Lifecycle Manager Installation and Configuration Guide vCenter Lifecycle Manager 1.1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Lifecycle Manager Installation and Configuration Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents Updated Information 5 About This Book 7 1 Understanding LCM 9 Lifecycle Manager Process 9 Lifecycle Manager Terminology 11 Role-Based User Interface 11 LCM Administrator 12 Lifecycle Manager Architecture 12 2 LCM Installation Process 15 Installing and Configuring Orchestrator 3 Orchestrator System Requirements 19 Hardware Requirements for Orchestrator 19 Operating Systems Supported by Orchestrator Supported Directory Services 20 Supported Browsers 20 Orchestrator Database Requirements 20 19
Lifecycle Manager Installation and Configuration Guide Configure the Default Plug-Ins 39 Import the vCenter Server License 40 Start the Orchestrator Server 41 Export the Orchestrator Configuration 42 Import the Orchestrator Configuration 44 Configure the Maximum Number of Events and Runs 44 Change the Web View SSL Certificate 45 Define the Server Log Level 45 7 Maintenance and Recovery 47 Change the Size of Server Logs 48 Maintaining the Orchestrator Database Troubleshooting Orchestrator 49 48 8 Contro
Updated Information This Lifecycle Manager Installation and Configuration Guide is updated with each release of the product or when necessary. This table provides the update history of the Lifecycle Manager Installation and Configuration Guide. Revision Description EN-000334-01 n n n EN-000334-00 VMware, Inc. Updated the text in Chapter 2, “LCM Installation Process,” on page 15. Added a caution about a Windows Server 2008 bug in Step 3 in “Install Lifecycle Manager,” on page 56.
Lifecycle Manager Installation and Configuration Guide 6 VMware, Inc.
About This Book This book, the Lifecycle Manager Installation and Configuration Guide, provides information about installing and ® configuring VMware vCenter Lifecycle Manager (LCM). Intended Audience This book is intended for administrators who are installing and configuring LCM. The information in this guide is written for experienced system administrators who are familiar with virtual machine technology. Document Feedback VMware welcomes your suggestions for improving our documentation.
Lifecycle Manager Installation and Configuration Guide 8 VMware, Inc.
Understanding LCM 1 VMware vCenter Lifecycle Manager (LCM) automates the process of creating virtual machines and removing them from service at the appropriate time. Using LCM, you can perform the following tasks: n Handle and process virtual machine requests in a Web user interface. n Automatically place servers based on their location, organization, environment, service level, or performance levels. When a solution is found for a set of criteria, the machine is automatically deployed.
Lifecycle Manager Installation and Configuration Guide Figure 1-1.
Chapter 1 Understanding LCM Lifecycle Manager Terminology LCM uses specific terminology to describe lifecycle events and attributes. Commission The creation of a requested virtual machine. The commission time is submitted during the request process. Decommission The requested machine reaches the end of its life. A decommission date is submitted during the request process. The decommissioned machine can be archived or deleted.
Lifecycle Manager Installation and Configuration Guide LCM Administrator The LCM Administrator sets up the LCM environment, and can perform all tasks that other user roles can perform. The LCM Administrator is responsible for the following tasks.
Chapter 1 Understanding LCM Figure 1-2. Architecture of LCM and Orchestrator browser config vCO database Lifecycle Manager browser config VMware vCenter Orchestrator plug-ins service directory VMware Infrastructure 3.5 Lifecycle Manager database networking database email Orchestrator Plug-Ins After you install LCM, you must configure the following Orchestrator plug-ins: n VMware Infrastructure 3.5 For adding VMware Infrastructure 3.5 or vCenter 4 instances. NOTE Because LCM supports vCenter 4.
Lifecycle Manager Installation and Configuration Guide 14 VMware, Inc.
2 LCM Installation Process You install and configure LCM by using both the Orchestrator configuration interface and the LCM interface. Before installing LCM, you must install and configure vCenter Orchestrator. You must use the Orchestrator configuration interface to configure the components that are related to the engine, such as the database, network, server certificate, and so on. These components must be configured correctly so that LCM functions properly.
Lifecycle Manager Installation and Configuration Guide 16 VMware, Inc.
Installing and Configuring Orchestrator VMware, Inc.
Lifecycle Manager Installation and Configuration Guide 18 VMware, Inc.
Orchestrator System Requirements 3 Your system must meet the technical requirements that are necessary to install and configure VMware vCenter Orchestrator. Because LCM runs as an Orchestrator plug-in, the system requirements for the two products are the same.
Lifecycle Manager Installation and Configuration Guide Supported Directory Services Orchestrator requires a working LDAP server on your infrastructure. Orchestrator supports these directory service types. n Windows Server 2003 Active Directory n Windows Server 2008 Active Directory n Novell eDirectory Server 8.8.3 n Sun Java Directory Server Enterprise Edition (DSEE) Version 6.3 Supported Browsers The LCM user interface requires a Web browser.
4 Install Orchestrator In production environments, and to enhance the scalability of your vCenter Orchestrator setup, install Orchestrator on a dedicated Microsoft Windows server. Prerequisites Make sure that your hardware meets the Orchestrator system requirements. See “Hardware Requirements for Orchestrator,” on page 19. Procedure 1 Download the vCenter Orchestrator installer from the vCenter Lifecycle Manager download page. 2 Double-click the executable file and click Next.
Lifecycle Manager Installation and Configuration Guide What to do next Log in to the Orchestrator configuration interface form Start > Programs > VMware > vCenter Orchestrator Web Configuration and change the default password. 22 VMware, Inc.
Orchestrator Components Setup Guidelines 5 To enhance the availability and scalability of your Orchestrator setup, install Orchestrator on a server different from the server on which vCenter Server runs. Separating Orchestrator from vCenter Server makes it possible to adjust the operating system to meet the specific recommendations for each service.
Lifecycle Manager Installation and Configuration Guide The way in which your database is set up can affect Orchestrator performance. Install the database in a virtual machine other than the one on which Orchestrator is installed. This method avoids the JVM and DB server having to share CPU, RAM, and IOs. Storing your database plug-ins in a database separate from the one that Orchestrator uses allows more modularity when upgrading the system.
Configuring Orchestrator 6 You must use the Orchestrator Web Configuration tool to configure the components that are related to the Orchestrator engine, such as network, database, server certificate, and so on. The correct configuration of these components ensures the proper functioning of Lifecycle Manager or any other applications running on the Orchestrator platform.
Lifecycle Manager Installation and Configuration Guide Check Configuration Readiness Before you start configuring Orchestrator, you can check whether the Web configuration service is ready. Procedure 1 In Windows, select Start > Programs > Administrative Tools > Services. 2 Select VMware vCenter Orchestrator Configuration. 3 If the status is not Started, right-click VMware vCenter Orchestrator Configuration and select Start.
Chapter 6 Configuring Orchestrator Change the Default Password You must change the default password to avoid potential security issues. Prerequisites The VMware vCenter Orchestrator Configuration service must be running. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 On the General tab, click Change Password. 3 In the Current password text box, enter vmware. 4 In the New password text box, enter the new password. 5 Reenter the new password to confirm it.
Lifecycle Manager Installation and Configuration Guide Default Configuration Ports Orchestrator uses some specific ports that allow communication with the other systems. It is embedded in a JBoss application server, and benefits from built-in redundancy, high-availability, and high-performance distributed application services and support for complex database access. The communication ports you must set are a subset of the standard ports that JBoss uses.
Chapter 6 Configuring Orchestrator Import the vCenter SSL Certificate The Orchestrator configuration interface uses a secure connection to communicate with vCenter. You can import the required SSL certificate from a URL or file. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click Network. 3 In the right pane, click the SSL Certificate tab. 4 Load the vCenter SSL certificate in Orchestrator from a URL address or file.
Lifecycle Manager Installation and Configuration Guide 3 From the LDAP client drop-down menu, select the directory server type that you are using as the LDAP server. The supported directory service types are: Active Directory, eDirectory, and Sun Java System Directory Server. OpenLDAP is not supported and can only be used for testing and evaluation purposes.
Chapter 6 Configuring Orchestrator Example 6-1. Example Values and Resulting LDAP Connection URL Addresses n LDAP host: DomainController n Port: 389 n Root: ou=employees,dc=company,dc=org Connection URL: ldap://DomainController:389/ou=employees,dc=company,dc=org n LDAP host using Global Catalog: 10.23.90.130 n Port: 3268 n Root: dc=company,dc=org Connection URL: ldap://10.23.90.130:3268/dc=company,dc=org What to do next Assign credentials to Orchestrator to ensure its access to the LDAP server.
Lifecycle Manager Installation and Configuration Guide Prerequisites You must have a working LDAP service on your infrastructure. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click LDAP. 3 Define the User lookup base. This is the LDAP container (the top level domain name) where Orchestrator searches for potential users. a Click Search and enter the top-level domain name. Searching for company returns dc=company,dc=org and other common names containing the search term.
Chapter 6 Configuring Orchestrator Define the LDAP Search Options You can customize the LDAP search queries and make searching in LDAP more effective. Procedure 1 Log in to the Orchestrator configuration interface as vmware. 2 Click LDAP. 3 In the Request timeout text box, enter a value in milliseconds. This value determines the period during which the Orchestrator server sends a query to the service directory, the directory searches, and sends a reply.
Lifecycle Manager Installation and Configuration Guide Table 6-2. Common Active Directory LDAP Errors (Continued) Error Description 773 The user must reset their password. 775 The user account has been locked. Password Encryption and Hashing Mechanism Orchestrator utilizes PBE with MD5 and DES encryption mechanism to encode the stored passwords used to connect to the database, LDAP, and Orchestrator servers. Table 6-3 shows the password encryption and hashing mechanisms used by Orchestrator.
Chapter 6 Configuring Orchestrator 5 To build or update the table structure for Orchestrator, install or update the database. Option Description Install the database Use this option to configure a new database. Update the database Use this option if you want to use the database from your previous Orchestrator installation. After the database is populated, you can reset the database access rights to db_dataread and db_datawrite. 6 Click Apply changes.
Lifecycle Manager Installation and Configuration Guide Identify the SQL Server Authentication Type You can identify whether SQL Server is using Windows NT or SQL Server authentication. Procedure 1 Open the SQL Server Management Studio. 2 Click the Properties tab. 3 Check the connection type. Server Certificate The server certificate is a form of digital identification that is used with HTTPS to authenticate Web applications.
Chapter 6 Configuring Orchestrator What to do next For disaster recovery purposes, you can save the certificate private key to a local file. Obtain a Server Certificate Signed by a Certificate Authority To provide recipients with an acceptable level of trust that the package was created by your server, certificates are typically signed by a Certificate Authority (CA).
Lifecycle Manager Installation and Configuration Guide 5 Click Export. 6 Save the vmo-server.vmokestore file when prompted. Change a Self-Signed Server Certificate If you want to sign your packages with a server certificate different from the one you used for the initial Orchestrator configuration, you need to export all your packages and reinstall the Orchestrator server. Procedure 1 Export all your packages. a Click the Packages view in the Orchestrator client.
Chapter 6 Configuring Orchestrator Configure the Default Plug-Ins To deploy the default set of plug-ins when the Orchestrator server starts, the system must authenticate against the LDAP server. You can specify the administrative credentials that Orchestrator uses with plug-ins, and enable as well as disable plug-ins on the Plug-ins tab. If you change the Orchestrator database after configuring and installing the default plug-ins, you must click the Reset current version link in the Troubleshooting tab.
Lifecycle Manager Installation and Configuration Guide Text box Description User name Enter a valid email account. This is the email account Orchestrator uses to send emails. 4 Password Enter the password associated with the user name. From name and address Enter the sender information to appear in all emails sent by Orchestrator. Click Apply changes. Configure the SSH Plug-In You can set up the SSH plug-in to ensure encrypted connections.
Chapter 6 Configuring Orchestrator Start the Orchestrator Server You can install the Orchestrator server as a service on the Startup Options tab. When you do this, you can start, stop, and restart the service from the Configuration interface. This is process is reversible as you can always use the Uninstall vCO server from service option. Prerequisites All of the status indicators must display a green circle. You cannot start the Orchestrator server if any of the components is not configured properly.
Lifecycle Manager Installation and Configuration Guide Procedure 1 Navigate to the wrapper.conf wrapper configuration file. The wrapper configuration file is in the following location: Install_Directory/app-server/bin/wrapper.conf 2 Open the wrapper.conf file in an editor. 3 Locate the -wrapper.ping.timeout parameter in the wrapper.conf file, or add it to the file if it does not exist. 4 Set the number of seconds to allow between a ping from the watchdog utility and the response from the service.
Chapter 6 Configuring Orchestrator 3 (Optional) Enter a password to protect the configuration file. Use the same password when you import the configuration. 4 Click Export. 5 Click Save when prompted. You can use the vmo_config_dateReference.vmoconfig file to clone or to restore the system. What to do next For a list of exported configuration settings, see “Orchestrator Configuration Files,” on page 43.
Lifecycle Manager Installation and Configuration Guide Import the Orchestrator Configuration You can restore the previously exported system configuration if a system failure occurs or when you reinstall Orchestrator. Procedure 1 Install a new Orchestrator instance on a new server. 2 Log in to the Orchestrator configuration interface as vmware. 3 On the General tab, click Import Configuration. 4 (Optional) Enter the protective password you used when exporting the configuration.
Chapter 6 Configuring Orchestrator 7 (Optional) To put the server in Web view development mode, select the Enable Web view development check box. In this mode, all elements in the Web view are loaded from the specified Web view directory and not from the Web view content itself. 8 Click Apply changes. Change the Web View SSL Certificate Orchestrator provides an SSL certificate that controls user access to Web views, such as LCM.
Lifecycle Manager Installation and Configuration Guide 3 Select an option from the Log level drop-down menu. Option Description FATAL Only fatal entries are written to the log file. ERROR Errors and above entries are written to the log file. WARN Warnings and above entries are written to the log file. DEBUG Debug information and above entries are written to the log file. INFO Information and above entries are written to the log file. ALL Events are not filtered.
Maintenance and Recovery 7 The Troubleshooting tab in the Orchestrator configuration interface allows you to perform several bulk operations related to workflows and tasks. You can use the Troubleshooting tab to globally reset the server and remove all traces of previous runs. Table 7-1 lists the possible bulk operations. IMPORTANT Before you click a troubleshooting option, make sure the vCO server is stopped. Table 7-1.
Lifecycle Manager Installation and Configuration Guide Change the Size of Server Logs If a server log regenerates multiple times a day, it becomes difficult to determine what causes problems. To prevent this, you can change the default size of the server log. The default size of the server log is 5MB. Procedure 1 Open the log4j.xml file. The log4j.xml file is in the following location: installation_directory\VMware\Orchestrator\app-server \server\vmo\conf 2 In the lg4j.
Chapter 7 Maintenance and Recovery Troubleshooting Orchestrator If you are unable to access the Orchestrator configuration interface or a Web view, such as LCM, you can try restarting the Orchestrator services to troubleshoot the situation. Restart the Orchestrator Server You can restart the Orchestrator server if you are unable to access LCM. Procedure 1 In Windows, select Start > Programs > Administrative Tools > Services. 2 Select VMware vCenter Orchestrator Server.
Lifecycle Manager Installation and Configuration Guide 50 VMware, Inc.
Controlling Orchestrator Access 8 You can control access to Orchestrator to improve security. This chapter includes the following topics: n “Disable Access to the Orchestrator Client by Nonadministrators,” on page 51 n “Disable Access to Workflows from Web Service Clients,” on page 52 Disable Access to the Orchestrator Client by Nonadministrators When using LCM, the best practice is to limit access to the Orchestrator client only to administrators.
Lifecycle Manager Installation and Configuration Guide Disable Access to Workflows from Web Service Clients To prevent malicious attempts from Web service clients to access sensitive servers, you can configure the Orchestrator server to deny access to Web service requests. By default, Orchestrator permits access to workflows from Web service clients. You disable access to workflows from Web service clients by setting a system property in the Orchestrator configuration file, vmo.properties.
Installing and Configuring LCM VMware, Inc.
Lifecycle Manager Installation and Configuration Guide 54 VMware, Inc.
9 Installing LCM After you have installed vCenter Orchestrator, you can install vCenter Lifecycle Manager. This chapter includes the following topics: n “Installation Prerequisites,” on page 55 n “Install Lifecycle Manager,” on page 56 n “Configuring Plug-Ins,” on page 56 Installation Prerequisites Make sure that your system meets the installation prerequisites before you install LCM on Microsoft Windows. Table 9-1. Installation Prerequisites Component Description VMware vCenter Orchestrator 4.0.
Lifecycle Manager Installation and Configuration Guide Table 9-1. Installation Prerequisites (Continued) Component Description Static account for each vCenter Server that LCM and Orchestrator can use DHCP server and fixed range of IP addresses for new virtual machines Install Lifecycle Manager You must install LCM through the Orchestrator configuration interface. Procedure 1 Log in to the Orchestrator configuration interface.
Chapter 9 Installing LCM Procedure 1 Log in to the Orchestrator configuration interface. http://orchestrator_server:8282 2 3 On the vCenter Lifecycle Manager and Networking tabs, select the database connection type. Option Description Custom (Recommended) Select this option to store plug-in-specific data in a database different from the Orchestrator database. Depending on the type of database you are connecting to, the required information might vary.
Lifecycle Manager Installation and Configuration Guide 9 10 Specify the method you use to manage user access on the VMware Infrastructure or vCenter host. Option Description Share a unique session Type the credentials of a user who is a VMware Infrastructure or vCenter administrator. Session per user Select this option if your VMware Infrastructure or vCenter server is in an Active Directory domain. Make sure that the user has the necessary permissions to perform the required operations.
10 Migrating to LCM 1.1 If you are using VMware Lifecycle Manager - Standard 1.0.1 (LCM 1.0.1) or VMware vCenter Lifecycle Manager 1.0.2 (LCM 1.0.2), you can migrate to VMware vCenter Lifecycle Manager 1.1 (LCM 1.1). This chapter includes the following topics: n “Supported Migration Paths,” on page 59 n “Backing Up Database Tables,” on page 59 n “Migrating LCM 1.0.1 Configuration to LCM 1.0.2,” on page 60 n “Migrating LCM 1.0.2 Configuration to LCM 1.
Lifecycle Manager Installation and Configuration Guide Migrating LCM 1.0.1 Configuration to LCM 1.0.2 The migration is performed by running workflows in LCM 1.0.1, which is powered by Orchestrator 3.2.1, and in LCM 1.0.2, which is powered by Orchestrator 4.0.1. NOTE You must complete the export procedure in Orchestrator 3.2.1 and LCM 1.0.1 before installing Orchestrator 4.0.1 and LCM 1.0.2 on the same machine. Orchestrator 4.0.1 overwrites the installation of Orchestrator 3.2.1. Export the LCM 1.0.
Chapter 10 Migrating to LCM 1.1 Procedure 1 Go to http://orchestrator_server:8280/vmo/lifecycle to log in to LCM for the first time. You need to log in with the credentials of a user who is a member of the administrator group that is selected in Orchestrator. 2 Select Yes for Migrate from old LCM data and click Next. 3 Click Browse and select the data.zip file that you exported from LCM 1.0.1. 4 Click Submit to start the import process.
Lifecycle Manager Installation and Configuration Guide 62 VMware, Inc.
Configuring LCM 11 You must configure LCM before you can use it. The configuration process involves setting up the virtual machine naming convention, specifying groups, and selecting date and currency formats. You can also configure role-based attributes.
Lifecycle Manager Installation and Configuration Guide Initial Configuration of Lifecycle Manager You must complete the initial configuration of LCM when you run LCM for the first time. Procedure 1 Go to http://orchestrator_server:8280/vmo/lifecycle to log in to LCM for the first time. You need to log in with the credentials of a user who is a member of the administrator group that is selected in Orchestrator. 2 (Optional) Edit the default virtual machine naming convention.
Chapter 11 Configuring LCM Set Approval Requirements Virtual machines are decommissioned on the date selected by the requester when requesting the machine. LCM notifies the owner of the virtual machine five days before the decommissioning date with the option to request an extension. You can specify whether approval is required when virtual machines are requested, extended, or modified. Procedure 1 Log in to LCM as an administrator. 2 Click the Configuration view. 3 Click Edit Approval Modes.
Lifecycle Manager Installation and Configuration Guide 4 Under Management Groups, select or type appropriate values for the groups. 5 Under Requester Groups, select or type appropriate values for the groups. 6 Click Submit. User Roles and Permitted Tasks Every LCM user role can perform a certain set of tasks. The LCM Administrator can perform all tasks. Table 11-1 describes how roles are mapped to tasks. Tasks marked with an O can be performed only by the owner of the request. Table 11-1.
Chapter 11 Configuring LCM Enable Email Notifications LCM users can be sent emails when they are required to perform an action. For example, an LCM Approver can receive an email when required to approve or reject a virtual machine request. You can enable email notifications. Procedure 1 Log in to LCM as an administrator. 2 Click the Configuration view. If the Mail icon ( ) does not appear next to the Configuration icon ( ), email notifications are disabled.
Lifecycle Manager Installation and Configuration Guide 7 Click Submit. 8 Repeat these steps for each email notification that you want to create. Configure Currency and Date Formats You can configure the currency and date formats.The price of a virtual machine is estimated in the currency that you select. Procedure 68 1 Log in to LCM as an administrator. 2 Click the Configuration view. 3 Click Edit Format (Currency, Date). 4 Select a currency format. 5 Select a date format. 6 Click Submit.
Uninstall LCM and Orchestrator 12 You can remove LCM from your system by uninstalling Orchestrator. You can remove the Orchestrator client and server components from your system by using the Windows Add or Remove Programs utility from the Control Panel. Prerequisites Save the Orchestrator system settings to a local file. For details, see “Export the Orchestrator Configuration,” on page 42. Procedure 1 From the Windows Start menu, select Settings > Control Panel > Add or Remove Programs.
Lifecycle Manager Installation and Configuration Guide 70 VMware, Inc.
Index A administrator tasks 12 approval modes 65 architecture 12 archiving settings 65 authorization groups 65 availability 23 B base name 66 C certificate database 37, 38 configuration config files 43 database connection 34, 35 default plug-ins 39 export configuration settings 42 import configuration settings 44 LDAP settings 31 network connection 27 plug-ins 56 configuration maximums 24 configuring LCM 63 Orchestrator 25 LDAP port 28 LDAP with Global Catalog 28 LDAP with SSL 28 lookup port 28 messagin
Lifecycle Manager Installation and Configuration Guide LCM Tech Requester 11 LCM Web view, configuration 64 LDAP browsing credentials 31 connection URL 29 lookup paths 31 LDAP errors 525 33 52e 33 530 33 531 33 532 33 533 33 701 33 773 33 775 33 license, importing vCenter Server license 40 lifecycle process overview 9 load balancing 39 login 26 M MD5 34 migrating to LCM 1.1 59 migration backing up database 59 export LCM 1.0.1 configuration 60 import LCM 1.0.1 configuration into LCM 1.0.
Index U VMware WebCenter Remote MKS Plug-in 20 uninstalling 69 updated information 5 W V vCenter compatibility 12 VMware Infrastructure 12 VMware vCenter Orchestrator Server, installing as Windows service 41 VMware, Inc.
Lifecycle Manager Installation and Configuration Guide 74 VMware, Inc.
