Deploying and Configuring vCenter Operations Foundation 5.6

As of November 29, 2012, all vSphere customers, even down to those who purchased Essentials bundles, are entitled to vCenter Operations Foundation 5.6. While not as fully featured as the other vCenter Operations Management Suite editions, it’s a great place to gain some insight into your vSphere environment that you may not have previously had. Some of the features you get with vCenter Operations Foundation 5.6, described as vSphere Performance and Health, are:

  • Proactive Smart Alerts
  • Intelligent Operations Groups
  • vSphere Health Monitoring
  • Self-learning Performance Analytics

vCenter Operations Foundation 5.6 Deployment

1. Download the vCenter Operations Manager 5.6 virtual appliance, in OVF format, from the vSphere product support site – http://www.vmware.com/support/product-support/vsphere/index.html

2. In the vSphere Client, click File > Deploy OVF Template.

3. On the Deploy OVF Template window, click Browse.

4. Browse to the vCenter Operations OVA package, then click Open.

5. Click Next.

6. Click Next.

7. Click Accept to accept the EULA, then click Next to proceed.

8. Name the vApp, choose its location in the VMs and Templates Inventory, then click Next.

9. Choose a Configuration, then click Next.

vApp Configuration vApp vCPUs/RAM vApp Supported VMs
Small 4 vCPU/16GB RAM up to 1500 VMs
Medium 8 vCPU/25GB RAM 1500 – 3000 VMs
Large 16 vCPU/34GB RAM 3000+ VMs

 

10. Choose Host/Cluster, then click Next (Note: If you have a specific host or cluster selected in inventory, the vApp will automatically be deployed there.)

11. Choose the destination datastore, then click Next.

12. Choose the disk format (Thin, Eager Zeroed Thick, or Lazy Zeroed Thick), then click Next. Since my datastore is NFS, the disk will automatically be Thin.

13. Choose the network for your vApp, then click Next.

14. Choose your IP address allocation policy. Click Next.

15. Apply Timezone and IP addresses here if necessary. Click Next to proceed. As noted, you will need to have deployed an IP Pool within vCenter Server. If you haven’t done so, cancel and deploy the IP Pool per the vCenter Operations Manager Deployment and Configuration guide.

16. Optionally, check Power on after deployment to have the vApp automatically power on once deployed. Click Finish to complete the wizard.

vCenter Operations Foundation 5.6 Initial Configuration

1. Once the vApp is fully deployed, go to https://<UI VM IP Address>/admin in your web browser.

2. Log in as admin, with the default password listed below.

vCenter Operations Manager User Default Password
admin admin
root vmware

 

3. Enter in the hosting vCenter Server details. These are the details for the vCenter Server in which the vCenter Operations vApp has been deployed. If you have multiple vCenter Servers to be monitored, those will be specified later.


If you are using self-signed SSL certificates, you will be prompted to proceed with connection since the cert will be unverified. Click Yes to trust the vCenter Server.

4. Set new admin and root passwords for both VMs in the vApp. Click Next to proceed.

5. Specify the information for the vCenter Server to be monitored. (Note: If you wish to use a vCenter user with limited rights to do data collection from your vCenter Servers, include that user here as the Collector User. Since the Registration User will need administrator rights, it can also be used to collect data.)

6. Since this is the first registration of a vCenter Operations Manager appliance, no previous registrations were detected. Click Next to proceed. For help on importing data into a new vCenter Operations Manager implementation, please refer to the vCenter Operations Manager documentation. https://www.vmware.com/support/pubs/vcops-pubs.html

7. If you have no linked vCenter Servers to register, click Finish to complete the initial configuration. If you have a linked vCenter Server to register, choose it from the drop down menu and click Register, then Finish to complete.

8. When the vCenter Server registration is complete, you should see a new Solutions and Applications icon for vCenter Operations Manager. Double-click it to open vCenter Operations Manager.

9. vCenter Operations Manager, without a license key, i.e., eval mode, automatically defaults to Foundation license mode. Click About, and you should see something very similar to this:


In Licensing, you should also see the vCenter Operations Manager asset without a license key. In Foundation license mode, there is none to apply.

You’re now ready to start using vCenter Operations Foundation 5.6!

What Might it Take to Be a Chief Security Officer in 2014?

 

 


What Might it Take to Be a Chief Security Officer in 2014?

The changing nature of corporate networks is morphing the way companies need to consider IT threats, and re-writing the role of the chief security officer.

Related Links:

DISQUS:

What is your biggest IT security headache at the moment?

Thinking of hiring someone new to oversee your IT security? Then here’s a word of warning: don’t bother digging out the job description you used for your last chief security officer (CSO) or chief information security officer (CISO) recruitment ad. Information security has always been a rapidly evolving field, with new threats popping up on a daily basis. But the scale of change has shifted significantly in recent years as a result of a range of high-profile trends.

“The products and technologies being used are increasingly consumer-grade devices,” says David Lingenfelter, information security officer at Fiberlink.

“Now mobile devices and laptops are what you could buy in any retailer, so they are much easier to get hold of… even by bad guys who can reverse engineer them.”

This bring-your-own-device (BYOD) trend is difficult to fight. And, indeed, many corporations are trying to profit from it through special infrastructures. But BYOD carries a range of security challenges.

“BYOD management requires either isolation or inclusion, meaning that the devices need to be included in what you manage centrally,” states Martin Jartelius, CSO at Outpost24. “Network access control is the only way to truly allow BYOD.”

“Otherwise, we are at a point where you are allowed to buy equipment for partially private use, which can be centrally managed by your employer. Central management is a requirement for this to work well.”

In any event, trends such as BYOD, mobility, and cloud computing have blurred the boundaries between corporate networks and the outside world. That means new skills are needed to protect company systems and data.

Previously, believes Lior Arbel, chief technology officer at Performanta, CSOs and CISOs were “very technology-aware guys that needed to protect the organization from malware. The solutions on the market weren’t as wide as today.”

“There were some 10 to 15 technologies from different vendors that covered 90 percent of the list.”

Having a well-defined corporate boundary meant a professional with enough in-depth knowledge could happily introduce technologies and enforce policies that would keep the organization safe. Not so now.

“Being a CSO is getting more difficult both politically and technically,” comments Luther Martin, Voltage Security‘s chief security architect. “The technical issues are fairly obvious: dealing with the evolving issues like cloud computing, BYOD, and mobility.”

“The political issues that come with these technologies may actually be trickier to deal with than their technical aspects, and dealing with those sorts of issues can end up being something that CSOs spend more and more time on.”

This is because new technologies often make it easier for individual employees or even entire parts of an organization to easily work around a corporate security policy, he says.

If anyone with a credit card, for example, can start using cloud computing, it’s very hard to limit your corporate use of cloud computing to only approved or certified cloud providers.

And because it’s so easy to get your work email on your phone, it’s very hard to enforce a corporate security policy that prohibits or limits doing this. The upshot is tomorrow’s CSOs and CISOs can no longer be able to make do with in-depth technical knowledge.

Instead, they have to apply more analytical, strategic, and even creative thinking. “You need to have an understanding of the technicalities but also the need to be in tune with the business side,” states MTI security practice sales leader Simon Godfrey.

“You need to engage and work with a whole set of executives who may not be technical. You’ve got to identify the risks and put measures against them.”

Where do you find such a creature? Forget about the highly specialized technical environments, from software development firms to white-hat hacker group that might have produced great CSOs or CISOs a decade ago.

The skills now needed for the role are more likely to be found among people with a business background who have “a global view on threats and the changing threat landscape,” according to Garry Sidaway, global director of security strategy at NTT Com Security.  

They’ll also need to embrace and manage change and understand how to collaborate, through information and intelligence sharing, within an increasingly complex and restricting compliance environment.

Tom Gaffney, technical director of F-Secure UK & Ireland, concludes: “The CSO has to find that balance between creating and sustaining a secure environment, whilst also enabling end-users to work unhindered.”

“This fine line that they walk is why they are often the most unloved person within an organization. It is their job to help people, from board members to temp staff, understand the threats, while knowing that they can still likely fall prey to an attack.”

Tim ‘TK’ Keanini, who is chief technology officer at Lancope, adds: “If you are an organization that seeks a world class CSO, you are also an organization that is highly attractive to the threat.” 

“In this scenario, CSOs should be valued in how they operate while in crisis, not when things are doing well. Incident response is a business process involving IT, Legal, Human Resources, law enforcement, PR, and others. The CSOs in 2014 can show us how this is done well.”

 

Limitations of vSphere Data Protection (VDP) File Level Restore (FLR)

Purpose

This article provides information on the limitations of vSphere Data Protection (VDP) File Level Restore (FLR).

Resolution

Limitations of VDP FLR

  • FLR operations result in failure if you are using an older version of VMware Tools. Ensure to install the latest version of VMware Tools in the target virtual machines.
  • These virtual disk configurations are not supported by FLR:
    • Unformatted disks
    • Dynamic disks
    • GUID Partition Table (GPT) disks
    • Ext4 filesystems
    • FAT16 filesystems
    • FAT32 filesystems
    • Extented partitions
    • Virtual disk with more than one partition
    • Two or more virtual disks mapped to a single partition
    • Encrypted partitions
    • Compressed partitions
  • ACLs are not restored in FLR.
  • Symbolic Links cannot be restored or browsed.
  • You cannot restore more than 5000 folders or files in the same operation.
  • In logical volumes managed by LVM:
    • One physical volume (.vmdk) must be mapped exactly to one logical volume.
    • Only ext2 and ext3 formatting are supported.
  • When partitions are created, the lower ordered indices must be filled first. You cannot create a single partition and place it in the partition index 2,3, or 4. The single partition must be at partition index 1.

    For more information, see the File Level Restore Limitations section in the vSphere Data Protection Administration Guide

The Performance Overview tab fails to display with the error – Vcenter WEB CLIENT

sampath kadupitiyage

Symptoms

  • You cannot view the Performance Overview tab when connecting to vCenter Server 4.0 using the vSphere Client.
  • You see this error in the Performance Overview tab:

    Navigation to the webpage was cancelled
    Refresh the page

  • You may see this error when attempting to browse the Performance Overview tab in the vSphere client:

    This program cannot display the webpage

Resolution

There are several possible causes for this issue. Attempt each of the troubleshooting steps below in sequence, without skipping any.

  1. Confirm that the vCenter Web Management Service is running.

    To resolve this issue, connect to vCenter locally with a vSphere Client located on the vCenter Server and follow Stopping, starting, or restarting vCenter services (1003895).

  2. Ensure that the correct DNS settings and IP address are being used:
    1. On the vCenter Server, navigate to C:\Program Files\VMware\Infrastructure\VirtualCenter Server\extensions\com.vmware.vim.stats.report\.
    2. Open extension.xml in a text editor.
    3. Edit the line <url>https://FQDN.hostname:8443/statsreport/vicr.do</url>

View original post 258 more words

The Performance Overview tab fails to display with the error – Vcenter WEB CLIENT

Symptoms

  • You cannot view the Performance Overview tab when connecting to vCenter Server 4.0 using the vSphere Client.
  • You see this error in the Performance Overview tab:

    Navigation to the webpage was cancelled
    Refresh the page

  • You may see this error when attempting to browse the Performance Overview tab in the vSphere client:

    This program cannot display the webpage

Resolution

There are several possible causes for this issue. Attempt each of the troubleshooting steps below in sequence, without skipping any.

  1. Confirm that the vCenter Web Management Service is running.

    To resolve this issue, connect to vCenter locally with a vSphere Client located on the vCenter Server and follow Stopping, starting, or restarting vCenter services (1003895).

  2. Ensure that the correct DNS settings and IP address are being used:
    1. On the vCenter Server, navigate to C:\Program Files\VMware\Infrastructure\VirtualCenter Server\extensions\com.vmware.vim.stats.report\.
    2. Open extension.xml in a text editor.
    3. Edit the line <url>https://FQDN.hostname:8443/statsreport/vicr.do</url> to use an IP address instead of an FQDN to rule out issues with DNS.
    4. Restart vCenter Web Management Service and the vCenter Server Service after making any changes to the .xml file. For more information, see Stopping, starting, or restarting vCenter services (1003895).
  3. Disable any third party web services that may be interfering with the vCenter Web Management Services. 

    To confirm that a third party web service is the cause: 

    1. Stop the vCenter Web Management Service. For more information, see Stopping, starting, or restarting vCenter services (1003895).
    2. Try to connect to port 8443 (the port on which the Web Management Service runs) by executing:

      telnet IP 8443

    3. If the port responds when the vCenter Web Management Service is stopped, there might be another service that is using the port. In this case, if you want to continue running the conflicting third party service, you may have to change the port that Performance Overview uses. To change the port used by Performance Overview, see The Performance Overview tab within vCenter Server reports the HTTP Status 404 error (1016160).
  4. Check if vCenter Server is using custom SSL certificates as a result of a recent upgrade to vCenter Server 4.0 Update 1. For more information, see VMware vCenter Server plugins fail after adding custom SSL certificates (1017577).
Note: Additionally, disable the proxy settings from the browser. 

To disable the settings:

  1. Launch Internet Explorer. 
  2. Navigate to Tools > Internet options.
  3. Click the Connections tab.
  4. Click LAN settings.
  5. Select the Use automatic configuration script option.  

Introducing VMware vCenter Support Assistant 5.1

Check out this short Demo!

OK you say? Where are the goods? Jump right in with these links, or read on for a more in-depth introduction.

Figure 1: VMware vCenter Support Assistant Conceptual View.

Easily open or view the status of any existing support request, add comments, reply to support engineer queries, and attach diagnostic information or other files such as screenshots. It also includes a VMware Knowledge Base search capability, which enables you to resolve common issues more rapidly. The vCenter Support Assistant plug-in helps you gather diagnostic information up front from your  vSphere environment that VMware Technical Support finds most useful.

You can also use VMware vCenter Support Assistant to file support requests for any product that you already have support entitlement for whether that entitlement is by subscription, or paid for incident packs. With just a few clicks, VMware vCenter Support Assistant can directly generate log support bundles from the following products:

VMware vCenter Server

  • 5.1*
  • 5.0*
  • 4.1

* Includes both VMware vCenter Server for Windows and the VMware vCenter Server Appliance.

VMware vSphere (ESX or ESXi)

  • 5.1
  • 5.0
  • 4.1

NOTES: Access to public Internet is not required for the VMware vCenter Server, but is required for the VMware vCenter Support Assistant virtual appliance and the vSphere Client. Refer to the System Requirements.

All files are sent securely using SSL.

Since log files may contain sensitive, confidential, and/or personal information, the VMware vCenter Support Assistant provides the optional capability to scrub logs prior to submission.

Technical Guide

The following guide is depicted using the VMware vSphere Client; however, VMware vCenter Support Assistant plugin-in also works with VMware vSphere Web Client introduced in VMware vSphere 5.1

Accessing VMware vCenter Support Assistant

Once deployed and registered, VMware vCenter Support Assistant will appear under the Solutions and Applications in the Home tab in the vSphere Client. The Support Assistant plug-in will also appear under “Classic Solutions” in the VMware Web Client.

Figure 2: VMware vCenter Support Assistant in Solutions and Applications.

Once VMware vCenter Support Assistant is selected, the solution will present a login screen. This login screen allows you the user to access My VMware directly from the solution, create a case, review or update a case, and attach diagnostics or other attachments.

Figure 3: Login to My VMware.

Once logged in, the user will have the option to View or Create a Technical Support Request through VMware vCenter Support Assistant.

Creating a New Technical Support Request

Let’s take moment to create a new Technical Support Request by selecting “Create a New SR.” Once you login, you will be checked against your entitlements and allowed to open a Service Request against all the eligible products. You can also review and update a Support Request and attach log support bundles or other attachments.

Figure 4: View or Create a Technical Support Request.

After selecting the option “Create a New SR”, the user is prompted to select the account associated with their My VMware account as well as the product related to the issue.

Figure 5: Select Account and Product.

Once the account and product are selected, the user is prompted to describe the problem. Knowledgebase Articles will appear for the user as they do on My VMware.

Figure 6: Describe the Problem and Suggested Resources.

Next, the user is prompted to provide the severity level based on business impact, category, detailed description, etc in the Contact and Support Request Details.

Figure 7: Contact and Support Request Details.

Once the creation of the Technical Support Request is completed the user receives a on-screen confirmation with the support request number.

Figure 8: Create Support Request Confirmation

Uploading Diagnostics

After the new Technical Support Request is created, the user is prompted to either upload or finish the task. It is highly recommended that the user collect and upload the diagnostics immediately and attaches them to the support request to expedite support. So, let’s select “Yes – Upload” from the Create Support Request Confirmation to initiate the collection from the desired hosts.

Figure 9: Select Hosts.

Next, the user is prompted to select the System Logs desired for the diagnostics bundle as well as the option to collect performance data.

Figure 10: Select System Logs and Performance Data Option.

Once the user has selected the hosts and system logs, they are asked to confirm and initiate the upload procedure. This upload is run in the background and all transfers are sent via HTTPS to VMware from the VMware vCenter Support Assistant virtual appliance.

Figure 11: Confirm and Initiate Upload.

Once the user selects to start the collection and upload, the following dialog is presented. This dialog presents the status of the log collection progress for the support request. This dialog can be closed with the “X” and the collection and upload will continue as a background process, which we will show in a moment. Please note, the vSphere Client / vSphere Web Client should be open till the logs are fully downloaded and upload starts. Uploading of logs is handled in the background and the user does not need to be logged into vSphere Client / vSphere Web Client.  If the dialog remains open and collection and upload completes, the user will be prompted with a completion status dialog.

Figure 12: Log Collection Progress.

The collection and upload progress can also be checked by selecting “Upload Activity” in the top right navigation. This will display the status, start and end date/time on all recorded uploads.

Figure 13: Upload Activity.

Viewing Technical Support Requests

Let’s take a moment to view and update an existing Technical Support Request by selecting “View / Modify Existing SR” from VMware vCenter Support Assistant solution home screen.

Figure 14: View or Create a Technical Support Request.

After selecting “View / Modify Existing SR” the user is displayed a list of technical support requests linked to their My VMware account. Notice that support request 12217135709 created earlier is listed and highlighted. The user is able to view the details of the request, initiate diagnostics collection, and add attachments with ease.

Figure 15: Select Support Request. Get Details, Collect/Upload Diagnostics and Add Attachments.

By selecting “Details” the user is able to view the details of the support request as well as add additional comments.

Cool Feature – Notice that VMware vCenter Support Assistant adds a comment to the support request notes confirming the upload of diagnostics to VMware.

Figure 16: Support Request Details.

By selecting “Upload Attachment” after selecting a case from the Select Support Case screen, the user can provide additional information to the engineers, such as screenshots, diagrams or other logs.

Figure 17: Add Attachments.