WilliamLam.com

Dude, Where's My vCenter Server 5.1 Components Installed At?

by // 5 Comments

You would be surprised at the number of times I have heard this question get asked and this is not regarding the installation path but the specific server a given vCenter Server 5.1 component is installed on. I am just wondering if people are somehow miss-placing their infrastructure? I would hope that most organizations have some type of CMDB (Configuration Management Database) even if it is just a spreadsheet or at a minimum a memorable hostname. In any case, this question is only relevant for those of you who decided to separate out the vCenter SSO (Single Sign-On) Server, vSphere Web Client, Inventory Service and the vCenter Server and are now wondering where a given component is installed at.
To begin, you will need to know at a minimum where your vCenter Server is installed at. If you do not know that, then you should take the walk of shame and install this utility (be-careful with port scanning tools, as it may not be allowed by your Security Operations team). Go to the advanced settings of your vCenter Server and look up one of the following settings:
  • config.vpxd.sso.sts.uri
  • config.vpxd.sso.groupcheck.uri
  • config.vpxd.sso.admin.uri

All three of these settings should contain the same hostname or IP Address which is the location of where your SSO Server is installed. You can also find this information by looking at the vCenter Server configuration file located in the following location:

Windows vCenter Server: C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg
vCenter Server Appliance: /etc/vmware-vpx/vpxd.cfg

Next, you will need to login directly to your vCenter Server (RDP or SSH) depending on the version you are using. Using the hostname or IP Address of our vCenter SSO Server, we will now connect to the Lookup Service which is installed alongside the vCenter SSO Server. This service will provide us with the location of all services registered to vCenter SSO and we will be able to identify the location of the remainder vCenter Server components.

For Windows vCenter Server, make sure you have the JAVA_HOME environmental variable set to C:\Program Files\VMware\Infrastructure\jre and open up a command prompt and run the following (subsitute in the hostname or IP Address of your vCenter SSO Server):

vSphere 5.5

"C:\Program Files\VMware\Infrastructure\VMware\CIS\vmware-sso\ssolscli.cmd" listServices https://winvc.primp-industries.com:7444/lookupservice/sdk

vSphere 5.1

"C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli\ssolscli.cmd" listServices https://winvc.primp-industries.com:7444/lookupservice/sdk

We can take a look at the serviceName which describes the specific vCenter Server component such as the vSphere Web Client or Log Browser and endpoints property will tell you which server it is installed on.

For vCenter Server Appliance, there is a similar command by running the following:

/usr/lib/vmware-sso/bin/vi_regtool listServices https://172.30.0.186:7444/lookupservice/sdk

The only vCenter Server component that we have not found is the Inventory Service. To find the server where this component is installed, we just need to look at the vCenter Server Extensions and and we can simply open up a web browser and connect to the following URL (substitute in your vCenter Server address):

https://vcsa.primp-industries.com/mob/?moid=ExtensionManager&doPath=extensionList[%22com.vmware.vim.inventoryservice%22].healthInfo

Hopefully at this point you are able to figure out where all your vCenter Server 5.1 components are installed at and you are also documenting all this information in your CMDB or spreadsheet ๐Ÿ™‚

Configuring Additional VCSA 5.1 as vSphere Web Client Servers

by // 6 Comments

In my previous article, I showed you how to configure additional vSphere Web Client 5.1 Servers for a Windows environment. For those interested in using the VCSA (vCenter Server Appliance) instead to configure additional vSphere Web Client Servers, here is the process.

Disclaimer: This is for educational purposes only, this is not officially supported by VMware. Please test this in a development environment before using it on actual systems.

Before getting started, it is very important to ensure you have proper DNS resolution (forward / reverse working) on all your VCSA's.

Step 1 - You will need to know the IP Address or hostname of your vCenter SSO Server (If you are using the VCSA, then it is the same address as your vCenter Server). Next, deploy a brand new VCSA and go ahead and configure the IP Address, hostname, etc. in preparation for the next step.

Step 2 - Create a script called configureVCSAvSphereWebClientStandalone.sh (this script reside on the new VCSA itself or on a remote host) which contains the following

#!/bin/bash
# William Lam
# www.virtuallyghetto.com

# User Configurations

VCENTER_SSO_IPADDRESS=172.30.0.181

## DO NOT EDIT BEYOND HERE ##

echo "Adding Lookup Service URL to /etc/vmware/ls_url.txt & /etc/vmware-sso/ls_url.txt"
echo "https://${VCENTER_SSO_IPADDRESS}:7444/lookupservice/sdk" > /etc/vmware/ls_url.txt;echo "https://${VCENTER_SSO_IPADDRESS}:7444/lookupservice/sdk" > /etc/vmware-sso/ls_url.txt;

echo "Retrieving ${VCENTER_SSO_IPADDRESS} SSL Certificate"
echo "" | openssl s_client -connect ${VCENTER_SSO_IPADDRESS}:7444 2> /dev/null 1> /tmp/cert

echo "Storing ${VCENTER_SSO_IPADDRESS} SSL Certificate in /etc/ssl/certs/VMware-Lookup-Service-Root-CA.pem"
openssl x509 -in /tmp/cert > /etc/ssl/certs/VMware-Lookup-Service-Root-CA.pem

echo "Registering vSphere Web Client with ${VCENTER_SSO_IPADDRESS}"
/usr/lib/vmware-vsphere-client/vsphere-client-sso-hook install --ls-server https://${VCENTER_SSO_IPADDRESS}:7444/lookupservice/sdk --user root --password vmware

 
You will need to change the VCENTER_SSO_IPADDRESS variable to the address of your vCenter SSO Server.

Step 3 - Set the script to executable by running the following command:

chmod +x configureVCSAvSphereWebClientStandalone.sh

Step 4 - You can either execute the script locally on the VCSA or my preferred method is just to execute it remotely by running the following command:

ssh [email protected] < configureVCSAvSphereWebClientStandalone.sh

Note: Make sure to replace the IP Address with address of your VCSA

As part of the configuration, the vSphere Web Client service will automatically start up at the very end. Once the service has successfully started, you will be able to connect to the vSphere Web Client URL by going to https://[webclient-hostname-ip]:9443/vsphere-client and you now should be able to see all the vCenter Servers that have registered with the same vCenter SSO server.

Here is another view using the new VIN 1.2 (vSphere Infrastructure Navigator) to show that I have two vSphere Web Client servers (webclient1 and webclient2) registered to my primary vCenter SSO Server (vcenter51-1) as well as two additional vCenter Server (vcenter51-2 and vcenter51-3) that are also registered with the same SSO Server.

As you can see, if you need to add additional vSphere Web Client Servers, the VCSA can easily be configured to enable only this feature to help you scale out and provide additional capacity as well as redundancy. Stay tuned for some more details on configuring a Load Balancer to load balance multiple vSphere Web Client Servers.

Additional Resources:ย 

 

Configuring Additional Windows vSphere Web Client 5.1 Servers

by // 10 Comments

Did you know in vSphere 5.1, you can now configure multiple vSphere Web Client servers to multiple vCenter 5.1 Servers and get a single view of your entire infrastructure as well as provide redundancy to the vSphere Web Client? This is all made possible with the new vCenter SSO (Single Sign-On) and Lookup Service feature.

When you first install vCenter Server, you can install the vSphere Web Client on the same machine or you can install it on a separate machine. If you decide to install the vSphere Web Client on a separate system or add additional vSphere Web Client servers, you simply just need to point them to your main vCenter SSO instance.

Note: If you wish to re-point or re-register other vCenter Server components, there is nice VMware KB that goes over all the steps.

Before getting started, it is very important to ensure you have proper DNS resolution (forward / reverse working) on all your Windows servers.

If you are running Windows, when you install the vSphere Web Client, you will be brought to a screen to specify your SSO Administrator credentials (admin@System-Domain for windows) or (root for VCSA) as well as the Lookup Service URL which will be the same system running your vCenter SSO service.

Note: In my lab, I am using the VCSA for my vCenter Server as well as my SSO server, but this can also be a Windows vCenter Server and SSO Server.

You also have the ability to re-point your vSphere Web Client to another vCenter SSO server and you can do so by using the following script: C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts\client-repoint.bat To use the script, you just need to specify the new Lookup Service URL along with the SSO Administrator credentials.

C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts\client-repoint.bat https://172.30.0.181:7444/lookupservice/sdk root vmware

Once the script has finished registering with the new vCenter SSO server, you can now connect to the vSphere Web Client URL by going to https://[webclient-hostname-ip]:9443/vsphere-client and you now should be able to see all the vCenter Servers that have registered with the same vCenter SSO server.

Here is another view using the new VIN 1.2 (vSphere Infrastructure Navigator) to show that I have two vSphere Web Client servers (webclient 3 and webclient4) registered to my primary vCenter SSO Server (vcenter51-1) as well as two additional vCenter Server (vcenter51-2 and vcenter51-3) that are also registered with the same SSO Server.

As you can see this provides me with single view of all my vCenter Servers and I can now connect to either vSphere Web Client servers which can be used for both load balancing as well as redundancy. You probably might have guessed, the next logical step is to put an actual load balancer in front of multiple vSphere Web Clients and simply expose a single entry point for your end users .... stay tune ๐Ÿ™‚

FYI - If you are interested in using the VCSA and only enabling the vSphere Web Client feature, the process is slightly different and I will share the procedure in a separate post.