:
;encrypt=true;trustservercertificate=true
… so that the URL would look something like this:
jdbc:sqlserver://;serverName=dbServer.domain.com;port=1433;databaseName=RSA;encrypt=true;trustservercertificate=true
Uncheck the Use network service account and fill in the vCenter domain service account:
Confirm the directory for the SSO files:
Confirm the SSO HTTPS port:
Proceed with the install:
Install vCenter Inventory Service
Begin by launching the VMware vCenter Installer and selecting VMware vCenter Inventory Service:
Proceed through the wizard:
Accept the EULA:
Confirm the location to install the files:
The following field should automatically be filled in with the FQDN of the server you’re installing the Inventory Service on:
Accept the default ports unless they need to be changed:
Select the appropriate Inventory Size for the JVM Memory:
Enter the vCenter Single Sign On administrator password and fill in the Lookup Service URL with the first vCenter node’s FQDN as shown in the following screenshot:
Proceed with the install:
Install vCenter Server
Begin by launching the VMware vCenter Installer and selecting VMware vCenter Server:
Proceed through the wizard:
Accept the EULA:
Enter a license key if you have it already or you can enter it afterwards:
Select the ODBC DNS that was created earlier for the VCDB vCenter database:
Enter the credentials for the SQL Server Authentication vpxuser account:
Uncheck the Use SYSTEM Account checkbox and enter the credentials for the vCenter domain service account:
Select Join a VMware vCenter Server grouop using Linked Mode to share information:
Note that joining mixed versions of vCenter Servers is not supported:
Enter the FQDN of the primary vCenter Server:
Confirm the default ports being used for the vCenter service:
Select the appropriate Inventory Size:
Enter the vCenter Single Sign On administrator password and fill in the Lookup Service URL with the first vCenter node’s FQDN as shown in the following screenshot:
Confirm by clicking on Install certificates:
Enter a user or group that you would like to be able to administer this vCenter server:
The vCenter Inventory Service URL should already be populated with the second vCenter Server node information so leave it as is and proceed:
Confirm the folder to install the vCenter files:
Proceed with the install:
Test vCenter Connectivity
With all the components installed, proceed with launching the vSphere Client and test connectivity to vCenter:
Verify that both vCenters are listed:
Hope this helps anyone out there who wants to see what a Linked Mode vCenter install looks like.
No comments:
Post a Comment