Download - Adm 61 Admin Guide
-
8/6/2019 Adm 61 Admin Guide
1/64
Application Discovery ManagerAdministration Guide
vCenter Application Discovery Manager 6.1
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of thisdocument, see http://www.vmware.com/support/pubs.
EN-000451-00
http://www.vmware.com/support/pubshttp://www.vmware.com/support/pubs -
8/6/2019 Adm 61 Admin Guide
2/64
VMware, Inc.
3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com
2 VMware, Inc.
Application Discovery Manager Administration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright andintellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents .VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marksand names mentioned herein may be trademarks of their respective companies.
http://www.vmware.com/supportmailto:[email protected]://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentshttp://www.vmware.com/go/patentsmailto:[email protected]://www.vmware.com/supporthttp://www.vmware.com/support/ -
8/6/2019 Adm 61 Admin Guide
3/64
VMware, Inc. 3
Contents
About
This
Book 7
1 Overview 9SystemArchitecture 9
SingleboxAppliance 11
DistributedApplianceSolutions 11
VirtualandPhysicalApplianceSolutions 12
VirtualApplianceDeployment 12
PhysicalApplianceDeployment 13
MirroredNetworkTraffic 13
vCollector 13
MixedEnvironment 13
WhereToGoNext 14
InstallationofNeworAdditionalADMComponents 14
Licenses 14
UpgradingADM 14
MigratingtoaNewAppliance 14
Security 14
2 InstallingADM 15ADMInstallationRequirements 15
InstallationPersonnel 15
ESXResources 15
InstallingthevSphereClient 16DisablingvMotion 16
PreparingtheEnvironment 16
PreparinganESXConfiguration 16
CreatingaNewvSwitchforPassiveDiscovery 17
ConfiguringthevSwitchGeneralSettingsforPassiveDiscovery 17
ConfiguringthevSwitchforPassiveCollector 17
ConfiguringdvSwitchforPassiveCollector 18
DeployingtheVirtualAppliances 18
DeployingtheADMVirtualAppliances 18
BeforeYouBegin 19
DeploymentProcedure 19
InstallingWindowsCollector 20
BeforeYouBegin 20
Deployment 20
Uninstall 21
3 SettingUpADM 23Process 23
OrderofSetup 23
ADMSetupProcedures 23
LaunchingtheFirstBootConfigurationTool 24
-
8/6/2019 Adm 61 Admin Guide
4/64
Administration Guide
4 VMware, Inc.
ConfiguringtheRootPassword 24
UsernameandPasswords 24
ConfiguringStaticNetworkSettings 25
ConfiguringtheTimezoneandTime 25
ConfiguringtheApplianceRole 26
PostInstallationSteps 27
LoggingIntotheADMConsole 27
InitiatingPassiveDiscovery 27
4 SecuringADM 29ChangingtheRootPassword 29
ResettingtheADMRootPassword 29
OpenSSLSelfSignedTestCertificates 30
CASignedTestCertificates 30
SelfSignedCertificates 30
Copyingthe.keyand.crtFiles 31
5 Maintenance 33
ADMServices 33ManagingServiceswithadm_control 34
ProductSupportPackages 34
UsingtheADMConsole 35
UsingtheCLI 35
RestoringanADMEnvironmentbyUsingaProductSupportPackage 36
RestoretheADMDatabase 36
RestoringtheCustomDiscoveryandConfigurationFiles 37
ReconfiguringanADMDeployment 38
AddingaRemoteDatabasetoanExistingADMDeployment 38
ConvertingaSingleboxorAggregatortoaRemoteDatabase 38
MovingaDatabasetoaRemoteAppliance 39
Licenses 39
UploadingaLicense 40
6 UpgradingADM 41Overview 41
ApplianceType 41
MixedEnvironments 41
Licenses 41
ApplianceMigration 41
BackingUpData 41
UpgradingAppliances 42
ImportantNotes 42PreliminaryProcedures 42
UpgradingAppliancesUsingCLI 42
PostUpgradeSteps 43
7 MigratingtoaNewAppliance 45Overview 45
SupportedMigration 45
Licenses 45
SystemArchitecture 45
Process 46
-
8/6/2019 Adm 61 Admin Guide
5/64
VMware, Inc. 5
Contents
PreliminaryProcedures 46
BackingUpWinApeMigrationFiles 46
RestoringWinApeMigrationFiles 47
DataRestoration 47
SingleboxSolution 47
DistributedSolutions 47
Collectors 47
WinApe 47Aggregator 47
DistributedSolutionwithRemoteDatabase 48
Collectors 48
WinApe 48
Database 48
Aggregator 48
PostMigrationSteps 48
8 TroubleshootingADM 49TroubleshootingtheADMbyUsingtheProductSupportPackage 49
DetailDiscovery
Troubleshooting 49
WMI 49
single.sh 49
Location 50
Usage 50
Examples: 51
snmpdump 52
Location 52
Usage 52
Examples 53
nlcapture 53
Location 53
Usage 53
9 UninstallingADM 55UninstallingtheADMAppliance 55
A TimeZones 57
B ADMAPITutorial 59APIFeatures 59
Insight_control 59
AsynchAPI 60
DumpAPI 60
BulkAPI 61
WebServicesAPI 61
Index 63
-
8/6/2019 Adm 61 Admin Guide
6/64
Administration Guide
6 VMware, Inc.
-
8/6/2019 Adm 61 Admin Guide
7/64
VMware, Inc. 7
TheVMwarevCenterApplicationDiscoveryManager(ADM)AdministrationGuideprovidesinformation
thattheadministratorsarerequiredtoinstallandconfiguretheADM.
Intended Audience
Thisdocument
is
part
of
the
VMware
vCenter
Application
Discovery
Manager
documentation
set,
and
is
intendedforusebysystemadministratorsandintegratorsresponsibleforinstallingADM.
TheinstallationproceduresinthisdocumentmustbeperformedbyITprofessionalsfamiliarwith
virtualizationandVMwaretechnologiessuchasVMwareESXserversandrelatedvirtualandphysical
equipment.
VMware Technical Publications Glossary
VMwareTechnicalPublicationsprovidesaglossaryoftermsthatmightbeunfamiliartoyou.Fordefinitions
oftermsastheyareusedinVMwaretechnicaldocumentationgotohttp://www.vmware.com/support/pubs.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour
Technical Support and Education Resources
Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Toaccessthecurrentversion
ofthisbookandotherbooks,gotohttp://www.vmware.com/support/pubs.
Online and Telephone Support
Touseonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and
registeryourproducts,gotohttp://www.vmware.com/support.
Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseon
priority1issues.Gotohttp://www.vmware.com/support/phone_support.
Support Offerings
TofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,goto
http://www.vmware.com/support/services.
About This Book
http://www.vmware.com/support/pubshttp://www.vmware.com/support/pubshttp://www.vmware.com/supporthttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/serviceshttp://www.vmware.com/support/phone_support.htmlhttp://www.vmware.com/supporthttp://www.vmware.com/support/pubshttp://www.vmware.com/support/pubs -
8/6/2019 Adm 61 Admin Guide
8/64
Administration Guide
8 VMware, Inc.
VMware Professional Services
VMwareEducationServicescoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerials
designedtobeusedasonthejobreferencetools.Coursesareavailableonsite,intheclassroom,andlive
online.Foronsitepilotprograms andimplementationbestpractices,VMwareConsultingServicesprovides
offeringsto helpyouassess,plan,build,andmanageyourvirtualenvironment.Toaccessinformationabout
educationclasses,certificationprograms,andconsultingservices,gotohttp://www.vmware.com/services.
http://www.vmware.com/services/http://www.vmware.com/services/ -
8/6/2019 Adm 61 Admin Guide
9/64
VMware, Inc. 9
1
ThischapterdescribesthedifferentVMwarevCenterApplicationDiscoveryManager(ADM)architecture
solutionsandconfiguration.Topicsinclude:
SystemArchitectureonpage 9
VirtualandPhysicalApplianceSolutionsonpage 12
vCollectoronpage 13
MixedEnvironmentonpage 13
WhereToGoNextonpage 14
System Architecture
TheADMprovidessystemarchitecturesolutionstomeettherequirementsofdifferentenvironmentsas
showninFigure 11.
Figure 1-1. ADM Components
VMwareprovidesADMononeormoreappliances.Themodeoftheappliancedetermineswhichcomponent
isrunning.ADMcomponentsaredescribedinTable 11.
Overview 1
AggregatorDatabaseActive
Discovery-Unix
ActiveDiscovery-Windows
PassiveDiscovery
Table 1-1. ADM Components
Component Description
ActiveDiscoveryUNIX
Collectsdatafromtheconfigurationobjectsinyourdatacenter.Thefollowingdiscoverytypesapply:
IPdiscoveryAmethodfordetectinghostsorotherconfigurationitemswithaspecificIPaddresswhenPassiveDiscoveryfailstodiscoverthem.
DetaildiscoveryExtendstheinformationobtainedusingPassiveandIPDiscovery.Itusescommonnetworkprotocolstoremotelyqueryserversinthemanagednetworkandobtainssupplementaryinformationaboutnetworkhostswhichisaddedtothedatabase.
ActiveDiscoveryWindows
AdiscoveryenginethatusesWMIbaseddiscoverypoliciesforperformingactivediscoveryonWindowsmachines.
-
8/6/2019 Adm 61 Admin Guide
10/64
Administration Guide
10 VMware, Inc.
PassiveDiscovery Passivelyobservesthenetworktrafficbyperformingadeeppacketanalysistodiscoverapplicationsandcomponentrelationshipsinphysicalandvirtualenvironments.
Italsoallowsyouto:
Mapdependencies.
Counttheactivityofthesedependencies.
Identifyservices.
Aggregator Receivesdatafromthediscoverycomponentsandreconcilesthedatabeforetransferringittothedatabasecomponent.TheaggregatoralsoprovidestheuserinterfaceforusingADMandistheintegrationpointforvariousintegrations,forexample,ERDB.
Database AnOracleRDBMSusedforstoringdiscovereddataandADMconfiguration.
Table 1-1. ADM Components
Component Description
-
8/6/2019 Adm 61 Admin Guide
11/64
VMware, Inc. 11
Chapter 1 Overview
Single-box Appliance
Inasingleboxappliancesolutionarchitecture,theADMcomponentsareenabledonasingleVirtual
Appliance(VA)asshowninFigure 12.
Figure 1-2. Single-box Appliance Architecture
Chapter 3providestheconfigurationinstructions.
Distributed Appliance Solutions
ThedistributedappliancesolutionhasatleastonedesignatedapplianceenabledasaCollector,andanother
applianceenabledasanAggregatorandDatabaseasshowninFigure 13.
Database
ESX1
ADM VM2
Active Discovery-Windows
Runs on (Virtualization)
Logical monitoringport connectivity
ADM Connectivity
Physical
switch 2
Physical
switch 1
Active Discovery-Unix
Aggregator
PassiveDiscovery
vSwitch
ADM VM1
Role = single-boxRole=Windows collector
(running Win2008on any ESX)
-
8/6/2019 Adm 61 Admin Guide
12/64
Administration Guide
12 VMware, Inc.
Figure 1-3. Distributed Appliance Solution
Virtual and Physical Appliance Solutions
YoucansetupADMeither:
OnyourESXorESXiserversasdescribedinVirtualApplianceDeploymentonpage 12
OnexistingIBMphysicalappliances,onlyupgradingissupportedasdescribedinUpgradingADMon
page 14.
Virtual Appliance Deployment
ADMversion6.1isdeliveredasVA,whichisavirtualmachineimagethatincludesanoperatingsystemand
therelevantADMsoftwarecomponentsinstalledonit.AVAcanrunoneormultipleADMcomponents
dependingontheapplianceroleselected.
DeployingavirtualmachinetemplateinanOpenVirtualizationFormat(OVF)ontotheESXorESXiserver
createsanADMVirtualAppliance.Afterdeployment,poweruptheVAandthenconfigurethestandard
appliancesettings,network,anduserinformation.
DownloadthefollowingartifactsfromtheVMwareWebsite:
http://downloads.vmware.com/Application Discovery Manager
CoreADMTemplateAnOVFtemplatethatincludesallADMcomponentsexceptfortheWindows
CollectorandyoucanconfigureasAggregator,Aggregatorwithremote database,Database,or
Singlebox.
NOTE InaDistributedwithremotedatabasesetup,thereisadesignatedappliancetohostthedatabase.Also,PassiveandDetailDiscoverycanrunonsingleormultipleCollectors.
Database
ESX1
ADM VM6
Active Discovery-Windows
vSwitch
Role = Windows Collector(running Win2008
on any ESX)
ADM VM3
PassiveDiscovery
Active Discovery-Unix
Runs on (Virtualization)
Logical monitoringport connectivity
ADM Connectivity
Physicalswitch 2
Physicalswitch 1
Aggregator
vSwitch
ADM VM1Role = AggregatorRole = collector
ADM VM4 ADM VM4
vSwitch
Role = Collector
ESX3
Active Discovery-Unix
PassiveDiscovery
PassiveDiscovery
vSwitch
Role = Passive collector
ESX2
ESX4
http://downloads.vmware.com/http://downloads.vmware.com/ -
8/6/2019 Adm 61 Admin Guide
13/64
VMware, Inc. 13
Chapter 1 Overview
CollectorADMTemplateAsmallerOVFtemplatethatincludesthePassiveCollectorandActiveand
PassiveCollectorandyoucanconfigureaspassiveandactivediscoveryCollectorandPassiveDiscovery
Collector.
WindowsCollectorInstallerAnexecutablefilethatinstallstheWindowsCollectorcomponentontop
oftheWindows2008R2operatingsystems.
Physical Appliance Deployment
ADMsupportstheupgradingofexistingIBMsingleboxandDistributedsolutions(includingthosethatuse
aremotedatabase).
Mirrored Network Traffic
Themethodinwhichtheapplianceperformspassivediscoveryisbyanalyzingmirroredtrafficfromaswitch
orrouter.Networkdevicesthathavetheabilitytoconfigureamirroredport(sometimescalledasaSwitched
PortAnalyzer,spanportormonitorport)canforwardacopyofallthenetworktrafficfromall(orselected)
portstooneormoremirroredports.Typically,eachnetworkdevicehasallitsportsmirroredtooneport.These
mirroredportsarethenconnecteddirectlytooneofthenetworkinterfacesontheESXserver.
Performoneofthefollowingstepsifyouhavetoconnectmultiplemonitorports:
Connectthemonitorportstoanaggregateswitch(ASwitch),whichisalsoconfiguredwithamonitor
port.PlugthemirroredportoftheASwitchintotheESXservernetworkinterface.
ContactyourVMwareSalesRepresentativeifyourequireanASwitch.
AddfewmorenetworkinterfacestoESXserver.
InstallanotherADMPassiveCollectoronadifferentESXserver.
vCollector
TheADMusesavirtualcollector(vCollector)tolistentocommunicationbetweenvirtualmachinesthatrun
onthesameVMwareESXServer.AvCollectorispresentinsideavirtualmachineanditslistenercollectsthe
informationaboutthevirtualmachinesdeployedontheESXServer.BydeployingavCollector,theADMis
abletopassivelydiscoverdependenciesinavirtualizedenvironment.Youcanthenviewinformationabout
thevirtualmachinesthataredeployedonthesameESXServerincluding:
Dependencymapsbetweenvirtualmachines.
Activitycountsofthedependencies.
Servicesrunningonthevirtualmachines.
Additionalinformationthatisofferedbythelistener.
Mixed Environment
TheADM6.1releaseintroducesADMasavirtualappliance,butitalsosupportsupgradingfrom6.0ona
physicalIBMappliances.Youcanupgradeyourphysicalenvironmentwithadditionalvirtual6.1appliances
likemixedenvironment.ThisadditionalvirtualappliancecanplayaroleofPassiveCollectors(vCollectors)
oranadditionalPassiveandActiveCollectors.
IMPORTANT ConsultITprofessionalsofyourorganizationtoensurethattheappropriateswitchesorroutersthatcontainsthenetworktrafficisusedforDiscoveryareconfiguredproperlyforportmirroringandareaccessibletotheADMappliance.
NOTE
TheADM
Passive
Collector
can
work
with
maximum
of
three
monitor
ports.
If
you
have
to
connect
morethanthreemonitorports,youmustaddanotherADMPassiveCollector.
-
8/6/2019 Adm 61 Admin Guide
14/64
Administration Guide
14 VMware, Inc.
.
Where To Go Next
Thissectionprovideslinksthatcontainsmoreinformationonthetopicslisted.
Installation of New or Additional ADM Components
ContinuebyconfiguringinitialappliancesettingsasdescribedinChapter 2.
Licenses
YouneedanewlicensetouseADMafterupgradingormigrating.ObtainthelicensefromyourVMwareSales
representative.Formoreinformation,seeLicensesonpage 39.
Upgrading ADM
ContinuewithupgradeproceduresasdescribedinChapter 6.
Migrating to a New Appliance
ContinuewithmigrationproceduresasdescribedinChapter 7.
Security
FormoreinformationonADMsecurity,seeChapter 4..
NOTE AllADMappliancesthatparticipateinmixedenvironemntmodemustrunthesame6.1versionoftheADM.
-
8/6/2019 Adm 61 Admin Guide
15/64
VMware, Inc. 15
2
ThischapterdescribesinstallationanddeploymentoftheADM.Topicsinclude:
ADMInstallationRequirementsonpage 15
DisablingvMotiononpage 16
PreparingtheEnvironmentonpage 16
DeployingtheVirtualAppliancesonpage 18
InstallingWindowsCollectoronpage 20
ADM Installation Requirements
ADMisanappliancethatcanruninaVMwareinfrastructure.Thissectioncontainsrequirementsthatmust
bemetbeforeyouinstallandusetheADMappliance.
Installation Personnel
TheinstallationproceduresinthisdocumentmustbeperformedbyITprofessionalsfamiliarwith
virtualizationandVMwaretechnologiessuchasESXserversandrelatedvirtualandphysicalequipment.
ESX Resources
TousetheADMappliance,youmustinstalltheADMapplianceonaVMwareESXserverversion3.5orlater.
ConfigurethevirtualmachineonyourESXserveraccordingtothedeploymentmodelwithresourcesas
describedinTable 21.
Installing ADM 2
Table 2-1. Virtual Appliance Deployments
ADM Virtual Appliance (VA) Memory (GB) Number of vCPUs NICs Disk (GB) OVF Template
Single box 4 4 4 80 Core
Aggregator+DB 4 4 1 80 Core
Aggregator 3 2 1 80 Core
Database 3 2 1 80 Core
PassiveCollector 2 1 4 8 Collector
LinuxActive+PassiveCollector 4 2 4 8 Collector
WindowsActiveDiscoveryCollector
2 1 1 20 Windows2008R2Standard
NOTE VMwaredoesnotprovideOVFtemplateforlocalwindowsmachinethathoststheWinApe.
-
8/6/2019 Adm 61 Admin Guide
16/64
Administration Guide
16 VMware, Inc.
Installing the vSphere Client
InstallthevSphereclienttoworkwithVMwareenvironment.
To download and install the vSphere Client
1 LaunchInternetExplorerbrowser.
2 Intheaddressbar,typetheIPnumberoftheESXServerwherethevirtualmachineisinstalled,for
example:
https://
3 ClicktheDownloadvSphereClientlink,andthenSavetheclientexecutablefiletoyourlocalharddisk.4 Runtheexecutablefile.
5 AcceptthelicenseandclickNext.
6 Typetheusernameandorganizationdetailsiftheydonotappearbydefault.ClickNext.
7 Atthenextscreen,clickNextwithoutselectingInstallvSphereHostUpdateUtility.8 Ifdifferentfromthedefault,specifytheinstallationfolder,andthenclickNext.
9 ClickInstall.
10 ClickFinishtoclosethewizard.
Disabling vMotion
To disable automatic vMotion
1 InthevSphereclient,selectthecluster,rightclickonitandselectEditSettings.2 IntheVMwareDRSsection,selectVirtualMachineOptions.3 SelecttheADMvirtualappliances.
4 SelectDisablefromtheAutomationLevellistbox.5 ClickOK.
Preparing the Environment
PerformthefollowingproceduresbeforeyousetuptheADM.
Preparing an ESX Configuration
CreateandconfigureanewvSwitchforeachphysicalspanport.Repeatthefollowingproceduresforeachnew
vSwitch.
NOTE ADMsupportsWindowsInternetExplorer6.0andlaterbrowsers.
NOTE ThevSphereclientinstallationcantakeseveralminutes.
IMPORTANT ADMvirtualappliancesarenotsupportedbyvMotion.IftheADMvirtualapplianceisinstalledonaVMwareDRScluster,performthefollowingstepstodisableautomaticvMotion.
-
8/6/2019 Adm 61 Admin Guide
17/64
VMware, Inc. 17
Chapter 2 Installing ADM
Creating a New vSwitch for Passive Discovery
To create a new vSwitch for Passive Discovery
1 ConnectthemonitorportstoavailablenetworkinterfacesontheESXserver.
2 ConnecttotheESXserverorvCenterbyusingvSphereclient.
3 NavigatetotheConfigurationtabontheESXserverwhereyouwanttodeployADMappliances.
4 Navigatetothenetworkingconfigurationoption.
5 ClickAddNetworkingtoopentheAddnetworkwizard.6 SelectconnectiontypeasVirtualMachine,andclickNext.
7 SelectthevmnicthatisconnectedtothemonitorportonthephysicalswitchandclickNext.
8 Specifyanetworklabel,forexample,spanport,forthenewportgroupandclickNext.
9 ClickFinish.
Configuring the vSwitch General Settings for Passive Discovery
To configure the vSwitch general settings for Passive Discovery
1 OpenthenewvSwitchPropertieswindow.
2 SelectthevSwitchandclickEdit.
3 NavigatetotheSecuritytabandchangethePromiscuousModefromRejecttoAcceptandclickOK.4 Clickthenetworkadapterstab,selecttherelevantvmnicandclickEdit.
5 ChangetheConfiguredSpeed,Duplexto10MB,FullDuplex.6 ClickOKandthenClose.
Configuring the vSwitch for Passive Collector
Connect the Passive Collector to a port group. To define a port group
1 CreateaportgroupinthevSwitchasfollows:
a LogintotheESXServerorvCenterusingvCenterClient.TheVirtualInfrastructureClientscreen
appears.
b ClicktheConfigurationtab.
c SelectNetworkingfromtheHardwarelist.
d Fromtheprecedingscreen,selectProperties.
e SelectPortsandclickAdd.
f SelectVirtualMachineandclickNext.g SettheNetworkLabel,forexample,ADMspanportandclickNext.
h Verifythattheportgroupislisted,andclickFinish.
2 ChangethePromiscuousModetoAccept.ThisvalueissettoRejectbydefault.a Selecttheportgroupthatyoucreated;forexample,ADMspanport.
b ClickEditandselectSecuritytab.
c SelectPromiscuousMode,andthenselectAcceptfromthelistbox.
IMPORTANT PerformthefollowingstepstoconnecttovSwitchesthatspantheinternaltrafficbetweenvirtualmachinesrunningontheESXServer.
-
8/6/2019 Adm 61 Admin Guide
18/64
Administration Guide
18 VMware, Inc.
d ClickOKandthenClose.
Configuring dvSwitch for Passive Collector
IfavirtualmachineisdirectlyconnectedtothenetworkandnotthroughthevSwitch,thephysicalCollector
observesthetraffic,whilethevSwitchdoesnot.ThisistermedasVMDirectPath.
SoftwarebasedCiscoNexusswitchesaresupported.
ThisprocedureisrelevantonlyforvSphere4andnotforESX3.5.
To create a port group in the dvSwitch
1 LogintothevCenterserverwithvCenterclient.
2 ClickConfigurationandthenselectNetworkingfromtheInventorytab.
3 SelectDistributedvSwitch.4 OntheConfigurationtab,selectNewPortGroup.5 ConfiguresupportforallVLANsbyenteringthedetailsontheCreateDistributedVirtualPortGroup
windowasshowninTable 22.
.
6 ClickNexttofinishandreturntothedvSwitchNetworkConfigurationscreen.
7 SelecttheADMspanportgroupandclickProperties.8 ClicktheSecuritytabontheADMspanportPropertieswindow.
9 SelectPromiscuousMode,andthenselectAcceptfromthelistbox.10 ClickOKandthenClose.
Deploying the Virtual Appliances
TheADMvirtualappliancecontainsandrunsoneormoreofthefollowingcomponents:
Aggregator
Database
ActiveDiscoveryUNIX
Passive
DiscoverySystemArchitectureonpage 9describestheappliancearchitecture.
PerformthefollowingproceduresbyusingaWindowsmachinewithremoteaccesstotheESXserver.
Deploying the ADM Virtual Appliances
VirtualappliancesareinstalledontheESXserveraccordingtheconfigurationsinTable 23.
Table 2-2. VLAN Support
Parameter Value Specified
Name Anameforportgroup(ADMspanport).ThenamemustbesameasinvSwitchprocedure.
Numberofports OneforeachESXindatacenter
VLANtype VLANTrunking
VLANID 04094
-
8/6/2019 Adm 61 Admin Guide
19/64
VMware, Inc. 19
Chapter 2 Installing ADM
Before You Begin
EnsureallrequirementsaremetasdescribedinESXResourcesonpage 15.
Deployment Procedure
RepeatthefollowingstepsoneachADMvirtualappliance,excepttheWindowsCollectorthatisinstalled
separatelyasdescribedinInstallingWindowsCollectoronpage 20:
1 DownloadtheADMvirtualappliancefilesfromVMwareWebsiteandextractthefilestoalocalfolder.
TheextractedZipfilesincludeanOVFandaVMDKfile.
TheVAfilesareinZipformatwiththefollowingnamingconvention:
OVF Template-build number
where:
OVFTemplateisasdescribedinTable 23.buildnumberistheADMversionandbuildnumber.
2 LogintotheESXserverbyusingthevSphereclient.
3 IntheFilemenu,selectDeployOVFTemplate.BrowsetotheOVFfileandselectit.4 ClickNext.TheOVFTemplateDetailsscreenappears.
5 ClickNext.TheNameandLocationscreenappears.
Table 2-3. Virtual Appliance Configuration
Appliance Type OVF Template Includes Component(s)
Aggregator ADMCore Aggregator
Database
Single box ADMCore Aggregator
Database
PassiveDiscovery
UNIXActiveDiscovery
Database ADMCore Database
Aggregatorwithremotedatabase
ADMCore Aggregator
PassiveDiscoveryCollector ADMCollector PassiveDiscovery
PassiveandActiveDiscoveryCollector
ADMCollector UNIXActiveandPassiveDiscovery
NOTE InstallaseparateWindowsCollectorusinganinstallationwizardasdescribedinInstallingWindowsCollectoronpage 20.
IMPORTANT PerformanceofADMCollectorsisaffectedbydistanceandnetworklatencybetweentheCollectorsandobjectsbeingdiscovered.Formoreinformation,seeVMwarevCenterApplicationDiscoveryManagerPeformanceandScalabilityGuide.
NOTE YoucandeployADMcomponentsinanyorderorevensimultaneouslybyusingthevSphereclient.
IMPORTANT Ensurethatthebuildnumberisidenticalforallappliancesdeployed.
NOTE IfanSSLCertificateWarningmessageappears,clickIgnore.
-
8/6/2019 Adm 61 Admin Guide
20/64
Administration Guide
20 VMware, Inc.
6 TypeauniquevirtualappliancenameaccordingtotheITnamingconventionofyourorganizationand
withrelevancetotheappliancetypeasdescribedinTable 23.
7 ClickNext.TheDatastorescreenappears.
8 ClickNext.
The
Network
Mapping
screen
appears.
9 ClickNext.TheReadytoCompletescreenappears.ItdisplaysdetailsabouttheOVFfile,sizefor
downloadandsizewhenextracted,virtualappliancename,hostorcluster,datastoreandnetwork
mapping.
10 ClickFinishtoconfirmthesettingsandbeginthedeployment.
11 ClickCloseinthemessagedialogboxwhendeploymentsuccessfullycompletes.
12 Repeatthisprocedureuntilallcomponentsaredeployed,andthencontinuewithInstallingWindows
Collectoron
page 20.
Installing Windows Collector
Before You Begin
EnsurethattheWindowsmachineonwhichtheCollectorisbeinginstalledmeetstheminimumrequirements
asdescribedinESXResourcesonpage 15.
Deployment
To deploy Windows Collector on a Windows machine
1 Downloadthe
VMware
vCenter
ADM
Windows
Collector
executable
file
from
VMware
Web
site
to
your
localWindowsmachine.
2 Doubleclicktheexecutablefile.
TheInstallShieldWizardscreenappears.
3 ClickNext.TheLicenseAgreementscreenappears.
4 Readthelicense,selectIacceptthetermsofthelicenseagreement,andclickNext.TheChooseInstallationFolderscreenappears.
5 Ifyouwanttochangethedefaultinstallationlocation,clickChangeandselectthepreferredinstallation
directory.
6 ClickNext.TheHostInformationscreenappears.
7 TypethefollowinginformationtoconfiguretheWindowsCollector:
AggregatorIPAddress
NOTE Ifthereismorethanonedatastore,selectthedatastorewhereyouwanttoinstallthevirtualmachine.
NOTE TheprocessofcopyingandconfiguringtheADMcomponentcantakeseveralminutes.ThedeploymentandconfigurationstatusappearsinamessagedialogboxandtheRecentTaskspane.
NOTE Ifawarningappearsaboutanunknownpublisher,clickRuntoproceed.
NOTE Usethescrollbartoviewallofthelicensetext.Ifyoudonotwanttoacceptthelicense,youwillbepromptedtoconfirmthisbeforetheinstallationprogramcloses.
NOTE Thedefaultinstallationpathis:C:\Program Files\VMware\ADM.
-
8/6/2019 Adm 61 Admin Guide
21/64
VMware, Inc. 21
Chapter 2 Installing ADM
WindowsCollectoruniqueID
8 ClickNext.TheInstallationscreenappears.
9 ClickInstalltobegintheinstallation.
10 ClickFinishtoclosetheInstallShieldWizardscreenwhentheinstallationprocessiscomplete.
Uninstall
To uninstall the ADM Windows Collector
1 OpentheWindowsControlPanel.
2 IntheControlPanelwindow,selectProgram>UninstallaProgram.TheUninstallorchangeaporgramscreenappears.
3 DoubleclickorrightclickandselectUninstalltoinitiateremovaloftheADMWindowsCollector.
4 ClickFinishtoclosetheInstallShieldWizardscreenwhentheuninstallationprocessiscomplete.
NOTE ThisisthesameidentifierthatwasdefinedontheAggregatorsideforWMIdiscovery.Thedefaultvalueis200.
NOTE TheprocessofinstallingandconfiguringtheWindowsCollectorcantakeseveralminutes.
NOTE TheremovaloftheWindowsCollectorcantakeseveralminutes.
-
8/6/2019 Adm 61 Admin Guide
22/64
Administration Guide
22 VMware, Inc.
-
8/6/2019 Adm 61 Admin Guide
23/64
VMware, Inc. 23
3
ThischapterprovidesinformationforsettinguptheADMvirtualappliancedeployments.
Topicsinclude:
Processonpage 23
PostInstallationStepsonpage 27
Process
AftertheADMapplianceisdeployedontheESXServer,performthefollowingprocedures:
OrderofSetuponpage 23.
ADMSetupProceduresonpage 23
ConfiguringtheRootPasswordonpage 24
ConfiguringStaticNetworkSettingsonpage 25
ConfiguringtheApplianceRoleonpage 26
UploadingaLicenseonpage 40
Order of Setup
RepeatthesetupproceduresforallADMcomponentsinthefollowingorderforallvirtualappliances:
1 Database(whereremotedatabaseisused)
2 Aggregator
3 Collectors(Passive,ActiveandPassiveCollector)
TheWindows
Collector
is
set
up
as
described
in
Installing
Windows
Collector
on
page 20.
ADM Setup Procedures
Beforeyoubeginensurethatyouhaveperformedthefollowing.
1 EnsureallrelevantcomponentsaredeployedasdescribedinDeployingtheVirtualApplianceson
page 18.
2 ObtaintherequiredinformationforeachappliancedeployedinStep 1andrecordthesevaluesasshown
inTable 31.
Setting Up ADM 3
NOTE ADMonlysupportsusingastaticIPaddressfortheADMvirtualmachine.
-
8/6/2019 Adm 61 Admin Guide
24/64
Administration Guide
24 VMware, Inc.
Launching the First Boot Configuration Tool
RepeatthefollowingstepsforeachADMvirtualappliance:
1 Whileselectingthevirtualappliance,poweritupbyeither:
clickingthetoolbaricon
Or
rightclickingandselectingPower>PowerOn
2 RightclicktherelevantapplianceandselectOpenConsoletabtomonitorthisprocedure.Theapplianceandrelevantservicesstartup.AWelcomemessagefortheADMfirstbootconfiguration
tool(wizard)appears.
3 Tolaunchthetoolandconfiguretheinitialappliancesettings,typeyes.Thewizardasksyoutochangethedefaultpassword.Youcanchangethedefaultpasswordbyfollowingtheinstructionsdescribedin
ConfiguringtheRootPasswordonpage 24.
Configuring the Root Password
Performthefollowingproceduretochangetherootpassword.
User name and Passwords
Passwordsmustcontainaminimumofeightcharactersanditisrecommendedtoincludethefollowing
charactertypes:
numeric
uppercase
lowercase
nonalphanumericsuchas#or!
Table 3-1. Network Values
Parameter Value
NetworkIPaddress
Networknetmask
Networkgateway
DomainNameServer(DNS)
NOTE:YoucanenteruptothreeDomainNameServersseparatedbycomma.
FullyQualified(FQ)hostname
NOTE TheWindowsActiveCollectorissetupasdescribedinInstallingWindowsCollectoronpage 20.
NOTE StatusofvarioustasksappearintheRecentTaskspaneonthebottomofthevSphereClientmainscreen.
NOTE Ifyoutypenofortheinitialappliancesettingsmessage,youcanruntheinitialconfigurationlaterbyrunningthesystem_setupcommand.
NOTE Ifyoutypenoforthechangepasswordmessage,thewizardpromptsyoutoaddnetworkinformation.YoucanaddthenetworkinformationasdescribedinConfiguringStaticNetworkSettingsonpage 25.
-
8/6/2019 Adm 61 Admin Guide
25/64
VMware, Inc. 25
Chapter 3 Setting Up ADM
To change the Root Password
1 TypeanewpasswordfortherootuserandpressEnter.
2 RetypethepasswordandpressEntertoconfirm.Thewizardnowaskstoaddnetworkinformation,type
yes.Thewizardpromptsyoutoaddnetworkinformationandyoucanaddthenetworkinformationas
describedinConfiguringStaticNetworkSettingsonpage 25.
Configuring Static Network Settings
TheADMonlysupportsusingastaticIPaddressfortheADMvirtualappliance.
BeginningwiththeIPaddress,typethevaluesthatarerecordedinADMSetupProceduresonpage 23,as
describedinTable 32.
Ifallthenetworkinformationiscorrect,thewizardpromptsyoutosetupthetimezone.Youcansetupthe
timezoneasdescribedinConfiguringtheTimezoneandTimeonpage 25.
Configuring the Timezone and Time
Thispromptasksyoutosetupthetimezone,typeyes.Thewizarddisplaysthecurrenttimezoneandprompts
youtosetupthetimezonebyclickingthenumberofyourchoice.Theoptionsavailableareasfollows:
1 Fromzonelist:Ifyouselect1,allpossiblezonesarelistedandyoucanenterthenumberoftimezonethat
youwanttoset.Thewizarddisplaystheselectedtimezoneandasksforconfirmation.Ifyoutypeyes,the
timezoneisselectedandamessagetosetupthelocaltimeappears.
Or
2 Manually:Ifyouselect2,amessagethatasksyoutoentermajorworldcityincontinent/cityformat
appears.EnterthedetailsaspertheformatandpressEnter.Ifthetimezoneenteredispresentinthe
database,thetimezoneisselectedandamessagetosetupthelocaltimeappears.
Or
3 ExitTimeZonesettings:Ifyouselect3,thewizardexitsthetimezoneconfigurationandamessagetoset
upthelocaltimeisdisplayed.
Formoreinformationabouttimezones,seeAppendix A,TimeZones,onpage 57.
Thewizarddisplaysthecurrenttimeandaskstosetupthelocaltime.Enterthecurrentdateandlocaltimein
YYYY/MM/DDHH:MM:SSformat,andpressEnter.
NOTE Ifyoutypeno,youcanaddthenetworkinformationbyrunningthesystem_setupcommandandamessagetosetupthetimezoneappears.YoucansetupthetimezoneasdescribedinConfiguringthe
TimezoneandTimeonpage 25.
NOTE Defaultvaluesappearinparenthesis.Someofthesevaluesmustbechangedaccordingtothefollowingsteps.
Table 3-2. Network Settings
CLI prompt Notes and Values
IPaddress TypetheIPaddress.
Netmask Typethenetmask.
Gateway Typethegateway.
DNS TypetheDNS.
Hostname FullyqualifiedhostnametobeusedbyADM,forexample
localhost.localdomain.com
-
8/6/2019 Adm 61 Admin Guide
26/64
Administration Guide
26 VMware, Inc.
Thewizarddisplaysallthesettingsthatyouhavecompletedandasksforyourconfirmationtosavethe
information.Ifyoutypeyes,thewizardsavesthesettingsandthesystemstartsrebooting.Aftercompletion,
thewizarddisplaysthemessagetosettheappliancerolesetting.Youcanconfiguretheapplianceroleas
describedinConfiguringtheApplianceRoleonpage 26.
Configuring the Appliance Role
ForCoreappliancesdeployedinDeployingtheVirtualAppliancesonpage 18,theappliancerolechoicesare
showninTable 33.
To configure the appliance role for Core
1 TypeyesattheappliancerolepromptandpressEnter.
2 TypetherolenumberandpressEnter.
Thewizardstartsconfiguringapplianceroleandcreatestheinitialdatabaseschema.Thisprocessmighttake
sometime.
Theapplianceroleisthencreated.Thisprocessmighttakesometime.
ForCollectorappliancesdeployedinDeployingtheVirtualAppliancesonpage 18,theappliancerole
choicesareshowninTable 34.
To configure the appliance role for Collector
1 TypeyesattheappliancerolepromptandpressEnter.
2 TypetherolenumberandpressEnter.
3 Ifyouselect1,youhavetoentertheCollectorIDofyourchoiceandpressEnter.Thedefaultvalueis100.
4 TypetheAggregatorIPandpressEnter.
NOTE Ifyoutypeno,thewizarddoesnotsaveanythingandyoumuststartthesettingsfromthebeginning.
NOTE Ifyoutypeno forappliancerolesetup,youmustruntherole_setupcommandtosetuptheappliancerole.
Table 3-3. Core Appliance Roles
Select Role Configures
1 Aggregator CombinedAggregatoranddatabaseapplianceindistributedsolution.
2 Single box Singleboxsolution.
3 Database DatabaseapplianceinDistributedwithremotedatabasesolution.
4 Aggregatorwithremotedatabase
AggregatorapplianceinDistributedwithremotedatabasesolution.
5 Remindmelater Skipsapplianceroleconfigurationfornow.Youmustruntherole_setupcommandtosetuptheappliancerole.
NOTE Ifyouselect4,thewizardalsoaskstoenterthedatabaseIP.
Table 3-4. Collector Appliance Roles
Select Role Configures
1 PassiveandActiveDiscoveryCollector
SingleCollectorforactiveandpassivediscovery
2 PassiveDiscoveryCollector
ThisoptionalsoconfiguresPassiveCollectorInternal.
3 Remindmelater Skipsapplianceroleconfigurationfornow.Youmustruntherole_setupcommandtosetuptheappliancerole.
-
8/6/2019 Adm 61 Admin Guide
27/64
VMware, Inc. 27
Chapter 3 Setting Up ADM
Theapplianceroleisthencreated.Thisprocessmighttakesometime.
Post-Installation Steps
Before
you
login
to
the
ADM
console,
clear
the
cache
of
your
browser
to
prevent
the
possible
appearance
of
incorrectinformationinthedisplays,applicationerrors,andothererrormessageswhenopeningtheADM.
Logging In to the ADM Console
Afteryoucompletetheapplianceinstallation,logintothesystembyusingthebrowserandperformthe
followingsteps:
1 TypetheIPaddressofthemanagementapplianceintheaddressbarandclickGo.Theloginscreen
appears.
2 TypeadminintheUsernamefieldanddefaultpassword123456inthePasswordfield.
3 ClickLogin.
Initiating Passive Discovery
OnlyonePassiveDiscoveryPolicyDefinitionpresentintheADM.ThefirsttimeyouuseADM,youmustset
upthepolicydefinitionandstartit.
To initiate Passive Discovery
1 ClickManage,andthenselectthePassiveDiscoverymenu.2 SelectthecomponentsonwhichADMperformsPassiveDiscoveryfromtheScopeComponentfield.3 Basedonyourselection,typetheappropriateIPinformation:
IPrangeUseNotationtotypeagroupofhostswithsimilarIPaddresses.Forexample,192.0.2.*
includesallhostswithIPsstartingwith192.0.2.Youcanalsosearchallhostsbytypinganasteriskin
eachfield.UseIPrangetoincludeagroupofhostswithinadefinedIPrange.
IPAddasinglespecifichosttothegrouptoincludeorexcludefromthescope.
SubnetNetMaskConfiguretheIPaddressscopebyprovidingthebasenetworkaddresswiththe
fulldotteddecimalnotationforthesubnetmask,
SubnetSlash
Notation
Configure
the
IP
address
scope
by
providing
the
base
network
address
with
theClasslessInterDomainRouting(CIDR)notationforthesubnetmask.
4 ClickIncludetoincludethecomponentsinthediscoveryorExcludetoexcludethemfromit.
5 RepeatStep 2throughStep 4foreachcomponentthatyouareincludingorexcludingfromdiscovery.
6 Optionally,usetherulesandruletemplatestofurtherdefinethescopecriteria:
YInstructsADMtoincludethecomponentsinthePassiveDiscovery.
NExcludesthecomponentsfromdiscovery.
IAllowsyoutoignoretherule.
7 Ifyouselectaruletemplate,clickthebluelinktocustomizetherule.
NOTE TheWindowsActiveCollectorroleisinstalledbyrunninganexecutableasdescribedinInstallingWindowsCollectoronpage 20.
NOTE AdditionalADMUIadministratorsandthemorelimitedoperatorusersarelaterdefinedbythedefaultADMadminuser.TheVMwarevCenterApplicationDiscoveryManagerUsersGuideprovidesmoredetails.
IMPORTANT Youmightberequiredtouploadanewlicense.Beforeproceeding,reviewthecriteriaandifnecessary,performthestepsdescribedinLicensesonpage 39.
-
8/6/2019 Adm 61 Admin Guide
28/64
Administration Guide
28 VMware, Inc.
8 ClickUpdatetosavethesettings.
9 Optionally,addaPassiveDiscoveryPlan.
10 RestartPassiveDiscovery.NavigatetotheManage>Systempage,andclickRestartDiscovery.11 ClickOKinthemessageboxthatstates:
StartinganewPassiveDiscoverydeletesallexistingdiscoverydata.Thismighttakeafewminutes.The
systemisunavailabletoallusersduringthisprocess.Continue?
12 ClickOKtobeginthediscoveryprocess.ThedashboardreappearswiththeDiscoverystatus(initially
Discovering)inthetopstatusbaroftheADMConsole.
13 YoucannowbeginusingtheADM.TheVMwarevCenterApplicationDiscoveryManagerUsersGuideprovidesanoverviewofPassiveDiscovery,andtheonlinehelpprovidesmoredetailontheactionsthat
youcanperform.
-
8/6/2019 Adm 61 Admin Guide
29/64
VMware, Inc. 29
4
ThischapterprovidesinformationonsecuringADMappliance.Topicsinclude:
ChangingtheRootPasswordonpage 29
ResettingtheADMRootPasswordonpage 29
OpenSSLSelfSignedTestCertificatesonpage 30
CASignedTestCertificatesonpage 30
Changing the Root Password
To change the root password
1 LogintotheADMappliancebyusingaSecureShell(SSH)client.
2 Runthepasswdcommand:
Thewizardaskstoenteranewpassword.
Retypethepassword.
Ifboththepasswordsmatch,thepasswordischangedandallauthenticationtokensgetsupdated.
Resetting the ADM Root Password
To reset the ADM root password
1 UsingtheVMwarevSphereclient,startorrestartthevirtualmachine.
2 Afterthevirtualmachinerestarts,clickanykeyintheconsolewindow.
Thebootscreenappears.
3 PressetoentertheGRUBbootmenu.
TheGNUGRUBloaderscreenappears.4 Highlight(2.6.24.79.smp.pae.gcc3.4.x86.i686),andpresse.
5 Selectthekernellineandpressetoedittheentry.
Securing ADM 4
NOTE Ifyoudonotclickanykeyintheconsolewindowimmediatelyafterthevirtualmachinerestarts,youmustrestartthevirtualmachineandperformstep2again.
Togiveyouadditionaltimewhenclickingakeyintheconsolewindow,youcanmanuallyaddalineto
theVMXfile.AddingthelinetothefilecausestheBIOStodelay.Forexample,tocausea10seconddelay,
powerdownthevirtualmachine,opentheVMXfileinatexteditor,typethefollowinglineintheVMX
file:
bios.bootDelay=10000
-
8/6/2019 Adm 61 Admin Guide
30/64
Administration Guide
30 VMware, Inc.
6 Placeyourcursorattheendofthelineandappendthelinebytyping:
single
7 PressEntertocommitthechange.
8 Pressbtostartthesystem.Yoursystemstartswithoutrequiringapassword.
9 Typethe
following
command
to
reset
the
password:
passwd
10 Followthepromptsastheyappearonthescreentosetthepassword.
11 Typethefollowingcommandtorestartthesystem:
reboot
Yourpasswordischangedandrestartsthesystem.
OpenSSL Self-Signed Test Certificates
TheVMwarevCenterApplicationDiscoveryManagerdefaultinstalledcertificateiscreatedduringthe
installationandisvalidforoneyeartousetheapplianceuntilyouacquirealocalCertificateAuthority(CA).
PublicfacingsecureWebsitesmustuseathirdpartyCA.Ifyouwanttousetheapplianceintestenvironment
andthendeploythatappliancetoaproductionenvironment,youmustnotchangethehostnameastheADM
doesnotsupportchangingthehostname.Instead,youcansetupanaliasintheDNStoresolvetheappliance
hostname.
CA Signed Test Certificates
TocreateCAsignedcertificates,youmustgenerateacertificaterequestfile(csr).Thecertificaterequestfile
providesdetailsabouttherequesterofthecertificateandthecertificateissignedbytheprivatekeyaboveto
yourtrustedcertificateauthority.
Createthecertificaterequestbytyping:
openssl req -new -key server.key -out server.csr
FillintheX.509attributesasspecifiedpreviously.FormoredetailsconsultyourCA.
ToinstallthecertificateprovidedbyyourCA,performthestepsdescribedinCopyingthe.keyand.crtFiles
onpage 31.
FreeCAproviders,ashttp://www.cacert.orgexist.
Self-Signed Certificates
Useselfsignedcertificatesonlyinthetestenvironments,orwhereonlyalimitednumberofconnectionsisestablished.Forexample,peertopeerrelationshipscanbeacustomVPNorAS2linkbetweentwocompanies,
orbetweentwodifferentsitesofthesamecompany.Selfsignedcertificatesbecomeimpracticalasthenumber
ofcertificatesnecessarytomanagegrowslinearlywiththenumberofpeeringrelationships.AlocalCA,while
morecomplextosetup,reducesthenumberofkeysrequiredtobedistributedforverification,andreplicates
arealworldcertificateenvironment.ACAcancostlesstomanagethanhundredsorthousandsofindividual
certificatesoneachpeersystem.
Certificatecreationrequirestheopensslutility.TheopensslutilityislocatedintheADMappliancefolder.
/usr/bin/openssl
NOTE YoucanalsoresettheADMrootpasswordbyrunningsystem_setupcommand.
NOTE Donotusetheselfsignedcertificatesinproductionenvironments.
-
8/6/2019 Adm 61 Admin Guide
31/64
VMware, Inc. 31
Chapter 4 Securing ADM
To create a certificate
1 TogeneratetheRivest,Shamir,andAdleman(RSA)keytype:
cd /etc/httpd/conf/ssl.prm/
openssl genrsa 2048 > server.key
chmod 400 server.key
TheopenSSLutilitycangenerateaDigitalSignatureAlgorithm(DSA)keybyusingthegendsaoption.
Forcompatibility,VMwarerecommendsRSAkeysbyusing2048bitsasthekeysize.
2 Createthecertificatebytyping:
openssl req -new -x509 -nodes -sha1 -days 365 -key server.key > server.crt
The-new,-x509,and-nodesargumentsarerequiredtocreateanunencryptedcertificate.The-days
argumentspecifiesthelengthoftimethecertificateisvalid.
Forencryptedcertificates,everytimeyouarerequiredtotypethepassworduntilthekeyisloaded.
YoucanaskquestionstocompleteX.509attributescertificate.Adjusttheanswerstoyourlocalsettings.If
frequentlytyped,youcanupdatethesystemopenssl.cnffile(inthe/usr/share/ssl/directory)withthecorrectdefaults.
Table 41listsX.509attributesamplepromptsandanswers.
Forwebservices,thecommonnamefieldmustexactlymatchthehostname(orVIPname,forhostsassociated
withaloadbalancer)ofthesystemcertificateisusedon;otherwise,acertificatetohostnamemismatchcan
occur.InpeertopeersetupsforAS2,thisfieldcanusuallybesettoadescriptivestring.
Thecertificatedataintheserver.crtfilemustbetransferredtoallclientsystemsthatneedtoverifythekey
oftheservertowhichitisconnected.Ifthismethoddoesnotscale,setupaCA,anddistributethesigning
certificatetotheclientsinsteadofeachselfsignedcertificate.Optionally,youcanextractthemetadata.
Copying the .key and .crt FilesTypethefollowingcommandstocopythe.keyand.crtfiles:
cp server.crt /etc/httpd/conf/ssl.crt
cp server.key /etc/httpd/conf/ssl.key
Tomakethecertificateeffective,restarttheApacheservicebytyping
adm_control.pl --restart apache
NOTE Inmostcases,encryptedcertificatesarenotworththeoperationalburden,aseachprocessrestartorsystemrestartrequiresyoutomanuallytypeapassword.
Table 4-1. X.509 Sample Prompts and Answers
Prompt Answer
Countryname(2lettercode)[AU]: US
Stateorprovincename(fullname)[SomeState]: Massachusetts
Localityname(eg,city)[]: Boston
Organizationname(forexample,company)[InternetWidgitsPtyLtd]: YourCompanyOrg
Organizational
unit
name
(for
example,
section)
[
]:
Commonname(forexample,YOURname)[]: hostname.domain
Emailaddress[]: [email protected]
http://en.wikipedia.org/wiki/X.509http://en.wikipedia.org/wiki/X.509 -
8/6/2019 Adm 61 Admin Guide
32/64
Administration Guide
32 VMware, Inc.
-
8/6/2019 Adm 61 Admin Guide
33/64
VMware, Inc. 33
5
ThischapterdescribesthenecessaryconceptsandprocedurestomaintainanADMdeployment.Topics
include:
ADMServicesonpage 33
ProductSupportPackagesonpage 34
RestoringanADMEnvironmentbyUsingaProductSupportPackageonpage 36
ReconfiguringanADMDeploymentonpage 38
Licensesonpage 39
ADM Services
Table 51describesthemainADMservices.
Maintenance 5
Table 5-1. ADM Services
Service name Description
apache Webserverservice.
active_probe ServiceresponsibleforperformingDetailDiscoveryandrunsonLinuxCollectorsandtheWindowsvirtualmachine.Thisserviceperforms:
WMIbaseddiscoveryontheWindowsCollector
SSH,SNMP,VISDK,andTelnetbaseddiscoveryontheUNIXCollector
engine ThecoreofADMandincludesthefollowingcomponents:
Userinterface
Management
Reconciliations
Analytic
listener ServiceresponsibleforthePassiveDiscoverymechanisms.
oracle Databaseservice.
vnc PhysicalIBMCollectorsonly.
ThevncserviceenablesVNCaccesstotheWindowsinstancesothattheIPaddresscanbeconfigured.
vmware PhysicalIBMCollectorsonly.
TheWindowsinstanceontheapplianceisinstalledonavirtualmachine.ThevmwareservicestartsVMwaresothattheWindowsinstancecanstart.
watchdog Servicethatmonitorsthehealthoftheotherservices.Ifanotherservicehasaproblem,watchdogservicetriestoidentifytheserviceandresolvetheproblem.
-
8/6/2019 Adm 61 Admin Guide
34/64
Administration Guide
34 VMware, Inc.
Managing Services with adm_control
ADMprovidestheadm_control.plscripttostart,stop,andmonitorADMservices.Youcanstartorstopany
service,butifyoustopanyservicealldependentservicesarestoppedasaresult.Alldependentservicesis
listedduringthestopprocess.Table 52listsanddescribesthecommandsfortheADMservices.
ServicenameisanameofServicedefinedinTable 51.NOTE Everyappliancehasonlyrelevantservicesstartedandalltheothersaredisableddependingontherole.To run an adm_control.pl command
1 Logintotheapplianceasuserroot.
2 Typetheadm_control.plcommandasdemonstratedinTable 52,forexample:
adm_control.pl --stop all
AllservicesthatarelistedinTable 51stop.
Product Support Packages
Createtheproductsupportpackagestobackup,restore,ortroubleshoottheADM.
ProductsupportpackagescontainarealtimecaptureoftheADMdatabase,configurationfiles,customization
files,andlogs.Table 53describesthefilestheproductsupportpackagecontainsanditsuse.
VMwarerecommendsthatyoucreateandsaveasupportpackagepriortoperforminganymaintenance
procedures,suchasanupgrade,restore,andfreshinstallationsorbeforecontactingVMwareCustomer
Support.
SupportpackagesarebackupsoftheADMandrelevantconfigurationfiles.Thesepackagescontain
troubleshootinglogfilesandareusedtorestoreyourADMenvironment.
Table 5-2. ADM Service Commands
Use the Following Command To
adm_control.pl status DisplaythestatusoftheADMservice.adm_control.pl stop StoptheADMservice.adm_control.pl start StartastoppedADMservice.adm_control.pl restart StopandrestarttheADMservice.adm_control.pl help Displayallofthecommandoptions.
adm_control.pl commandall Applythecommandtoallservices.
Table 5-3. Product Support Packages Files and Uses
File Use
Databasedata BackupandrestoreoftheADMdatabase.
ActiveProbeandPassiveListenerdefinitionfiles BackupandrestoreoftherequiredADMconfigurations.
DetaildiscoveryandPassiveDiscoveryfingerprints BackupandrestoreofthecustomADMconfigurations.
Logs Troubleshooting.
Licensefile Serialnumberusedformanagedserverhost.
-
8/6/2019 Adm 61 Admin Guide
35/64
VMware, Inc. 35
Chapter 5 Maintenance
YoucancreatesupportpackageseitherthroughtheADMConsoleorthroughtheCommandLine
Interface (CLI).
Using the ADM Console
UsetheADMConsoletocreateaproductsupportpackageinanSingleboxsetupdeploymentandtocreatea
productsupportpackagefortheAggregatorinanytypeofADMdeployment.Chapter 2describesthe
differentADMdeploymentoptions:
1 LogintotheADMConsole.
2 NavigatetoManage>System>CreateProductSupportPackage.3 WaitforafewminutesandthenrefreshthepagetoseeiftheStatushaschangedfromPendingtoSuccess.
4 ClicktheappropriateproductsupportpackageZipfiledisplayedinthetableanddownloadit.
Bydefault,thefilenamesarelistedfromthemostcurrentbackdate.EachproductsupportpackageZip
filenameincludestheADMdatabaseschemaversion,date,andtimestampforeasyrecognition.
5 ClickSave.
Using the CLIUsetheCLItocreatesupportpackagesforeachcollectorordatabaseinadistributedADMdeployment,orfor
theAggregator,database,orsingleboxdeploymentwhentheAggregatorisnotavailablethroughtheADM
Console.Chapter 1describesthedifferentADMdeploymentoptions:
1 LogintotheCollectororAggregatorapplianceasuserroot.
2 Changethedirectorytothe/home/nlayers/Seneca/management/APIsdirectory.
3 Typethefollowingcommand:
./InSight_control.sh supportpackage --get --output filename
filename.zip is created at the same location.
4 CopyandsavethezipfilefromtheADMappliancetoadifferentlocation.
NOTE Productsupportpackagesrequireapasswordforextraction.ContactVMwareCustomerSupporttoretrievethepasswordifyouusetheproductsupportpackagetorestoreADMortheADMdatabaseas
describedinRestoringanADMEnvironmentbyUsingaProductSupportPackageonpage 36.
CAUTION
Reimaging
removes
all
files
(including
the
support
package)
from
the
appliance,
so
save
the
supportpackageelsewhere.
NOTE TheUIoptionisrelevantonlytotheapplianceswithAggregatorcomponent.
NOTE Bydefault,theADMsavestheproductsupportpackagesonlyforsevendays.Ensuretosavetotheproductsupportpackagetoanotherlocationifyouwanttosavetheinformationforlongerduration.
NOTE LogintotheAggregatortocreateabackupoftheADMdatabase.Youarenotrequiredtologintotheremotedatabaseappliancetocreateabackupofthedatabasefiles.
NOTE Ensuretosavetotheproductsupportpackagetoanotherlocationifyouwanttosavetheinformationforlongerduration.TheADMsavesthepackageonlyforsevendaysifyouselectthedefault
location.
-
8/6/2019 Adm 61 Admin Guide
36/64
Administration Guide
36 VMware, Inc.
Restoring an ADM Environment by Using a Product Support Package
To restore an ADM configuration
1 BackupyourADMenvironmentasdescribedinProductSupportPackagesonpage 34.
2 ContactVMwareCustomerSupporttoretrievethepasswordforextractingtheproductsupportpackage.
3 FollowthestepsinRestoretheADMDatabaseonpage 36.
4 Ifnecessary,RestoringtheCustomDiscoveryandConfigurationFilesonpage 37.
Restore the ADM Database
ThefollowingstepsdescribesrestorationoftheADMdatabaseinansingleboxanddistributeddeployment.
Chapter 1describesthedifferentADMdeploymentoptions:
1 LogintotheAggregatororsingleboxapplianceasuserroot.
2 Createatemporarydirectory:
mkdir supportpackagedir
3 CopythesupportpackageintothetemporarydirectorythatyoucreatedinStep 2.
4 Extractthesupportpackageintothetemporarydirectory:
unzip support_package__version_date_and_timestamp.zip
whereversion_date_and_timestampistheuniqueidentifierofthepackage.
5 Whenpromptedforthepassword,typethepasswordyouretrievedfromVMwareCustomerSupport.
6 Afterextractioncompletes,copythedatabasebackupfile:
supportpackagedir/supportpackage/backup.db_dump-main-db_schema_build-db_dump.gz
wheredb_schema_buildisthedatabaseschemaversionandbuildnumber.
7 Placethecopiedfileinthefollowingdirectory:
/home/nlayers/Seneca/Control/bin/home/nlayers/Seneca/db_scripts/oracle
8 Typethefollowingcommandtostoptheengineservice:
/adm_control.pl --stop engine
9 Typethefollowingcommandtoswitchtothenlayersuser:
su - nlayers
10 Changedirectoryto:
cd /home/nlayers/Seneca/db_scripts/oracle
11 Typethefollowingcommandtorestorethedbbackup:
./db_restore.sh backup.db_dump-main-db_schema_build-db_dump.gz prod
wheredb_schema_buildisthedatabaseschemaversionandbuildnumber.
IMPORTANT Ifyouaremigratingtoanewappliance,followtheinstructionsinMigratingtoaNewApplianceonpage 45.
NOTE Inthefollowingsections,thedirectoryinwhichtheproductsupportpackagefilesareextractediscalledassupportpackagedir.
NOTE DistributeddeploymentonlyInadistributeddeploymentthedatabaseorremotedatabaseisrestoredthroughtheAggregator.
NOTE Thedatabaserestoreprocesscantakeupto30minutes.
-
8/6/2019 Adm 61 Admin Guide
37/64
VMware, Inc. 37
Chapter 5 Maintenance
12 Exitfromthenlayersuser.
13 Typethefollowingadm_control.plcommandtostarttheservices:
/home/nlayers/Seneca/Control/bin/adm_control.pl --start all
Restoring the Custom Discovery and Configuration Files
ADMcustomconfigurationfilescontainrestoreinformationforPassiveDiscoverycustomfingerprints,
PassiveDiscoverycustomconfiguration,DetailDiscoverycustomfingerprints,andDetailDiscoverycustom
configuration.
1 LogintotheCollectororsingleboxsetupasuserroot.
2 Createatemporarydirectory:
mkdir supportpackagedir
3 CopythesupportpackageintothetemporarydirectoryyoucreatedinStep 2.
4 Extractthesupportpackageintothetemporarydirectory:
unzip support_package__version_date_and_timestamp.zip
whereversion_date_and_timestampistheuniqueidentifierofthepackage.
5 Whenpromptedforthepassword,typethepasswordyouretrievedfromVMwareCustomerSupport.
6 Copyallfilesfrom:
supportpackagedir/supportpackage/listener/custom/conf
7 Placethecopiedfilesto:
/home/nlayers/Seneca/probe
8 Copyallfilesfrom:
supportpackagedir/supportpackage/listener/custom/kb
9 Placethecopiedfilesto:
/home/nlayers/Seneca/probe/resources
10 Copyallfilesfrom:
supportpackagedir/supportpackage/active_discovery/custom/conf
11 Placethe
copied
files
to:
/home/nlayers/Seneca/ActiveProbe/conf
12 Changedirectoryto:
/home/nlayers/Seneca/management/APIs
13 Typethefollowingcommand:
./InSight_control.sh adkb --checkout /tmp
14 Copyallfilesandsubdirectoriesfrom:
supportpackagedir/supportpackage/active_discovery/custom/kb/custom
NOTE IftheADMconfigurationbeingrestoredhascustomconfigurationfilesorfingerprints,youmustcompletethestepsoutlinedinRestoringtheCustomDiscoveryandConfigurationFilesonpage 37.
IMPORTANT FordistributedsolutionsonlyThecustomfilesmustresideontheCollectorappliance.InthiscasecompletethefollowingstepsoneachCollectorinthedeployment.
Ifthefeaturecanbecustomized,the./custom/*directorycontainsthefiles.Ifthedirectoryisempty,no
customizationfilesareassociatedwiththefeature.
-
8/6/2019 Adm 61 Admin Guide
38/64
Administration Guide
38 VMware, Inc.
15 Placethecopiedfilesto:
/tmp/adkb/custom
16 Overwriteanyfilesorfoldersinthedestinationdirectoryifpromptedtodoso.
17 Typethefollowingcommandtocheckinthecustomfingerprints:
/home/nlayers/Seneca/management/APIs/InSight_control.sh adkb --checkin /tmp
18 Type
the
followingadm_control.pl
command
to
restart
the
relevant
services:/home/nlayers/Seneca/Control/bin/adm_control.pl --restart all
Reconfiguring an ADM Deployment
YoucanreconfiguredeploymentofphysicalIBMallinone,Aggregatoranddatabaseappliancesasfollows:
AddingaRemoteDatabasetoanExistingADMDeploymentonpage 38
ConvertingaSingleboxorAggregatortoaRemoteDatabaseonpage 38.Noteimportantrestrictions.
MovingaDatabasetoaRemoteApplianceonpage 39
VirtualcomponentsmustberedeployedasdescribedinInstallingADMonpage 15.
Adding a Remote Database to an Existing ADM Deployment
To add a remote database to the ADM deployment
1 EnsurethatallcomponentsarerunningADMversion6.0orlaterbeforeaddingtheremotedatabaseto
yourADMdeployment.Allappliancesmustbeonthesameversion.
2 Ifyouhaveanexistingdatabase,backitupusingthestepsdescribedinProductSupportPackageson
page 34.
3 AfterensuringthatallcomponentsarerunningthesameADMversion,followtheinstructionsdescribedinUpgradingAppliancesonpage 42.
4 RestorethebackedupdatabasetothenewdatabaseapplianceasdescribedinRestoretheADM
Databaseonpage 36.
Converting a Single-box or Aggregator to a Remote Database
Bewareofthefollowingbeforeconvertinganexistingcomponenttoaremotedatabase:
YoucanonlyconvertanAggregatorcomponentthatisnotpartoftheADMdeploymentintoaremotedatabase.Forexample,ifyouhaveanAggregatorappliancethatyouareusinginatestenvironment,and
anotherthatyouareusinginyourproductionenvironment,youcanconvertthetestcomponentintoa
remotedatabase.
YoucanconvertanAggregatorcomponentintoaremotedatabasewhenyoualreadyhavemorethanone
Aggregatorappliance.
Youcanconvertanappliancethatisrunningansingleboxsetupintoaremotedatabase.
To convert the component to a remote database
1 SetupthedatabaseapplianceasdescribedintheADMSetupProceduresonpage 23.
2 Logintothedatabaseapplianceasuserroot.
NOTE Distributeddeployment:RepeatStep 1throughStep 18foreachcollectorintheADMdeployment.
CAUTION Youcannotrestorethedatafromacomponentthatyouareconverting.AllofthedataonthesingleboxorAggregatorcomponentthatyouareconvertingtoaremotedatabaseislostduringconversion.
-
8/6/2019 Adm 61 Admin Guide
39/64
VMware, Inc. 39
Chapter 5 Maintenance
3 Ensurethatthedatabasemodeissetcorrectly,asfollows:
a Typethecommand:
/home/nlayers/Seneca/tools/appliance_conf.pl --status
b Ifthemodeisnotdatabasecorrectitbytyping:
/home/nlayers/Seneca/tools/appliance_conf.pl -mode=d
4 Make
a
note
of
the
IP
address
of
the
remote
database.5 Runtheappliance_conf.plscriptontheAggregatorappliance:
a Editthefile /home/nlayers/Seneca/tools/remote.db.conf.
b ReplacetheexistingIPaddresswiththeremotedatabaseapplianceIPaddress.
c Runtheappliance_conf.plscriptwiththemode=goptionbytyping:
/home/nlayers/Seneca/tools/appliance_conf.pl -mode=g
6 Restarttheappliance.
7 Clearthecacheofyourbrowsertopreventthepossibleappearanceofincorrectinformationinthe
displays,applicationerrors,andothererrormessageswhenopeningtheADM.
Moving a Database to a Remote Appliance
To move a database to a remote appliance
1 BackupthedatabasefromtheexistingdatabaseasdescribedinProductSupportPackagesonpage 34.
2 Copythedatabasebackupfilebackup.db_dump-main-db_scheme_version-db_dump.gztotheRemote
Databaseappliance.
3 RestorethedatabaseontheRemoteDatabaseapplianceasdescribedinRestoretheADMDatabaseon
page 36.
4 Logintothedatabaseapplianceasuserroot.
5 Typethe
following
command
to
ensure
that
the
database
mode
is
set
to
the
correct
mode:
/home/nlayers/Seneca/tools/appliance_conf.pl --status
6 Ifthemodeisdatabase,continuewiththefollowingstep.Ifthemodeisnotdatabase,typethefollowing
commandtochangethemode:
/home/nlayers/Seneca/tools/appliance_conf.pl -mode=d
7 NotetheIPaddressoftheremotedatabase.
8 ContinuetoperformthestepsdescribedinAddingaRemoteDatabasetoanExistingADMDeployment
onpage 38.
Licenses
Youmustrenewthelicenseswhen:
reachingtheexpirationdate
expandingthecustomerdiscoverednetworkscope.
Thisprocedureforuploadinganewlicensemustbeperformedfollowingeach:
initialinstallation
migrationofADMfor6.1release.
upgradefromADM6.0.x
ItisnotnecessarytoperformthisprocedurewhenupgradingfromADMversions6.1.xorlater.
-
8/6/2019 Adm 61 Admin Guide
40/64
Administration Guide
40 VMware, Inc.
AccesstheLicensesPropertiesscreenfromtheManage>System>LicensingmenuintheADMUIthatdisplaysthelicenseinformation,whichincludesthelicensedfeature,quantityofavailablelicenses,andexpiry
date.
TheappropriatewarningmessageappearsontheDashboard,InventoryandLicensePropertiespage.An
ADMUIadministratorcanlogintoreviewlicenselimitationsanduploadnewlicensesasrequired.
Uploading a License
Performthefollowingproceduretouploadalicense.
1 LogintotheADMUIasanadminuser.
2 NavigatetotheManage>SystemscreenandclickLicensing.TheLicensePropertiesscreenappears3 ClickUploadanewLicense.TheUploadanewlicensescreenappears.4 EntertheserialnumberandclickApply.Iftheserialnumberisvalid,theserialnumberisuploadedand
LicensePropertiespageisdisplayed.
IMPORTANT Beforeyoubegin,obtaintheserialnumberformanagedserverhost.
-
8/6/2019 Adm 61 Admin Guide
41/64
VMware, Inc. 41
6
ThischapterdescribesthenecessaryconceptsandprocedurestoupgradeanADMdeployment.Topics
include:
Overviewonpage 41
UpgradingAppliancesonpage 42
PostUpgradeStepsonpage 43
Overview
Thefollowingconsiderationsapplyforapplianceupgradesandmigration.
Appliance Type
YoucanupgradeADMonphysicalADMonvirtualappliancesrunningversions6.1.xorlaterasdescribedin
UpgradingAppliancesonpage 42.
Mixed Environments
Somesitescanhaveacombinationofphysicalandvirtualappliances.Youmustupgradethemtothesame
ADMversionbyusingtheproceduresdescribedinUpgradingAppliancesonpage 42.Formore
informationaboutmixedenvironment,seeMixedEnvironmentonpage 13.
Licenses
YouneedanewlicensetouseADMafterupgradingfrom6.0.X.ObtainthelicensefromyourVMwareSales
representative.Licensesonpage 14providesmoreinformation.
Appliance Migration
Chapter 7describesproceduresformigrationtovirtualappliances.
Backing Up Data
Backupthedatatopreventlossduringthemigrationandupgradeprocess.ProductSupportPackageson
page 34describesbackupandrestoreprocedures.
Upgrading ADM 6
-
8/6/2019 Adm 61 Admin Guide
42/64
Administration Guide
42 VMware, Inc.
Upgrading Appliances
ThissectiondescribestheupgradingofApplicationDiscoveryManagerversions6.0.xorlaterforphysical
appliancesand6.1.xorlaterforvirtualappliances.
Important Notes
AllappliancesinyourcurrentenvironmentmustrunADMversion6.0.xorlater.Also,upgradeall
appliancestothesameADMversion.BeforeupgradingtheADM,familiarizeyourselfwithOverviewonpage 41.
Fordistributedsolutions,performtheupgradesinthefollowingorder:
a Remotedatabaseappliance(whereoneexists)
b Collectors
c Aggregator
Repeatthefollowingproceduresforallappliancesandarchitecturesolutions,unlessotherwiseindicated.
Preliminary Procedures
1 BackupyourdataasdescribedinProductSupportPackagesonpage 34(performedonAggregatororsingleboxapplianceandcollectorsifcustomfingerprintsexists).
2 LogintotheapplianceandopenanSSHsessionandtypethefollowingcommandtomonitortheprogress
ofupgrade:
tail -f /var/log/nlayers/update.log
ThisSSHsessionisinadditiontoanyothersessionopenedforthepurposeofupgrading.Theabovescript
alsoprintssuccessorfailuremessagesalongwithotherusefulinformationtostdout.
3 PerformallupgradesbyusingtheCLIproceduresasdescribedinUpgradingAppliancesUsingCLIon
page 42.
Upgrading Appliances Using CLITo upgrade all appliances by using CLI
1 Downloadtheupdate_runner.plandInSightUpdate-version.updfilesfrom
http://downloads.vmware.com/ApplicationDiscoveryManagerinto:
/home/nlayers/rpms/versionX.x/
2 Changefileaccess:
chmod 744 update_runner.pl
3 UpgradeVMwareADMservices:
./update_runner.pl -u -f InSightUpdate-version-build.upd
4 Waitfortheupgradetocomplete.Fordistributedsolutions,repeattheupgradeproceduresforallremainingappliancesasdescribedinUpgradingAppliancesonpage 42.
5 ProceedwithPostUpgradeStepsonpage 43.
NOTE Theupgradeprocesscantakeseveralminutestocomplete.YoucannotaccesstheADMConsolewhiletheupgradeisinprogress.
NOTE WinApeisupgradedaspartofaggregatorupgradeandyouarenotrequiredtoupgradeitseparately.
http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/ -
8/6/2019 Adm 61 Admin Guide
43/64
VMware, Inc. 43
Chapter 6 Upgrading ADM
Post-Upgrade Steps
BeforeyoulogintotheADMconsole:
Clearthecacheofyourbrowsertopreventthepossibleappearanceofincorrectinformationinthedisplays,
applicationerrors,andothererrormessageswhenopeningtheADM.
YoucannowbeginusingtheADM.
IMPORTANT Youmightberequiredtouploadanewlicenseifyouareupgradingfrom6.0.x.Beforeproceeding,
review
the
criteria
and
if
necessary,
perform
the
steps
described
inLicenses
on
page 14.
-
8/6/2019 Adm 61 Admin Guide
44/64
-
8/6/2019 Adm 61 Admin Guide
45/64
VMware, Inc. 45
7
ThischapterprovidesinstructionsonmigrationofanexistingphysicalorvirtualADMappliancetoavirtual
appliancesuppliedbyVMware.Topicsinclude:
Overviewonpage 45
PreliminaryProceduresonpage 46
DataRestorationonpage 47
PostMigrationStepsonpage 48
Overview
Additionaldocumentationasdescribedbelowisavailableathttp://downloads.vmware.com/
Supported Migration
AppliancemigrationissupportedfromADM6.0.x.Upgradeearlierversionstothelatest6.0.xversionbyusing
theproceduresdescribedintheUpgradingADMonpage 41.
Licenses
YouneedanewlicensetouseADMaftermigratingtoanewappliance.ObtainthelicensefromyourVMware
Salesrepresentative.MoreinformationisprovidedinLicensesonpage 14.
System Architecture
DetaileddescriptionsareprovidedinSystemArchitectureonpage 9.Migrationstepsdifferfordifferent
appliancesetups:
Singlebox
Distributed
Distributedwithremotedatabase
Migrating to a New Appliance 7
NOTE PartoftheupgradeproceduretoADM6.0.xcanincludeupgradingcustomfingerprintscreatedinearlierversion.AdditionalinformationonfingerprintsisavailableintheVMwarevCenterApplicationDiscoveryManagerFingerprintDevelopersGuide.
IMPORTANT ThenewvirtualappliancesolutionsfeatureseparatevirtualappliancecomponentsforCollectors,Database,andtheAggregator.Initialsetupanddatarestorationisthereforeperformed
separatelyforeachcomponent.
http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/http://downloads.vmware.com/ -
8/6/2019 Adm 61 Admin Guide
46/64
-
8/6/2019 Adm 61 Admin Guide
47/64
VMware, Inc. 47
Chapter 7 Migrating to a New Appliance
Restoring WinApe Migration Files
ThefollowingproceduresdescribestherestorationofWinApemigrationfiles.
1 LogintotheWinApeappliance.
2 Copytheadkbcustom.jar backupfile.
3 Navigatetothe\libfolder.
4 Replacethecurrentfilein\libfolderwiththecopiedfile.
5 Runtheservices.msccommand.
6 RestarttheserviceVMwarevCenterADMWindowsCollector.
Data Restoration
ThissectionprovidesinformationaboutdatarestorationforSinglebox,distributed,anddistributedwith
remotedatabasesolution.
Single-box-Solution
1 RestoretheADMdatabaseasdescribedinRestoringanADMEnvironmentbyUsingaProductSupport
Packageonpage 36.
2 RestorethecustomdiscoveryandconfigurationfilesasdescribedinRestoringtheCustomDiscovery
andConfigurationFilesonpage 37.
3 ForWinApe,firstcreatethebackupasdescribedinBackingUpWinApeMigrationFilesonpage 46and
thenrestoreitasdescribedinRestoringWinApeMigrationFilesonpage 47.
Distributed Solutions
Thesestepsapplytodistributedsolutionswithoutaremotedatabase.Performthefollowingstepsonall
appliancesinthefollowingorder:Collectors,WinApe,andAggregator.
Collectors
RepeatthefollowingstepsforeachCollectorappliance:
1 LogintotheCollectorvirtualappliance.
2 RestorethecustomdiscoveryandconfigurationfilesasdescribedinRestoringtheCustomDiscovery
andConfigurationFilesonpage 37.
WinApe
RepeatthefollowingstepsforeachWindowsappliance:
1 LogintotheWinApeappliance.
2 BackuptheWinApemigrationfilesasdescribedinBackingUpWinApeMigrationFilesonpage 46.
3 RestoretheWinApemigrationfilesasdescribedinRestoringWinApeMigrationFilesonpage 47.
Aggregator
1 LogintotheAggregatorvirtualappliance.
2 RestoretheADMdatabaseasdescribedinTroubleshootingtheADMbyUsingtheProductSupport
Packageonpage 49.
NOTE BackupyourADMenvironmentasdescribedinBackingUpWinApeMigrationFilesonpage 46.
-
8/6/2019 Adm 61 Admin Guide
48/64
Administration Guide
48 VMware, Inc.
3 MakethenecessarychangesintheActiveprobeconfigurationscreenundertheManage>SystemmenuoftheADMconsoletoreflectthenewcollectorappliance.TheVMwarevCenterApplicationDiscoveryManagerUsersGuide.
Distributed Solution with Remote Database
Thesestepsapplytodistributedsolutionswitharemotedatabase.Performthefollowingstepsonall
appliancesinthefollowingorder:Collectors,WinApe,database,Aggregator.
Collectors
RepeatthefollowingstepsforeachCollectorappliance:
1 LogintotheCollectorvirtualappliance.
2 RestorethecustomdiscoveryandconfigurationfilesasdescribedinRestoringtheCustomDiscovery
andConfigurationFilesonpage 37.
WinApe
RepeatthefollowingstepsforeachWindowsappliance:
1 LogintotheWinApeappliance.
2 BackuptheWinApemigrationfilesasdescribedinBackingUpWinApeMigrationFilesonpage 46.
3 RestoretheWinApemigrationfilesasdescribedinRestoringWinApeMigrationFilesonpage 47
Database
1 Logintothedatabasevirtualappliance.
2 RestoretheADMdatabaseasdescribedinRestoringanADMEnvironmentbyUsingaProductSupport
Packageonpage 36.
Aggregator
1 LogintotheAggregatorvirtualappliance.
2 MakethenecessarychangesintheActiveprobeconfigurationscreenundertheManage>SystemmenuoftheADMconsoletoreflectthenewcollectorappliance.TheVMwarevCenterApplicationDiscoveryManagerUsersGuide.
Post-Migration Steps
BeforeyoulogintotheADMconsole:
Clearthecacheofyourbrowsertopreventthepossibleappearanceofincorrectinformationinthedisplays,
applicationerrors,andothererrormessageswhenopeningtheADM.
YoucannowbeginusingtheADM.
NOTE ADMdefaultgroupsdoesnotgetrefreshedduringtheupgrade.TheManagementchapteroftheVMwarevCenterApplicationDiscoveryManagerUsersGuideprovidesmoreinformationongroupsadministration.
-
8/6/2019 Adm 61 Admin Guide
49/64
VMware, Inc. 49
8
ThischapterprovidesinstructionsontroubleshootingoftheADM.Topicsinclude:
TroubleshootingtheADMbyUsingtheProductSupportPackageonpage 49
DetailDiscoveryTroubleshootingonpage 49
Troubleshooting the ADM by Using the Product Support PackageIfyourequire,usetheADMproductsupportpackagefortroubleshooting:
1 CreateanADMproductsupportpackageasdescribedinProductSupportPackagesonpage 34.
2 ContactyourVMwareCustomerSupportrepresentativeandprovidethemwiththeproductsupport
packagethatyougeneratedinStep 1.
Detail Discovery Troubleshooting
Thissectiondescribesutilitiesandprogramsthathelpwithtroubleshooting.
WMIWMIDetailDiscoveryrequiresspecificpermissionsandconfigurationonthetargethost.Microsoftincludes
atestingtool,calledWBemTest,oneverycomputerthathasWMIinstalled.Thistooltestsforthesame
permissionandconfigurationsthatADMrequires.Forexample,ifanaccessdeniedfailureoccurswhile
connectingtothetargethost,theWbemTesttoolraisesasimilarerrorindicatingaproblemwiththetargethost
configuration.
Troubleshooting is performed in the following order
1 CheckpermissionsandconfigurationusingtheWBemTesttool.Moreinformationisavailableonthe
MicrosoftWebsite:
http://technet.microsoft.com/enus/library/cc785775.aspx
2 CheckADMDiscoveryusingtheutilitiesdescribedinthefollowingsections.
single.sh
Thesingle.shutilityisastandalonecommandlineutilitythatrunsDetailDiscoveryonaspecifichost.The
single.shutilitycreatesasupportpackagethatcontainstheDetailDiscoveryresultsandmoreuseful
information.VMwareCustomerSupportcanusethissupportpackagetoanalyzetheproblemsoffsite.
Troubleshooting ADM 8
NOTE ThissectionreferstosupportpackagesusedspecificallyforDetailDiscoverytroubleshooting.Othersupportpackagesareusedforbackingup,restoring,upgrading,andtroubleshootingoftheADMapplication
andaredescribedinChapter 10.
http://../UserAdminGuide/admin_Maintenance.pdfhttp://../UserAdminGuide/admin_Maintenance.pdf -
8/6/2019 Adm 61 Admin Guide
50/64
-
8/6/2019 Adm 61 Admin Guide
51/64
VMware, Inc. 51
Chapter 8 Troubleshooting ADM
Examples:
To probe target IP 1.2.3.4 on UNIX using protocol SSH
./single.sh -P \"ssh:username=root,password=54321\" -a 1.2.3.4
./single.sh -P \"ssh:username=root\" -a 1.2.3.4
(Apasswordwillberequestedbytheapplicationinteractivelywithoutechoing.)
To probe target IP 1.2.3.4 on UNIX using protocol TELNET
./single.sh -P \"telnet:username=root,password=54321\" -a 1.2.3.4
To probe target IP 1.2.3.4 on UNIX using protocol SNMP
./single.sh -P \"snmp:communityString=public\" -a 1.2.3.4
To probe target IP 1.2.3.4 on Windows using protocol WMI
single.bat -P \"wmi:domain=il.nlayers.com,username=administrator,password=54321\" -a 1.2.3.4
(defaultlocatorcredentialswillbeusedfrompropertiesfile)
To probe target IP 1.2.3.4 using protocol VI-SDK
./single.sh -P \"visdk:username=administrator,password=54321\" -a 1.2.3.4
Createdebugpackage:
single.sh -a address-P Access profile
Readfromplaybackfile:
single.sh -r filename
Accessprofilecanhaveoneofthefollowingformats:
-p, -ports port Oneormoreportstousewhenconnectingtothetargethost(forscanningaswell).Usecommasasseparators.Theseportsapplieseveniftheconnectiondetailsarefetchedfromthemanagement.
-P, -accessProfile Access profile Discoveryparametersorpolicy/accessprofilenametofetchfromthemanagement.
-r, -read filename Readfromaplaybackorsnmpdumpfileinsteadofgoingouttothenetwork.
-t, -timeout timeout Connecttimeouttousewhenconnectingtothetargethost.Ifconnectiondetailsarefetchedfromthemanagement,theywilloverridethisparameter.
-T, -translator Discovery result
translator class
Specifythediscoveryresulttranslatorclass.Predefinedtranslatorsareavailablethroughtheiraliases,forexample:
classcom.nlayers.seneca.ap.mediation.DoNothingDiscoveryResultTranslatoradm
classcom.nlayers.seneca.ap.mediation.cim.AdmToCimXmlDiscoveryResultTranslator cimxml
classcom.nlayers.seneca.ap.mediation.cim.AdmToCimDiscoveryResultTranslatorcimareavailable
Valuesinbracketsarealiases
-v, verbosehelp Printverbosehelp.
-w, -wait Slowsdownplaybacktobethesamedurationastheoriginalexecution.
Table 8-1. single.sh Parameters (Continued)
Parameter Description
-
8/6/2019 Adm 61 Admin Guide
52/64
Administration Guide
52 VMware, Inc.
NameofaDetailDiscoverypolicy.InthiscasethenecessaryinformationisreadfromaDetailDiscovery
policydefinedintheuserconsole.
Fulldefinitionoftheneededdiscoverydetailsinaprotocolspecificformat:
protocol-name:prop1=value1,prop2=value2,...
Thefollowingprotocolnamesaresupported:SSH,Telnet,SNMP,VISDKandWMI.
Inaddition,allprotocolssupportsthe timeoutparameterwithadefaultvalueof20000milliseconds.Theports
parameterissupportedforallprotocolsexceptWMIandVISDK,withdefaultportsof22forSSH,23forTelnet,and161forSNMP.
Notethefollowing:
Escapeddoublequotessurroundtheprotocolinformationthesemustbeused.
Unknownargumentsareignored.
Omittedpasswordfieldsarerequestedbytheapplicationinteractivelywithoutechoing.
Defaultsearchscopefordifferentplatforms:
Windows:
Include:[/Program Files]
Exclude: [/Documents and Settings, /WINDOWS]
UNIX:
Include:
[/bin, /sbin, /usr/bin, /usr/sbin, /usr/local, /usr/local/bin, /usr/local/sbin, /usr,
/opt]
Exclude:
[/boot, /dev, /devices, /proc, /unix, /kernel, /platform, /cdrom, /CDROM, /sd_cdrom,
/SD_CDROM, /Mail, /mail, /nsmail, /vol, /lost+found, /media, /tmp, /mnt, /jumpstart,
/pcfs, /sys, /usr/kvm/sys, /stand, /var/news, /var/log, /var/run, /var/lock, /var/www,
/var/cache, /var/tmp, /etc/gconf]
snmpdump
ThesnmpwalkprogramisbundledwithLinux,whichrunsSNMPonagivenIPaddressandcreatesatextual
dumpofthewholetreeofresults.ThisprogramisoftenusedwhileextendinganddebuggingtheSNMP
portionoftheDetailDiscoveryknowledgebase.
AnewDetailDiscoveryfeatureallowsVMwareCustomerSupporttorecordacompletesnapshotoftheSNMP
responsesofanetworkhost,usingsnmpwalk.YoucanusetheresultingdumpfiletofixSNMPDetail
DiscoveryproblemsencounteredbyVMwareCustomerSupport.
Astandardizedscriptcalledsnmpdump.shisnowsuppliedwithADMtocreatethissnmpwalkdumpfile.
Location/home/nlayers/Seneca/ActiveProbe/bin/snmpdump.sh
Usage
Runningsnmpdump.shonthecommandlineyieldsthefollowingusageinformation:
./snmpdump.sh host_ip output_file
ThefirstparameteristhehostIPtoquery.
Thesecondparameteristhenameofthefileinwhichtosavetheresults.
-
8/6/2019 Adm 61 Admin Guide
53/64
VMware, Inc. 53
Chapter 8 Troubleshooting ADM
Examples
CreateansnmpwalkdumpforIP1.2.3.4andsavetheresultsintofilesnmpdump.1.2.3.4.txt:
./snmpdump.sh 1.2.3.4 snmpdump.1.2.3.4.txt
nlcapture
Youcanusethenlcaptureutilityinplaceoftcpdumptocapturenetworkactivity.Thisutilitysupportsthe
samedefaultparametersastcpdump,butsetsthesnaplentobelargeenoughsoastonottruncatepackets.
Inaddition,thisutilityprovidesaparameternotsupportedbytcpdump: R,whichfilterspacketsbasedon
theirprotocol(forexample,HTTP)orbasedonprotocolspecificattributes.
Similartotcpdump,youcanusenlcapturetofilteranexistingcapturefileandtransformittoanew,filtered
file.Seeusagebelow.
Location
/home/nlayers/Seneca/tools/nlcapture.pl
Usage
Runningnlcaptureonthecommandlineyields:nlcapture.pl tcpdump options[-R ethereal display filter string]
Forexample:
Tolistenoneth1andcaptureallHTTPandICMPpacketsintothefilebla.dump:
nlcapture.pl -i eth1 -R "http||icmp" -w myoutput.dump
Asexplainedearlier,nlcapturesupportsallcommontcpdumpparameterssuchas i.Additionally,it
supportsthe-Rparametertofilteronthenetworkprotocoloraccordingtothevalueofspecificprotocolfields.
Protocolnamesarewritteninlowercase.ThefollowingURLprovidesdetailsonthefiltersthatyoucanuse:
http://www.ethereal.com/docs/manpages/etherealfilter.4.html
The
filters
of
nlcapture
utility
are
different
from
the
tcpdump
filters.
They
are
easier
to
use
and
understand.
-
8/6/2019 Adm 61 Admin Guide
54/64
Administration Guide
54 VMware, Inc.
-
8/6/2019 Adm 61 Admin Guide
55/64
VMware, Inc. 55
9
ThischapterprovidesinformationforuninstallingtheADMapplianceandincludesUninstallingtheADM
Applianceonpage 55.
Uninstalling the ADM Appliance
Touninstall
the
ADM
appliance,
follow
the
procedure
of
your
organization
for
removing
avirtual
machine.
Uninstalling ADM 9
-
8/6/2019 Adm 61 Admin Guide
56/64
Administration Guide
56 VMware, Inc.
-
8/6/2019 Adm 61 Admin Guide
57/64
VMware, Inc. 57
A
ThisappendixlistsADMtimezonesasshowninTable A1.
Time Zones ATable A-1. Time Zones for ADM
Asia/Baku Asia/Nicosia Asia/Tel_Aviv Etc/Greenwich
Etc/GMT Indian/Reunion Mexico/BajaNorte US/Aleutian
Asia/Baku Asia/Tel_Aviv Etc/GMT Mexico/BajaNorte
Asia/Bangkok Asia/Istanbul Europe/Amsterdam Mexico/General
Asia/Beirut Asia/Makassar Europe/Andorra Mexico/BajaSur
Asia/Bishkek Asia/Macau Europe/Athens Mideast/Riyadh89
Asia/Brunei Asia/Macao Europe/Belfast Mideast/Riyadh88
Asia/Kuala_Lumpur Asia/Jerusalem Europe/Berlin Mideast/Riyadh87
Asia/Choibalsan Asia/Hong_Kong Europe/Brussels Pacific/Enderbury
Asia/Colombo Asia/Dhaka Europe/Bucharest Pacific/Apia
Asia/Damascus Asia/Dacca Europe/Budapest Pacific/Efate
Asia/Dili Asia/Chungking Europe/Copenhagen Pacific/Funafuti
Asia/Dubai Asia/Chongqing Europe/Gibraltar Pacific/Fakaofo
Asia/Dushanbe Asia/Ashkhabad Europe/Helsinki Pacific/Fiji
Asia/Gaza Asia/Ashgabat Europe/Kaliningrad Pacific/Port_Moresby
Asia/Harbin Atlantic/Cape_Verde Europe/Kiev Pacific/Galapagos
Asia/Hovd Atlantic/Azores Europe/Luxembourg Pacific/Guadalcanal
Asia/Irkutsk Atlantic/Bermuda Europe/Madrid Pacific/Guam
Asia/Jakarta Atlantic/Canary Europe/Malta Pacific/Johnston
Asia/Jayapura Atlantic/South_Georgia E urope/Minsk Pacific/Kiritimati
Asia/Kabul Atlantic/Faeroe Europe/Monaco Pacific/Kosrae
Asia/Kamchatka Atlantic/Madeira Europe/Paris Pacific/Majuro
Asia/Karachi Atlantic/St_Helena Europe/Riga Pacific/Marquesas
Asia/Kashgar Atlantic/Stanley Europe/Samara Pacific/Midway
Asia/Katmandu Atlantic/Reykjavik Europe/Simferopol Pacific/Nauru
Asia/Krasnoyarsk Atlantic/Jan_Mayen Europe/Sofia Pacific/Niue
Asia/Novosibirsk Australia/Lindeman Europe/Stockholm Pacific/Norfolk
Asia/Kuching Australia/West Europe/Tallinn Pacific/Noumea
Asia/Kuwait Australia/LHI Europe/Tirane Pacific/Palau
Asia/Magadan Australia/Perth Europe/Uzhgorod Pacific/Ponape
-
8/6/2019 Adm 61 Admin Guide
58/64
Administration Guide
58 VMware, Inc.
Asia/Manila Australia/Victoria Europe/Vaduz Pacific/Samoa
Asia/Muscat Australia/ACT Europe/Vienna Pacific/Rarotonga
Asia/Phnom_Penh Australia/Melbourne Europe/Vilnius Pacific/Saipan
Asia/Omsk Australia/Lord_Howe Europe/Zaporozhye Pacific/Tahiti
Asia/Oral Australia/Tasmania Europe/Zurich Pacific/Tarawa
Asia/Yekaterinburg Australia/Hobart Europe/Warsaw Pacific/Tongatapu
Asia/Pontianak Australia/North Europe/San_Marino Pacific/Truk
Asia/Pyongyang Australia/Darwin Europe/Vatican Pacific/Wake
Asia/Qatar Australia/Yancowinna Europe/Moscow Pacific/Wallis
Asia/Qyzylorda Australia/Broken_Hill Europe/Rome Pacific/Yap
Asia/Rangoon Australia/Queensland Europe/London Pacific/Pitcairn