Deployment. 22 AUG 2017 VMware Validated Design 4.1 VMware Validated Design for Management and Workload Consolidation 4.1

Transcription

1 22 AUG 2017 VMwre Vlidted Design 4.1 VMwre Vlidted Design for Mngement nd Worklod Consolidtion 4.1

2 You n find the most up-to-dte tehnil doumenttion on the VMwre wesite t: If you hve omments out this doumenttion, sumit your feedk to dofeedk@vmwre.om VMwre, In Hillview Ave. Plo Alto, CA Copyright 2016, 2017 VMwre, In. All rights reserved. Copyright nd trdemrk informtion. VMwre, In. 2

3 Contents 1 Aout VMwre Vlidted Design for Consolidted SDDC 4 2 Virtul Infrstruture Implementtion for Consolidted SDDC 5 Instll nd Configure ESXi Hosts for Consolidted SDDC 5 Deploy nd Configure the vcenter Server Components for Consolidted SDDC 10 Deploy nd Configure Components in the NSX Instne of the Consolidted SDDC 42 Deploy vsphere Dt Protetion in the Consolidted SDDC 89 3 Cloud Mngement Pltform Implementtion for Consolidted SDDC 102 Prerequisites for Cloud Mngement Pltform Implementtion for Consolidted SDDC 102 Configure Servie Aount Privileges for Consolidted SDDC 111 vrelize Automtion Instlltion for Consolidted SDDC 113 vrelize Automtion Defult Tennt Configurtion for Consolidted SDDC 140 vrelize Automtion Tennt Cretion for Consolidted SDDC 144 Emedded vrelize Orhestrtor Configurtion for Consolidted SDDC 153 Instll vrelize Business for Consolidted SDDC 164 Cloud Mngement Pltform Post-Instlltion Tsks for Consolidted SDDC 174 Tennt Content Cretion for Consolidted SDDC Opertions Implementtion for Consolidted SDDC 206 vrelize Opertions Mnger Implementtion for Consolidted SDDC 206 vrelize Log Insight Implementtion for Consolidted SDDC 250 vsphere Updte Mnger Downlod Servie Implementtion for Consolidted SDDC 293 VMwre, In. 3

4 Aout VMwre Vlidted Design 1 for Consolidted SDDC VMwre Vlidted Design Deployment for Mngement nd Worklod Consolidtion (lso referred to s the VMwre Vlidted Design for Consolidted SDDC) provides step-y-step instrutions for instlling, onfiguring, nd operting softwre-defined dt enter (SDDC) sed on the VMwre Vlidted Design for Softwre-Defined Dt Center. VMwre Vlidted Design Deployment for Mngement md Worklod Consolidtion does not ontin step-y-step instrutions for performing ll of the required post-onfigurtion tsks euse they often depend on ustomer requirements. Intended Audiene The VMwre Vlidted Design Deployment for Mngement nd Worklod Consolidtion doument is intended for loud rhitets, infrstruture dministrtors nd loud dministrtors who re fmilir with nd wnt to use VMwre softwre to deploy in short time nd mnge n SDDC tht meets the requirements for pity, slility, kup nd restore, nd extensiility for disster reovery support. Required VMwre Softwre VMwre Vlidted Design Deployment for Mngement nd Worklod Consolidtion is omplint nd vlidted with ertin produt versions. See VMwre Vlidted Design Relese Notes for more informtion out supported produt versions. VMwre, In. 4

5 Virtul Infrstruture Implementtion for Consolidted SDDC 2 The virtul infrstruture is the foundtion of n opertionl SDDC nd onsists primrily of the physil host's hypervisor nd the ontrol of these hypervisors. The mngement worklods onsist of elements in the virtul mngement lyer itself, long with elements in the loud mngement lyer, servie mngement, usiness ontinuity, nd seurity res. The following proedures desrie the vlidted flow of instlltion nd onfigurtion for the virtul infrstruture for onsolidted SDDC deployments. 1 Instll nd Configure ESXi Hosts for Consolidted SDDC Strt the deployment of the virtul infrstruture in your onsolidted SDDC deployment y instlling nd onfiguring ll of the ESXi hosts. 2 Deploy nd Configure the vcenter Server Components for Consolidted SDDC Deploy nd onfigure the vcenter Server nd luster omponents. 3 Deploy nd Configure Components in the NSX Instne of the Consolidted SDDC Deploy nd onfigure the NSX instne for the onsolidted luster in your onsolidted SDDC deployment. 4 Deploy vsphere Dt Protetion in the Consolidted SDDC Deploy vsphere Dt Protetion to provide the pility for kup nd restore of SDDC mngement omponents. Instll nd Configure ESXi Hosts for Consolidted SDDC Strt the deployment of the virtul infrstruture in your onsolidted SDDC deployment y instlling nd onfiguring ll of the ESXi hosts. 1 Prerequisites for Instlltion of ESXi Hosts for Consolidted SDDC Instll nd onfigure the ESXi hosts for your worklod nd mngement onsolidtion deployment. 2 Instll ESXi Intertively on All Hosts for Consolidted SDDC Instll ll ESXi hosts for ll of the lusters in your onsolidted SDDC deployment intertively. VMwre, In. 5

6 3 Configure the Network on All Hosts for Consolidted SDDC After the initil oot, use the ESXi Diret Console User Interfe (DCUI) for initil host network onfigurtion nd dministrtive ess for ll hosts in the worklod nd mngement onsolidted pod. 4 Configure vsphere Stndrd Swith on Host for Consolidted SDDC You must perform network onfigurtion from the VMwre Host Client for one host. You perform networking onfigurtion for the other hosts fter the deployment of the vcenter Server system tht mnges the hosts. 5 Configure SSH nd NTP on the First Host for Consolidted SDDC Time synhroniztion issues n result in serious prolems with your environment. Configure NTP nd SSH on the first host in your onsolidted pod. NTP nd SSH onfigurtion for the other hosts will tke ple fter instlltion of Virtul Center Server. Prerequisites for Instlltion of ESXi Hosts for Consolidted SDDC Instll nd onfigure the ESXi hosts for your worklod nd mngement onsolidtion deployment. Before you strt: Mke sure tht you hve Windows host tht hs ess to your dt enter. You use this host to onnet to your hosts nd perform onfigurtion steps. You must lso prepre the instlltion files. Downlod the ESXi ISO instller. Crete ootle USB drive tht ontins the ESXi Instlltion. See "Formt USB Flsh Drive to Boot the ESXi Instlltion or Upgrde" in vsphere Instlltion nd Setup. IP Addresses, Hostnmes, nd Network Configurtion The following tles ontin ll the vlues needed to onfigure your ESXi hosts. Tle 2 1. Remote Offie Hosts FQDN IP Mngement VLAN Defult Gtewy NTP Server sfo01w01esx01.sfo01.rinpole.lol ntp.sfo01.rinpole.lol sfo01w01esx02.sfo01.rinpole.lol ntp.sfo01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol ntp.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol ntp.sfo01.rinpole.lol Instll ESXi Intertively on All Hosts for Consolidted SDDC Instll ll ESXi hosts for ll of the lusters in your onsolidted SDDC deployment intertively. 1 Power on the sfo01w01esx01 host. VMwre, In. 6

7 2 Mount the USB drive ontining the ESXi ISO file, nd oot from tht USB drive. 3 On the Welome to the VMwre Instlltion sreen, press Enter to strt the instlltion. 4 On the End User Liense Agreement (EULA) sreen, press F11 to ept the EULA. 5 On the Selet Disk to Instll or Upgrde sreen, selet the USB drive or SD rd under lol storge to instll ESXi, nd press Enter to ontinue. 6 Selet the keyord lyout, nd press Enter. 7 Enter the esxi_root_user_pssword, enter the pssword seond time to onfirm you re typing the orret pssword, nd press Enter. 8 On the Confirm Instll sreen, press F11 to strt the instlltion. 9 After the instlltion hs ompleted unmount the USB drive, nd press Enter to reoot the host. 10 Repet this proedure for ll hosts in the onsolidted pod, using the respetive vlues for eh host you onfigure. Configure the Network on All Hosts for Consolidted SDDC After the initil oot, use the ESXi Diret Console User Interfe (DCUI) for initil host network onfigurtion nd dministrtive ess for ll hosts in the worklod nd mngement onsolidted pod. Perform the following tsks to onfigure the host network settings: Configure the network dpter (vmk0) nd VLAN ID for the Mngement Network. Configure the IP ddress, sunet msk, gtewy, DNS server nd host FQDN for the ESXi host. Repet this proedure for ll hosts in the onsolidted pod. Enter the respetive vlues from the prerequisites setion for eh host tht you onfigure. See Prerequisites for Instlltion of ESXi Hosts for Consolidted SDDC. VMwre, In. 7

8 1 Open the DCUI on the physil ESXi host sfo01w01esx01. Open onsole window to the host. Press F2 to enter the DCUI. Enter root s login nme, nd esxi_root_user_pssword, nd press Enter. 2 Configure the network. d e Selet Configure Mngement Network nd press Enter. Selet VLAN (Optionl) nd press Enter. Enter 1631 s the VLAN ID for the Mngement Network, nd press Enter. Selet IPv4 Configurtion nd press Enter. Configure the IPv4 network using the following settings, nd press Enter. Set stti IPv4 ddress nd network onfigurtion Seleted IPv4 Address Sunet Msk Defult Gtewy f g Selet DNS Configurtion nd press Enter. Configure the DNS using the following settings, nd press Enter. Use the following DNS Server ddress nd hostnme Seleted Primry DNS Server Alternte DNS Server Hostnme sfo01w01esx01.sfo01.rinpole.lol h i Selet Custom DNS Suffixes nd press Enter. Ensure there re no suffixes listed, nd press Enter. 3 After ompleting ll host network settings press Espe to exit, nd press Y to onfirm the hnges. 4 Repet this proedure for ll hosts in the onsolidted SDDC pod. Configure vsphere Stndrd Swith on Host for Consolidted SDDC You must perform network onfigurtion from the VMwre Host Client for one host. You perform networking onfigurtion for the other hosts fter the deployment of the vcenter Server system tht mnges the hosts. VMwre, In. 8

9 You onfigure vsphere Stndrd Swith with two port groups: The existing virtul mhine port group. VMkernel port group. This onfigurtion provides onnetivity nd ommon network onfigurtion for virtul mhines tht reside on eh host. 1 Log in to the vsphere host using the VMwre Host Client Open We rowser nd go to Log in using the following redentils. User nme Pssword root esxi_root_user_pssword 2 Clik OK to Join the Customer Experiene Improvement Progrm. 3 Configure VLAN for the VM Network Portgroup. In the Nvigtor, lik Networking, lik the Port Groups t, hoose the VM Network port group, nd lik Edit s. On the Edit port group - VM Network window, input 1631 for VLAN ID, nd lik OK. Configure SSH nd NTP on the First Host for Consolidted SDDC Time synhroniztion issues n result in serious prolems with your environment. Configure NTP nd SSH on the first host in your onsolidted pod. NTP nd SSH onfigurtion for the other hosts will tke ple fter instlltion of Virtul Center Server. 1 Log in to the ESX host sfo01w01esx01.sfo01.rinpole.lol y using the VMwre Host Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword root esxi_root_user_pssword 2 Configure SSH options. In the Nvigtor, lik Mnge, lik the Servies t, selet the TSM-SSH servie, nd lik the Ations menu. Choose Poliy nd lik Strt nd stop with host. Clik Strt to strt the servie. VMwre, In. 9

10 3 Configure the NTP Demon (ntpd) options. d In the Nvigtor, lik Mnge, lik the System t, lik Time & dte, nd lik Edit s. In the Edit Time onfigurtion dilog ox, selet the Use Network Time Protool (enle NTP lient) rdio utton, hnge the NTP servie strtup poliy to Strt nd stop with host, nd enter ntp.sfo01.rinpole.lol s the NTP server. Clik Sve to sve these hnges. Strt the servie y liking Ations, hover over NTP servie, nd hoose Strt. Deploy nd Configure the vcenter Server Components for Consolidted SDDC Deploy nd onfigure the vcenter Server nd luster omponents. 1 Deploy the Externl Pltform Servies Controller for Consolidted SDDC The Pltform Servies Controller ontins ommon infrstruture servies suh s vcenter Single Sign-On (SSO), VMwre Certifite Authority (VMCA), liensing, nd server reservtion nd registrtion servies. 2 Join the Pltform Servies Controller to Ative Diretory for Consolidted SDDC After you hve suessfully instlled the Pltform Servies Controller, you must dd the ppline to your Ative Diretory domin. After tht, dd the Ative Diretory domin s n identity soure to vcenter Single Sign-On. When you do, users in the Ative Diretory domin re visile to vcenter Single Sign-On nd n e ssigned permissions to view or mnge SDDC omponents. 3 Reple the Pltform Servies Controller Certifites for Consolidted SDDC You reple the mhine SSL ertifite on the Pltform Servies Controller with ustom ertifite tht is signed y ertifite uthority. 4 Deploy the vcenter Server Instne for Consolidted SDDC You n now instll the vcenter Server ppline nd onfigure liensing nd seurity. 5 Set SDDC Deployment Detils on vcenter Server for Consolidted SDDC Set n identity of your SDDC deployment on vcenter Server in the Consolidted SDDC. You n lso use this identity s lel in tools for utomted SDDC deployment. 6 Reple the vcenter Server Certifites for Consolidted SDDC You reple the mhine SSL ertifite on vcenter Server with ustom ertifite tht is signed y ertifite uthority. 7 Configure the vsphere Cluster for Consolidted SDDC Configure the vsphere luster for the onsolidted SDDC. VMwre, In. 10

11 8 Crete vsphere Distriuted Swith for Consolidted SDDC After dding ll ESXi hosts to the lusters, you rete vsphere Distriuted Swith. You will lso rete port groups to prepre your environment to migrte the vcenter Server instne to the distriuted swith. 9 Crete vsan Disk Groups for Consolidted SDDC vsan disk groups must e reted on eh host tht is ontriuting storge to the vsan dtstore. 10 Enle vsphere HA for Consolidted SDDC Before reting the host profile for the mngement luster, enle vsphere HA for the onsolidted luster. 11 Chnge Advned Options on the ESXi Hosts for Consolidted SDDC Chnge the defult ESX Admins group to hieve greter levels of seurity, nd enle vsan to provision the Virtul Mhine Swp files s thin to sve spe in the vsan dtstore. 12 Mount NFS Storge for Consolidted SDDC You must mount n NFS dtstore where vsphere Dt Protetion will lter e deployed. 13 Crete nd Apply the Host Profile for Consolidted SDDC Host Profiles ensure ll hosts in the luster hve the sme onfigurtion. 14 Set vsan Poliy on Mngement Virtul Mhines for Consolidted SDDC After you pply the host profile to ll the hosts, set the storge poliy of the vcenter Server nd the Pltform Servies Controller to the vsan Defult Storge Poliy. 15 Crete the VM nd Templte Folders for Consolidted SDDC Crete folders to group ojets of the sme type for esier mngement. 16 Crete VM Groups to Define the Strtup Order for Consolidted SDDC VM Groups llow you to define the strtup order of virtul mhines. Strtup orders re used during vsphere HA events suh tht vsphere HA powers on virtul mhines in the orret order. 17 Crete Host Groups to Keep vcenter nd the Pltform Servies Controller on Speifi Hosts for Consolidted SDDC Crete rule tht keeps vcenter Server nd the Pltform Servies Controller on the first four hosts so they re esy to lote in the event of n outtge. Deploy the Externl Pltform Servies Controller for Consolidted SDDC The Pltform Servies Controller ontins ommon infrstruture servies suh s vcenter Single Sign- On (SSO), VMwre Certifite Authority (VMCA), liensing, nd server reservtion nd registrtion servies. 1 Log in to the Windows host tht hs ess to your dt enter s n dministrtor. VMwre, In. 11

12 2 Strt the vcenter Server Appline Instller wizrd. Browse to the vcenter Server Appline ISO file. Open the <dvd-drive>:\vs-ui-instller\win32\instller.exe pplition file. 3 Complete Stge 1 of the vcenter Server Appline Deployment wizrd. d e Clik Instll to strt the instlltion. Clik Next on the Introdution pge. On the End User Liense Agreement pge, selet the I ept the terms of the liense greement hek ox, nd lik Next. On the Selet deployment type pge, lik Pltform Servies Controller nd lik Next. On the Appline deployment trget pge, enter the following settings nd lik Next. ESXi host or vcenter Server nme sfo01w01esx01.sfo01.rinpole.lol HTTPS port 443 User nme Pssword root esxi_root_user_pssword f g In the Certifite Wrning dilog ox, lik Yes to ept the host ertifite. On the Set up ppline VM pge, enter the following settings, nd lik Next. VM nme Root pssword Confirm root pssword sfo01w01ps01 ps_root_pssword ps_root_pssword h i On the Selet dtstore pge, selet Instll on new Virtul SAN dtstore on the trget host, nd lik Next. Confirm t lest one Che tier nd two Cpity tier disks hve een limed, selet Enle Thin Disk Mode, nd lik Next. VMwre, In. 12

13 j On the Configure network settings pge, enter the following settings nd lik Next. Network IP version IP ssignment System nme VM Network IPv4 stti sfo01w01ps01.sfo01.rinpole.lol IP ddress Sunet msk or prefix length Defult gtewy DNS servers , k l On the Redy to omplete stge 1 pge, review the onfigurtion nd lik Finish to strt the deployment. When the deployment ompletes, lik Continue to proeed to seond stge of the instlltion, setting up the Pltform Servies Controller Appline. 4 Complete Stge 2 of the Set Up Pltform Servies Controller Appline wizrd. Clik Next on the Introdution pge. On the Appline onfigurtion pge, enter the following settings nd lik Next. Time synhroniztion mode NTP servers (omm-seprted list) SSH ess Synhronize time with NTP servers ntp.sfo01.rinpole.lol Enled On the SSO onfigurtion pge, enter the following settings, nd lik Next. SSO onfigurtion SSO domin nme SSO pssword Confirm pssword Site nme Crete new SSO domin vsphere.lol sso_pssword sso_pssword SFO01 d e f On the Configure CEIP pge, verify tht the Join the VMwre's Customer Experiene Improvement Progrm (CEIP) hek ox is heked nd lik Next. On the Redy to omplete pge, review the onfigurtion nd lik Finish to omplete the setup. Clik OK on the Wrning dilog ox. VMwre, In. 13

14 Join the Pltform Servies Controller to Ative Diretory for Consolidted SDDC After you hve suessfully instlled the Pltform Servies Controller, you must dd the ppline to your Ative Diretory domin. After tht, dd the Ative Diretory domin s n identity soure to vcenter Single Sign-On. When you do, users in the Ative Diretory domin re visile to vcenter Single Sign-On nd n e ssigned permissions to view or mnge SDDC omponents. 1 Log in to the Pltform Servies Controller dministrtion interfe. Open We rowser nd go to Clik the link for Pltform Servies Controller we interfe. Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Add the Pltform Servies Controller instne to the Ative Diretory domin. In the Nvigtor, lik Appline s, lik the Mnge t, nd lik Join. In the Join Ative Diretory Domin dilog ox, enter the following settings nd lik OK. Domin User nme Pssword sfo01.rinpole.lol d_dmin_t@sfo01.rinpole.lol d_dmin_pssword 3 Reoot the Pltform Servies Controller instne to pply the hnges Clik the Appline settings t, nd lik the VMwre Pltform Servies Appline link. Log in to the VMwre vcenter Server Appline dministrtion interfe with the following redentils. User nme Pssword root ps_root_pssword d e On the Summry pge, lik Reoot. In the System Reoot dilog ox, lik Yes. Wit for the reoot proess to finish. VMwre, In. 14

15 4 After the reoot proess finishes, log in to gin using the following redentils. User nme Pssword vsphere_dmin_pssword 5 Verify tht the Pltform Servies Controller hs suessfully joined the domin, lik Appline s nd lik the Mnge t. 6 Add Ative Diretory s vcenter Single Sign-On identity soure. In the Nvigtor, lik Configurtion nd lik the Identity Soures t. Clik the Add ion to dd new identity soure. In the Add Identity Soure dilog ox, selet the following settings nd lik OK. Identity soure type Domin nme Use mhine ount Ative Diretory (Integrted Windows Authentition) SFO01.RAINPOLE.LOCAL Seleted d e Under Identity Soures, selet the rinpole.lol identity soure nd lik Set s Defult Domin to mke rinpole.lol the defult domin. In the onfirmtion dilog ox, lik Yes. Reple the Pltform Servies Controller Certifites for Consolidted SDDC You reple the mhine SSL ertifite on the Pltform Servies Controller with ustom ertifite tht is signed y ertifite uthority. Tle 2 2. Certifite-Relted Files on Pltform Servies Controller Pltform Servies Controller Certifite File Nme sfo01w01ps01.sfo01.rinpole.lol sfo01w01ps01.sfo01.1.er sfo01w01ps01.sfo01.key Root64.er Prerequisites CA-signed ertifite files generted y using VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlidted Design Plnning nd Preprtion doumenttion. A Windows host with n SSH terminl ess softwre suh s PuTTY nd n sp softwre suh s WinSCP instlled. VMwre, In. 15

16 1 Chnge the Pltform Servies Controller ommnd shell to the Bsh shell to llow seure opy (sp) onnetions. Open n SSH onnetion to sfo01w01ps01.sfo01.rinpole.lol nd log in using the following redentils. Usernme Pssword root ps_root_pssword Run the following ommnds to enle Bsh shell ess for the root user. shell hsh -s "/in/sh" root 2 Copy the generted ertifites to the Pltform Servies Controller. Run the following ommnd to rete new temporry folder. mkdir -p /root/erts Copy the ertifite files sfo01w01ps01.sfo01.1.er, sfo01w01ps01.sfo01.key nd Root64.er to the /root/erts folder. You n use n sp softwre like WinSCP. 3 Reple the ertifite on the Pltform Servies Controller. Strt the vsphere Certifite Mnger utility on the Pltform Servies Controller. /usr/li/vmwre-vm/in/ertifite-mnger d e f g Selet Option 1 (Reple Mhine SSL ertifite with Custom Certifite). Enter the defult vcenter Single Sign-On user nme dministrtor@vsphere.lol nd the vsphere_dmin pssword. Selet Option 2 (Import ustom ertifite(s) nd key(s) to reple existing Mhine SSL ertifite). When prompted for the ustom ertifite, enter /tmp/erts/sfo01w01ps01.sfo01.1.er. When prompted for the ustom key, enter /tmp/erts/sfo01w01ps01.sfo01.key. When prompted for the signing ertifite, enter /tmp/erts/root64.er. h When prompted to ontinue opertion, enter Y. The Pltform Servies Controller servies restrt utomtilly. VMwre, In. 16

17 4 After Certifite Mnger reples the ertifites, run the following ommnds to restrt the vmilighttp servie nd to remove ertifite files. servie vmi-lighttp restrt d /root/erts rm sfo01ps01.1.er sfo01ps01.key Root64.er 5 Verify tht the ertifites hve een updted. Deploy the vcenter Server Instne for Consolidted SDDC You n now instll the vcenter Server ppline nd onfigure liensing nd seurity. 1 Strt the vcenter Server Appline Instller wizrd. Browse to the vcenter Server Appline ISO file. Open the <dvd-drive>:\vs-ui-instller\win32\instller pplition file. 2 Complete the vcenter Server Appline 6.5 Instller wizrd. d e Clik Instll to strt the instlltion. Clik Next on the Introdution pge. On the End User Liense Agreement pge, selet the I ept the terms of the liense greement hek ox nd lik Next. On the Selet deployment type pge, under Externl Pltform Servies Controller, verify tht the vcenter Server(Requires Externl Pltform Servies Controller) rdio utton is seleted, nd lik Next. On the Appline deployment trget pge, enter the following settings nd lik Next. ESXi host or vcenter Server nme sfo01w01esx01.sfo01.rinpole.lol HTTPS port 443 User nme Pssword root esxi_root_pssword f g In the Certifite Wrning dilog ox, lik Yes to ept the host ertifite. On the Set up ppline VM pge, enter the following settings nd lik Next. VM nme Root pssword Confirm root pssword sfo01w01v01 v_root_pssword v_root_pssword VMwre, In. 17

18 h i j On the Selet deployment size pge, selet Smll Deployment size nd lik Next. On the Selet dtstore pge, selet the vsndtstore dtstore, selet the Enle Thin Disk Mode hek ox, enter sfo01-w01d for the Dtenter Nme, sfo01-w01-onsolidted01 for the Cluster Nme, nd lik Next. On the Configure network settings pge, enter the following settings nd lik Next. Network IP version IP ssignment System nme VM Network IPv4 stti sfo01w01v01.sfo01.rinpole.lol IP ddress Sunet msk or prefix length Defult gtewy DNS servers , k l On the Redy to omplete stge 1 pge, review the onfigurtion nd lik Finish to strt the deployment. One the deployment ompletes, lik Continue to proeed to stge 2 of the instlltion. 3 Instll - Stge 2: Complete the Set Up vcenter Server Appline wizrd. Clik Next on the Introdution pge. On the Appline onfigurtion pge, enter the following settings nd lik Next. Time Synhroniztion mode NTP servers (omm-seprted list) SSH ess Synhronize time with NTP servers ntp.sfo01.rinpole.lol Enled On the SSO onfigurtion pge, enter the following settings nd lik Next. Pltform Servies Controller sfo01w01ps01.sfo01.rinpole.lol HTTPS port 443 Single Sign-On domin nme Single Sign-On user nme Single Sign-On pssword vsphere.lol dministrtor vsphere_dmin_pssword d e f On the Redy to omplete pge, review the onfigurtion nd lik Finish. Clik OK on the Wrning dilog ox. One the set up ompletes, lik Close to shut down the wizrd. VMwre, In. 18

19 4 One the ppline hs ompleted reooting, log in to vcenter Server. Open We rowser nd go to Log in using the following redentils. User nme Pssword vsphere_dmin_pssword 5 Add new lienses for this vcenter Server instne nd the ESXi hosts, if needed. d e f Clik the Home ion ove the Nvigtor nd hoose the Administrtion menu item. On the Administrtion pge, lik Lienses nd lik the Lienses t. Clik the Crete New Lienses ion to dd liense keys. On the Enter liense keys pge, enter liense keys for vcenter Server, ESXi nd vsan, one per line nd lik Next. On the Edit liense nme pge, enter desriptive nme for eh liense key nd lik Next. On the Redy to omplete pge, review your entries nd lik Finish. 6 Assign the newly dded lienses to the respetive ssets. Clik the Assets t. Selet the vcenter Server instne, nd lik the Assign Liense ion. Selet the vcenter Server liense tht you entered in the previous step, nd lik OK. 7 Assign the vcenteradmins domin group to the vcenter Server Administrtor role. d e f g h In the Nvigtor, lik Administrtion. In the Administrtion window, lik Glol Permissions. In the Glol Permissions ox, lik the Mnge t, then lik the Add permission utton. In the Glol Permissions Root - Add Permissions window, lik the Add utton. Selet sfo01.rinpole.lol from the Domin drop down list. Enter vcenteradmins in the Serh field nd press Enter. Selet the vcenteradmins group, lik the Add utton, nd then lik OK. Ensure Administrtor is seleted nd the Propgte to Children hek ox is seleted under Assigned Role nd lik OK. VMwre, In. 19

20 Set SDDC Deployment Detils on vcenter Server for Consolidted SDDC Set n identity of your SDDC deployment on vcenter Server in the Consolidted SDDC. You n lso use this identity s lel in tools for utomted SDDC deployment. 1 Log in to the Consolidted vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu of the vsphere We Client, selet Glol Inventory Lists. 3 In the Nvigtor, lik vcenter Servers under Resoures. 4 Clik the sfo01w01v01.sfo01.rinpole.lol vcenter Server ojet nd lik the Configure t in the entrl pne. 5 Under the s pne, lik Advned s nd lik the Edit utton. 6 In the Edit Advned vcenter Server s dilog ox, set the following vlue pirs one y one, liking Add fter eh entry. Nme onfig.sddc.deployed.type onfig.sddc.deployed.flvor VVD Consolidted onfig.sddc.deployed.version onfig.sddc.deployed.method DIY 7 Clik OK to lose the window. Reple the vcenter Server Certifites for Consolidted SDDC You reple the mhine SSL ertifite on vcenter Server with ustom ertifite tht is signed y ertifite uthority. VMwre, In. 20

21 Tle 2 3. Certifite-Relted Files on the vcenter Server Instne vcenter Server FQDN Files for Certifite Replement sfo01w01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.key sfo01w01v01.sfo01.1.er Root64.er Prerequisites CA-signed ertifite files generted y using VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlidted Design Plnning nd Preprtion doumenttion. A Windows host with n SSH terminl ess softwre suh s PuTTY nd n sp softwre suh s WinSCP instlled. 1 Chnge the vcenter Server ppline ommnd shell to the Bsh shell to llow seure opy (sp) onnetions. Open n SSH onnetion to sfo01w01v01.sfo01.rinpole.lol. Log in using the following redentils. User nme Pssword root venter_server_root_pssword Run the following ommnds to enle Bsh shell ess for the root user. shell hsh -s "/in/sh" root 2 Copy the generted ertifites to the vcenter Server Appline. Run the following ommnd to rete new temporry folder. mkdir -p /root/erts Copy the ertifite files sfo01w01v01.1.er, sfo01w01v01.key nd Root64.er to the /root/erts folder. You n use n sp softwre suh s WinSCP. VMwre, In. 21

22 3 Reple the ertifite on the vcenter Server instne. Strt the vsphere Certifite Mnger utility on the vcenter Server instne. /usr/li/vmwre-vm/in/ertifite-mnger d e f g Selet Option 1 (Reple Mhine SSL ertifite with Custom Certifite), enter the defult vcenter Single Sign-On user nme dministrtor@vsphere.lol nd the vsphere_dmin_pssword pssword. When prompted for the Infrstruture Server IP, enter the IP ddress of the Pltform Servies Controller Selet Option 2 (Import ustom ertifite(s) nd key(s) to reple existing Mhine SSL ertifite). When prompted for the ustom ertifite, enter /tmp/erts/sfo01w01v01.sfo01.1.er. When prompted for the ustom key, enter /tmp/erts/sfo01w01v01.sfo01.key. When prompted for the signing ertifite, enter /tmp/erts/root64.er. h When prompted to Continue opertion, enter Y. 4 After Sttus shows 100% Completed, wit severl minutes until ll vcenter Server servies re restrted. 5 Run the following ommnds to restrt the vmi-lighttp servie nd to remove ertifite files. servie vmi-lighttp restrt d /root/erts/ rm sfo01w01v01.1.er sfo01w01v01.key Root64.er Configure the vsphere Cluster for Consolidted SDDC Configure the vsphere luster for the onsolidted SDDC. To onfigure the vsphere luster, you omplete the following onfigurtion tsks: Enle DRS. Enle EVC. Add the hosts to the luster. Add host to the tive diretory domin. Renme the vsan dtstore. Crete, onfigure, nd populte resoure pools. VMwre, In. 22

23 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Enle vsphere DRS. d Expnd the sfo01-w01d Dtenter ojet. Clik the sfo01-w01-onsolidted01 luster ojet then lik the Configure t. Selet the vsphere DRS pge, nd lik Edit. Selet the Turn On vsphere DRS hekox then lik OK. 3 Enle VMwre EVC. Selet the VMwre EVC pge, nd lik Edit. Set EVC mode to the highest ville setting supported for the hosts in the luster, nd lik OK. 4 Add host to the luster. Right-lik the sfo01-w01-onsolidted01 luster, nd lik Add Host. On the Nme nd lotion pge, enter sfo01w01esx01.sfo01.rinpole.lol in the Host nme or IP ddress text ox nd lik Next. On the Connetion settings pge, enter the following redentils nd lik Next. User nme Pssword root esxi_root_user_pssword d e f g h i In the Seurity Alert dilog ox, lik Yes. On the Host summry pge, review the host informtion nd lik Next. On the Assign liense pge, selet the ESXi liense key tht you entered during the vcenter Server deployment nd lik Next. On the Lokdown Mode pge, lik Next. On the Resoure pool pge, lik Next. On the Redy to omplete pge, review your entries nd lik Finish. VMwre, In. 23

24 5 Repet the previous step for the three remining hosts to dd them to the luster. Host 2 Host 3 Host 4 sfo01w01esx02.sfo01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol 6 Add n ESXi host to the tive diretory domin. d e f In the Nvigtor, lik Hosts nd Clusters nd expnd the entire sfo01w01v01.sfo01.rinpole.lol tree. Selet the sfo01w01esx01.sfo01.rinpole.lol host. Clik the Configure t. Under System, selet Authentition Servies. In the Authentition Servies pnel, lik the Join Domin utton. In the Join Domin dilog ox, enter the following settings nd lik OK. Domin Using redentils User nme Pssword sfo01.rinpole.lol Seleted d_dmin_t@sfo01.rinpole.lol d_dmin_pssword 7 Set the Ative Diretory Servie to Strt nd stop with host. d e f In the Nvigtor, lik Hosts nd Clusters nd expnd the entire sfo01w01v01.sfo01.rinpole.lol tree. Selet the sfo01w01esx01.sfo01.rinpole.lol host. Clik the Configure t. Under System, selet Seurity Profile. Clik the Edit utton next to Servies. Selet the Ative Diretory servie nd hnge the Strtup Poliy to Strt nd stop with host nd lik OK. 8 Renme the vsan dtstore. d Selet the sfo01-w01-onsolidted01 luster. Clik the Dtstores t. Selet vsndtstore, nd selet Ations > Renme.. In the Dtstore - Renme dilog ox, enter sfo01-w01-vsn01 s the dtstore nme, nd lik OK. VMwre, In. 24

25 9 Configure resoure pools for the onsolidted luster. Right-lik the sfo01-w01-onsolidted01 luster nd selet New Resoure Pool. In the New Resoure Pool dilog ox, enter the following vlues nd lik OK. Repet for eh of the resoure pools needed. Resoure Pool 1 Resoure Pool 2 Resoure Pool 3 Resoure Pool 4 Nme sfo01-w01rp-sddmgmt sfo01-w01rp-sddedge sfo01-w01rp-useredge sfo01-w01rp-user-vm CPU-Shres High High Norml Norml CPU-Reservtion CPU-Reservtion Type Expndle seleted Expndle seleted Expndle seleted Expndle seleted CPU-Limit Unlimited Unlimited Unlimited Unlimited Memory-Shres Norml Norml Norml Norml Memory-Reservtion 146 GB 17 GB 0 0 Memory-Reservtion Type Expndle seleted Expndle seleted Expndle seleted Expndle seleted Memory-Limit Unlimited Unlimited Unlimited Unlimited 10 Move the vcenter Server nd Pltform Servies Controller to the sfo01-w01rp-sdd-mgmt resoure pool. In the Nvigtor, lik Hosts nd Clusters nd expnd the entire sfo01w01v01.sfo01.rinpole.lol tree. Selet sfo01w01v01 nd drg it to the sfo01-w01rp-sdd-mgmt resoure pool. Selet sfo01w01ps01 nd drg it to the sfo01-w01rp-sdd-mgmt resoure pool. Crete vsphere Distriuted Swith for Consolidted SDDC After dding ll ESXi hosts to the lusters, you rete vsphere Distriuted Swith. You will lso rete port groups to prepre your environment to migrte the vcenter Server instne to the distriuted swith. 1 Login to the vcenter Server y using the vsphere We Client. Open we roswer nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword VMwre, In. 25

26 2 Crete vsphere Distriuted Virtul Swith. d e In the Nvigtor, lik Networking nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Right-lik the sfo01-w01d dtenter, nd selet Distriuted Swith > New Distriuted Swith to strt the New Distriuted Swith wizrd. On the Nme nd lotion pge, enter sfo01-w01-vds01 s the nme nd lik Next. On the Selet version pge, ensure the Distriuted swith: rdio utton is seleted nd lik Next. On the Edit settings pge, enter the following vlues nd lik Next. Numer of uplinks 2 Network I/O Control Crete defult port group Enled Deseleted f On the Redy to omplete pge, review your entries nd lik Finish. 3 Edit the settings of the sfo01-w01-vds01 distriuted swith. Right-lik the sfo01-w01-vds01 distriuted swith, nd selet s > Edit s. Clik the Advned t. Enter 9000 s MTU (Bytes) vlue, nd lik OK. 4 Crete port groups in the sfo01-w01-vds01 distriuted swith for the mngement trffi types. Right-lik the sfo01-w01-vds01 distriuted swith, nd selet Distriuted Port Group > New Distriuted Port Group. Crete port groups with the following settings nd lik Next. Port Group Nme Port Binding VLAN Type VLAN ID sfo01-w01-vds01-mngement Ephemerl - no inding VLAN 1631 sfo01-w01-vds01-mngement-vm Ephemerl - no inding VLAN 1611 sfo01-w01-vds01-vmotion Stti inding VLAN 1632 sfo01-w01-vds01-vsan Stti inding VLAN 1633 sfo01-w01-vds01-uplink01 Stti inding VLAN 1635 sfo01-w01-vds01-uplink02 Stti inding VLAN 2713 Note The port group for VXLAN trffi is utomtilly reted lter during the onfigurtion of the NSX Mnger. d On the Redy to omplete pge, review your entries, nd lik Finish. Repet this step for eh port group. VMwre, In. 26

27 5 Chnge the port groups to use the Route Bsed on Physil NIC Lod teming lgorithm. Right-lik the sfo01-w01-vds01 distriuted swith nd selet Distriuted Port Group > Mnge Distriuted Port Groups. d e On the Selet port group poliies pge, selet Teming nd filover nd lik Next. Clik the Selet distriuted port groups utton, dd ll port groups nd lik Next. On the Teming nd filover pge, selet Route sed on physil NIC lod from the Lod lning drop-down menu nd lik Next. Clik Finish. 6 Connet the ESXi host, sfo01w01esx01.sfo01.rinpole.lol, to the sfo01-w01-vds01 distriuted swith y migrting its VMkernel nd virtul mhine network dpters. d e f g h i Right-lik the sfo01-w01-vds01 distriuted swith, nd lik Add nd Mnge Hosts. On the Selet tsk pge, selet Add hosts nd lik Next. On the Selet hosts pge, lik New hosts. In the Selet new hosts dilog ox, selet sfo01w01esx01.sfo01.rinpole.lol nd lik OK. On the Selet hosts pge, lik Next. On the Selet network dpter tsks pge, ensure tht Mnge physil dpters nd Mnge VMkernel dpters hek oxes re seleted, nd lik Next. On the Mnge physil network dpters pge, lik vmni1 nd lik Assign uplink. In the Selet n Uplink for vmni1 dilog ox, selet Uplink 1 nd lik OK. On the Mnge physil network dpters pge, lik Next. 7 Configure the VMkernel ports. d e f g h i On the Mnge VMkernel network dpters pge, lik vmk0 nd lik Assign port group. Selet sfo01-w01-vds01-mngement nd lik OK. On the Mnge VMkernel network dpters pge, lik On this swith nd lik New dpter. On the Add Networking pge, selet Selet n existing network, rowse to selet the sfo01- w01-vds01-vsan port group, lik OK, nd lik Next. On the Port properties pge, selet the vsan hek ox nd lik Next. On the IPv4 settings pge, selet Use stti IPv4 settings, enter the IP ddress , enter the sunet , nd lik Next. Clik Finish. On the Anlyze impt pge, lik Next. On the Redy to omplete pge, review your entries nd lik Finish. VMwre, In. 27

28 8 Crete the vmotion VMkernel dpter. d e f g h In the Nvigtor, lik Host nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Clik sfo01w01esx01.sfo01.rinpole.lol. Clik the Configure t then selet VMkernel dpters. Clik the Add host networking ion, selet VMkernel Netowrk Adpter, nd lik Next. On the Add Networking pge, selet Selet n existing network, rowse to selet the sfo01- w01-vds01-vmotion port group, lik OK, nd lik Next. On the Port properties pge, selet vmotion from the TCP/IP Stk drop-down menu nd lik Next. On the IPv4 settings pge, selet Use stti IPv4 settings, enter the IP ddress , enter the sunet , nd lik Next. Clik Finish. 9 Configure the MTU on the vmotion VMkernel dpter. Selet the vmotion VMkernel dpter reted in the previous step, nd lik Edit s. Clik the NIC s pge. Enter 9000 for the MTU vlue nd lik OK. 10 Configure the vmotion TCP/IP stk. Clik TCP/IP onfigurtion. Selet vmotion nd lik the Edit ion. Clik Routing nd enter for the VMkernel gtewy nd lik OK. 11 Migrte the Pltform Servies Controller nd vcenter Server instnes from the stndrd swith to the distriuted swith. In the Nvigtor, lik Networking nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Right-lik the sfo01-w01-vds01 distriuted swith nd lik Migrte VM to Another Network. On the Selet soure nd destintion networks pge, rowse the following networks nd lik Next. Soure network Destintion network VM Network sfo01-w01-vds01-mngement-vm d e On the Selet VMs to migrte pge, selet sfo01w01ps01.sfo01.rinpole.lol nd sfo01w01v01.sfo01.rinpole.lol, nd lik Next. On the Redy to omplete pge, review your entries nd lik Finish. VMwre, In. 28

29 12 Define Network I/O Control shres for the different trffi types on the sfo01-w01-vds01 distriuted swith. Clik the sfo01-w01-vds01 distriuted swith, lik the Configure t, nd lik Resoure Allotion > System trffi. Under System Trffi, onfigure eh of the following trffi types with the following vlues. Trffi Type vsan Trffi NFS Trffi vmotion Trffi vsphere Replition (VR) Trffi Mngement Trffi vsphere Dt Protetion Bkup Trffi Virtul Mhine Trffi Fult Tolerne (FT) Trffi iscsi Trffi Physil dpter Shres High Low Low Low Norml Low High Low Low 13 Migrte the lst physil dpter from the stndrd swith to the sfo01-w01-vds01 distriuted swith. d e f g h i j k In the Nvigtor, lik Networking nd expnd the sfo01-w01d dtenter. Right-lik the sfo01-w01-vds01 distriuted swith nd selet Add nd Mnge Hosts. On the Selet tsk pge, selet Mnge host networking, nd lik Next. On the Selet hosts pge, lik Atthed hosts. In the Selet memer hosts dilog ox, selet sfo01w01esx01.sfo01.rinpole.lol, nd lik OK. On the Selet hosts pge, lik Next. On the Selet network dpter tsks pge, selet Mnge physil dpters only, nd lik Next. On the Mnge physil network dpters pge, selet vmni0, nd lik Assign uplink. In the Selet n Uplink for vmni1 dilog ox, selet Uplink 2, nd lik OK, nd lik Next. On the Anlyze Impt pge, lik Next. On the Redy to omplete pge, lik Finish. 14 Enle vsphere Distriuted Swith Helth Chek. d In the Nvigtor, lik Networking nd expnd the sfo01-w01d dtenter. Selet the sfo01-w01-vds01 distriuted swith nd lik the Configure t. In the Nvigtor, selet Helth hek nd lik the Edit utton. Selet Enled for VLAN nd MTU nd Teming nd filover nd lik OK. VMwre, In. 29

30 15 Delete the vsphere Stndrd Swith. d In the Nvigtor, lik on Hosts nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Clik on sfo01w01esx01.sfo01.rinpole.lol nd then lik the Configure t. On the Configure pge, selet Virtul swithes, hoose vswith0, nd then lik on the Remove seleted stndrd swith ion. In the Remove Stndrd Swith dilog ox, lik Yes to onfirm the removl. Crete vsan Disk Groups for Consolidted SDDC vsan disk groups must e reted on eh host tht is ontriuting storge to the vsan dtstore. 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, selet Hosts nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. 3 Clik on the sfo01-w01-onsolidted01 luster nd lik the Configure t. 4 Under vsan, lik Disk Mngement. 5 Clik on sfo01w01esx02.sfo01.rinpole.lol nd lik on the Crete new disk group utton. 6 In the Crete Disk Group window, selet flsh disk for the he tier, two hrd disk drives for the pity tier nd lik OK. 7 Repet steps 5 nd 6 for sfo01w01esx03.sfo01.rinpole.lol nd sfo01w01esx04.sfo01rinpole.lol. 8 Assign liense to vsan. Right lik the sfo01-w01-onsolidted01 luster nd selet Assign Liense. In the sfo01-w01-onsolidted01 - Assign Liense window selet the previously dded VSAN Liense nd lik OK. VMwre, In. 30

31 Enle vsphere HA for Consolidted SDDC Before reting the host profile for the mngement luster, enle vsphere HA for the onsolidted luster. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Hosts nd Clusters. Expnd the sfo01w01v01.sfo01.rinpole.lol inventory. Selet the sfo01-w01-onsolidted01 luster. 3 Clik the Configure t, lik vsphere Avilility, nd lik Edit. 4 In the Edit Cluster s dilog ox, selet the Turn on vsphere HA hek ox. 5 Selet Filures nd Responses nd selet the following vlues from the drop-down menus. Enle Host Monitoring Host Filure Response Response for Host Isoltion Dtstore with PDL Dtstore with APD VM Monitoring Seleted Restrt VMs Power off nd restrt VMs Disled Disled VM Monitoring Only 6 Clik Admission Control. 7 In the Admission Control pge enter following settings. Host filures luster tolertes 1 Define host filover pity y Override lulted filover pity Cluster resoure perentge Deseleted Performne degrdtion VMs tolerte 100% 8 Clik OK. VMwre, In. 31

32 Chnge Advned Options on the ESXi Hosts for Consolidted SDDC Chnge the defult ESX Admins group to hieve greter levels of seurity, nd enle vsan to provision the Virtul Mhine Swp files s thin to sve spe in the vsan dtstore. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Chnge the defult ESX Admins group. d e f In the Nvigtor, lik Hosts nd Clusters. Expnd the entire sfo01w01v01.sfo01.rinpole.lol vcenter inventory tree, nd selet the sfo01w01esx01.sfo01.rinpole.lol host. Clik the Configure t, lik System > Advned System s. Clik the Edit utton. In the filter ox, enter esxadmins nd wit for the serh results. Chnge the vlue of Config.HostAgent.plugins.hostsv.esxAdminsGroup to SDDC-Admins nd lik OK. 3 Provision Virtul Mhine swp files on vsan s thin. d e f In the Nvigtor, lik Hosts nd Clusters. Expnd the entire sfo01w01v01.sfo01.rinpole.lol vcenter inventory tree, nd selet the sfo01w01esx01.sfo01.rinpole.lol host. Clik the Configure t, lik System > Advned System s. Clik the Edit utton. In the filter ox, enter vsn.swp nd wit for the serh results. Chnge the vlue of VSAN.SwpThikProvisionDisled to 1 nd lik OK. VMwre, In. 32

33 4 Disle the SSH wrning nner. d e f In the Nvigtor, lik Hosts nd Clusters. Expnd the entire sfo01w01v01.sfo01.rinpole.lol vcenter inventory tree, nd selet the sfo01w01esx01.sfo01.rinpole.lol host. Clik the Configure t, lik System > Advned System s. Clik the Edit utton. In the Filter serh field, enter ssh nd wit for the serh results. Chnge the vlue of UserVrs.SuppressShellWrning to 1 nd lik OK. Mount NFS Storge for Consolidted SDDC You must mount n NFS dtstore where vsphere Dt Protetion will lter e deployed. 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Host nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. 3 Clik on sfo01w01esx01.sfo01.rinpole.lol. 4 Clik on Dtstores. 5 Clik the Crete New Dtstore ion. 6 On the Lotion pge, lik Next. 7 On the Type pge, selet NFS nd lik Next. 8 On the Selet NFS version pge, selet NFS 3 nd lik Next. 9 On the Nme nd onfigurtion pge, enter the following dtstore informtion nd lik Next. Dtstore Nme Folder sfo01-w01-vdp01 /V2D_vDP_Consolidted_6TB Server On the Redy to omplete pge, review the onfigurtion nd lik Finish. VMwre, In. 33

34 Crete nd Apply the Host Profile for Consolidted SDDC Host Profiles ensure ll hosts in the luster hve the sme onfigurtion. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete Host Profile from sfo01w01esx01.sfo01.rinpole.lol In the Nvigtor, selet Hosts nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Right-lik the ESXi host sfo01w01esx01.sfo01.rinpole.lol nd hoose Host Profiles > Extrt Host Profile. d In the Extrt Host Profile window, enter sfo01-w01-onsolidted01 for the Nme nd lik Next. In the Redy to omplete pge, lik Finish. 3 Atth the Host Profile to the onsolidted luster. In the Nvigtor, selet Hosts nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. Right-lik on the sfo01-w01-onsolidted01 luster nd hoose Host Profiles > Atth Host Profile. In the Atth Host Profile window, lik the sfo01-w01-onsolidted01 Host Profile, selet the Skip Host Customiztion hekox nd lik Finish. 4 Crete host ustomiztion profile for the hosts in the onsolidted luster. d e In the Nvigtor, selet Poliies nd Profiles. Clik Host Profiles, then right lik sfo01-w01-onsolidted01 nd hoose Export Host Customiztions. Clik Sve. Choose file lotion to sve the sfo01-w01-onsolidted01_host_ustomiztions.sv file. Open the sfo01-w01-onsolidted01_host_ustomiztions.sv in Exel. VMwre, In. 34

35 f Edit the Exel file to inlude the following vlues. NetStk Instne defulttpipstk- ESXi Host Ative Diretory Configurtion Pssword Ative Diretory Configurtion Usernme >DNS onfigurtion Nme for this host sfo01w01esx01.sfo01.rinpole.lol d_dmin_pssword sfo01w01esx01 sfo01w01esx02.sfo01.rinpole.lol d_dmin_pssword sfo01w01esx02 sfo01w01esx03.sfo01.rinpole.lol d_dmin_pssword sfo01w01esx03 sfo01w01esx04.sfo01.rinpole.lol d_dmin_pssword sfo01w01esx04 NetStk Instne vmotion->dns onfigurtion ESXi Host sfo01w01esx01.sfo01.rinpole.lol sfo01w01esx02.sfo01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol Nme for this host sfo01w01esx01 sfo01w01esx02 sfo01w01esx03 sfo01w01esx04 ESXi Host Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01- Mngement:mngement->IP ddress settings Host IPv4 ddress Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01- mngement:mngement->ip ddress settings SunetMsk sfo01w01esx01.sfo01.rinpole.lol sfo01w01esx02.sfo01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol ESXi Host Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01-vsan:vsn- >IP ddress settings Host IPv4 ddress Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01-vsan:vsn- >IP ddress settings SunetMsk sfo01w01esx01.sfo01.rinpole.lol sfo01w01esx02.sfo01.rinpole.lol VMwre, In. 35

36 ESXi Host Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01-vsan:vsn- >IP ddress settings Host IPv4 ddress Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01-vsan:vsn- >IP ddress settings SunetMsk sfo01w01esx03.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol ESXi Host Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01- vmotion:vmotion->ip ddress settings Host IPv4 ddress Host virtul NIC sfo01-w01- vds01:sfo01-w01-vds01- vmotion:vmotion->ip ddress settings SunetMsk sfo01w01esx01.sfo01.rinpole.lol sfo01w01esx02.sfo01.rinpole.lol sfo01w01esx03.sfo01.rinpole.lol sfo01w01esx04.sfo01.rinpole.lol g h i j k When you hve updted the Exel file, sve it in the CSV file formt nd lose Exel. Clik sfo01-w01-onsolidted01 nd selet the Configure t. Clik the Edit Host Customiztions utton. In the Edit Host Customiztions window selet ll hosts nd lik Next. Clik the Browse utton to use ustomiztion file, lote the sfo01-w01- onsolidted01_host_ustomiztions.sv file sved erlier nd selet it nd lik Open then lik Finish. 5 Remedite the hosts in the onsolidted luster. d e Clik the Monitor t nd lik Compline. Selet sfo01-w01-onsolidted01 nd lik the Chek Host Profile Compline utton. Selet sfo01w01esx02.sfo01.rinpole.lol, lik the Remedite host sed on its host profile utton, nd lik Finish on the Redy to omplete window. Selet sfo01w01esx03.sfo01.rinpole.lol, lik the Remedite host sed on its host profile utton, nd lik Finish on the Redy to omplete window. Selet sfo01w01esx04.sfo01.rinpole.lol, lik the Remedite host sed on its host profile utton, nd lik Finish on the Redy to omplete window. 6 Verify the Host Compline. Clik the Monitor t nd lik Compline. Selet sfo01-w01-onsolidted01 nd lik the Chek Host Profile Compline utton. All hosts should show Complint sttus in the Host Compline olumn. VMwre, In. 36

37 7 Shedule nightly ompline heks. d e f g On the Poliies nd Profiles pge, lik sfo01-w01-onsolidted01, lik the Monitor t, nd then lik the Sheduled Tsks sut. Clik Shedule New Tsk then lik Chek Host Profile Compline. In the Chek Host Profile Compline (sheduled) window lik Sheduling Options. Enter sfo01-w01-onsolidted01 ompline Chek in the Tsk Nme field. Clik the Chnge utton on the Configured Sheduler line. In the Configure Sheduler window selet Setup reurring shedule for this tion nd hnge the Strt time to 10:00 PM nd lik OK. Clik OK in the Chek Host Profile Compline (sheduled) window. Set vsan Poliy on Mngement Virtul Mhines for Consolidted SDDC After you pply the host profile to ll the hosts, set the storge poliy of the vcenter Server nd the Pltform Servies Controller to the vsan Defult Storge Poliy. Set the Pltform Servies Controller nd vcenter Server pplines to the defult vsan storge poliy. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Hosts nd Clusters. 3 Expnd the sfo01w01v01.sfo01.rinpole.lol tree. 4 Selet the sfo01w01v01 virtul mhine. d Clik the Configure t, lik Poliies, nd lik Edit VM Storge Poliies. In the sfo01w01v01:mnge VM Storge Poliies dilog ox, from the VM storge poliy drop down menu, selet vsan Defult Storge Poliy, nd lik Apply to ll. Clik OK to pply the hnges. Verify tht the Compline Sttus olumn shows Complint sttus for ll items in the tle. VMwre, In. 37

38 5 Selet the sfo01w01ps01 virtul mhine. d Clik the Configure t, lik Poliies, nd lik Edit VM Storge Poliies. In the sfo01w01ps01:mnge VM Storge Poliies dilog ox, from the VM storge poliy drop down menu, selet vsan Defult Storge Poliy, nd lik Apply to ll. Clik OK to pply the hnges. Verify tht the Compline Sttus olumn shows Complint sttus for ll items in the tle. Crete the VM nd Templte Folders for Consolidted SDDC Crete folders to group ojets of the sme type for esier mngement. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Crete folders for the mngement pplitions. In the Nvigtor, lik VMs nd Templtes. Expnd the sfo01w01v01.rinpole.lol tree. Right-lik the sfo01-w01d dt enter, nd selet New Folder > New VM nd Templte Folder. VMwre, In. 38

39 d e In the New Folder dilog ox enter sfo01-w01fd-mgmt s the nme to lel the folder, nd lik OK. Repet this step to rete the remining folders. Mngement Applitions vcenter Server Appline + Pltform Servies Controller + Updte Mnger Downlod Servie vrelize Log Insight vrelize Automtion nd vrelize Business vrelize Automtion (Proxy Agent) + vrelize Business (Dt Colletor) vrelize Opertions Mnger vrelize Opertions Mnger (Remote Colletors) NSX Mnger + Controllers + Edges vsphere Dt Protetion Folder sfo01-w01fd-mgmt sfo01-w01fd-vrli sfo01-w01fd-vr sfo01-w01fd-vris sfo01-w01fd-vrops sfo01-w01fd-vropsr sfo01-w01fd-nsx sfo01-w01fd-dr 3 Move the vcenter Server nd Pltform Servies Controller virtul mhines to the sfo01-w01fd-mgmt folder. d In the Nvigtor, lik VMs nd Templtes. Expnd the sfo01w01v01.sfo01.rinpole.lol tree. Expnd the Disovered Virtul Mhines folder. Drg sfo01w01v01 nd sfo01w01ps01 to the sfo01-w01fd-mgmt folder. 4 Delete the Disovered Virtul Mhines folder. In the Nvigtor, lik VMs nd Templtes. Expnd the sfo01w01v01.sfo01.rinpole.lol tree. Right lik the Disovered Virtul Mhines folder nd hoose Remove from Inventory. Crete VM Groups to Define the Strtup Order for Consolidted SDDC VM Groups llow you to define the strtup order of virtul mhines. Strtup orders re used during vsphere HA events suh tht vsphere HA powers on virtul mhines in the orret order. VMwre, In. 39

40 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, selet Host nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. 3 Crete VM Group for the Pltform Servies Controller. d e Selet the sfo01-w01-onsolidted01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Groups. On the VM/Host Groups pge, lik the Add utton. In the Crete VM/Host Group dilog, enter Pltform Servies Controllers in the Nme field, selet VM Group from the Type drop down, nd lik the Add utton. In the Add VM/Host Group Memer dilog, selet sfo01w01ps01 nd lik OK. 4 Crete VM Group for the vcenter Server virtul mhine. d e Selet the sfo01-w01-onsolidted01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Groups. On the VM/Host Groups pge, lik the Add utton. In the Crete VM/Host Group dilog, enter vcenter Servers in the Nme field, selet VM Group from the Type drop down, nd lik the Add utton. In the Add VM/Host Group Memer dilog, selet sfo01w01v01 nd lik OK. 5 Crete Rule to power on the Pltform Servies Controllers followed y the vcenter Servers. d e f Selet the sfo01-w01-onsolidted01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Rules. On the VM/Host Rules pge, lik the Add utton. In the Crete VM/Host Rule dilog, enter SDDC Mngement Virtul Mhines in the Nme field, ensure the Enle rule hek ox is seleted, selet Virtul Mhines to Virtul Mhines from the Type drop down. Selet Pltform Servies Controllers from the First restrt VMs in VM group drop down. Selet vcenter Servers from the Then restrt VMs in VM group nd lik OK. VMwre, In. 40

41 Crete Host Groups to Keep vcenter nd the Pltform Servies Controller on Speifi Hosts for Consolidted SDDC Crete rule tht keeps vcenter Server nd the Pltform Servies Controller on the first four hosts so they re esy to lote in the event of n outtge. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, selet Host nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. 3 Crete Host Group ontining the first four hosts in the luster. d e Selet the sfo01-w01-onsolidted01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Groups. On the VM/Host Groups pge, lik the Add utton. In the Crete VM/Host Group dilog, enter vcenter nd PSC Host Group in the Nme field, selet Host Group from the Type drop down, nd lik the Add utton. In the Add VM/Host Group Memer dilog, selet sfo01w01esx01.sfo01.rinpole.lol, sfo01w01esx02.sfo01.rinpole.lol, sfo01w01esx03.sfo01.rinpole.lol, nd sfo01w01esx04.sfo01.rinpole.lol nd lik OK. 4 Crete rule to run the Pltform Servies Controller on the hosts in the vcenter nd PSC Host Group. d e f g Selet the sfo01-w01-onsolidted01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Rules. On the VM/Host Rules pge, lik the Add utton. In the Crete VM/Host Rule dilog, enter host-group-rule-ps in the Nme field, ensure the Enle rule hek ox is seleted, selet Virtul Mhines to Hosts from the Type drop down. Selet Pltform Servies Controllers from the VM group drop down. Selet Should run on hosts in group. Selet vcenter nd PSC Host Group from the Host Group drop down, nd lik OK. VMwre, In. 41

42 5 Crete rule to run the vcenter Server on the hosts in the vcenter nd PSC Host Group. d e f g Selet the sfo01-w01-onsolidted01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Rules. On the VM/Host Rules pge, lik the Add utton. In the Crete VM/Host Rule dilog, enter host-group-rule-v in the Nme field, ensure the Enle rule hek ox is seleted, selet Virtul Mhines to Hosts from the Type drop down. Selet vcenter Servers from the VM group drop down. Selet Should run on hosts in group. Selet vcenter nd PSC Host Group from the Host Group drop down, nd lik OK. Deploy nd Configure Components in the NSX Instne of the Consolidted SDDC Deploy nd onfigure the NSX instne for the onsolidted luster in your onsolidted SDDC deployment. 1 Deploy the NSX Mnger for Consolidted SDDC For this onsolidted SDDC implementtion, NSX Mnger nd vcenter Server hve one-to-one reltionship. For every instne of NSX Mnger, there is one onneted vcenter Server. 2 Assign Liensing for NSX Instne for Consolidted SDDC Assign liensing for the NSX instne in your onsolidted SDDC lotion. 3 Deploy the NSX Controllers for the NSX Instne for Consolidted SDDC After the NSX Mnger is suessfully onneted to the vcenter Server, you must deploy the three NSX Controller nodes tht form the NSX Controller luster. You must deploy every node only fter the previous one is suessfully deployed. 4 Prepre the ESXi Hosts in the Consolidted Cluster for NSX for Consolidted SDDC NSX kernel modules pkged in VIB files run within the hypervisor kernel, nd provide servies suh s distriuted routing, distriuted firewll, nd VXLAN ridging pilities. To use NSX, you must instll the NSX kernel modules on the ESXi hosts in the onsolidted luster. 5 Configure the NSX Logil Network for the Consolidted Cluster for Consolidted SDDC After ll the deployment tsks re redy, you n onfigure the NSX logil network for use with your mngement nd worklod onsolidtion deployment. 6 Updte the Host Profile for the Consolidted Cluster for Consolidted SDDC When n uthorized hnge is mde to host, the host profile must e updted to reflet the hnges. VMwre, In. 42

43 7 Configure NSX Dynmi Routing for Consolidted SDDC NSX for vsphere retes network virtuliztion lyer on top of whih ll virtul networks re reted. This lyer is n strtion etween the physil nd virtul networks. You onfigure NSX dynmi routing within the onsolidted luster, deploying two NSX Edge devies nd onfigure Universl Distriuted Logil Router (UDLR). 8 Distriuted Firewll Configurtion for Consolidted SDDC You define expliit rules for the distriuted firewll whih llows ess to mngement pplitions nd worklods in the onsolidted luster. 9 Test the Consolidted Cluster NSX Configurtion for Consolidted SDDC Test the onfigurtion of the NSX logil network using ping test. A ping test heks if two hosts in network n reh eh other over the network. 10 Deploy Applition Virtul Networks for Consolidted SDDC Deploy the pplition virtul networks for your mngement nd worklod onsolidtion deployment. 11 Deploy the NSX Lod Blner for Consolidted SDDC Deploy lod lner for use y the mngement pplitions onneted to the pplition virtul network, Mgmt-xRegion01-VXLAN Deploy the NSX Mnger for Consolidted SDDC For this onsolidted SDDC implementtion, NSX Mnger nd vcenter Server hve one-to-one reltionship. For every instne of NSX Mnger, there is one onneted vcenter Server. To deploy the NSX Mnger virtul ppline for the onsolidted SDDC, you first ssign domin servie ount whih NSX uses s the vcenter Server Administrtor role. You then deploy the NSX Mnger virtul ppline for the onsolidted SDDC. After you deploy the NSX Mnger, you onnet it to the vcenter Server instne. Assign n NSX Domin Servie Aount nd Deploy the NSX Mnger Appline for Consolidted SDDC Assign domin servie ount for use y NSX to ess the vcenter Server Administrtor role. Deploy the NSX Mnger ppline from the OVF file to the sfo01-w01rp-sdd-mgmt resoure pool. VMwre, In. 43

44 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik the Home ion nd hoose Administrtion. Clik Glol Permissions. 3 Clik Mnge t nd lik the Add ion. 4 In the Glol Permission Root - Add Permission dilog ox, lik Add. 5 In the Selet Users/Groups dilog ox, selet rinpole.lol from the Domin drop-down menu. 6 In the Serh ox, enter sv-nsxmnger nd press Enter. 7 Selet sv-nsxmnger nd lik Add. Press OK to return to the Glol Permission Root - Add Permission window. 8 Clik OK to give the sv-nsxmnger ount vcenter Administrtive privileges. 9 Clik the Home ion nd hoose Hosts nd Clusters to return to tht pge in the Nvigtor. 10 In the Nvigtor pne, expnd the sfo01w01v01.sfo01.rinpole.lol ontrol tree. 11 Expnd the sfo01-w01-onsolidted01 luster. 12 Right-lik the sfo01-w01rp-sdd-mgmt resoure pool nd lik Deploy OVF Templte. 13 On the Selet templte pge, lik the Browse utton, selet the VMwre NSX Mnger.ov file, nd lik Next. 14 On the Selet nme nd lotion pge, enter the following settings, nd lik Next. Nme Selet dtenter or folder sfo01w01nsx01 sfo01-w01fd-nsx 15 On the Selet resoure pge, selet the following vlues, nd lik Next. Cluster Resoure Pool sfo01-w01-onsolidted01 sfo01-w01rp-sdd-mgmt 16 On the Review detils pge, lik Next. 17 On the Aept liense greements pge, lik Aept nd lik Next. VMwre, In. 44

45 18 On the Selet storge pge, enter the following settings, nd lik Next. Selet virtul disk formt VM storge poliy Dtstore Thin provision vsan Defult Storge Poliy sfo01-w01-vsn01 19 On the Setup networks pge, under Destintion Network, selet sfo01-w01-vds01-mngmentvm nd lik Next. 20 On the Customize templte pge, expnd ll options, enter the following settings, nd lik Next. DNS Server List , Domin Serh List sfo01.rinpole.lol Defult IPv4 Gtewy Hostnme sfo01w01nsx01.sfo01.rinpole.lol Network 1 IPv4 Address Network 1 Netmsk Enle SSH NTP Server List CLI "dmin" User Pssword / enter CLI "dmin" User Pssword / onfirm CLI Privilege Mode Pssword / enter CLI Privilege Mode Pssword / onfirm Seleted ntp.sfo01.rinpole.lol sfo01nsx_dmin_pssword sfo01nsx_dmin_pssword sfo01nsx_privilege_pssword sfo01nsx_privilege_pssword 21 On the Redy to Complete pge, lik Finish. 22 In the Nvigtor, expnd the sfo01w01v01.sfo01.rinpole.lol ontrol tree, selet the virtul mhine sfo01w01nsx01, nd lik the Power on utton. Reple the NSX Mnger Certifite for Consolidted SDDC After you instll NSX Mnger, you reple its ertifite with CA-signed ertifite. You generte ertifites for the SDDC mngement omponents on Windows host y using VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD). Tle 2 4. Certifite-Relted Files on the NSX Mnger Instne NSX Mnger FQDN Certifite File Nme Replement Time sfo01w01nsx01.sfo01.rinpole.lol sfo01w01nsx01.sfo01.4.p12 from the utomtion genertion. Right fter deployment of the NSX Mnger instne. VMwre, In. 45

46 1 On the Windows host tht hs ess to the dt enter nd ontins the generted ertifites, log in to the NSX Mnger We interfe. Open We Browser nd go to following URL Log in using the following redentils. User nme Pssword dmin nsx_mnger_dmin_pssword 2 Clik the Mnge Appline s utton. 3 On the Mnge t, lik SSL Certifites nd lik Uplod PKCS#12 Keystore. 4 Browse to the ertifite hin file sfo01w01nsx01.sfo01.4.p12, provide the keystore pssword or pssphrse nd lik Import. 5 In the right orner of the NSX Mnger user interfe, lik the s ion. 6 From the drop-down menu, selet Reoot Appline. The NSX Mnger restrts, whih in turn propgtes the CA-signed ertifite. Connet NSX Mnger to the vcenter Server for Consolidted SDDC After you deploy the NSX Mnger nd reple its ertifite, onnet the NSX Mnger to the vcenter Server. 1 Connet the NSX Mnger to the vcenter Server for the onsolidted SDDC luster. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin nsx_mnger_dmin_pssword 2 Clik Mnge vcenter Registrtion. 3 Under Lookup Servie URL, lik the Edit utton. 4 In the Lookup Servie URL dilog ox, enter the following settings, nd lik OK. Lookup Servie Host sfo01w01ps01.sfo01.rinpole.lol Lookup Servie Port 443 VMwre, In. 46

47 SSO Administrtor User Nme Pssword vsphere_dmin_pssword 5 In the Trust Certifite? dilog ox, lik Yes. 6 Under vcenter Server, lik the Edit utton. 7 In the vcenter Server dilog ox, enter the following settings nd lik OK. vcenter Server vcenter User Nme Pssword sfo01w01v01.sfo01.rinpole.lol sv-nsxmnger@rinpole.lol sv-nsxmnger_pssword 8 In the Trust Certifite? dilog ox, lik Yes. 9 Wit for the Sttus inditors for the Lookup Servie nd vcenter Server to hnge to Conneted sttus. Assign Administrtive Aess to NSX for Consolidted SDDC Assign the dministrtor@vsphere.lol ount ess to NSX for your onsolidted SDDC deployment. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword sv-nsxmnger@rinpole.lol sv-nsxmnger_pssword 2 In the Nvigtor, lik Networking & Seurity nd lik NSX Mngers. 3 Under NSX Mngers, lik the instne. 4 Clik the Mnge t, lik Users nd lik the Add ion. 5 On the Identify User pge, enter dministrtor@vsphere.lol in the User text filed nd lik Next. 6 On the Selet Roles pge, selet the Enterprise Administrtor rdio utton nd lik Finish. Assign Liensing for NSX Instne for Consolidted SDDC Assign liensing for the NSX instne in your onsolidted SDDC lotion. VMwre, In. 47

48 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. s User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Add new lienses for this NSX instne. d e f g Clik the Home ion ove the Nvigtor nd hoose the Administrtion menu item. On the Administrtion pge, under Liensing nd selet Lienses. Under Lienses, lik on the Lienses t. Clik the Crete New Lienses ion to dd liense keys. On the Enter liense keys pge, enter liense keys for NSX, nd lik Next. On the Edit liense nme pge, enter Liense nme nd lik Next. On the Redy to omplete pge, review your entries nd lik Finish. 3 Assign the new liense to NSX. d e Clik the Home ion ove the Nvigtor nd hoose the Administrtion menu item. On the Administrtion pge, under Liensing nd selet Lienses. Under Lienses, lik on the Assets t then lik the Solutions t. Selet NSX for vsphere nd lik the Assign Liense ion. On the NSX for vsphere - Assign Liense pge selet the liense reted in step 2 nd lik OK. Deploy the NSX Controllers for the NSX Instne for Consolidted SDDC After the NSX Mnger is suessfully onneted to the vcenter Server, you must deploy the three NSX Controller nodes tht form the NSX Controller luster. You must deploy every node only fter the previous one is suessfully deployed. VMwre, In. 48

49 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Promote the NSX Mnger to the primry role. d e Under Inventories, lik Networking & Seurity. In the Nvigtor, lik Instlltion. On the Mngement t, lik the instne. Clik the Ations menu nd lik Assign Primry Role. In the Assign Primry Role onfirmtion dilog ox, lik Yes. 3 Configure n IP pool for the NSX Controller luster d e Clik the Home ion nd hoose Networking & Seurity. In the Nvigtor, lik NSX Mngers. Under NSX Mngers, lik the instne. Clik the Mnge t, lik Grouping Ojets, lik IP Pools, nd lik the Add New IP Pool ion. In the Add Stti IP Pool dilog ox, enter the following settings nd lik OK. Nme sfo01w01-nsx01 Gtewy Prefix Length 24 Primry DNS Seondry DNS DNS Suffix sfo01.rinpole.lol Stti IP Pool Deploy the NSX Controller luster. In the Nvigtor, lik the Home ion nd hoose Networking & Seurity to go k, then lik Instlltion. VMwre, In. 49

50 On the Mngement t, under NSX Controller nodes, lik the Add ion to deploy three NSX Controller nodes with the sme onfigurtion. In the Add Controller pge, enter the following settings nd lik OK.You onfigure pssword only during the deployment of the first ontroller. The other ontrollers will use the sme pssword. Nme nsx-ontroller-w01-01 NSX Mnger Dtenter Cluster/Resoure Pool Dtstore Folder Conneted To IP Pool Pssword Confirm Pssword sfo01-w01d sfo01-w01rp-sdd-edge sfo01-w01-vsn01 sfo01-w01fd-nsx sfo01-w01-vds01-mngement sfo01w01-nsx01 sfonsx_ontrollers_pssword sfonsx_ontrollers_pssword d When the sttus of the ontroller node hnges to Conneted, repet the step nd deploy the two remining NSX Controller nodes in the ontroller luster using the sme onfigurtion, inrementing the nme y 1 eh time. 5 Configure DRS ffinity rules for the NSX Controller nodes. d e f Return to the Home pge. In the Nvigtor, lik Hosts nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree ontrol. Selet the sfo01-w01-onsoldted01 luster, nd lik the Configure t. Under Configurtion lik VM/Host Rules. Clik Add. In the sfo01-w01-onsolidted01 - Crete VM/Host Rule dilog ox, enter the following settings nd lik Add. Nme Enle rule Type nti-ffinity-rule-nsx Seleted Seprte Virtul Mhine g h In the Add Rule Memer dilog ox, selet the hek ox next to eh of the three NSX Controller virtul mhines nd lik OK. In the sfo01-w01-onsolidted01 - Crete VM/Host Rule dilog ox, lik OK. VMwre, In. 50

51 Prepre the ESXi Hosts in the Consolidted Cluster for NSX for Consolidted SDDC NSX kernel modules pkged in VIB files run within the hypervisor kernel, nd provide servies suh s distriuted routing, distriuted firewll, nd VXLAN ridging pilities. To use NSX, you must instll the NSX kernel modules on the ESXi hosts in the onsolidted luster. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik the Home ion nd hoose Networking & Seurity. 3 Clik Instlltion nd lik the Host Preprtion t. 4 Selet from the NSX Mnger drop-down menu. 5 Under Instlltion Sttus, selet sfo01-w01-onsolidted01 luster, lik Ations nd Instll. Clik Yes in the onfirmtion dilog ox.. 6 Expnd sfo01-w01-onsolidted01 luster. Verify tht the Instlltion Sttus olumn displys the NSX version for ll hosts in the luster, onfirming tht you hve suessfully instlled the NSX kernel modules. Configure the NSX Logil Network for the Consolidted Cluster for Consolidted SDDC After ll the deployment tsks re redy, you n onfigure the NSX logil network for use with your mngement nd worklod onsolidtion deployment. To onfigure the NSX logil network, perform the following tsks: Configure the Segment ID llotion. Configure the VXLAN networking. Configure the Trnsport Zone. VMwre, In. 51

52 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Configure the Segment ID llotion. d In the Nvigtor, lik the Home ion nd hoose Networking & Seurity. Clik Instlltion, lik the Logil Network Preprtion t, nd lik Segment ID. Selet from the NSX Mnger drop-down menu. Clik Edit, enter the following vlues, nd lik OK. Segment ID pool Enle Multist ddressing Seleted Multist ddresses Universl Segment ID Pool Enle Universl Multist ddressing Seleted Universl Multist ddresses Configure the VXLAN networking. Clik the Host Preprtion t. Under VXLAN, lik Not Configured, enter the following vlues, nd lik OK. Swith sfo01-w01-vds01 VLAN 1634 MTU 9000 VMKNi IP Addressing VMKNi Teming Poliy Use DHCP Lod Blne - SRCID VTEP 2 VMwre, In. 52

53 4 Configure the trnsport zone. On the Instlltion pge, lik the Logil Network Preprtion t nd lik Trnsport Zones. Clik the Add New Trnsport zone ion. In the New Trnsport Zone dilog ox, enter the following settings nd lik OK. Mrk this Ojet for Universl Synhroniztion Nme Replition mode Selet lusters tht will e prt of the Trnsport Zone Seleted SFO01W01 Universl Trnsport Zone Hyrid sfo01-w01-onsolidted01 5 Enle CDO mode. d On the Instlltion pge, lik the Logil Network Preprtion t nd lik Trnsport Zones. Selet the Trnsport zone SFO01W01 Universl Trnsport Zone. In the Ations, selet Enle CDO mode. Selet Yes to enle CDO mode of SFO01W01 Universl Trnsport Zone. Updte the Host Profile for the Consolidted Cluster for Consolidted SDDC When n uthorized hnge is mde to host, the host profile must e updted to reflet the hnges. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Updte the host profile for the mngement luster. In the Nvigtor, lik the Home ion nd selet Poliies nd Profiles. Clik Host Profiles, right lik sfo01-w01-onsolidted01, nd selet Copy settings from Host. Selet sfo01w01esx01.rinpole.lol nd lik OK. VMwre, In. 53

54 3 Verify ompline for the hosts in the mngement luster. Clik the Monitor t nd lik Compline. Selet sfo01-w01-onsolidted01 nd lik the Chek Host Profile Compline utton. All hosts must disply Host Compline sttus of Complint. Configure NSX Dynmi Routing for Consolidted SDDC NSX for vsphere retes network virtuliztion lyer on top of whih ll virtul networks re reted. This lyer is n strtion etween the physil nd virtul networks. You onfigure NSX dynmi routing within the onsolidted luster, deploying two NSX Edge devies nd onfigure Universl Distriuted Logil Router (UDLR). 1 Crete Logil Swith for use s the Trnsit Network for Consolidted SDDC Crete Logil Swith for use s the trnsit network. 2 Deploy NSX Edge Devies for North-South Routing for Consolidted SDDC 3 Disle the Firewll Servie in ECMP Edges for Consolidted SDDC Disle the firewll of the NSX Edge devies. This is required for equl-ost multi-pth (ECMP) to operte orretly. 4 Enle nd Configure BGP Routing for Consolidted SDDC The Border Gtewy Protool (BGP) is protool for exhnging routing informtion etween gtewy hosts (eh with its own router) in network of utonomous systems (AS). 5 Verify Peering of Upstrem Swithes nd Estlishment of BGP for Consolidted SDDC The NSX Edge devies need to estlish onnetion to eh of the upstrem BGP swithes efore BGP updtes n e exhnged. Verify tht the NSX Edges devies re suessfully peering, nd tht BGP routing hs een estlished. 6 Deploy the Universl Distriuted Logil Router for Consolidted SDDC 7 Configure Universl Distriuted Logil Router for Dynmi Routing for Consolidted SDDC Configure the Universl distriuted logil router (UDLR) to use dynmi routing in mngement nd worklod onsolidtion. 8 Verify Estlishment of BGP for the Universl Distriuted Logil Router for Consolidted SDDC Verify tht the UDLR is suessfully peering, nd tht BGP routing hs een estlished. Crete Logil Swith for use s the Trnsit Network for Consolidted SDDC Crete Logil Swith for use s the trnsit network. VMwre, In. 54

55 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik the Home ion nd hoose Networking & Seurity. 3 In the Nvigtor, lik Logil Swithes. 4 Selet the NSX Mnger instne lelled Clik the Add ion. The New Logil Swith dilogue ox ppers. 6 In the New Logil Swith dilogue ox, enter the following settings nd lik OK. Nme Trnsport Zone Replition Mode Enle IP Disovery Enle MAC Lerning SFO01W01 Universl Trnsit Network SFO01W01 Universl Trnsport Zone Hyrid Cheked Unheked Deploy NSX Edge Devies for North-South Routing for Consolidted SDDC Perform this proedure twie to deploy two identil NSX Edge devies. Enter the nme nd IP ddresses for the respetive devie using the vlues shown in the tles. NSX Edge Devie NSX Edge Devie 1 NSX Edge Devie 2 Devie Nme sfo01w01esg01 sfo01w01esg02 Interfe Primry IP Address sfo01w01esg01 Primry IP Address sfo01w01esg02 Uplink Uplink sfo01w01udlr VMwre, In. 55

56 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. s User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Clik the Add ion to deploy new NSX Edge. The New NSX Edge wizrd ppers. On the Nme nd desription pge, enter the following settings nd lik Next. s Instll Type Nme Deploy NSX Edge Enle High Avilility Edge Servie Gtewy sfo01w01esg01 Seleted Deseleted On the s pge, enter the following settings nd lik Next. s User Nme Pssword Enle SSH ess Enle FIPS mode Enle uto rule genertion Edge Control Level logging dmin edge_dmin_pssword Seleted Deseleted Seleted INFO On the Configure deployment pge, selet the Lrge rdio utton to speify the Appline Size nd lik the Add ion. The Add NSX Edge Appline dilog ox ppers. VMwre, In. 56

57 d In the Add NSX Edge Appline dilog ox, enter the following settings, lik OK, nd lik Next. Cluster/Resoure Pool Dtstore Folder sfo01-w01rp-sdd-edge sfo01-w01-vsn01 sfo01-w01fd-nsx e On the Configure Interfes pge, lik the Add ion to onfigure the Uplink01 interfe, enter the following settings, nd lik OK. Nme Type Conneted To Connetivity Sttus Uplink01 Uplink sfo01-w01-vds01-uplink01 Conneted Primry IP Address Sunet Prefix Length 24 MTU 9000 Send ICMP Rediret Seleted f Clik the Add ion one gin to onfigure the Uplink02 interfe, enter the following settings, nd lik OK. Nme Type Conneted To Connetivity Sttus Uplink02 Uplink sfo01-w01-vds01-uplink02 Conneted Primry IP Address Sunet Prefix Length 24 MTU 9000 Send ICMP Rediret Seleted VMwre, In. 57

58 g Clik the Add ion third time to onfigure the UDLR interfe, enter the following settings, lik OK, nd lik Next. Nme Type Conneted To Connetivity Sttus sfo01w01udlr01 Internl SFO01W01 Universl Trnsit Network Conneted Primry IP Address Sunet Prefix Length 24 MTU 9000 Send ICMP Rediret Seleted h i j On the Defult Gtewy s pge, deselet the Configure Defult Gtewy hek ox nd lik Next. On the Firewll nd HA pge, lik Next. On the Redy to Complete pge, review the onfigurtion settings you entered nd lik Finish. 6 Repet this proedure to onfigure nother NSX edge using the settings for the seond NSX Edge devie sfo01w01esg02. 7 Configure DRS nti-ffinity rules for the Edge Servies Gtewys. d e f Go k to the Home pge. In the Nvigtor, lik Hosts nd Clusters, nd expnd the sfo01w01v01.sfo01.rinpole.lol tree ontrol. Selet the sfo01-w01-onsolidted01 luster, nd lik the Configure t. Under Configurtion, lik VM/Host Rules. Clik Add. In the sfo01-w01-onsolidted01 - Crete VM/Host Rule dilog ox, enter the following settings nd lik Add. Nme Enle rule Type nti-ffinity-rule-empedges Seleted Seprte Virtul Mhine g h In the Add Rule Memer dilog ox, selet the hek ox next to eh of the two, newly deployed NSX ESGs, nd lik OK. In the sfo01-w01-onsolidted01 - Crete VM/Host Rule dilog ox, lik OK. VMwre, In. 58

59 Disle the Firewll Servie in ECMP Edges for Consolidted SDDC Disle the firewll of the NSX Edge devies. This is required for equl-ost multi-pth (ECMP) to operte orretly. Perform this proedure twie for eh of the NSX Edge devies sfo01w01esg01 nd sfo01w01esg02. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Lo in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Doule-lik the sfo01w01esg01 NSX Edge devie. 6 Clik the Mnge t nd lik Firewll. 7 On the Firewll pge, lik the Disle utton. 8 Clik the Pulish Chnges utton. 9 Repet this proedure for the NSX Edge devie sfo01w01esg02. Enle nd Configure BGP Routing for Consolidted SDDC The Border Gtewy Protool (BGP) is protool for exhnging routing informtion etween gtewy hosts (eh with its own router) in network of utonomous systems (AS). Repet this proedure two times to enle BGP for oth NSX Edge devies: sfo01w01esg01 nd sfo01w01esg02. VMwre, In. 59

60 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Doule-lik the sfo01w01esg01 NSX Edge devie. 6 Clik the Mnge t, nd lik Routing. 7 On the Glol Configurtion pge, enter the following settings. d Clik the Enle utton for ECMP. Clik the Edit utton for Dynmi Routing Configurtion. Choose Uplink01 s the Router ID. Clik Pulish Chnges. VMwre, In. 60

61 8 On the Routing t, selet Stti Routes to onfigure it. Clik the Add ion, enter the following settings, nd lik OK. Network /24 Next Hop Interfes sfo01w01udlr01 MTU 9000 Admin Distne 210 Clik the Add ion, enter the following settings, nd lik OK. Network /24 Next Hop Interfes sfo01w01udlr01 MTU 9000 Admin Distne 210 Note You must dd ll sunets tht re ehind the UDLR. Clik Pulish Chnges. VMwre, In. 61

62 9 On the Routing t, selet BGP to onfigure it. Clik the Edit utton, enter the following settings, nd lik OK. Enle BGP Enle Greful Restrt Enle Defult Originte Seleted Seleted Deseleted Lol AS Clik the Add ion to dd neighor. The New Neighor dilog ox ppers. You dd two neighors: the first Top of Rk Swith nd the seond Top of Rk Swith. VMwre, In. 62

63 In the New Neighor dilog ox, enter the following vlues for the first Top of Rk Swith, nd lik OK. IP Address Remote AS Weight 60 Keep Alive Time 4 Hold Down Time 12 Pssword BGP_pssword d Clik the Add ion to dd nother neighor. The New Neighor dilog ox ppers. Add the seond Top of Rk swith, whose IP ddress is VMwre, In. 63

64 e In the New Neighor dilog ox, enter the following vlues for the seond Top of Rk Swith, nd lik OK. IP Address Remote AS Weight 60 Keep Alive Time 4 Hold Down Time 12 Pssword BGP_pssword f Clik the Add ion to dd nother Neighor. The New Neighor dilog ox ppers. Configure the universl distriuted logil router (UDLR) s neighor. VMwre, In. 64

65 g In the New Neighor dilog ox, enter the following vlues, nd lik OK. IP Address Remote AS Weight 60 Keep Alive Time 1 Hold Down Time 3 Pssword BGP_pssword h Clik Pulish Chnges. The three neighors you dded re now visile in the Neighors tle. 10 On the Routing t, selet Route Redistriution to onfigure it. d On the Route Redistriution pge, lik the Edit utton. In the Chnge Redistriution s dilog ox, selet the BGP hek ox nd lik OK. Under Route Redistriution tle, lik the Add ion. In the New Redistriution Criteri dilog ox, enter the following settings nd lik OK. Prefix Lerner Protool OSPF Stti routes Conneted Ation Any BGP Deseleted Seleted Seleted Permit e Clik Pulish Chnges. The route redistriution onfigurtion is now visile in the Route Redistriution tle. VMwre, In. 65

66 11 Repet this proedure for the sfo01w01esg02 NSX Edge. Verify Peering of Upstrem Swithes nd Estlishment of BGP for Consolidted SDDC The NSX Edge devies need to estlish onnetion to eh of the upstrem BGP swithes efore BGP updtes n e exhnged. Verify tht the NSX Edges devies re suessfully peering, nd tht BGP routing hs een estlished. You repet this proedure two times for eh of the NSX Edge devies: sfo01w01esg01 nd sfo01w01esg02. 1 Log in to the NSX Edge devie using Seure Shell (SSH) lient. Open n SSH onnetion to the sfo01w01esg01 NSX Edge devie. Log in using the following redentils. User nme Pssword dmin edge_dmin_pssword 2 Run the show ip gp neighors ommnd to disply informtion out the BGP onnetions to neighors. The BGP Stte will disply Estlished, UP if you hve peered with the upstrem swithes. Note You hve not yet reted the universl distriuted logil router (UDLR), so it will not disply the Estlished, UP sttus messge. VMwre, In. 66

67 VMwre, In. 67

68 3 Run the show ip route ommnd to verify tht you re reeiving routes using BGP, nd tht there re multiple routes to BGP lerned networks. You verify multiple routes to BGP lerned networks y loting the sme route using different IP ddress. The IP ddresses re listed fter the word vi in the right-side olumn of the routing tle output. In the imge elow there re two different routes to the following BGP networks: /0, You n identify BGP networks y the letter B in the left-side olumn. Lines eginning with C (onneted) hve only single route. 4 Repet this proedure for the NSX Edge devie sfo01w01esg02. Deploy the Universl Distriuted Logil Router for Consolidted SDDC Deploy the Universl distriuted logil router (UDLR). 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log i.n using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. VMwre, In. 68

69 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Clik the Add ion to rete new UDLR, The New NSX Edge wizrd ppers. 6 On the Nme nd desription pge, enter the following settings, nd lik Next. Universl Logil (Distriuted) Router Nme Deploy Edge Appline Enle High Avilility Seleted sfo01w01udlr01 Seleted Seleted 7 On the s pge, enter the following settings, nd lik Next. User Nme Pssword Confirm pssword Enle SSH ess Enle FIPS mode Edge Control Level logging dmin udlr_dmin_pssword udlr_dmin_pssword Seleted Deseleted INFO 8 On the Configure deployment pge, nd lik the Add ion. The Add NSX Edge Appline dilog ox ppers. 9 In the Add NSX Edge Appline dilog ox, enter the following settings nd lik Next. Cluster/Resoure Pool Dtstore Folder sfo01-w01rp-sdd-edge sfo01-w01-vsn01 sfo01-w01fd-nsx 10 On the Configure deployment pge, nd lik the Add ion seond time to dd seond NSX Edge devie. The Add NSX Edge Appline dilog ox ppers. 11 In the Add NSX Edge Appline dilog ox, enter the following settings nd lik Next. Resoure Pool Dtstore Folder sfo01-w01rp-sdd-edge sfo01-w01-vsn01 sfo01-w01fd-nsx VMwre, In. 69

70 12 On the Configure interfes pge, under HA Interfe Configurtion, lik Selet nd onnet to sfo01-w01-vds01-mngement. 13 On the Configure interfes pge enter the following onfigurtion settings nd lik Next. Primry IP Address Sunet Prefix Length 29 Clik the Add ion.the Add Interfe dilog ox ppers. Enter the following settings in the Add Interfe dilog ox, nd lik OK. Nme Type Conneted To Connetivity Sttus Uplink Uplink SFO01W01 Universl Trnsit Network Conneted Primry IP Address Sunet Prefix Length 24 MTU In the Defult gtewy settings pge, deselet Configure Defult Gtewy nd lik Next. 15 In the Redy to omplete pge, lik Finish. Configure Universl Distriuted Logil Router for Dynmi Routing for Consolidted SDDC Configure the Universl distriuted logil router (UDLR) to use dynmi routing in mngement nd worklod onsolidtion. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. VMwre, In. 70

71 5 Enle HA logging. d Doule-lik the devie leled sfo01w01udlr01. Clik the Mnge t nd lik the s t. Clik Chnge in the HA Configurtion window. Selet the Enle Logging hekox nd lik OK. 6 Crete firewll rule to llow SSH ess to sfo01w01udlr01. d e f g Clik the Mnge t nd lik the Firewll t. Clik Add rule in the Firewll Setion. In the Nme ell of the new rule, lik the Edit ion to hnge the rule nme to SSH. In the Soure olumn, leve the defult ny. In the Destintion olumn, leve the defult ny Clik the Edit ion in the Servie olumn, enter SSH in the filter, dd SSH to the Seleted Ojets list, nd lik OK. Clik Pulish Chnges. 7 Configure the routing for the Universl Distriuted Logil Router. d e Doule-lik sfo01w01udlr01. Clik the Mnge t, lik Routing nd selet Glol Configurtion. Clik the Edit utton under Routing Configurtion, selet Enle ECMP, nd lik OK. Clik the Edit utton under Dynmi Routing Configurtion, selet Uplink s the Router ID, nd lik OK. Clik Pulish Chnges. VMwre, In. 71

72 8 On the left, selet BGP to onfigure it. On the BGP pge, lik the Edit utton. The Edit BGP Configurtion dilog ox ppers. In the Edit BGP Configurtion dilog ox, enter the following settings nd lik OK. Enle BGP Enle Greful Restrt Seleted Seleted Lol AS Clik the Add ion to dd Neighor. The New Neighor dilog ox ppers. d In the New Neighor dilog ox, enter the following vlues for oth NSX Edge devies, nd lik OK. Repet this step two times to onfigure the UDLR for oth NSX Edge devies: sfo01w01esg01 nd sfo01w01esg02. sfo01w01esg01 sfo01w01esg02 IP Address Forwrding Address Protool Address Remote AS Weight Keep Alive Time 1 1 Hold Down Time 3 3 Pssword BGP_pssword BGP_pssword e Clik Pulish Chnges. VMwre, In. 72

73 9 On the left, selet Route Redistriution to onfigure it. Clik the Edit utton. In the Chnge redistriution settings dilog ox, enter the following settings, nd lik OK. OSPF BGP Deseleted Seleted On the Route Redistriution tle, selet the defult OSPF entry nd lik the Edit utton. Selet BGP from the Lerner Protool drop-down menu, nd lik OK. d Clik Pulish Chnges. Verify Estlishment of BGP for the Universl Distriuted Logil Router for Consolidted SDDC Verify tht the UDLR is suessfully peering, nd tht BGP routing hs een estlished. 1 Log in to the sfo01w01udlr01 y using Seure Shell (SSH) lient. Open n SSH onnetion to sfo01w01udlr01, the UDLR whose peering nd BGP onfigurtion you wnt to verify. Log in using the following redentils. User nme Pssword dmin udlr_dmin_pssword VMwre, In. 73

74 2 Run the show ip gp neighors ommnd to disply informtion out the BGP nd TCP onnetions to neighors. The BGP Stte will disply Estlished, UP if you hve suessfully peered with the Edge Servie Gtewy. VMwre, In. 74

75 3 Run the show ip route ommnd to verify tht you re reeiving routes using BGP, nd tht there re multiple routes to BGP lerned networks. You verify multiple routes to BGP lerned networks y loting the sme route using different IP ddress. The IP ddresses re listed fter the word vi in the right-side olumn of the routing tle output. In the imge elow there re two different routes to the following BGP networks: /0, /24, /24. You n identify BGP networks y the letter B in the left-side olumn. Lines eginning with C (onneted) hve only single route. Distriuted Firewll Configurtion for Consolidted SDDC You define expliit rules for the distriuted firewll whih llows ess to mngement pplitions nd worklods in the onsolidted luster. Add vcenter Server Instnes to the NSX Distriuted Firewll Exlusion List for Consolidted SDDC Exlude vcenter Server from ll of your distriuted firewll rules. This ensures tht network ess etween vcenter Server nd NSX is not loked. You onfigure NSX Distriuted Firewll using vcenter Server. If rule prevents ess etween NSX Mnger nd vcenter Server, you will not e le to mnge the distriuted firewll. For this reson, you must exlude vcenter Server from ll of your distriuted firewll rules, ensuring tht ess etween the two produts is not loked. VMwre, In. 75

76 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Exlude vcenter Server instne from firewll protetion. d e In the Nvigtor, lik Networking & Seurity. Clik NSX Mngers nd selet the instne. Clik Mnge nd then lik Exlusion List. Clik the Add utton. Add sfo01w01v01 to the Seleted Ojets list, nd lik OK. Crete IP Sets for Mngement Components in the Consolidted Cluster for Consolidted SDDC Crete IP sets for ll mngement pplitions in the onsolidted luster. You use the IP sets lter to rete seurity groups for use with the distriuted firewll rules. You perform this proedure multiple times to onfigure ll of the neessry IP sets. You llote one IP set per group of pplitions. Tle 2 5. IP Sets for the Mngement Components in the Consolidted Cluster Nme Pltform Servies Controller Instnes vcenter Server Instnes vrelize Automtion Applines vrelize Automtion Windows vrelize Business Server vrelize Business Dt Colletor vsphere Dt Protetion vrelize Opertions Mnger vrelize Opertions Mnger Remote Colletors vrelize Log Insight Updte Mnger Downlod Servie IP Addresses Pltform-Servie-Controller_IP's vcenter-server_ip's vrelize-automtion-applines_ip's vrelize-automtion-windows _IP's vrelize-business_ip vrelize-business-dt-colletor_ip's vsphere-dt-protetion_ip's vrelize-opertions-mnger_ip's vrelize-opertions-mnger-remote-colletors_ip's vrelize-log-insight_ip's UMDS_IP's VMwre, In. 76

77 Tle 2 5. IP Sets for the Mngement Components in the Consolidted Cluster (Continued) Nme SDDC Administrtors IP Addresses Mngement-VLAN_Sunets, Mngement-VXLAN_Sunets Administrtor-Desktops_Sunet 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Networking & Seurity. 3 Clik NSX Mngers nd lik the instne. 4 Selet Mnge t, lik Grouping Ojets, nd lik IP Sets. 5 Clik the Add ion. 6 In the New IP Set dilog ox, onfigure the vlues for the IP set tht you re dding, nd lik OK. Nme Pltform Servies Controller Instnes IP Addresses Mrk this ojet for Universl Synhroniztion Seleted 7 Repet this proedure to rete IP sets for ll of the remining omponents. Crete Seurity Groups for Consolidted SDDC Crete seurity groups for use in onfiguring firewll rules for the groups of pplitions in the SDDC. A seurity group is olletion of ssets (or ojets) from your vsphere inventory tht you group together. You perform this proedure multiple times to onfigure ll of the neessry seurity groups. In ddition, you rete the VMwre Applines nd Windows Servers groups from the seurity groups you dd in the previous repetitions of this proedure. Seurity Groups for the Mngement Clusters Components in the SDDC VMwre, In. 77

78 Nme Ojet Type Seleted Ojet Pltform Servies Controller Instnes IP Sets Pltform Servies Controller Instnes vcenter Server Instnes IP Sets vcenter Server Instnes vrelize Automtion Applines IP Sets vrelize Automtion Applines vrelize Automtion Windows IP Sets vrelize Automtion Windows vrelize Business Server IP Sets vrelize Business Server vrelize Business Dt Colletor IP Sets vrelize Business Dt Colletor vsphere Dt Protetion IP Sets vsphere Dt Protetion vrelize Opertions Mnger IP Sets vrelize Opertions Mnger vrelize Opertions Mnger Remote Colletors IP Sets vrelize Opertions Mnger Remote Colletors vrelize Log Insight IP Sets vrelize Log Insight Updte Mnger Downlod Servie IP Sets Updte Mnger Downlod Servie SDDC IP Sets SDDC Administrtors IP Sets Administrtors Windows Servers Seurity Groups vrelize Automtion Windows VMwre Applines Seurity Groups Pltform Servies Controller Instnes vcenter Server Instnes vrelize Automtion Applines vrelize Business Server vrelize Business Dt Colletor vsphere Dt Protetion vrelize Opertions Mnger vrelize Opertions Mnger Remote Colletors vrelize Log Insight 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, lik Networking & Seurity nd lik NSX Mngers. 3 Selet the NSX Mnger instne, nd lik the Mnge t. 4 Clik Grouping Ojets, selet Seurity Group, nd lik the Add new Seurity Group ion. The Add Seurity Group wizrd ppers. VMwre, In. 78

79 5 On the Nme nd desription pge, enter Pltform Servies Controller Instnes in the Nme text ox, selet Mrk this ojet for Universl Synhroniztion nd Use for tive stndy deployments. Clik Next. 6 On the Define dynmi memership pge, lik Next. 7 On the Selet ojets to inlude pge, selet IP Sets from the Ojet Type drop-down menu, selet Pltform Servies Controller Instnes from the list of Aville ojets, lik the Add utton, nd lik Next. 8 On the Redy to Complete pge, verify the onfigurtion vlues tht you entered nd lik Finish. 9 Repet this proedure to rete ll of the neessry seurity groups. Crete Distriuted Firewll Rules for Consolidted SDDC Crete firewll rules tht llow dministrtors to onnet to the different VMwre solutions. Also rete rules to llow user ess to the vrelize Automtion portl nd to provide externl onnetivity to the SDDC. A firewll rule onsists of setion to segregte the firewll rules nd the rule itself, whih defines wht network trffi is, or is not, loked. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Add setion for the rules for the mngement pplitions. In the Nvigtor, lik Networking & Seurity nd lik Firewll. From the NSX Mnger drop-down menu, selet d Clik the Add Setion ion. In the Add New Setion dilog ox, enter VMwre Mngement Servies in the Setion Nme text ox, selet the Mrk this setion for Universl Synhroniztion hek ox. Clik Sve. 3 Crete distriuted firewll rule to llow SSH ess to dministrtors for the different VMwre pplines. Clik Add rule in the VMwre Mngement Servies setion. In the Nme ell of the new rule, lik the Edit ion to hnge the rule nme to Allow SSH to dmins. VMwre, In. 79

80 d e f Clik the Edit ion in the Soure olumn, hnge the Ojet Type to Seurity Groups, dd Administrtors to the Seleted Ojets list, nd lik OK. Clik the Edit ion in the Destintion olumn, hnge the Ojet Type to Seurity Groups, dd VMwre Applines nd Updte Mnger Downlod Servie to the Seleted Ojets list, nd lik OK. Clik the Edit ion in the Servie olumn, enter SSH in the filter, dd SSH to the Seleted Ojets list, nd lik OK. Clik Pulish Chnges. 4 Repet the previous step to rete the following distriuted firewll rules. Nme Soure Destintion Servie / Port Allow vra Portl to end users * ny vrelize Automtion Applines HTTP, HTTPS Allow vra Console Proxy to end users * ny vrelize Automtion Applines TCP:8444 Allow SDDC to ny SDDC * ny * ny Allow PSC to dmins Administrtors Pltform Servies Controller Instnes HTTPS Allow SSH to dmins Administrtors VMwre Applines Updte Mnger Downlod Servie SSH Allow RDP to dmins Administrtors Windows Servers RDP Allow Orhestrtor to dmins Administrtors vrelize Automtion Applines TCP:8281,8283 Allow vrops to dmins Administrtors vrelize Opertions Mnger HTTP, HTTPS Allow vrli to dmins Administrtors vrelize Log Insight HTTP, HTTPS Allow VAMI to dmins Administrtors VMwre Applines TCP:5480 Allow VDP to dmins Administrtors vsphere Dt Protetion TCP: Crete distriuted firewll rule to deny ll other trffi to the mngement sunets. d e Clik Add rule in the VMwre Mngement Servies setion. In the Nme ell of the new rule, lik the Edit ion to hnge the rule nme to Deny Mngement sunets. Clik the IP ion in the Destintion olumn, enter /24, /24, /24 nd lik OK. Clik the Edit ion in the Ation olumn nd hnge the tion to Blok nd lik Sve. Clik Pulish Chnges. By llowing only the network trffi tht is required y the SDDC to pss, network seurity is improved. VMwre, In. 80

81 Test the Consolidted Cluster NSX Configurtion for Consolidted SDDC Test the onfigurtion of the NSX logil network using ping test. A ping test heks if two hosts in network n reh eh other over the network. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. s User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Use the Ping Monitor to test onnetivity. d e f In the Nvigtor, lik Networking & Seurity nd lik Logil Swithes Doule-lik SFO01W01 Universl Trnsit Network. Clik the Monitor t. From the Soure host drop-down menu selet sfo01w01esx01.sfo01.rinpole.lol. From the Destintion host drop-down menu selet sfo01w01esx03.sfo01.rinpole.lol. Clik Strt Test utton. The host-to-host ping test results re displyed in the Results text ox. Verify tht there re no error messges. Deploy Applition Virtul Networks for Consolidted SDDC Deploy the pplition virtul networks for your mngement nd worklod onsolidtion deployment. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. s User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword VMwre, In. 81

82 2 Crete Universl Logil Swith for worklods tht move etween sites. d In the Nvigtor, lik Networking & Seurity nd lik Logil Swithes. Selet from the NSX Mnger drop-down menu. Clik the Add ion to rete new Logil Swith. In the New Logil Swith dilog ox, enter the following settings, nd lik OK. Nme Trnsport Zone Replition Mode Mgmt-xRegion01-VXLAN SFO01W01 Universl Trnsport Zone Hyrid 3 Crete Universl Logil Swith for worklods tht speifi to Worklod nd Mngement Consolidtion. In the Nvigtor, lik Networking & Seurity nd lik Logil Swithes. Selet from the NSX Mnger drop-down menu. VMwre, In. 82

83 d Clik the Add ion to rete new Logil Swith. In the New Logil Swith dilog ox, enter the following settings, nd lik OK. Nme Trnsport Zone Replition Mode Mgmt-RegionA01-VXLAN SFO01W01 Universl Trnsport Zone Hyrid 4 Connet the Mgmt-xRegion01-VXLAN to the UDLR01 Universl Distriuted Logil Router. d On the Logil Swithes pge, selet the Mgmt-xRegion01-VXLAN logil swith. Clik the Connet Edge ion. On the Connet n Edge pge, selet sfo01w01udlr01 nd lik Next. On the Edit NSX Edge Interfe pge, enter the following settings nd lik Next. Nme Type Conneted To Connetivity Sttus Mgmt-xRegion01-VXLAN Internl Mgmt-xRegion01-VXLAN Conneted Primry IP Address Sunet Prefix Length 24 e On the Redy to Complete pge lik Finish. 5 Connet the Mgmt-RegionA01-VXLAN to the UDLR01 Universl Distriuted Logil Router. On the Logil Swithes pge, selet the Mgmt-RegionA01-VXLAN logil swith. Clik the Connet Edge ion. On the Connet n Edge pge, selet sfo01w01udlr01 nd lik Next. VMwre, In. 83

84 d On the Edit NSX Edge Interfe pge, enter the following settings nd lik Next. Nme Type Conneted To Connetivity Sttus Mgmt-RegionA01-VXLAN Internl Mgmt-RegionA01-VXLAN Conneted Primry IP Address Sunet Prefix Length 24 e On the Redy to Complete pge lik Finish. 6 Configure the MTU for the Logil Swithes. d e f On the NSX Edges pge, doule-lik sfo01w01udlr01. Clik the Mnge t, nd lik s. On the s pge, lik Interfes. Under Interfes, selet Mgmt-xRegion01-VXLAN, nd lik Edit. On the Edit Logil Router Interfe dilog ox, speify vlue of 9000 for the MTU vlue, nd lik OK. Repet the sme steps to hnge MTU vlue for Mgmt-RegionA01-VXLAN. Mgmt-xRegion01-VXLAN 9000 Mgmt-RegionA01-VXLAN 9000 Deploy the NSX Lod Blner for Consolidted SDDC Deploy lod lner for use y the mngement pplitions onneted to the pplition virtul network, Mgmt-xRegion01-VXLAN VMwre, In. 84

85 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. s User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Under Inventories, lik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 Selet from the NSX Mnger drop-down menu. 5 Clik the Add ion to rete n NSX Edge. The New NSX Edge wizrd ppers. 6 On the Nme nd desription pge, enter the following settings nd lik Next. Instll Type Nme Deploy NSX Edge Enle High Avilility Edge Servies Gtewy sfo01w01l01 Seleted Seleted 7 On the s pge, enter the following settings nd lik Next. User Nme Pssword Enle SSH ess Enle FIPS mode Enle uto rule genertion Edge Control Level logging dmin edge_dmin_pssword Seleted Deseleted Seleted INFO 8 On the Configure deployment pge, perform the following onfigurtion steps nd lik Next. Selet sfo01-w01d, from the Dtenter drop-down menu. Clik Lrge to speify the Appline Size. VMwre, In. 85

86 Clik the Add ion, enter the following settings, nd lik OK. Resoure pool Dtstore Folder sfo01-w01rp-sdd-edge sfo01-w01-vsn01 sfo01-w01fd-nsx d To rete seond ppline, lik the Add ion gin, mke the sme seletions in the New NSX Appline dilog ox, nd lik OK. 9 On the Configure Interfes pge, lik the Add ion to onfigure the OneArmLB interfe, enter the following settings, lik OK, nd lik Next. Nme Type Conneted To Connetivity Sttus OneArmLB Internl Mgmt-xRegion01-VXLAN Conneted Primry IP Address Sunet Prefix Length 24 MTU 9000 Send ICMP Rediret Seleted VMwre, In. 86

87 10 On the Defult gtewy settings pge, enter the following settings nd lik Next. Gtewy IP MTU On the Firewll nd HA pge, selet the following settings nd lik Next. Configure Firewll defult poliy Defult Trffi Poliy Logging Seleted Aept Disle VMwre, In. 87

88 vnic ny Delre Ded Time On the Redy to omplete pge, review the onfigurtion settings you entered nd lik Finish. 13 Enle HA logging. d e f In the Nvigtor, lik NSX Edges. Selet from the NSX Mnger drop-down menu. Doule-lik the devie leled sfo01w01l01. Clik the Mnge t nd lik the s t. nd selet Configurtion. Clik Chnge in the HA Configurtion window. Selet the Enle Logging hekox nd lik OK. 14 Enle the Lod Blner servie. d e In the Nvigtor, lik NSX Edges. Selet from the NSX Mnger drop-down menu. Doule-lik the devie leled sfo01w01l01. Clik the Mnge t, lik the Lod Blner t, lik Glol Configurtion, nd lik Edit. In the Edit lod lner glol onfigurtion dilog ox, selet Enle Lod Blner, selet Logging nd selet Info s the Log Level nd lik OK. VMwre, In. 88

89 Deploy vsphere Dt Protetion in the Consolidted SDDC Deploy vsphere Dt Protetion to provide the pility for kup nd restore of SDDC mngement omponents. vsphere Dt Protetion enles the kup nd restore of virtul mhines ssoited with the following omponents. vcenter Server Pltform Servies Controller vrelize Automtion vrelize Opertions Mnger vrelize Log Insight vsphere Updte Mnger Downlod Servie (UMDS) 1 Prerequisites for Deploying vsphere Dt Protetion for Consolidted SDDC Before you deploy vsphere Dt Protetion, verify tht your environment stisfies the requirements for this deployment. 2 Deploy the vsphere Dt Protetion Virtul Appline for Consolidted SDDC Deploy vsphere Dt Protetion s virtul ppline on the onsolidted pod. 3 Enle SSH Root User Aess on the vsphere Dt Protetion Appline for Consolidted SDDC Enle the login to the vsphere Dt Protetion ppline in the Consolidted SDDC over Seure Shell (SSH) s the root user. You onnet to the ppline over SSH to instll ustom ertifites nd to perform trouleshooting opertions. 4 Reple vsphere Dt Protetion Certifites for Consolidted SDDC After you use the VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD) to generte ertifites for the SDDC mngement omponents, reple the defult VMwre-signed ertifite on vsphere Dt Protetion in the Consolidted SDDC with the ertifite tht is generted y CertGenVVD. 5 Configure Servie Aount in vsphere for Integrtion with vsphere Dt Protetion for Consolidted SDDC Configure n opertions servie ount with permissions tht re required to enle vsphere Dt Protetion ess to provide kup opertions on vcenter Server in the Consolidted SDDC. 6 Register vsphere Dt Protetion with vcenter Server for Consolidted SDDC After you deploy the virtul ppline for vsphere Dt Protetion on the onsolidted luster, omplete the initil onfigurtion of vsphere Dt Protetion. VMwre, In. 89

90 Prerequisites for Deploying vsphere Dt Protetion for Consolidted SDDC Before you deploy vsphere Dt Protetion, verify tht your environment stisfies the requirements for this deployment. IP Addresses nd Host Nmes Verify tht stti IP ddress nd FQDN for vsphere Dt Protetion re ville for the SDDC deployment. Tle 2 6. IP Addresses nd Host Nmes for vsphere Dt Protetion Network IP ddress FQDN sfo01w01vdp01.sfo01.rinpole.lol Primry DNS server Seondry DNS server Defult gtewy Sunet msk Deployment Prerequisites Verify tht you hve fulfilled the following prerequisites in ddition to the networking settings. Prerequisite Initil Storge Virtul disk provisioning. Thin Required storge 6 TB Softwre Fetures vsphere Consolidted vcenter Server Consolidted luster with enled DRS nd HA. vsphere Distriuted Swith onfigured for the vsphere mngement network Instlltion Pkge Downlod the vsphere Dt Protetion virtul ppline.ov file to the mhine where you use the vsphere We Client. Deploy the vsphere Dt Protetion Virtul Appline for Consolidted SDDC Deploy vsphere Dt Protetion s virtul ppline on the onsolidted pod. VMwre, In. 90

91 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the vsphere We Client, nvigte to the sfo01-w01-onsolidted01 luster ojet. Inventory Ojet vcenter Server Dt enter Cluster sfo01w01v01.sfo01.rinpole.lol sfo01-w01d sfo01-w01-onsolidted01 3 Right-lik the sfo01-w01-onsolidted01 ojet nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, rowse to the lotion of the vsphere Dt Protetion OVA file on your file system, nd lik Next. 5 On the Selet nme nd lotion pge, enter node nme, selet the inventory folder for the virtul ppline, nd lik Next. Nme vcenter Server Dt enter sfo01w01vdp01 sfo01w01v01.sfo01.rinpole.lol sfo01-w01d 6 On the Selet resoure pge, lik the Browse t, selet the sfo01-w01-onsolidted01 luster, nd lik Next. 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt nme, produt version, downlod size, nd size on disk, nd lik Next. 8 On the Aept liense greements pge, ept the end user liense greement nd lik Next. 9 On the Selet storge pge, selet the NFS dtstore tht is provisioned for vsphere Dt Protetion, onfigure storge settings, nd lik Next. Dtstore Selet virtul disk formt VM storge poliy seondry_storge Thin provision None VMwre, In. 91

92 10 On the Selet networks pge, selet the sfo01-w01-vds01-mngement-vm distriuted port group from the Isolted Network drop-down menu, selet IPv4 from the IP protool drop-down menu, nd lik Next. 11 On the Customize templte pge, enter the networking settings for the virtul ppline nd lik Next. IPv4 DNS , Defult Gtewy Network 1 IP ddress Network 1 Netmsk On the Redy to omplete pge, verify tht the settings re orret nd lik Finish. 13 After the virtul ppline is deployed, right-lik the virtul ppline ojet in the vsphere We Client nd selet Power > Power On. Enle SSH Root User Aess on the vsphere Dt Protetion Appline for Consolidted SDDC Enle the login to the vsphere Dt Protetion ppline in the Consolidted SDDC over Seure Shell (SSH) s the root user. You onnet to the ppline over SSH to instll ustom ertifites nd to perform trouleshooting opertions. 1 Log in to the Consolidted vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the vsphere Dt Protetion virtul ppline sfo01w01vdp01. 3 Right-lik sfo01w01vdp01 nd selet Open Console to open the remote onsole to the ppline. 4 Log in using the following redentils. User nme Pssword root vdp_defult_root_pssword VMwre, In. 92

93 5 Run the following onsole ommnd to open the sshd_onfig file for editing. vi /et/ssh/sshd_onfig 6 Remove the # omment from the eginning of the line #PermitRootLogin yes. 7 Run the following ommnd in the vi editor to sve the file nd exit the editor. :wq! 8 In the onsole, restrt the SSH servie to updte the running onfigurtion. /et/init.d/sshd restrt 9 Log out nd lose the onsole to the ppline. Reple vsphere Dt Protetion Certifites for Consolidted SDDC After you use the VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD) to generte ertifites for the SDDC mngement omponents, reple the defult VMwre-signed ertifite on vsphere Dt Protetion in the Consolidted SDDC with the ertifite tht is generted y CertGenVVD. 1 Log in to the vsphere Dt Protetion ppline. Open n SSH onnetion to the virtul mhine sfo01w01vdp01.sfo01.rinpole.lol. Log in using the following redentils. User nme Pssword root vdp_root_pssword VMwre, In. 93

94 2 Stop the vsphere Dt Protetion We servies y running the following ommnd. emwepp.sh --stop Note If you see errors relted to dtse server, ignore them. 3 Delete the tomt lis from the Jv keystore y running the following ommnd. /usr/jv/ltest/in/keytool -delete -lis tomt -storepss hngeit 4 Copy the.keystore file generted y CertGenVVD tool to the /tmp folder on the vsphere Dt Protetion virtul ppline. You n use FileZill or WinSCP. 5 Run the following ommnd to insert the new ertifition hin in to the keystore. /usr/jv/ltest/in/keytool -importkeystore -srkeystore /tmp/.keystore -- destkeystore /root/.keystore -srstorepss hngeit -deststorepss hngeit 6 Run the following ommnd nd in the ommnd output verify tht the ertifite entry with the tomt lis exists in the keystore. /usr/jv/ltest/in/keytool -list -v -keystore /root/.keystore -storepss hngeit -keypss hngeit 7 If the ertifite entry exists in the keystore, run the ddfingerprint.sh sript to updte the vsphere Dt Protetion server thumprint. /usr/lol/vmr/in/ddfingerprint.sh 8 Strt the vsphere Dt Protetion We servies y running the following ommnd. emwepp.sh --strt 9 Run the following ommnd to remove the /tmp/.keystore file. rm /tmp/.keystore VMwre, In. 94

95 Configure Servie Aount in vsphere for Integrtion with vsphere Dt Protetion for Consolidted SDDC Configure n opertions servie ount with permissions tht re required to enle vsphere Dt Protetion ess to provide kup opertions on vcenter Server in the Consolidted SDDC. You ssoite the sv-vdp servie ount in the Ative Diretory with user role tht hs ertin privileges. You ssign the user to the Consolidted vcenter Server. Define User Role in vsphere for Integrtion with vsphere Dt Protetion for Consolidted SDDC In vsphere, rete user role with privileges tht re required for performing kup opertions ginst the mngement virtul mhines in vsphere Dt Protetion for the Consolidted SDDC. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 On the Home pge of the vsphere We Client, selet Roles under Administrtion. VMwre, In. 95

96 3 Crete new role for mnging kups. On the Roles pge, lik the Crete role tion ion. In the Crete Role dilog ox, onfigure the role using the following onfigurtion settings, nd lik OK. Role nme vsphere Dt Protetion User Privilege Alrms.Crete lrm Alrms.Modify lrm Dtstore.Allote spe Dtstore.Browse dtstore Dtstore.Configure dtstore Dtstore.Low level file opertions Dtstore.Move dtstore Dtstore.Remove dtstore Dtstore.Remove file Dtstore.Renme dtstore Extension.Register extension Extension.Updte extension Folder.Crete folder Glol.Cnel tsk Glol.Disle methods Glol.Enle methods Glol.Lienses Glol.Log event Glol.Mnge ustom ttriutes Glol.s Network.Assign network Network.Configure Resoure.Assign virtul mhine to resoure pool Sessions.Vlidte session Tsks.Crete tsk Tsks.Updte tsk Virtul Mhine.Configurtion.Add existing disk Virtul Mhine.Configurtion.Add new disk Virtul Mhine.Configurtion.Add or remove devie Virtul Mhine.Configurtion.Advned Virtul Mhine.Configurtion.Chnge CPU ount Virtul Mhine.Configurtion.Chnge resoure Virtul Mhine.Configurtion.Disk hnge trking Virtul Mhine.Configurtion.Disk lese Virtul Mhine.Configurtion.Extend virtul disk Virtul Mhine.Configurtion.Host USB devie Virtul Mhine.Configurtion.Memory Virtul Mhine.Configurtion.Modify devie settings VMwre, In. 96

97 Virtul Mhine.Configurtion.Rw devie Virtul Mhine.Configurtion.Relod from pth Virtul Mhine.Configurtion.Remove disk Virtul Mhine.Configurtion.Renme Virtul Mhine.Configurtion.Reset guest informtion Virtul Mhine.Configurtion.Set nnottion Virtul Mhine.Configurtion.s Virtul Mhine.Configurtion.Swpfile plement Virtul Mhine.Configurtion.Upgrde virtul mhine omptiility Virtul Mhine.Guest Opertions.Guest opertion modifitions Virtul Mhine.Guest Opertions.Guest opertion progrm exeution Virtul Mhine.Guest Opertions.Guest opertion queries Virtul Mhine.Intertion.Console intertion Virtul Mhine.Intertion.Devie onnetion Virtul Mhine.Intertion.Guest operting system mngement y VIX API Virtul Mhine.Intertion.Power off Virtul Mhine.Intertion.Power on Virtul Mhine.Intertion.Reset Virtul Mhine.Intertion.VMwre Tools instll Virtul Mhine.Inventory.Crete new Virtul Mhine.Inventory.Register Virtul Mhine.Inventory.Remove Virtul Mhine.Inventory.Unregister Virtul Mhine.Provisioning.Allow disk ess Virtul Mhine.Provisioning.Allow red-only disk ess Virtul Mhine.Provisioning.Allow virtul mhine downlod Virtul Mhine.Provisioning.Mrk s templte Virtul Mhine.Snpshot mngement.crete snpshot Virtul Mhine.Snpshot mngement.remove snpshot Virtul Mhine.Snpshot mngement.revert to snpshot vapp.export vapp.import vapp.vapp pplition onfigurtion This role inherits the System.Anonymous System.View, nd System.Red permissions. The Consolidted vcenter Server propgtes the role to other linked vcenter Server instnes. Configure User Privileges in vsphere for Integrtion with vsphere Dt Protetion for Consolidted SDDC Assign glol permissions in the Consolidted SDDC to the opertions servie ount sv-vdp so tht you n mnge nd perform kups y using vsphere Dt Protetion. The sv-vdp user hs ess rights tht re speifilly required for performing kups vcenter Server inventory. VMwre, In. 97

98 Prerequisites Verify tht the Consolidted vcenter Server is onneted to the Ative Diretory domin. Verify tht the users nd groups from the rinpole.lol domin re ville on the Consolidted vcenter Server. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu, selet Administrtion. 3 Assign glol permissions to the sv-vdp@rinpole.lol servie ount. d e f In the vsphere We Client, selet nvigte Administrtion from the Home menu nd lik Glol Permissions under Aess Control. On the Mnge t, lik the Add Permission ion. In the Glol Permissions Root - Add Permission dilog ox, lik the Add utton to ssoite user or group with role. In the Selet Users/Groups dilog ox, from the Domin drop-down menu, selet rinpole.lol, in the filter ox type sv, nd press Enter. From the list of users nd groups, selet the sv-vdp user, lik Add utton, nd lik OK. In the Glol Permissions Root - Add Permission dilog ox, from the Assigned Role dropdown menu, selet vsphere Dt Protetion User, selet Propgte to hildren, nd lik OK. Register vsphere Dt Protetion with vcenter Server for Consolidted SDDC After you deploy the virtul ppline for vsphere Dt Protetion on the onsolidted luster, omplete the initil onfigurtion of vsphere Dt Protetion. VMwre, In. 98

99 1 Log in to the vsphere Dt Protetion Configure Utility. Open We rowser nd go to Log in using the following redentils. User nme Pssword root hngeme 2 On the Welome pge, lik Next. 3 On the Network s pge, verify tht the network settings re populted orretly nd lik Next. 4 On the Time Zone pge, selet the UTC time zone nd lik Next. 5 On the VDP Credentils pge, enter nd onfirm new pssword for the root Linux ppline user, nd lik Next. The pssword must stisfy the following requirements: If ll four hrter lsses re used, the pssword must e t lest 6 hrters. If three hrter lsses re used, the pssword must e t lest 7 hrters. If one or two hrter lsses re used, the pssword must e t lest 8 hrters. The four-hrter lsses re s follows: Upper se letters A-Z Lower se letters -z Numers 0-9 Speil hrters (for exmple: ~!@#,.) VMwre, In. 99

100 6 On the vcenter Registrtion pge, onfigure the settings for registrtion with the Consolidted vcenter Server. Enter the settings for onnetion to the Consolidted vcenter Server. vcenter Server vcenter usernme vcenter pssword vcenter FQDN or IP rinpole.lol\sv-vdp sv-vdp_pssword sfo01w01v01.sfo01.rinpole.lol vcenter HTTP port 80 vcenter HTTPS port 443 Verify vcenter ertifite Deseleted Enter the settings for vcenter Single Sign-On on the Consolidted Pltform Servies Controller. Single Sign-On Use vcenter for SSO uthentition SSO FQDN or IP Deseleted sfo01w01ps01.sfo01.rinpole.lol SSO port 443 d Clik Test Connetion, nd in the suess messge ox, lik OK. On the vcenter Registrtion pge, lik Next. 7 On the Crete Storge pge, selet Crete new storge, in the Cpity text ox, enter 4 TiB nd lik Next. 8 On the Devie Allotion pge, from the Provision drop-down menu, selet Thin nd lik Next. 9 On the CPU nd Memory pge, leve the defult settings nd lik Next. 10 On the Produt Improvement pge, selet Enle Customer Experiene Improvement Progrm nd lik Next. 11 On the Redy to Complete pge, selet the Run performne nlysis on storge onfigurtion nd Restrt the ppline if suessful hek oxes, nd lik Next. 12 In the Wrning messge ox out storge onfigurtion, lik Yes. vsphere Dt Protetion setup strts onfiguring dt disks. 13 After disk onfigurtion is omplete, lik OK in the suess ox. VMwre, In. 100

101 14 Verify tht the vsphere Dt Protetion is essile in the vsphere We Client fter you omplete the initil onfigurtion of vsphere Dt Protetion. Open We rowser nd go to Log in using the following redentils. User nme Pssword vsphere_dmin_pssword On the vsphere We Client Home pge, verify tht the VDP ion is ville nd tht you n onnet to the ppline. VMwre, In. 101

102 Cloud Mngement Pltform Implementtion for Consolidted SDDC 3 The Cloud Mngement Pltform (CMP) onsists of integrted produts tht support the mngement of puli, privte nd hyrid loud environments. he VMwre CMP onsists of vrelize Automtion, n emedded vrelize Orhestrtor, nd vrelize Business for Cloud.. vrelize Automtion inorportes virtul mhine provisioning nd self-servie portl. vrelize Business enles illing nd hrgek funtions. vrelize Orhestrtor provides workflow optimiztion. The following proedures desrie the vlidted flow of instlltion nd onfigurtion. This hpter inludes the following topis: Prerequisites for Cloud Mngement Pltform Implementtion for Consolidted SDDC Configure Servie Aount Privileges for Consolidted SDDC vrelize Automtion Instlltion for Consolidted SDDC vrelize Automtion Defult Tennt Configurtion for Consolidted SDDC vrelize Automtion Tennt Cretion for Consolidted SDDC Emedded vrelize Orhestrtor Configurtion for Consolidted SDDC Instll vrelize Business for Consolidted SDDC Cloud Mngement Pltform Post-Instlltion Tsks for Consolidted SDDC Tennt Content Cretion for Consolidted SDDC Prerequisites for Cloud Mngement Pltform Implementtion for Consolidted SDDC Verify tht the following onfigurtions re estlished prior to eginning the proedures to deploy nd onfigure the Cloud Mngement Pltform (CMP). DNS Entries nd IP Address Mppings for Consolidted SDDC Before you deploy vrelize Automtion, verify tht your environment stisfies the requirements for this deployment. VMwre, In. 102

103 IP Addresses nd Host Nmes Verify tht the stti IP ddress nd FQDNs tht re listed in the tle elow re ville for the vrelize Automtion pplition virtul network for the SDDC deployment. Tle 3 1. IP Addresses nd FQDNs for the vrelize Automtion Instne for Mngement nd Worklod Consolidtion Role IP Address FQDN vrelize Automtion Server Applines vr01svr01.rinpole.lol vrelize Automtion Server VIP vr01svr01.rinpole.lol vrelize Automtion for IWS vr01iws01.rinpole.lol vrelize Automtion IWS VIP vr01iws01.rinpole.lol vrelize Automtion Model Mnger IMS vr01ims01.rinpole.lol vrelize Automtion IMS VIP vr01ims01.rinpole.lol MS SQL Server for vrelize Automtion vr01mssql01.rinpole.lol vrelize Business for Cloud Server Appline vr01svr01.rinpole.lol Tle 3 2. IP Address Informtion nd FQDN for the Supporting Infrstruture for Mngement nd Worklod Consolidtion Role IP Address FQDN vrelize Business for Cloud Dt Colletor sfo01vr01.sfo01.rinpole.lol Defult gtewy DNS server Sunet msk ntp ntp.sfo01.rinpole.lol vrelize Automtion Deployment Prerequisites Before you instll nd use vrelize Automtion, your environment must meet the following prerequisites. Prerequisite Storge Virtul disk provisioning. Required storge per node. Operting system Dtse Instlltion pkge Liense Windows 2012 R2 Stndrd Mirosoft SQL Server 2012 Stndrd Edition Downlod the vrelize Automtion virtul ppline.ov file. Downlod the vrelize Business for Cloud virtul ppline.ov file. Verify tht you hve otined liense tht overs the use of vrelize Automtion. Verify tht you hve otined liense tht overs the use of vrelize Business for vrelize Automtion. VMwre, In. 103

104 Prerequisite Ative diretory Certifition uthority Jv Verify tht you hve prent Ative Diretory instne with the SDDC user roles onfigured for the rinpole.lol domin. Verify the existene of the sv-vr user in the rinpole.lol domin. Verify the existene of the sv-vro user in the rinpole.lol domin. Configure the root Ative Diretory domin ontroller s ertifite uthority for the environment. Instll Jv SE Development Kit (JDK), whih is required to run the vrelize Orhestrtor Client. Configure SQL Server for Use y the Cloud Mngement Pltform for Consolidted SDDC The Cloud Mngement Pltform uses Mirosoft SQL Server dtse to store dt for use y vrelize Automtion. Configurtion Reommendtions for Mirosoft SQL Server for Consolidted SDDC vrelize Automtion nd other VMwre omponents use Mirosoft SQL Server s dtse to store informtion. While the speifi onfigurtion of SQL Server for use in your environment is not ddressed in this implementtion guide, high-level guidne is provided to ensure more relile opertion of your VMwre omponents. Mirosoft SQL Server should e onfigured with seprte Operting System Level volumes (drive letters) for eh of the following items. The seprtion of these items into seprte logil volumes (drive letters) will help prevent dtse orruption should single volume reh pity. Operting System Dtse Applition SQL User Dtse Dt Files SQL User Dtse Log Files SQL TempDB SQL Bkup Files To provide optiml performne for VMwre vrelize dtses, onfigure the SQL Server virtul mhine (vr01mssql01.rinpole.lol) with 8 vcpu nd 16GB vram. Configure the SQL Server virtul mhine's (vr01mssql01.rinpole.lol) primry DNS to point to nd its seondry DNS to point to For further guidne on the deployment nd opertion of prodution instlltion of Mirosoft SQL Server, see the Mirosoft SQL Server doumenttion, or onsult with qulified Mirosoft SQL Server dtse dministrtor. VMwre, In. 104

105 Assign the SQL Server System Role to vrelize Automtion for Consolidted SDDC Assign the SQL Server system role sysdmin to the vrelize Automtion servie ount. vrelize Automtion uses the SQL Server system role privilege to rete nd exeute sripts on the SQL Server dtse. By defult, only users who re memers of the sysdmin system role, or the d_owner nd d_ddldmin dtse roles, n rete ojets in the dtse. 1 Log in to the VRA01MSSQL01.rinpole.lol y using Remote Desktop Protool (RDP) lient. Open n RDP onnetion to the virtul mhine VRA01MSSQL01.rinpole.lol. Log in using the following redentils. User nme Pssword Windows dministrtor user windows_dministrtor_pssword 2 From the Strt menu, lik All Progrms, lik Mirosoft SQL Server, nd lik SQL Server Mngement Studio. Note If SQL Server Mngement Studio doesn't pper in your All Progrms menu, you my not hve suessfully instlled SQL Server Mngement Studio. Verify tht you hve suessfully instlled SQL Server Mngement Studio, nd then ontinue with this proedure. 3 In the Connet to Server dilog ox, leve the defult vlue of the Server Nme text ox, selet Windows Authentition from the Authentition drop-down menu, nd lik Connet. Note During the SQL Server instlltion, the Dtse Engine onfigurtion wizrd prompts you to provide the user nme nd pssword for the SQL Server dministrtor. If this user ws not dded during the SQL Server instlltion, selet SQL Authentition from the Authentition drop-down menu, nd enter the user nme s in the User nme text ox, nd the pssword s_pssword in the Pssword text ox. 4 In Ojet Explorer, expnd the server instne VRA01MSSQL01. 5 Right-lik the Seurity folder, lik New, nd lik Login. VMwre, In. 105

106 The Login Properties dilog ox opens. 6 Selet the Generl pge of the Login Properties dilog ox. 7 From the Ojet Explorer Detils pne, selet the Generl pge, nd enter Rinpole\Sv-vRA in the Login nme text ox. VMwre, In. 106

107 8 In the Ojet Explorer Detils pne, selet the Server Role pge. 9 In the Server roles list item field selet the sysdmin hek ox, nd lik OK. VMwre, In. 107

108 Configure Network Aess for Distriuted Trnstion Coordintor for Consolidted SDDC You onfigure network ess nd seurity etween vrelize Automtion nd your Mirosoft SQL Server dtse using Mirosoft Distriuted Trnstion Coordintor (MSDTC). MSDTC oordintes trnstions tht updte two or more trnstion-proteted resoures, suh s dtses, messge queues, files systems, nd so on. These trnstion-proteted resoures my e on single omputer or distriuted ross mny networked omputers. VMwre, In. 108

109 1 Log in to the VRA01MSSQL01.rinpole.lol y using Remote Desktop Protool (RDP) lient. Open n RDP onnetion to the virtul mhine VRA01MSSQL01.rinpole.lol. Log in using the following redentils. User nme Pssword Windows dministrtor user windows_dministrtor_pssword 2 From the Strt menu, lik Run, type omexp.ms in the Open text ox, nd lik OK. The Component Servies mnger displys. Component Servies lets you mnge Component Ojet Model (COM+) pplitions. 3 Using the nvigtion tree in the left-side pne, expnd Component Servies > Computers > My Computer > Distriuted Trnstion List > Lol DTC. 4 Right-lik Lol DTC nd lik Properties. The Lol DTC Properties dilog ox displys. 5 Clik the Seurity t in the Lol DTC Properties dilog ox. 6 On the Seurity t, onfigure the following vlues, nd lik OK. Network DTC Aess Allow Remote Clients Allow Remote Administrtion Allow Inound Allow Outound Mutul Authentition Required Enle XA Trnstions Enle SNA LU 6.2 Trnstions Aount Pssword Seleted Seleted Deseleted Seleted Seleted Seleted Deseleted Seleted Leve the defult setting (NT AUTHORITY\NetworkServie) Leve lnk VMwre, In. 109

110 7 Clik Yes to restrt the MSDTC Servie. 8 Clik OK to onfirm tht the MSDTC Servie hs suessfully restrted. 9 Close the Component Servies mnger. Configure SQL Server nd MSDTC Aess through Windows Firewll for vrelize Automtion for Consolidted SDDC You n onfigure Windows Firewll to llow or lok speifi trffi. For vrelize Automtion to funtion orretly, ensure tht network ess to Mirosoft Distriuted Trnstion Coordintor (MSDTC) nd SQL Server is onfigured to llow ess. 1 Log in to the VRA01MSSQL01.rinpole.lol y using Remote Desktop Protool (RDP) lient. Open n RDP onnetion to the virtul mhine VRA01MSSQL01.rinpole.lol. Log in using the following redentils. User nme Pssword Windows dministrtor user windows_dministrtor_pssword VMwre, In. 110

111 2 From the Strt menu, lik Run, type WF.ms in the Open text ox, nd lik OK. The Windows Firewll with Advned Seurity dilog ox ppers. You use Windows Firewll with Advned Seurity to onfigure firewll properties for eh network profile. 3 Allow Aess for Mirosoft SQL Server on TCP Port In the nvigtion pne right-lik Windows Firewll with Advned Seurity, selet nd rightlik Inound Rules, nd lik New Rule in the tion pne. The New Inound Rule Wizrd ppers. d e f On the Rule Type pge of the New Inound Rule Wizrd, selet the Port rdio utton, nd lik Next. On the Protool nd Ports pge, selet TCP, enter 1433 in the Speifi lol ports text ox, nd lik Next. On the Ation pge, selet Allow the onnetion nd lik Next. On the Profile pge, selet the Domin, Privte, nd Puli profiles nd lik Next. On the Nme pge, enter Nme nd Desription for this rule nd lik Finish. 4 Allow ess for Mirosoft Distriuted Trnstion Coordintor. d In the nvigtion pne, right-lik Windows Firewll with Advned Seurity, selet nd rightlik Inound Rules, nd lik New Rule in the tion pne. On the Rule Type pge, lik Predefined, lik Distriuted Trnstion Coordintor, nd lik Next. On the Predefined Rules pge, selet ll rules for Distriuted Trnstion Coordintor (RPC- EPMAP), Distriuted Trnstion Coordintor (RPC), Distriuted Trnstion Coordintor (TCP-In), nd lik Next. On the Ation pge, selet Allow the onnetion, nd lik Finish. 5 Exit the Windows Firewll with Advned Seurity wizrd. Configure Servie Aount Privileges for Consolidted SDDC For you to provision virtul mhines nd logil networks, onfigure privileges for vrelize Automtion for the servie ount sv-vr@rinpole.lol on oth the vcenter Server nd the NSX instne. Configure Servie Aount Privileges on the vcenter Server for Consolidted SDDC Configure dministrtor privileges for the sv-vr nd sv-vro users on the vcenter Server for your mngement nd worklod onsolidtion deployment. If you dd more vcenter Server instnes in the future, perform this proedure on those instnes s well. VMwre, In. 111

112 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor pne, selet Glol Inventory Lists > vcenter Servers. 3 Right-lik the sfo01w01v01.sfo01.rinpole.lol instne nd selet Add Permission. 4 In the Add Permission dilog ox, lik the Add utton. The Selet Users/Groups dilog ox ppers. 5 Selet RAINPOLE from the Domin drop-down menu, nd in the Show Users First text ox enter sv to filter user nd group nmes. 6 Selet sv-vr nd sv-vro from the User/Group list, lik the Add utton nd lik OK. 7 In the Add Permission dilog ox, selet Administrtor from the Assigned Role drop-down menu nd lik OK. The sv-vr nd sv-vro users users now hve Administrtor privilege on the vcenter Server for Worklod nd Mngement Consolidtion. Configure the Servie Aount Privilege on the NSX Instne for Consolidted SDDC Configure Enterprise Administrtor privileges for the sv-vr@rinpole.lol servie ount. 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor pne, selet Networking & Seurity > NSX Mngers. 3 Doule-lik the NSX Mnger VMwre, In. 112

113 4 Clik Mnge, lik Users, nd lik the Add ion. The Assign Role wizrd ppers. 5 On the Identify User pge, selet the Speify vcenter User rdio utton, enter sv-vr@rinpole.lol in the User text ox, nd lik Next. 6 On the Selet Roles pge, selet the Enterprise Administrtor rdio utton, nd lik Finish. The rinpole\sv-vr user is now onfigured s n Enterprise Administrtor for the NSX instne nd ppers in the lists of users nd roles. vrelize Automtion Instlltion for Consolidted SDDC A vrelize Automtion instlltion inludes instlling nd onfiguring single sign-on (SSO) pilities, the user interfe portl, nd Infrstruture s Servie (IS) omponents. VMwre, In. 113

114 After instlltion, you n ustomize the instlltion environment nd onfigure one or more tennts whih sets up ess to self-servie provisioning nd lifeyle mngement of loud servies. By using the seure portl We interfe, dministrtors, developers, or usiness users n request IT servies nd mnge speifi loud nd IT resoures sed on their roles nd privileges. Users n request infrstruture, pplitions, desktops, nd IT servie through ommon servie tlog. Lod Blning the Cloud Mngement Pltform for Consolidted SDDC You onfigure lod lning for ll servies nd omponents relted to vrelize Automtion nd vrelize Orhestrtor y using n NSX Edge lod lner. You must onfigure the lod lner efore you deploy the vrelize Automtion ppline. This is euse you need the virtul IP (VIP) ddresses to deploy the vrelize Automtion ppline. Add Virtul IP Addresses to the NSX Lod Blner for Consolidted SDDC As the first step of onfiguring lod lning, you dd virtul IP Addresses to the edge interfes. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01w01l01 NSX Edge to edit its network settings. 5 Clik the Mnge t, lik s, nd selet Interfes. 6 Selet the OneArmLB interfe nd lik the Edit ion. VMwre, In. 114

115 7 In the Edit NSX Edge Interfe dilog ox, dd the VIP ddresses of the vrelize Automtion nodes in the Seondry IP Addresses text ox. Seondry IP Address , , Clik OK to sve the onfigurtion. Crete Applition Profiles for Consolidted SDDC Crete two pplition profiles to define the ehviors of prtiulr types of network trffi. After onfiguring profile, you ssoite the profile with virtul server. The virtul server then proesses trffi ording to the vlues speified in the profile. Using profiles enhnes your ontrol over mnging network trffi nd mkes trffi mngement tsks esier nd more effiient. 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. VMwre, In. 115

116 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01w01l01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Applition Profiles. 6 Clik the Add ion nd in the New Profile dilog ox, enter the following vlues. Nme Type Enle SSL Pssthrough Persistene vrelize-https HTTPS Seleted None 7 Clik OK to sve the onfigurtion. 8 Repet the sme steps to rete the following pplition profile. Nme Type Enle SSL Pssthrough Persistene vrelize-https-persist HTTPS Seleted Soure IP Expires in (Seonds) 1800 VMwre, In. 116

117 Crete Servie Monitoring for Consolidted SDDC The servie monitor defines helth hek prmeters for the lod lner. You rete servie monitor for eh omponent. 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01w01l01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Servie Monitoring. 6 Clik the Add ion nd in the New Servie Monitor dilog ox, onfigure the vlues for the servie monitor you re dding, nd lik OK. vr-svr-443-monitor vr-iws-443-monitor vr-ims-443-monitor vr-vro-8283-monitor Nme vr-svr-443-monitor vr-iws-443-monitor vr-ims-443-monitor vr-vro-8283-monitor Intervl Timeout Mx Retries Type HTTPS HTTPS HTTPS HTTPS Expeted 204 Method GET GET GET GET URL /v/servies/pi/helth /wpi/pi/sttus/we /VMPSProvision /vo-ontrolenter/dos Reeive REGISTERED ProvisionServie VMwre, In. 117

118 7 Repet Step 6 to rete servie monitor for eh omponent. Upon ompletion, verify tht you hve suessfully entered the monitor nmes nd their respetive onfigurtion vlues. Crete Server Pools for Consolidted SDDC A server pool onsists of k-end server memers. After you rete server pool, you ssoite servie monitor with the pool to mnge nd shre the k-end servers flexily nd effiiently. The following onsidertions explin the design of the server pools onfigurtion. The onfigurtion uses NONE s helth monitor for ll server pools. Until vrelize Automtion is fully instlled nd strted, the helth monitor mrks pool memers s offline. Helth monitors indite the sttus of pool memers orretly, only fter vrelize Automton is fully instlled nd initilized. VMwre, In. 118

119 Future onfigurtions should disle ny dded pool memer of 3 vrelize Automtion VIPs (vrsvr-443, vr-is-we-443, vr-is-mgr-443). During the instlltion or power yle of vrelize Automtion, the servie inside the seond node might not e instlled or initilized yet. In this period of time, if the lod lner psses request to the seond node, the request fils. If the seond pool memer is not disled, you n experiene rndom filures during vrelize Automtion instlltion, nd servie initiliztion or registrtion filure during vrelize Automtion power yle. Perform the proedure multiple times to onfigure four different server pools. Tle 3 3. Server Pools for the Cloud Mngement Pltform Memers Pool Nme Monitors Enle Memer Mem er Nme IP ddress P or t Monitor Port vr-svr-443 vr-svr-443- monitor Yes vr01s vr vr-iws-443 vr-iws-443- monitor Yes vr01i ws vrims-443 vr-ims-443- monitor Yes vr01i ms vrsvr-8444 vr-svr-443- monitor Yes vr01s vr vrvro-8283 vr-vro monitor Yes vr01s vr Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. VMwre, In. 119

120 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01w01l01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Pools. 6 Clik the Add ion nd in the New Pool dilog ox, nd enter the following vlues. Nme Algorithm Monitors vr-svr-443 ROUND-ROBIN vr-svr-443-monitor 7 Clik the Add ion to dd the first pool memer. 8 In the New Memer dilog ox, enter the following vlues nd lik OK. Nme vr01svr01 IP Address/VC Continer Stte Enle Port 443 Monitor Port 443 Weight 1 VMwre, In. 120

121 9 Repet the proedure to rete the remining server pools nd memers. Crete Virtul Servers for Consolidted SDDC After lod lning is set up, the NSX lod lner distriutes network trffi ross multiple servers. When virtul server reeives request, it hooses the pproprite pool to send trffi. Eh pool onsists of one or more memers. You rete virtul servers for ll of the onfigured server pools. 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Networking & Seurity. 3 In the Nvigtor, lik NSX Edges. 4 From the NSX Mnger drop-down menu, selet s the NSX Mnger nd doule-lik the sfo01w01l01 NSX Edge to mnge its network settings. 5 Clik the Mnge t, lik Lod Blner, nd selet Virtul Servers. 6 Clik the Add ion, nd in the New Virtul Server dilog ox, onfigure the vlues for the virtul server you re dding nd lik OK. vr-svr-443 vr-iws-443 vr-ims-443 vr-svr-8444 vr-vro-8283 Enle Virtul server Seleted Seleted Seleted Seleted Seleted Applition Profile vrelize-https vrelize-httpspersist vrelize-httpspersist vrelize-httpspersist vrelize-httpspersist Nme vr-svr-443 vr-iws-443 vr-ims-443 vr-svr-8444 vr-vro-8283 Desription vrelize Automtion Appline UI vrelize Automtion IS We UI vrelize Automtion IS Mnger vrelize Automtion Remote Console Proxy vrelize Orhestrtor Control Center IP Address Protool HTTPS HTTPS HTTPS HTTPS HTTPS VMwre, In. 121

122 vr-svr-443 vr-iws-443 vr-ims-443 vr-svr-8444 vr-vro-8283 Port Defult Pool vr-svr-443 vr-is-we-443 vr-is-mgr-443 vr-svr-8444 vr-vro Repet Step 6 to rete virtul server for eh omponent. Upon ompletion, verify tht you hve suessfully entered the virtul server nmes nd their respetive onfigurtion vlues. Deploy the vrelize Automtion Appline for Consolidted SDDC The vrelize Automtion ppline is pre-onfigured virtul ppline tht ontins the vrelize Automtion server. The server inludes the vrelize Automtion ppline produt onsole, whih provides single portl for self-servie provisioning nd mngement of loud servies, uthoring, dministrtion, nd governne. During deployment of the virtul ppline, PostgreSQL ppline dtse is reted utomtilly on the first vrelize Automtion ppline. A repli dtse n e instlled on seond vrelize Automtion ppline to rete high-vilility environment. VMwre, In. 122

123 Nme Selet folder or dtenter Network Cluster Virtul Disk Formt VM Storge Poliy Dtstore Enle SSH servie in the ppline Hostnme Initil Root Pssword s for Host A vr01svr01.rinpole.lol sfo01-w01fd-vr Mgmt-xRegion01-VXLAN ( x) sfo01-w01-onsolidted01 Thin provision vsan Defult Storge Poliy sfo01-w01-vsn01 Seleted vr01svr01.rinpole.lol vr_ppa_root_pssword Defult gtewy Domin Nme rinpole.lol Domin Nme Servers , Domin Serh Pth rinpole.lol,sfo01.rinpole.lol Network 1 IP Address Network 1 Netmsk Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor pne, selet Glol Inventory Lists > vcenter Servers. 3 Right-lik the sfo01w01v01.sfo01.rinpole.lol ojet nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, rowse to the lotion of the vrelize Automtion Virtul Mhine Templte file on your file system, nd lik Next. 5 On the Selet nme nd folder pge, enter the following informtion, nd lik Next. Nme Selet folder or dtenter vr01svr01.rinpole.lol sfo01-w01fd-vr VMwre, In. 123

124 6 On the Selet Resoure pge, selet sfo01-w01-onsolidted01 > sfo01-w01rp-sdd-mgmt nd lik Next. 7 On the Review detils pge, lik Next. 8 On the Aept liense greements pge, lik Aept, nd then lik Next. 9 On the Selet storge pge, selet the dtstore. Selet Thin Provision from the Selet virtul disk formt drop-down menu. Selet vsan Defult Storge Poliy from the VM storge poliy drop-down menu. From the dtstore tle, selet the sfo01-w01-vsn01 vsan dtstore nd lik Next. 10 On the Selet Networks pge, selet the distriuted port group tht ends with Mgmt-xRegion01- VXLAN from the Destintion Network drop-down menu nd lik Next. 11 On the Customize templte pge, onfigure the following vlues nd lik Next. Enle SSH servie in the ppline Hostnme Initil Root Pssword Seleted vr01svr01.rinpole.lol vr_ppa_root_pssword Defult gtewy Domin Nme rinpole.lol Domin Nme Servers , Domin Serh Pth rinpole.lol,sfo01.rinpole.lol Network 1 IP Address Network 1 Netmsk On the Redy to omplete pge, review the onfigurtion settings you speified nd lik Finish. 13 Clik vcenter server sfo01w01v01.sfo01.rinpole.lol. Selet VMs t. Type vr01svr01 in the serh text ox. 14 Selet virtul mhine vr01svr01.rinpole.lol nd lik Power On ion. Wit until the vrelize Automtion ppline virtul mhine is ompletely powered on. This my tke severl minutes. 15 From the Virtul Mhine Console, verify tht vr01svr01.rinpole.lol uses the onfigurtion settings you speified. Deploy Windows Virtul Mhines for vrelize Automtion for Consolidted SDDC vrelize Automtion requires severl Windows virtul mhines to t s IS omponents in distriuted onfigurtion. VMwre, In. 124

125 Crete vsphere Imge Customiztion Speifitions for Consolidted SDDC Crete vsphere imge ustomiztion speifitions to use with your vrelize Automtion IS Server deployments. The ustomiztion speifition you rete ustomizes the guest operting systems of the virtul mhines tht host the vrelize Automtion IS We Server nd IS Mnger Servies. Customiztion speifitions re XML files tht ontin guest operting system settings for virtul mhines. You rete ustomiztion speifitions with the Guest Customiztion wizrd, nd mnge speifitions using the Customiztion Speifition Mnger. vcenter Server sves the ustomized onfigurtion prmeters in the vcenter Server dtse. When you lone virtul mhine or deploy virtul mhine from templte, you n ustomize the guest operting system of the virtul mhine to hnge properties suh s the omputer nme, network settings, nd liense settings. When you pply n imge ustomiztion speifition to the guest operting system during virtul mhine loning or deployment, you prevent onflits tht might result if you deploy virtul mhines with identil settings, suh s duplite omputer nmes. Crete Customiztion Speifition File for IS Servers for Consolidted SDDC Crete vsphere Imge Customiztion templte to use with your vrelize Automtion IS Servers deployment. You n supply ustom sysprep nswer file s n lterntive to speifying mny of the settings in the Guest Customiztion wizrd. The vsphere Imge Customiztion templte sysprep nswer file stores numer of ustomiztion settings suh s omputer nme, liensing informtion, nd workgroup or domin settings. 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From Home pge, under Opertions nd Poliies, lik Customiztion Speifition Mnger. 3 Selet sfo01w01v01.sfo01.rinpole.lol from the vcenter Server drop-down menu. 4 Clik the New ion. The Guest Customiztion wizrd opens. VMwre, In. 125

126 5 On the Speify Properties pge, onfigure the following vlues, nd lik Next. Trget VM Operting System Use ustom SysPrep nswer file Customiztion Spe Nme Windows Deseleted vr7-templte 6 On the Set Registrtion Informtion pge, onfigure the following vlues, nd lik Next. Nme Orgniztion Rinpole Rinpole IT 7 On the Set Computer Nme pge, selet the Enter nme in the Clone/Deploy wizrd rdio utton, nd lik Next. 8 On the Enter Windows Liense pge, onfigure the following vlues, nd lik Next. If you re using Mirosoft Liense Server, or hve multiple single liense keys, leve the Produt Key text ox lnk. Produt Key Inlude Server Liense Informtion Server Liense Mode volume_liense_key Seleted Per set 9 On the Set Administrtor Pssword pge, onfigure the following vlues, nd lik Next. Pssword Automtilly logon s Administrtor lol_dministrtor_pwd Seleted Numer of times to logon utomtilly 1 10 On the Time Zone pge, selet (GMT) Coordinted Universl Time from the Time Zone drop-down menu, nd lik Next. 11 On the Run One pge, type net lolgroup dministrtors rinpole\sv-vr /dd in the text ox nd lik Add. This ommnd will dd servie ount rinpole\sv-vr into virtul mhine's lol dministrtors group. Clik Next. 12 On the Configure Network pge, selet the Mnully selet ustom settings rdio utton, selet NIC1 from the list of network interfes in the virtul mhine, nd lik Edit. The Edit Network dilog ox opens. VMwre, In. 126

127 13 In the Edit Network dilog ox, on the IPv4 pge, onfigure the following vlues nd lik DNS. Prompt the user for n ddress when the speifition is used Seleted Sunet Msk Defult Gtewy On the DNS pge, provide DNS servers nd serh suffixes. Speify the following DNS server settings. Use the following DNS server ddress Seleted Preferred DNS Server Alternte DNS Server d Enter rinpole.lol in the For ll onnetions with TCP/IP enled text ox nd lik the Add utton. Enter sfo01.rinpole.lol in the For ll onnetions with TCP/IP enled text ox nd lik the Add utton. Clik OK to sve settings nd lose the Edit Network dilog ox, nd lik Next. 15 On the Set Workgroup or Domin pge, enter redentils tht hve dministrtive privileges in the domin, nd lik Next. Windows Server Domin Usernme Pssword rinpole.lol d_dmin_t@rinpole.lol d_dmin_pssword 16 On the Set Operting System Options pge, selet the Generte New Seurity ID (SID) hek ox, nd lik Next. 17 On the Redy to omplete pge, review the onfigurtion settings tht you entered, nd lik Finish. The ustomiztion speifition you reted is listed in the Customiztion Speifition Mnger, nd n e used to ustomize virtul mhine guest operting systems. Crete Windows Virtul Mhines for vrelize Automtion for Consolidted SDDC An instlltion of vrelize Automtion for the mngement nd worklod onsolidtion deployment requires only two Windows virtul mhines to t s IS omponents. Additionl virtul mhines n e introdued to supplement the instlltion with high vilility or to more evenly distriute IS omponents. VMwre, In. 127

128 To filitte loning, this design uses the vr7-templte imge ustomiztion speifition templte nd the windows-2012r2-64 VM templte. Repet this proedure twie, using the informtion in the following tle. Imge Customiztion Nme for Virtul Mhines NetBIOS nme vcenter Folder IP vcpu numer Memory Size Speifition Templte Network vr01iws01.rinpole.lol vr01iws01 sfo01- w01fdvr vr01ims01.rinpole.lol vr01ims01 sfo01- w01fdvr GB vr7-templte vxw-dvsxxxx-mgmtxregion01- VXLAN GB vr7-templte vxw-dvsxxxx-mgmtxregion01- VXLAN Prerequisites Verify tht you hve reted the Windows 2012 R2 VM templte windows2012r2-templte. SHA512 is disled in Windows for TLS 1.2 y defult. If SHA512 ertifites will e used for vrelize Automtion, you need to instll the windows updte in Mirosoft KB Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor pne, selet Glol Inventory Lists > vcenter Servers. Clik the sfo01w01v01.sfo01.rinpole.lol instne. 3 Clik VM Templtes in Folders, nd from the VM Templtes in Folders pne, right-lik the IS windows templte windows2012r2-templte nd selet New VM from this Templte. 4 On the Selet nme nd folder pge, enter the following informtion nd lik Next. of the Deploy From Templte wizrd, speify nme nd lotion for the virtul mhine. Enter nme for the virtul mhine Selet lotion for the virtul mhine vr01iws01.rinpole.lol sfo01-w01fd-vr VMwre, In. 128

129 5 On the Selet ompute resoure pge, selet sfo01-w01rp-sdd-mgmt resoure pool nd lik Next. 6 On the Selet storge pge, selet the dtstore on whih to rete the virtul mhine's disks. Selet vsan Defult Storge Poliy from thevm Storge Poliy drop-down menu. Selet the sfo01-w01-vsn01 vsan dtstore from the dtstore tle nd lik Next. 7 On the Selet Clone options pge, selet the Customize the operting system hek ox, nd lik Next. 8 On the Customize guest OS pge, selet the vr7-templte from the tle, nd lik Next. 9 On the User s pge, enter the following vlues, nd lik Next. NetBIOS nme vr01iws01 IPv4 ddress IPv4 sunet msk On the Redy to Complete pge, review your settings nd lik Finish. When the deployment of the virtul mhine ompletes, you n ustomize the virtul mhine. 11 In the Nvigtor, selet VMs nd Templtes. 12 Right-lik the vr01iws01.rinpole.lol virtul mhine nd selet Edit s. VMwre, In. 129

130 13 Clik Virtul Hrdwre nd onfigure the settings for CPU, Memory, nd the Network dpter 1. Selet 2 from the CPU drop-down menu. Set the Memory settings to 4096 MB. Expnd Network dpter 1 nd selet vxw-dvs-xxxx-mgmt-xregion01-vxlan from the dropdown menu nd lik OK. 14 Right-lik the virtul mhine vr01iws01.rinpole.lol, nd selet Power > Power on. 15 From the Virtul Mhine Console, verify tht vr01iws01.rinpole.lol re-oots, nd uses the onfigurtion settings tht you speified. After the Windows ustomiztion proess ompletes, len desktop ppers. 16 Log in to the Windows operting system nd perform finl verifition nd ustomiztion. Verify tht the IP ddress, omputer nme, nd domin re orret. Verify tht you hve dded the vrelize Automtion servie ount sv-vr@rinpole.lol to the Lol Administrtors Group. Note You my notie tht the virtul mhine filed to exeute ll the steps in the ustomiztion speifition. When this ours: Delete the virtul mhine nd its ustomiztion speifition. Retry reting the Windows virtul mhines for the IS omponents y reting new ustomiztion speifition nd provisioning virtul mhine using the newly rereted ustomiztion speifition. For informtion on reting new ustomiztion speifition, see Crete Customiztion Speifition File for IS Servers for Consolidted SDDC. For informtion on reting Windows virtul mhines for the IS omponents, see the urrent topi, Crete Windows Virtul Mhines for vrelize Automtion for Consolidted SDDC. 17 Repet this proedure to deploy nd onfigure the remining virtul mhine. Instll vrelize Automtion Mngement Agent on Windows IS VMs for Consolidted SDDC For eh Windows virtul mhine deployed s prt of the vrelize Automtion instlltion, mngement gent must e deployed to filitte the instlltion of the Windows dependenies nd vrelize Automtion omponents. Perform this proedure twie to instll the Mngement Agent on ll Windows IS virtul mhines listed elow: vr01iws01.rinpole.lol vr01ims01.rinpole.lol VMwre, In. 130

131 1 Log in to the vr01iws01.rinpole.lol virtul mhine onsole using the vrelize Automtion servie ount. Usernme Pssword rinpole\sv-vr sv-vr_pssword 2 Downlod the vrelize Mngement Agent. Open We rowser nd go to Downlod the Mngement Agent Instller.msi pkge. 3 Instll the vrelize Mngement Agent. d e Strt the vcac-ismngementagent-setup.msi instller. On the Welome pge, lik Next to strt the instll proess. On the EULA pge, selet the I ept the terms of this greement hek ox nd lik Next. On the Destintion Folder pge, lik Next to instll in the defult pth. On the Mngement Site Servie pge, enter the following settings nd lik Lod. vra ppline ddress Root usernme Pssword root vr_ppa_root_pssword f Selet the I onfirm the fingerprint mthes the Mngement Site Servie SSL ertifite hek ox, nd lik Next. 4 On the Mngement Agent Aount Configurtion pge, enter the following redentils nd lik Next. Usernme Pssword rinpole\sv-vr sv-vr_pssword 5 On the Redy to Instll pge, lik Instll. 6 Repet the proedure to instll the Mngement Agent on the remining Windows IS virtul mhines. VMwre, In. 131

132 Instll the vrelize Automtion Environment for Consolidted SDDC You use the Instlltion wizrd to deploy distriuted instlltion with lod lners for high vilility nd filover. One you strt the wizrd you must omplete it. If you nel the wizrd, you must redeploy the ppline to run the wizrd gin. Some kground on Instlltion here... 1 Log in to the first vrelize Automtion ppline. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_ppa_root_pssword The vrelize Automtion Instlltion wizrd ppers. 2 On the Welome to the vrelize Automtion Instlltion Wizrd pge, lik Next. 3 On the End User Liense Agreement pge, ept the terms of the greement nd lik Next. 4 On the Deployment Type pge, speify the following settings nd lik Next. Enterprise deployment Instll Infrstruture s Servie Seleted Seleted VMwre, In. 132

133 5 On the Instlltion Prerequisites pge, speify the following time server settings. Clik Chnge Time s, nd lik Next. Virtul Appline Time Syn. Mode Time Server Use Time Server ntp.sfo01.rinpole.lol 6 On the Disovered Hosts pge, verify tht ll Windows IS virtul mhines re listed nd tht the time offset is within the -1 / 0 / 1 vlues nd lik Next. Note The Time Offset olumn shows the time delt etween the vrelize Automtion ppline nd the Windows IS VMs. Time synhroniztion is ritil. If there re vlues outside of the eptle vlues, remedite those efore you proeed. 7 On the vrelize Applines pge, lik Next. 8 On the Server Roles pge, selet the respetive hek oxes for eh server sed on their role nd lik Next. Hosts vr01iws01.rinpole.lol vr01ims01.rinpole.lol Role Initil We Server nd Model Mnger Mnger Servie, DEM, Agent VMwre, In. 133

134 9 On the Prerequisite Cheker pge, verify tht the Windows servers for IS omponents re orretly onfigured. Clik Run nd wit for the prerequisite heker to omplete. If wrnings pper, lik Fix. Verify tht the sttus of ll IS omponents hnges to OK nd lik Next. 10 On the vrelize Automtion Host pge, enter vr01svr01.rinpole.lol in the vrelize Address text ox nd lik Next. 11 On the Single Sign-On pge, enter nd onfirm vr_dministrtor_pssword for the defult tennt ount nd lik Next. 12 On the IS Host pge, onfigure the following vlues nd lik Next. IS We Address Mnger Servie Address Seurity Pssphrse Confirm Pssphrse vr01iws01.rinpole.lol vr01ims01.rinpole.lol sql_d_pss sql_d_pss VMwre, In. 134

135 13 On the Mirosoft SQL Server pge, onfigure the following vlues, lik Vlidte, wit for suessful vlidtion, nd lik Next. Server Nme Dtse Nme Crete new dtse Defult s Use SSL for dtse onnetion Windows Authentition vr01mssql01.rinpole.lol vr-onepod-d Seleted Seleted Deseleted Seleted 14 On the We Role pge, onfigure the following vlues for the IS servers, lik Vlidte, wit for suessful vlidtion, nd lik Next. Wesite Nme Defult We Site Port 443 vr01iws01.rinpole.lol Usernme vr01iws01.rinpole.lol Pssword rinpole.lol\sv-vr sv-vr_pssword VMwre, In. 135

136 15 On the Mnger Servie Role pge, onfigure the following vlues for the IS We servers, lik Vlidte, wit for suessful vlidtion, nd lik Next. Ative IS Host Nme Usernme Pssword Seleted vr01ims01.rinpole.lol rinpole.lol\sv-vr sv-vr_pssword 16 On the Distriuted Exeution Mngers pge, lik the Add ion s needed, speify the following settings, lik Vlidte, wit for suessful vlidtion, nd lik Next. IS Host Nme Instne Nme Usernme Pssword vr01ims01.rinpole.lol DEM1 rinpole.lol\sv-vr sv-vr_pssword 17 On the Agents pge, onfigure the following vlues, lik Vlidte, wit for suessful vlidtion, nd lik Next. IS Host Nme Agent Nme Endpoint Agent Type Usernme Pssword vr01ims01.sfo01.rinpole.lol VSPHERE VSPHERE-SFO vsphere rinpole.lol\sv-vr sv-vr_pssword VMwre, In. 136

137 VMwre, In. 137

138 18 On the next three ertifites onfigurtion pges, onfigure the ertifites for ll vrelize Automtion. You omplete three different ertifite onfigurtion pges for the different nodes using the sme proess nd vlues from the vr-for-1-pod.key file for the Privte Key nd the vr-for-1-pod. 3.pem file for ll ertifites stored in the vr folder. For more informtion on ertifite onfigurtion, see "Use the Certifite Genertion Utility to Generte CA-Signed Certifites for the SDDC Mngement Components" in the VMwre Vlidted Design Plnning nd Preprtion (1-Pod) doument. On the vrelize Appline Certifite pge, speify the following settings, lik Sve Imported Certifite, nd lik Next. Certifite Ation RSA Privte Key Certifite Chin Pssphrse Import -----BEGIN RSA PRIVATE KEY-----privte_key_vlue-----END RSA PRIVATE KEY BEGIN CERTIFICATE-----Server_ertifite_vlue-----END CERTIFICATE BEGIN CERTIFICATE-----Intermedite_CA_ertifite_vlue-----END CERTIFICATE BEGIN CERTIFICATE-----Root_CA_ertifite_vlue-----END CERTIFICATE----- vr_ert_pssphrse Repet this step on the We Certifite nd the Mnger Servie Certifite pges of the vrelize Automtion Instlltion Wizrd. 19 On the Lod Blners pge, lik Next. Note You onfigured lod lning in Lod Blning the Cloud Mngement Pltform for Consolidted SDDC. 20 On the Vlidtion pge, lik Vlidte, wit for suessful vlidtion, nd lik Next. VMwre, In. 138

139 21 On the Crete Snpshots pge, do not lose the wizrd. Nvigte to the vsphere We Client, nd rete snpshots of ll vrelize Automtion virtul mhines. In rowser, go to to log in to the vsphere We Client. Log in using the following redentils. User nme Pssword vsphere_dmin_pssword d e From the Home pge, lik VMs nd Templtes. In the Nvigtor, expnd the sfo01w01v01.sfo01.rinpole.lol > sfo01-w01d01 > sfo01- w01fd-vr folder. Right-lik the vr01ims01.rinpole.lol VM nd selet Snpshots > Tke Snpshot. VMwre, In. 139

140 f In the Tke VM Snpshot dilog ox, speify the following settings nd lik OK. Nme Snpshot the virtul mhine's memory Prior to vra IS omponent instlltion Deseleted g Repet the step to rete snpshots of the remining vrelize Automtion VMs. Virtul Mhine vr01svr01.rinpole.lol vr01mssql01.rinpole.lol vr01iws01.rinpole.lol vcenter Folder sfo01-w01fd-vr sfo01-w01fd-vr sfo01-w01fd-vr After you rete snpshots of ll virtul mhines, return to the vrelize Automtion Instlltion wizrd. 22 On the Crete Snpshots pge, lik Next. 23 On the Instlltion Detils pge, lik Instll. 24 On the Instlltion Detils pge, verify tht ll items omplete suessfully nd lik Next. 25 On the Liensing pge, enter your vrelize_automtion_liense_key, lik Sumit Key, nd lik Next. 26 On the Telemetry pge, selet Join the VMwre Customer Experiene Improvement Progrm nd lik Next. 27 On the Post-Instlltion Options pge, selet Continue to proeed without reting initil ontent nd lik Next. 28 Clik Finish to exit the wizrd. vrelize Automtion Defult Tennt Configurtion for Consolidted SDDC In shred loud environments, where multiple ompnies, divisions or independent groups re using ommon infrstruture fri, it is neessry to set up virtul privte louds where uthentition, resoures, poliy re ustomized to the needs of eh group. Tennts re useful for isolting the users, resoures nd servies of one tennt from those of other tennts. Crete Lol Tennt Administrtor for Consolidted SDDC Join the VMwre Identity Mnger onnetors to the Ative Diretory domin to support Integrted Windows Authentition. Perform this opertion in the defult tennt vsphere.lol. Crete lol user for the defult tennt in vrelize Automtion nd ssign the Tennt Administrtor role to the defult tennt. VMwre, In. 140

141 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword 2 On the Tennts pge, lik the defult tennt vsphere.lol to edit its settings. 3 Clik the Lol users t nd lik New to dd lol user to the defult tennt. 4 In the User Detils dilog ox, speify the following settings, lik OK, nd lik Next. First nme Lst nme Emil User nme Pssword Confirm pssword ITAC LolDefultAdmin ITAC-LolDefultAdmin@vsphere.lol ITAC-LolDefultAdmin it-loldefultdmin_pssword it-loldefultdmin_pssword VMwre, In. 141

142 5 On the Administrtors t, speify tennt nd infrstruture dministrtors. In the Tennt dministrtors serh text ox, enter ITAC-LolDefultAdmin nd press Enter. In the IS dministrtors serh text ox, enter ITAC-LolDefultAdmin nd press Enter. Clik Finish. 6 Log out from the vrelize Automtion portl. VMwre, In. 142

143 Join Connetors to n Ative Diretory Domin for Consolidted SDDC To use n Ative Diretory domin for tennt uthentition, you must join VMwre Identity Mnger onnetor to vrelize Automtion. Eh vrelize Automtion ppline inludes onnetor tht supports user uthentition. By defult, one onnetor is typilly onfigured to perform diretory synhroniztion. Perform the proedure y using the ITAC-LolDefultAdmin tht you onfigured in the previous proedure. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword ITAC-LolDefultAdmin it-loldefultdmin_pssword 2 Nvigte to Administrtion > Diretories Mngement > Connetors. 3 For the first.onnetor, lik Join Domin. 4 Speify the following settings nd lik Join Domin. Domin Selet Custom Domin from the drop-down menu. Type rinpole.lol in the text field. Domin User Domin Pssword dministrtor domin_dmin_pssword 5 Log out from the vrelize Automtion portl. VMwre, In. 143

144 vrelize Automtion Tennt Cretion for Consolidted SDDC You rete dditionl vrelize Automtion tennts so tht users n ess the pplitions nd resoures tht they need to omplete their work ssignments. A tennt is group of users with speifi privileges who work within softwre instne. Administrtors n rete dditionl tennts so tht users n log in nd omplete their work ssignments. Administrtors n rete s mny tennts s needed for system opertion. Administrtors must speify si onfigurtion suh s nme, login URL, lol users, nd dministrtors. The tennt dministrtor must lso log in nd set up n pproprite Ative Diretory onnetion nd pply ustom rnding to tennts. Crete the Rinpole Tennt for Consolidted SDDC The VMwre Identity Mnger servie running in the vrelize Automtion ppline provides Single-Sign On (SSO) pility for vrelize Automtion users. VMwre Identity Mnger is n uthentition roker nd seurity token exhnge tht interts with the Ative Diretory to uthentite users. As the system dministrtor, you onfigure Identity Mnger to provide ess to vrelize Automtion y the Rinpole tennt. The Rinpole tennt is the tennt through whih you mnge system-wide onfigurtion, tht inludes glol system defults for rnding, notifitions, nd monitor system logs. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword 2 On the Tennts pge, lik New to onfigure new tennt. 3 On the Generl t, enter the following settings for the Rinpole tennt, nd lik Sumit nd Next. Nme URL Nme Contt emil Rinpole rinpole dministrtor@rinpole.lol VMwre, In. 144

145 4 On the Lol Users t, lik New to dd lol user for the tennt. 5 In the User Detils dilog ox, speify the following settings, lik OK, nd lik Next. First nme Lst nme Emil User nme Pssword Confirm pssword ITAC LolRinpoleAdmin ITAC-LolRinpoleAdmin@rinpole.lol ITAC-LolRinpoleAdmin it-lolrinpoledmin_pssword it-lolrinpoledmin_pssword VMwre, In. 145

146 6 On the Administrtors t, speify tennt nd infrstruture dministrtors. Enter ITAC-LolRinpoleAdmin in the Tennt dministrtors serh text ox nd press Enter. Enter ITAC-LolRinpoleAdmin in the IS dministrtors serh text ox nd press Enter. Clik Finish. VMwre, In. 146

147 7 Log out of vrelize Automtion portl. Configure Identity Mngement for the vrelize Automtion Tennt for Consolidted SDDC As prt of the tennt retion proess, eh tennt must e ssoited with t lest one diretory servie, suh s Ative Diretory. You n dd dditionl diretories s needed. Perform the proedure using the ITAC-LolRinpoleAdmin user group tht you onfigured erlier in the deployment proess. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword ITAC-LolRinpoleAdmin it-lolrinpoledmin_pssword 2 Nvigte to Administrtion > Diretories Mngement > Diretories. 3 Clik Add Diretory nd selet Add Ative Diretory over LDAP/IWA, speify the following settings nd lik Sve & Next. Diretory Nme Diretory Type Syn Connetor Authentition Diretory Serh Attriute Certifites Domin Nme Domin Admin Usernme Domin Admin Pssword Bind User UPN Bind DN Pssword rinpole.lol Ative Diretory (Integrted Windows Authentition) vr01svr01.rinpole.lol Yes samaountnme Deseleted rinpole.lol domin dministrtor domin_dmin_pssword sv-vr@rinpole.lol sv-vr_pssword VMwre, In. 147

148 4 On the Selet the Domins pge, selet rinpole.lol (RAINPOLE) nd lik Next. 5 On the Mp User Attriutes pge, lik Next. 6 On the Selet the groups (users) you wnt to syn pge, enter the group DNs to syn. Clik the Add ion to dd the distinguished nme to the serh riteri. In the Speify the group DNs text ox, enter d=rinpole,d=lol nd lik Find Groups. VMwre, In. 148

149 After the Groups to syn vlue updtes, lik Selet. d Selet the following groups nd lik Sve. ug-itac-tenntadmins ug-itac-tenntarhitets ug-sddc-admins ug-sddc-ops ug-vroadmins e Clik Next. VMwre, In. 149

150 7 On the Selet the Users you would like to syn pge, lik Next. 8 On the Review pge, lik Syn Diretory. Assign Tennt Administrtive Roles to Ative Diretory Users for Consolidted SDDC After you ssoite vrelize Automtion Diretories Mngement with your Ative Diretory domin, domin user groups who you ssign s tennt nd infrstruture dministrtors n dminister the tennt. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword 2 On the Tennts pge, lik the Rinpole tennt to edit its settings. 3 Clik the Administrtors t to ssign domin user groups for tennt nd infrstruture dministrtors. Enter ug-itac-tenntadmins in the Tennt dministrtors serh text ox nd press Enter. Enter ug-itac-tenntadmins in the IS dministrtors serh text ox nd press Enter. Clik Finish. Brnd the Tennt Login Pges for Consolidted SDDC You n pply ustom rnding on per-ustomer sis to the vrelize Automtion tennt login pges. System dministrtors ontrol the defult rnding for ll tennts. As tennt dministrtor, you hnge the rnding of the portl. Tht inludes the logo, the kground olor, nd the informtion in the heder nd footer. If the rnding for tennt is hnged, tennt dministrtor n revert k to the system defults. VMwre, In. 150

151 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword 2 Nvigte to Administrtion > Brnding nd deselet the Use defult hek ox. 3 On the Heder t speify the following settings for the heder rnding. Compny Nme Produt Nme Bkground hex olor Text hex olor Rinpole Infrstruture Servie Portl 3989C7 FFFFFF 4 Clik the Footer t, speify the following settings for the footer rnding nd lik Finish. Copyright notie Privy poliy link Contt link Copyright Rinpole. All Rights Reserved. Configure the Defult Emil Servers for Consolidted SDDC System dministrtors onfigure inound nd outound emil servers to hndle emil notifitions out events involving tennts' mhines. System dministrtors n rete only one inound emil server nd one outound emil server. These servers re the defults for ll tennts. VMwre, In. 151

152 If tennt dministrtors do not override the defult emil server settings efore they enle notifitions, vrelize Automtion uses the glolly onfigured emil server. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword 2 Nvigte to Administrtion > Emil Servers nd lik New. 3 In the New Emil Server dilog ox, selet Emil - Inound nd lik OK. 4 On the New Inound Emil pge, speify the following vlues, lik Test Connetion to verify tht the settings re orret, nd lik OK. Nme Seurity Protool Server Nme Rinpole-Inound Deseleted IMAP emil.rinpole.lol Server Port 143 Folder Nme Proessed Emil User Nme Pssword Emil Address INBOX Deseleted dministrtor@rinpole.lol vr_dministrtor_pssword it@rinpole.lol VMwre, In. 152

153 5 On the Emil Servers pge, lik New to onfigure the outound server settings. 6 In the New Emil Server dilog ox, selet Emil - Outound nd lik OK. 7 On the New Outound Emil pge, speify the following vlues, lik Test Connetion to verify tht the settings re orret, nd lik OK. Nme Server Nme Enryption Method Rinpole-Outound emil.rinpole.lol None Server Port 25 Authentition User Nme Pssword Sender Address Seleted dministrtor@rinpole.lol vr_dministrtor_pssword it@rinpole.lol 8 Log out of vrelize Automtion portl. Emedded vrelize Orhestrtor Configurtion for Consolidted SDDC VMwre Emedded vrelize Orhestrtor is pltform tht provides lirry of extensile workflows to llow you to rete nd run utomted, onfigurle proesses to mnge the VMwre vsphere infrstruture s well s other VMwre nd third-prty tehnologies. vrelize Orhestrtor is omposed of three distint lyers: n orhestrtion pltform tht provides the ommon fetures required for n orhestrtion tool, plug-in rhiteture to integrte ontrol of susystems, nd lirry of workflows. vrelize Orhestrtor is n open pltform tht n e extended with new plug-ins nd lirries, nd n e integrted into lrger rhitetures through REST API. VMwre, In. 153

154 Configure the Emedded vrelize Orhestrtor for Consolidted SDDC Configure the vrelize Orhestrtor servies to provide the SDDC foundtion orhestrtion engine. Configure the Emedded vrelize Orhestrtor Virtul Appline for Consolidted SDDC You need to onfigure the vrelize Automtion virtul ppline to tivte the Emedded vrelize Orhestrtor instne. 1 Log in to the vrelize Automtion Appline vr01svr01.rinpole.lol to onfigure the emedded vrelize Orhestrtor. SSH to vrelize Automtion Appline vr01svr01.rinpole.lol using the following redentils. User nme Pssword root hosta_root_pssword Verify the sttus of vo-onfigurtor using the ommnd servie vo-onfigurtor sttus. 2 Strt vo-onfigurtor servie using the ommnd servie vo-onfigurtor strt. 3 Verify the sttus of vo-onfigurtor using the ommnd servie vo-onfigurtor sttus. Configure Authentition Provider for vrelize Orhestrtor for Consolidted SDDC Configure the uthentition provider for the emedded vrelize Orhestrtor. VMwre, In. 154

155 Configure the uthentition provider to hnge the defult tennt from vsphere.lol to rinpole using the following steps. This enles the usge of Single Sign-On uthentition through vrelize Automtion. 1 Log in to the vrelize Orhestrtor Control Center. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vsphere_dmin_pssword VMwre, In. 155

156 2 Configure vrelize Automtion s vrelize Orhestrtor uthentition provider. On the Home pge, under Mnge lik Configure Authentition Provider. In the Defult Tennt text ox, lik the Chnge utton, enter rinpole, nd lik Apply. In the Admin group text ox, enter ug-vro nd lik Serh. VMwre, In. 156

157 d From the drop-down menu, selet rinpole.lol\ug-vroadmins nd lik Sve Chnges. e At this point, you will e utomtilly logged out of the ontrol enter. 3 Verify tht you n suessfully log in s sv-vr. Open We rowser nd go to Log in using the following redentils. User nme Pssword sv-vr sv-vr_pssword 4 Log out of ontrol enter. 5 SSH into the vrelize Automtion ppline nd run the following ommnds to restrt vrelize Orhestrtor servies. servie vo-server restrt servie vo-onfigurtor restrt 6 Log k in to ontrol enter. s sv-vr. Open We rowser nd go to Log in using the following redentils. User nme Pssword sv-vr sv-vr_pssword Note The log in proess my e delyed due to the vrelize Orhestrtor servies restrting. VMwre, In. 157

158 Vlidte the Configurtion for Consolidted SDDC Verify tht vrelize Orhestrtor instne emedded in vrelize Automtion is onfigured properly. You n verify the onfigurtion of the vrelize Orhestrtor instne emedded in vrelize Automtion using the Vlidte Configurtion pge in the Orhestrtor Control Center. 1 Log in to the emedded vrelize Orhestrtor Control Center. Open We rowser nd go to Log in using the following redentils. User nme Pssword sv-vr sv-vr_pssword 2 On the Home pge, under Mnge, lik Vlidte Configurtion nd verify tht ll hek mrks re green. Add the vcenter Server Instne to vrelize Orhestrtor vrelize for Consolidted SDDC Add eh vcenter Server instne tht ontriutes resoures to vrelize Automtion nd uses the vrelize Orhestrtor workflows to llow ommunition. VMwre, In. 158

159 1 Downlod nd Instll the vrelize Orhestrtor Client. Open We rowser nd go to Clik vrelize Orhestrtor Client. On the VMwre vrelize Orhestrtor Login pge, log in to the Emedded vrelize Orhestrtor y using the following hostnme nd redentils. Host nme User nme Pssword vr01svr01.rinpole.lol:443 sv-vr sv-vr_pssword 2 In the left pne, lik Workflows, nd nvigte to Lirry > vcenter > Configurtion. 3 Right-lik the Add vcenter Server instne workflow nd lik Strt Workflow. On the Set the vcenter Server Instne pge, onfigure the following settings nd lik Next. IP or hostnme of the vcenter Server instne to dd sfo01w01v01.sfo01.rinpole.lol HTTPS port of the vcenter Server instne 443 Lotion of SDK tht you use to onnet Will you orhestrte this instne Do you wnt to ignore ertifite wrnings /sdk Yes Yes On the Set the onnetion properties pge, onfigure the following settings, nd lik Sumit. Use session per user vcenter Server user nme vcenter Server user pssword No rinpole.lol\sv-vro sv-vro_pssword 4 To verify tht the workflow ompleted suessfully, lik the Inventory t nd expnd the vcenter Server tree ontrol. The vcenter Server instne you dded will e visile in the inventory. Integrte vrelize Orhestrtor with vrelize Automtion for Consolidted SDDC Configure vrelize Automtion to work with vrelize Orhestrtor. VMwre, In. 159

160 Configure Emedded vrelize Orhestrtor Server for Consolidted SDDC To use vrelize Automtion workflows to ll vrelize Orhestrtor workflows, you must onfigure vrelize Orhestrtor to t s n endpoint. 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor vr_dministrtor_pssword 2 Clik Administrtion > vro Configurtion > Server Configurtion. 3 Selet the Use the defult Orhestrtor server rdio utton nd lik Test Connetion. 4 One the Suessfully onneted to the Orhestrtor server messge ppers, lik OK to omplete the onfigurtion. Crete vrelize Orhestrtor Endpoint for Consolidted SDDC IS dministrtors re responsile for reting the endpoints tht llow vrelize Automtion to ommunite with your infrstruture. You rete vrelize Orhestrtor endpoint for use y Relize Automtion to ommunite workflows. 1 Log in to the Rinpole Infrstruture Servie Portl. Open We rowser nd go to From the Selet your domin drop-down menu selet Rinpole.lol nd lik Next Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol VMwre, In. 160

161 2 Crete new endpoint for vrelize Orhestrtor. Selet Infrstruture > Endpoints > Endpoints. Clik New > Orhestrtion > vrelize Orhestrtor, enter the following vlues, nd lik OK to omplete the proess. Nme Address User nme Pssword vr01svr01.rinpole.lol sv-vr_pssword Priority 1 3 Strt the dt olletion for the newly reted endpoint. On the Endpoints pge, lik the newly reted vrelize Orhestrtor endpoint nd lik Ations > Dt Colletion. Clik Strt to egin the vrelize Orhestrtor dt olletion proess. Wit severl minutes for the dt olletion proess to omplete. Clik Refresh to verify tht the dt olletion suessfully omplete. When dt olletion suess sttus messge ppers, the onfigurtion proess is omplete. Add vrelize Automtion Host in vrelize Orhestrtor for Consolidted SDDC To ll vrelize Automtion Plugin workflows, you onfigure the vrelize Automtion host in vrelize Orhestrtor. 1 Log in to the vrelize Orhestrtor Client. Open We rowser nd go to Clik Strt Orhestrtor Client. On the VMwre vrelize Orhestrtor login pge, log in to vrelize Orhestrtor using the following hostnme nd redentils. Host nme User nme Pssword vr01svr01.rinpole.lol:443 sv-vr sv-vr_pssword 2 In the left pne, lik Workflows, nd nvigte to Lirry > vrelize Automtion > Configurtion. VMwre, In. 161

162 3 Right-lik the Add vra host using omponent registry workflow nd lik Strt Workflow. On the Common prmeters pge, onfigure the following settings, nd lik Sumit. Nme of the vcac host vr01svr01.rinpole.lol Connetion timeout 30.0 Opertion timeout To verify tht the workflow ompleted suessfully, lik the Inventory t nd expnd the vrelize Automtion tree ontrol. The vrelize Automtion Server instne tht you just dded is visile in the inventory. 5 In the left pne, lik Workflows, nd nvigte to Lirry > vrelize Automtion > Configurtion. VMwre, In. 162

163 6 Right-lik the Add the IS host of vra host workflow nd lik Strt Workflow. On the Common prmeters pge, lik the serh ion lelled Not set. Selet vr01svr01.rinpole.lol [ [rinpole] for vcac host nd lik Next. On the Add n IS host pge, keep the defult settings for Host Properties nd lik Next. d On the Add n IS host pge, keep the defult settings for the Proxy s nd lik Next. On the Host Authentition pge, selet SSO for Host's uthentition type, nd lik Sumit. 7 To verify tht the workflow ompleted suessfully, lik the Inventory t nd expnd the vrelize Automtion Infrstruture tree ontrol. The vrelize Automtion IS Server instne you dded is visile in the inventory. VMwre, In. 163

164 Instll vrelize Business for Consolidted SDDC vrelize Business is n finnil mngement tool tht provides trnspreny nd ontrol over the osts nd qulity of IT servies, enling lignment with the usiness nd elertion of IT trnsformtion. You instll vrelize Business, nd integrte it with vrelize Automtion, to ontinuously monitor the ost of eh individul virtul mhine nd the osts of their dt enter. Deploy the vrelize Business Virtul Applines for Consolidted SDDC VMwre vrelize Business llows users to gin greter visiility into the finnil spets of their loud infrstruture, nd lets them optimize nd improve these opertions. You deploy two instnes of vrelize Business, server nd dt olletor. Repet this proedure twie to deploy the two pplines. VMwre, In. 164

165 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Clik Hosts nd Clusters nd nvigte to the sfo01w01v01.sfo01.rinpole.lol vcenter Server ojet. 3 Right-lik the sfo01w01v01.sfo01.rinpole.lol ojet nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, rowse to the lotion of the vrelize Business virtul ppline.ov file on your file system, nd lik Next. 5 On the Selet nme nd lotion pge, enter the following informtion for the respetive ppline tht you deploy nd lik Next. for Server for Dt Colletor Nme vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol Selet dtenter or folder sfo01-w01fd-vr sfo01-w01fd-vris 6 On the Selet resoure pge, selet the sfo01-w01rp-sdd-mgmt resoure pool nd lik Next. 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt, version, downlod nd disk size, nd lik Next. 8 On the Aept liense greements pge, ept the end user liense greements nd lik Next. 9 On the Selet storge pge, selet the dtstore. Selet Thin provision from the Selet virtul disk formt drop-down menu. Selet vsan Defult Storge Poliy from the VM storge poliy drop-down menu. From the dtstore tle, selet the sfo01-w01-vsn01 vsan dtstore nd lik Next. 10 On the Selet networks pge, selet the pproprite network from the Destintion drop-down menu, nd lik Next. for Server for Dt Colletor Network 1 Ends with Mgmt-xRegion01-VXLAN Ends with Mgmt-RegionA01-VXLAN VMwre, In. 165

166 11 On the Customize templte pge, onfigure the following vlues nd lik Next. s for Server s for Dt Colletor Curreny USD USD Enle SSH servie Seleted Seleted Enle Server Seleted Deseleted Join the VMwre Customer Experiene Improvement Progrm Seleted Seleted Root user pssword vr_server_root_pssword vr_olletor_root_pssword Defult Gtewy Domin Nme vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol Domin Nme Servers , , Domin Serh Pth rinpole.lol,sfo01.rinpole.lol sfo01.rinpole.lol Network 1 IP Address Network 1 Netmsk On the Redy to omplete pge, review the onfigurtion settings you speified nd VMwre, In. 166

167 lik Finish. 13 Chnge the vrelize Business virtul ppline memory size. Right-lik the virtul mhine nd selet Edit s. Clik Virtul Hrdwre, enter the following vlue for Memory, nd lik OK. for Server for Dt Colletor vrelize Business virtul ppline vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol Memory 8 GB 2 GB 14 Nvigte to the new ppline nd power on the VM. 15 Repet this proedure to deploy the vrelize Business dt olletor sfo01vr01.sfo01.rinpole.lol. VMwre, In. 167

168 Configure SSL Certifite for vrelize Business Server for Consolidted SDDC Import the previously generted ertifites for vrelize Business from the vrelize Business ppline mngement onsole. Prerequisites CA-signed ertifite files generted y using VMwre Vlidted Design Certifite Genertion Utility (CertGenVVD). See the VMwre Vlidted Design Plnning nd Preprtion doumenttion. 1 Log in to the vrelize Business Server ppline mngement onsole. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_server_root_pssword 2 Clik the Administrtion t nd lik SSL. 3 On the Reple SSL Certifite pge, uplod the ertifite files tht you previously generted for vrelize Business nd lik Reple Certifite. Use the vr.key file s the RSA Privte Key (.key) nd the vr.3.pem file for the Certifite(s) (.pem) entry. These files re in the vr folder tht you reted during ertifite genertion. Choose mode RSA Privte Key (.key) Import PEM enoded Certifite BEGIN RSA PRIVATE KEY----- privte_key_vlue -----END RSA PRIVATE KEY----- Certifite(s) (.pem) -----BEGIN CERTIFICATE----- Server_ertifite_vlue -----END CERTIFICATE BEGIN CERTIFICATE----- Intermedite_CA -----END CERTIFICATE BEGIN CERTIFICATE----- Root_CA_ertifite_vlue -----END CERTIFICATE----- Privte Key Pssphrse vr_ert_pssphrse 4 Verify tht the ertifite hnged suessfully. A messge ppers tht informs you tht the SSL ertifite ws suessfully imported. VMwre, In. 168

169 5 Clik the System t nd lik Reoot for the hnges to tke effet. Configure NTP for vrelize Business for Consolidted SDDC Configure the network time protool (NTP) on oth vrelize usiness pplines from the virtul ppline mngement interfe (VAMI). Perform the proedure on oth vrelize Business server nd vrelize Business dt olletor virtul pplines. Host Server Dt Colletor VAMI URL Log in to the vrelize Business server ppline mngement onsole. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_server_root_pssword 2 Configure the ppline to use time server. Clik the Administrtion t nd lik Time s. On the Time s pge, enter the following settings nd lik Sve s. Time Syn. Mode Time Server #1 Use Time Server ntp.sfo01.rinpole.lol 3 Repet the proedure on the vrelize Business dt olletor virtul ppline sfo01vr01.sfo01.rinpole.lol. Integrte vrelize Business with vrelize Automtion for Consolidted SDDC To prepre vrelize Business for use, you must register the vrelize Business server with vrelize Automtion y using the mngement interfe. VMwre, In. 169

170 1 Log in to the vrelize Business server ppline mngement onsole. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_server_root_pssword 2 On the vra t, enter the following redentils to register with the vrelize Automtion server. Hostnme SSO Defult Tennt SSO Admin User SSO Admin Pssword Aept "vrelize Automtion" ertifite vr01svr01.rinpole.lol vsphere.lol dministrtor vr_dministrtor_pssword Deseleted 3 Clik Register to onnet to vrelize Automtion nd get its ertifite. A filure messge my pper t the top of the pge. Wit until the SSO Sttus hnges to The ertifite of "vrelize Automtion" is not trusted. Plese view nd ept to register. 4 Clik the View "vrelize Automtion" ertifite link to downlod the vrelize Automtion ertifite. 5 Selet the Aept "vrelize Automtion" ertifite hek ox nd lik Register. SSO Sttus hnges to Conneted to vrelize Automtion. Register the vrelize Business Dt Colletor with the Server for Consolidted SDDC After you integrte vrelize Business with vrelize Automtion, you onnet the two vrelize Business pplines. Beuse the tennt is onfigured in vrelize Automtion, you register the vrelize Business dt olletor ppline with the vrelize Business server using the following proedure. Grnt n dditionl role to the tennt dmin, enter produt liense key, nd generte one-time key from vrelize Automtion. Register the dt olletor with the vrelize Business server. VMwre, In. 170

171 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword Rinpole.lol 2 Nvigte to Administrtion > Users & Groups > Diretory Users & Groups. 3 In the serh text ox, enter ug-itac-tenntadmins. 4 Clik the ug-itac-tenntadmins group to edit its settings. 5 On the Edit Group pge, in the Add Roles to this Group list, selet the Business Mngement Administrtor role to dd the role nd lik Finish. 6 Log out, nd log in gin y using the sme redentils. VMwre, In. 171

172 7 Assign liense to the vrelize Business solution. Clik the Business Mngement t. Under Liense, enter your seril numer for vrelize Business nd lik Sve. 8 Generte one-time use key for onneting the two vrelize Business pplines. d Nvigte to Administrtion > Business Mngement. Expnd the Mnge Dt Colletor > Remote Dt Colletion setion. Clik Generte new one time use key. Sve the one time use key s you need it t lter stge in the implementtion sequene. 9 Log in to the vrelize Business dt olletor onsole. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_olletor_root_pssword VMwre, In. 172

173 10 Register the dt olletor with vrelize Business server. Expnd the Registrtion with the vrelize Business Server setion. Enter the following vlues nd lik Register. Enter the vrb Server Url Enter the One Time Key one_time_use_key After you lik Register, wrning messge informs you tht the ertifite is not trusted. Clik Instll nd lik OK. The vrelize Business pplines re now onneted. Connet vrelize Business with the vcenter Server for Consolidted SDDC vrelize Business requires ommunition with the vcenter Server to ollet dt from the entire luster. You perform this opertion y using the vrelize Business dt olletor onsole. VMwre, In. 173

174 1 Log in to the vrelize Business dt olletor onsole. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_olletor_root_pssword 2 Clik Mnge Privte Cloud Connetions, selet vcenter Server, nd lik the Add ion. 3 In the Add vcenter Server Connetion dilog ox, enter the following settings nd lik Sve. Nme vcenter Server Usernme Pssword sfo01w01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol sv-vr@rinpole.lol sv_vr_pssword 4 In the SSL Certifite wrning dilog ox, lik Instll. 5 In the Suess dilog ox, lik OK. Cloud Mngement Pltform Post-Instlltion Tsks for Consolidted SDDC After you deploy vrelize Automtion nd vrelize Orhestrtor, you rete nti-ffinity rules whih enles HA protetion for oth servies, helth monitors to hek the helth sttus of individul servers, nd remove the snpshots reted during the vrelize Automtion instlltion. Crete VM Groups to Define the Strtup Order of the Cloud Mngement Pltform for Consolidted SDDC VM Groups llow you to define the strtup order of virtul mhines. The strtup order you define ensures tht vsphere HA powers on virtul mhines in the orret order. VMwre, In. 174

175 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 In the Nvigtor, selet Host nd Clusters nd expnd the sfo01w01v01.sfo01.rinpole.lol tree. 3 Crete VM Group for the vrelize Automtion IS Dtse. d e f Selet the sfo01-w01-onsolidted01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Groups. On the VM/Host Groups pge, lik the Add utton. In the Crete VM/Host Group dilog, enter vrelize Automtion IS Dtse in the Nme field, selet VM Group from the Type drop down, nd lik the Add utton. In the Add VM/Host Group Memer dilog, selet vr01mssql01.rinpole.lol nd lik OK. Clik OK to sve the VM/Host Group. 4 Repet step 3 to rete the following VM/Host Groups. VM/Host Group Nme vrelize Automtion Virtul Applines vrelize Automtion IS We Servers vrelize Automtion IS Mngers vrelize Business Servers vrelize Business Remote Colletors VM/Host Group Memer vr01svr01.rinpole.lol vr01iws01.rinpole.lol vr01ims01.rinpole.lol vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol 5 Crete rule to power on the vrelize Automtion Dtse efore the vrelize Automtion Virtul Applines. d Selet the sfo01-w01-onsolidted01 luster nd lik the Configure t. On the Configure pge, lik VM/Host Rules. On the VM/Host Rules pge, lik the Add utton. In the Crete VM/Host Rule dilog, enter SDDC Cloud Mngement Pltform 01 in the Nme field, ensure tht the Enle Rule hek ox is seleted, selet Virtul Mhines to Virtul Mhines from the Type drop down. VMwre, In. 175

176 e f g Selet vrelize Automtion IS Dtse for the First restrt VMs in VM group drop down list. Selet vrelize Automtion Virtul Applines for the Then restrt VMs in VM group drop down list Clik OK to sve the rule. 6 Repet step 5 to rete the following VM/Host Rules to ensure the orret restrt order for your Cloud Mngement Pltform. VM/Host Rule Nme First restrt VMs in VM group Then restrt VMs in VM group SDDC Cloud Mngement Pltform 02 vrelize Automtion Virtul Applines vrelize Automtion IS We Servers SDDC Cloud Mngement Pltform 03 vrelize Automtion IS We Servers vrelize Automtion IS Mngers SDDC Cloud Mngement Pltform 04 vrelize Automtion IS Mngers vrelize Business Servers SDDC Cloud Mngement Pltform 05 vrelize Business Servers vrelize Business Remote Colletors Clen Up the vrelize Automtion VM Snpshots for Consolidted SDDC You mde snpshots of eh vrelize Automtion virtul mhine during the vrelize Automtion instlltion proess. After you suessfully omplete the instlltion, you n delete these snpshots. Repet this proedure to remove ll of the vrelize Automtion virtul mhine snpshots you reted during the implementtion. The virtul mhine nmes nd their respetive folders re listed in the following tle. Virtul Mhines vr01svr01.rinpole.lol vr01mssql01.rinpole.lol vr01iws01.rinpole.lol vr01ims01.rinpole.lol vcenter Folder sfo01-w01fd-vr sfo01-w01fd-vr sfo01-w01fd-vr sfo01-w01fd-vr 1 Log in to the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home pge, lik VMs nd Templtes. VMwre, In. 176

177 3 In the Nvigtor, expnd the sfo01w01v01.sfo01.rinpole.lol > sfo01-w01d > sfo01-w01fdvr folder. 4 Right-lik the vr01svr01.rinpole.lol virtul mhine nd selet Snpshots > Mnge Snpshots. 5 Selet the Prior to vra IS Component Instlltion snpshot nd lik Delete ion. 6 Repet this proedure to remove ll of the remining vrelize Automtion virtul mhine snpshots. Tennt Content Cretion for Consolidted SDDC In order to provision virtul mhines in the vcenter, the tennt must e onfigured to utilize ompute resoures within the vcenter Server. Crete Logil Swithes for Business Groups for Consolidted SDDC For eh vcenter Server ompute instne, you rete three logil swithes for eh usiness group whih simulte networks for the we, dtse, nd pplition tiers. You repet this proedure six times to rete six logil swithes. The "Logil Swith Nmes nd Desriptions" tle lists the logil swith nmes, nd the usiness group nd tier to whih you ssign eh swith. Tle 3 4. Logil Swith Nmes nd Desriptions Logil Swith Nme Prodution-We-VXLAN Prodution-DB-VXLAN Prodution-App-VXLAN Development-We-VXLAN Development-DB-VXLAN Development-App-VXLAN Desription Logil swith for We tier of Prodution Business Group Logil swith for Dtse tier of Prodution Business Group Logil swith for Applition tier of Prodution Business Group Logil swith for We tier of Development Business Group Logil swith for Dtse tier of Development Business Group Logil swith for Applition tier of Development Business Group 1 Log into the vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword VMwre, In. 177

178 2 Crete logil swith. d Clik Networking & Seurity. In the Nvigtor, selet Logil Swithes. From the NSX Mnger drop-down menu, selet s the NSX Mnger. Clik the New Logil Swith ion. The New Logil Swith dilog ox ppers. e In the New Logil Swith dilog ox, enter the following settings, nd lik OK. Nme Desription Trnsport Zone Replition Mode Enle IP Disovery Enle MAC Lerning Prodution-We-VXLAN Logil swith for We tier of Prodution Business Group SFO01W01 Universl Trnsport Zone Hyrid Seleted Deseleted 3 Repet this proedure to rete the remining logil swithes. Configure User Roles in vrelize Automtion for Consolidted SDDC Roles re sets of privileges tht you ssoite with users to determine wht tsks they n perform. Bsed on their responsiilities, individuls might hve one or more roles ssoited with their user ount. All user roles re ssigned within the ontext of speifi tennt. However, some roles in the defult tennt n mnge system-wide onfigurtion settings tht pply to multiple tennts. This proedure steps you through ssigning roles to the ug-itac-tenntadmins nd ug-itac- TenntArhitets users nd groups. VMwre, In. 178

179 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin ITAC-LolRinpoleAdmin it-lolrinpoledmin_pssword vsphere.lol 2 Clik the Administrtion t. 3 Nvigte to Users & Groups > Diretory Users nd Groups. 4 Enter ug-itac-tenntadmins in the serh ox nd press Enter. The ug-itac-tenntadmins (ug-itac-tenntadmins@rinpole.lol) group nme displys in thenme text ox. 5 Clik the user group nme ug-itac-tenntadmins (ug-itac-tenntadmins@rinpole.lol). 6 In the Add Roles to this Group list, selet the Applition Arhitet, Approvl Administrtor, Continer Administrtor, Continer Arhitet, Infrstruture Arhitet, Softwre Arhitet, Tennt Administrtor, nd XS Arhitet hek oxes, nd lik Finish. 7 Enter ug-itac-tenntarhitets in the Tennt Administrtors serh ox nd press Enter. The ug-itac-tenntarhitets (ug-itac-tenntarhitets@rinpole.lol) group nme displys in the Nme text ox. 8 Clik the user group nme ug-itac-tenntarhitets (ug-itac- TenntArhitets@rinpole.lol). 9 In the Add Roles to this Group list, selet the Applition Arhitet, Continer Arhitet, Infrstruture Arhitet, Softwre Arhitet, XS Arhitet hek ox, nd lik Finish. Crete the Fri Group for Consolidted SDDC IS dministrtors n orgnize virtuliztion ompute resoures nd loud endpoints into fri groups y type nd intent. One or more fri dministrtors mnge the resoures in eh fri group. Fri dministrtors re responsile for reting reservtions on the ompute resoures in their groups to llote fri resoures to speifi usiness groups. Fri groups re reted in speifi tennt, ut their resoures n e mde ville to users who elong to usiness groups in ll tennts. For the onsolidted pod, only one fri group needs to e reted. VMwre, In. 179

180 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Selet Infrstruture > Endpoints > Fri Groups. 3 Clik New Fri Group, enter the following settings nd lik OK. Nme Fri dministrtors SFO Fri Group ug-itac-tenntadmins@rinpole.lol Note You hve not yet onfigured vcenter Endpoint, so no ompute resoure is urrently ville for you to selet. You will onfigure the vcenter Endpoint lter. 4 Log out of the vrelize Automtion portl. Crete Mhine Prefixes for Consolidted SDDC As fri dministrtor, you rete mhine prefixes tht re used to rete nmes for mhines provisioned through vrelize Automtion. Tennt dministrtors nd usiness group mngers selet these mhine prefixes nd ssign them to provisioned mhines through lueprints nd usiness group defults. Mhine prefixes re shred ross ll tennts. Every usiness group hs defult mhine prefix. Every lueprint must hve mhine prefix or use the group defult prefix. Fri dministrtors re responsile for mnging mhine prefixes. A prefix onsists of se nme to e followed y ounter of speified numer of digits. When the digits re ll used, vrelize Automtion rolls k to the first numer. VMwre, In. 180

181 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Selet Infrstruture > Administrtion > Mhine Prefixes. 3 Clik the New ion to rete defult mhine prefix for the Prodution group using the following settings, nd lik the Sve ion. Mhine Prefix Numer of Digits 5 Next Numer 1 4 Clik the New ion to rete defult mhine prefix for the Development group using the following settings, nd lik the Sve ion. Mhine Prefix Prod- Dev- Numer of Digits 5 Next Numer 1 Crete Business Groups for Consolidted SDDC Tennt dministrtors rete usiness groups to ssoite set of servies nd resoures to set of users, tht often orrespond to line of usiness, deprtment, or other orgniztionl unit. Users must elong to usiness group to request mhines. For this implementtion rete two usiness groups, the Prodution usiness group nd the Development usiness group. VMwre, In. 181

182 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Administrtion > Users nd Groups > Business Groups. 3 Clik the New ion. 4 On the Generl t, enter the following vlues nd lik Next. Nme Send Mnger emils to Prodution ITAC-TenntAdmin@rinpole.lol 5 On the Memers t, enter ug-itac-tenntadmins@rinpole.lol in the Group mnger role text ox, nd lik Next. 6 On the Infrstruture t, selet Prod- from the Defult mhine prefix drop-down menu nd lik Finish. 7 Clik the New ion. 8 On the Generl t, onfigure the following vlues, nd lik Next. Nme Send Mnger emils to Development ITAC-TenntAdmin@rinpole.lol 9 On the Memers t, enter ug-itac-tenntadmins@rinpole.lol in the Group mnger role text ox nd lik Next. 10 On the Infrstruture t, selet Dev- from the Defult mhine prefix drop-down menu, nd lik Finish. Crete Reservtion Poliies for Consolidted SDDC You use reservtion poliies to group similr reservtions together. Crete the reservtion poliy tg first, then dd the poliy to reservtions to llow tennt dministrtor or usiness group mnger to use the reservtion poliy in lueprint. VMwre, In. 182

183 When you request mhine, it n e provisioned on ny reservtion of the pproprite type tht hs suffiient pity for the mhine. You n pply reservtion poliy to lueprint to restrit the mhines provisioned from tht lueprint to suset of ville reservtions. A reservtion poliy is often used to ollet resoures into groups for different servie levels, or to mke speifi type of resoure esily ville for prtiulr purpose. You n dd multiple reservtions to reservtion poliy, ut reservtion n elong to only one poliy. You n ssign single reservtion poliy to more thn one lueprint. A lueprint n hve only one reservtion poliy. A reservtion poliy n inlude reservtions of different types, ut only reservtions tht mth the lueprint type re onsidered when seleting reservtion for prtiulr request. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Reservtion > Reservtion Polies. 3 Clik the New ion, onfigure the following settings, nd lik the Sve ion. Nme Desription SFO-Prodution-Poliy Reservtion poliy for Prodution Business Group in SFO 4 Clik the New ion, onfigure the following settings, nd lik the Sve ion. Nme Desription SFO-Development-Poliy Reservtion poliy for Development Business Group in SFO 5 Clik the New ion, onfigure the following settings, nd lik the Sve ion. Nme Desription SFO-Edge-Poliy Reservtion poliy for Tennt Edge resoures in SFO VMwre, In. 183

184 Crete vsphere Endpoint in vrelize Automtion for Consolidted SDDC To llow vrelize Automtion to mnge the infrstruture, IS dministrtors rete endpoints nd onfigure user redentils for those endpoints. When you rete n endpoint for vsphere, vrelize Automtion n ommunite with the vcenter Server environment nd disover ompute resoures tht re mnged y vcenter Server, ollet dt, nd provision mhines. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Endpoints > Endpoints nd lik New > Virtul > vsphere (vcenter). 3 On the Generl pge, onfigure the vrelize Automtion Endpoint with the following settings, nd then lik on the Test Connetion. Nme Address User Nme Pssword for vsphere VSPHERE-SFO rinpole\sv-vr sv-vr_pssword 4 If Seurity Alert window ppers, lik OK. 5 Clik OK to rete the Endpoint. Note The vsphere Endpoint Nme must e identil to the nme tht you used to instll the proxy gent. See Instll the vrelize Automtion Environment for Consolidted SDDC. Crete n NSX Endpoint in vrelize Automtion for Consolidted SDDC When you rete n endpoint for NSX, vrelize Automtion n ommunite with NSX Mnger to disover networking resoures. VMwre, In. 184

185 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Endpoints > Endpoints nd lik New > Network nd Seurity > NSX. 3 On the Generl pge, onfigure the vrelize Automtion Endpoint with the following settings nd then lik on the Assoitions t. Nme Address User Nme Pssword NSXEndpoint rinpole\sv-vr sv-vr_pssword 4 On the Assoitions t, lik New, hoose VSPHERE-SFO from the Nme drop-down menu, nd lik OK. 5 Clik Test Connetion. 6 On the Seurity Alert window, lik OK. 7 Clik OK to rete the Endpoint. Add Compute Resoures to Fri Group for Consolidted SDDC You llote ompute resoures to fri groups so tht vrelize Automtion n use the resoures in tht ompute resoure for tht fri group when provisioning virtul mhines. VMwre, In. 185

186 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Endpoints > Fri Groups. 3 In the Nme olumn, hover the mouse pointer over the fri group nme SFO Fri Group, nd lik Edit. 4 On the Edit Fri Group pge, selet sfo01-w01-onsolidted01 from the Compute resoures tle, nd lik OK. Note It might tke severl minutes for vrelize Automtion to onnet to the vcenter Server system nd ssoited lusters. If you re still not le to see the luster fter suffiient time hs pssed, try to restrt the proxy gent servies in the virtul mhine vr01ims01.sfo01.rinpole.lol. 5 Nvigte to Infrstruture > Compute Resoures > Compute Resoures. 6 In the Compute Resoure olumn, hover the mouse pointer over the ompute luster sfo01-w01- onsolidted01, nd lik Dt Colletion. 7 Clik on the Request now uttons in eh field on the pge. Wit few seonds for the dt olletion proess to omplete. 8 Clik Refresh, nd verify tht Sttus for oth Inventory nd Stte shows Sueeded. VMwre, In. 186

187 Crete Externl Network Profiles for Consolidted SDDC Before memers of usiness group n request virtul mhines, fri dministrtors must rete network profiles to define the sunet nd routing onfigurtion for those virtul mhines. Eh network profile is onfigured for speifi network port group or virtul network to speify IP ddress nd routing onfigurtion for virtul mhines provisioned to tht network. Repet this proedure six times to rete the following externl network profiles. Ext-Net-Profile-Prodution-App Ext-Net-Profile-Prodution-DB Ext-Net-Profile-Prodution-We Ext-Net-Profile-Development-App Ext-Net-Profile-Development-DB Ext-Net-Profile-Development-We 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Reservtions > Network Profiles, nd lik New > Externl. VMwre, In. 187

188 3 On the New Network Profile - Externl pge, speify the network profiles on the Generl t. Add the vlues for the Prodution Group Externl Network Profile. Prodution We Prodution DB Prodution App Nme Ext-Net-Profile-Prodution-We Ext-Net-Profile-Prodution-DB Ext-Net-Profile-Prodution-App Desription Externl Network profile for We Tier of Prodution Business Group Externl Network profile for DB Tier of Prodution Business Group Externl Network profile for App Tier of Prodution Business Group Sunet msk Gtewy Add the vlues for the Development Group Externl Network Profile. Development We Development DB Development App Nme Ext-Net-Profile-Development-DB Ext-Net-Profile-Development- We Ext-Net-Profile-Development- App Desription Externl Network profile for We Tier of Development Business Group Externl Network profile for DB Tier of Development Business Group Externl Network profile for App Tier of Development Business Group Sunet msk Gtewy Clik the DNS t. Enter the following vlues for the profile you re reting. Primry DNS Seondry DNS DNS suffix DNS serh suffix sfo01.rinpole.lol sfo01.rinpole.lol VMwre, In. 188

189 5 Clik the Network Rnges t. Clik the New utton nd enter the following vlues for the profile you re reting. Enter the following vlues for Prodution Business Network Rnge. Prodution We Prodution DB Prodution App Nme Prodution-We Prodution-DB Prodution-App Desription Stti IP rnge for We Tier of Prodution Group Stti IP rnge for DB Tier of Prodution Group Stti IP rnge for App Tier of Prodution Group Strt IP End IP Enter the following vlues for Development Business IP Rnge. Development We Development DB Development App Nme Development-We Development-DB Development-App Desription Stti IP rnge for We Tier of Development Group Stti IP rnge for DB Tier of Development Group Stti IP rnge for App Tier of Development Group Strt IP End IP Clik OK to sve the network rnge. 6 Clik OK to sve the network profile. 7 Repet this proedure to rete dditionl externl network profiles. When ll of the network profiles hve een dded, the Network Profiles pge displys six profiles. Crete Reservtions for the Cluster for Consolidted SDDC Before memers of usiness group n request mhines, fri dministrtors must llote resoures to them y reting reservtion. Eh reservtion is onfigured for speifi usiness group to grnt them ess to request mhines on speified ompute resoure. For the senrios, you perform this proedure twie to rete reservtions for oth the Prodution nd Development usiness groups. Group Prodution Development Nme SFO01-Comp01-Prod-Res01 SFO01-Comp01-Dev-Res01 VMwre, In. 189

190 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Reservtions > Reservtions, nd lik New > vsphere (vcenter). 3 On the New Reservtion - vsphere (vcenter) pge, lik the Generl t nd onfigure the following vlues. Prodution Group Development Group Nme SFO01-Comp01-Prod-Res01 SFO01-Comp01-Dev-Res01 Tennt rinpole rinpole Business Group Prodution Development Reservtion Poliy SFO-Prodution-Poliy SFO-Development-Poliy Priority Enle This Reservtion Seleted Seleted 4 On the New Reservtion - vsphere (vcenter) pge, lik the Resoures t. Selet sfo01-w01-onsolidted01(vsphere-sfo) from the Compute resoure drop-down menu. In the This Reservtion olumn of the Memory (GB) tle, enter 200. In the Storge (GB) tle, selet the hek ox for dtstore sfo01-w01-vsn01, nd enter 2000 in the This Reservtion Reserved text ox, enter 1 in the Priority text ox, nd lik OK. d Selet sfo01-w01rp-user-vm from the Resoure pool drop-down menu. 5 On the New Reservtion - vsphere (vcenter) pge, lik the Network t. VMwre, In. 190

191 6 On the Network t, selet the network pth hek oxes listed in the tle elow from the Network Pths list, nd selet the orresponding network profile from the Network Profile drop-down menu for the usiness group whose reservtion you re onfiguring. Configure the Prodution Business Group with the following vlues. Prodution Network Pth vxw-dvs-xxxxx-prodution-we-vxlan vxw-dvs-xxxxx-prodution-db-vxlan vxw-dvs-xxxxx-prodution-app-vxlan Prodution Group Network Profile Ext-Net-Profile-Prodution-We Ext-Net-Profile-Prodution-DB Ext-Net-Profile-Prodution-App Configure the Development Business Group with the following vlues. Development Network Pth vxw-dvs-xxxxx-development-we-vxlan vxw-dvs-xxxxx-development-db-vxlan vxw-dvs-xxxxx-development-app-vxlan Development Group Network Profile Ext-Net-Profile-Development-We Ext-Net-Profile-Development-DB Ext-Net-Profile-Development-App 7 Clik OK to sve the reservtion. 8 Repet this proedure to rete the reservtion for the development group. Crete Reservtions for the User Edge Resoures for Consolidted SDDC Before memers of usiness group n request virtul mhines, fri dministrtors must llote resoures to tht usiness group y reting reservtion. Eh reservtion is onfigured for speifi usiness group to grnt them ess to request virtul mhines on speified ompute resoure. Perform this proedure twie to rete Edge reservtions for oth the Prodution nd Development usiness groups. Group Prodution Development Nme SFO01-Edge01-Prod-Res01 SFO01-Edge01-Dev-Res01 VMwre, In. 191

192 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Infrstruture > Reservtions > Reservtions, nd lik New > vsphere (vcenter). 3 On the New Reservtion - vsphere (vcenter) pge, lik the Generl t, nd onfigure the following vlues for your usiness group. Prodution Group Development Group Nme SFO01-Edge01-Prod-Res01 SFO01-Edge01-Dev-Res01 Tennt rinpole rinpole Business Group Prodution Development Reservtion Poliy SFO-Edge-Poliy SFO-Edge-Poliy Priority Enle This Reservtion Seleted Seleted 4 On the New Reservtion - vsphere (vcenter) pge, lik the Resoures t. d Selet sfo01-w01-onsolidted01(vsphere-sfo) from the Compute resoure drop-down menu. Enter 200 in the This Reservtion olumn of the Memory (GB) tle. In the Storge (GB) tle, selet the hek ox for dtstore sfo01-w-01-vsn01, enter 2000 in the This Reservtion Reserved text ox, enter 1 in the Priority text ox, nd lik OK. Selet sfo01-w01rp-user-edge from the Resoure pool drop-down menu. 5 On the New Reservtion - vsphere (vcenter) pge, lik the Network t. 6 On the Network t, selet the network pth hek oxes listed in the tle elow from the Network Pths list, nd selet the orresponding network profile from the Network Profile drop-down menu for the usiness group whose reservtion you re onfiguring. Prodution Business Group Prodution Port Group vxw-dvs-xxxxx-prodution-we-vxlan vxw-dvs-xxxxx-prodution-db-vxlan vxw-dvs-xxxxx-prodution-app-vxlan Prodution Network Profile Ext-Net-Profile-Prodution-We Ext-Net-Profile-Prodution-DB Ext-Net-Profile-Prodution-App VMwre, In. 192

193 Development Business Group Development Port Group vxw-dvs-xxxxx-development-we-vxlan vxw-dvs-xxxxx-development-db-vxlan vxw-dvs-xxxxx-development-app-vxlan Development Network Profile Ext-Net-Profile-Development-We Ext-Net-Profile-Development-DB Ext-Net-Profile-Development-App 7 Clik OK to sve the reservtion. 8 Repet the proedure to rete Edge reservtion for the Development Business Group. Crete Blueprint Customiztion Speifitions for Consolidted SDDC Crete two ustomiztion speifitions, one for Linux nd one for Windows, for use y the virtul mhines you will deploy. Customiztion speifitions re XML files tht ontin system onfigurtion settings for the guest operting systems used y virtul mhines. When you pply speifition to guest operting system during virtul mhine loning or deployment, you prevent onflits tht might result if you deploy virtul mhines with identil settings, suh s duplite omputer nmes. You will lter use the ustomiztion speifitions you rete when you rete lueprints for use with vrelize Automtion. Crete Linux Customiztion Speifition for Consolidted SDDC Crete Linux guest operting system speifition tht you n pply when you rete lueprints for use with vrelize Automtion. This ustomiztion speifition n e used to ustomize virtul mhine guest operting systems when provisioning new virtul mhines from vrelize Automtion. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to Home > Opertions nd Poliies > Customiztion Speifition Mnger. 3 Selet the vcenter Server sfo01w01v01.sfo01.rinpole.lol from the drop-down menu. 4 Clik the Crete new speifition ion. The New VM Guest Customiztion Spe wizrd ppers. VMwre, In. 193

194 5 On the Speify Properties pge, selet Linux from the Trget VM Operting System drop-down menu, enter it-linux-ustom-spe for the Customiztion Spe Nme, nd lik Next. 6 On the Set Computer Nme pge, selet Use the virtul mhine nme, enter sfo01.rinpole.lol in the Domin Nme text ox nd lik Next. 7 On the Time Zone pge, speify the time zone s shown in the tle elow for the virtul mhine, nd lik Next. Are Lotion Hrdwre Clok Set To Ameri Los Angeles Lol Time 8 On the Configure Network pge, lik Next. 9 On the Enter DNS nd domin settings pge, leve the defult settings, nd lik Next. 10 Clik Finish to sve your hnges. The ustomiztion speifition tht you reted is listed in the Customiztion Speifition Mnger. Crete Mirosoft Windows Customiztion Speifition for Consolidted SDDC Crete Windows guest operting system speifition tht you n pply when you rete lueprints for use with vrelize Automtion. This ustomiztion speifition n e used to ustomize virtul mhine guest operting systems when provisioning new virtul mhines from vrelize Automtion. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to Home > Opertions nd Poliies > Customiztion Speifition Mnger. 3 Selet the vcenter Server sfo01w01v01.sfo01.rinpole.lol from the drop-down menu. 4 Clik the Crete new speifition ion. The New VM Guest Customiztion wizrd ppers. VMwre, In. 194

195 5 On the Speify Properties pge, selet Windows from the Trget VM Operting System dropdown menu, enter it-windows-joindomin-ustom-spe for the Customiztion Spe Nme, nd lik Next. 6 On the Set Registrtion Informtion pge, enter Rinpole for the virtul mhine owner s Nme nd Orgniztion, nd lik Next. 7 On the Set Computer Nme pge, selet Use the virtul mhine nme, nd lik Next. The operting system uses this nme to identify itself on the network. 8 On the Enter Windows Liense pge, provide liensing informtion for the Windows operting system, enter the volume_liense_key, nd lik Next. 9 Speify the dministrtor pssword for use with the virtul mhine, nd lik Next. 10 On the Time Zone pge, selet (GMT-08:00) Pifi Time(US & Cnd), nd lik Next. 11 On the Run One pge, lik Next. 12 On the Configure Network pge, lik Next. 13 On the Set Workgroup or Domin pge, selet Windows Server Domin, onfigure the following settings, nd lik Next. Domin User nme Pssword sfo01.rinpole.lol d_dmin_t@sfo01.rinpole.lol d_dmin_pwd 14 On the Set Operting System Options pge, selet Generte New Seurity ID (SID), nd lik Next. 15 Clik Finish to sve your hnges. The ustomiztion speifition tht you reted is listed in the Customiztion Speifition Mnger. Crete VM Templtes for Blueprints in Consolidted SDDC You rete virtul mhine templtes tht will used while reting lueprints. The tle elow lists the templtes tht need to e reted. VM Templte Nme redht6-enterprise-64 windows-2012r2-64 windows-2012r2-64-sql2012 Guest OS Red Ht Enterprise Server 6 (64-it) Windows Server 2012 R2 (64-it) Windows Server 2012 R2 (64-it) VMwre, In. 195

196 Configure Single Mhine Blueprints for Consolidted SDDC Virtul mhine lueprints determine mhine s ttriutes, the mnner in whih it is provisioned, nd its poliy nd mngement settings. Crete Servie Ctlog for Consolidted SDDC A servie tlog provides ommon interfe for onsumers of IT servies to request servies, trk their requests, nd mnge their provisioned servie items. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to the Administrtion t, lik Ctlog Mngement > Servies, nd lik New. The New Servie pge ppers. 3 In the New Servie pge, onfigure the following settings nd lik OK. Nme Desription Sttus Ion Sttus Hours Owner Support Tem Chnge Window SFO Servie Ctlog Defult setting (lnk) Ative Defult setting (lnk) Defult setting (lnk) Defult setting (lnk) Defult setting (lnk) Defult setting (lnk) Defult setting (lnk) Crete Single Mhine Blueprint for Consolidted SDDC Crete lueprint for loning the windows-2012r2-64 virtul mhine using the speified resoures on the vcenter Server. Tennts n lter use this lueprint for utomti provisioning. A lueprint is the omplete speifition for virtul, loud, or physil mhine. Blueprints determine mhine's ttriutes, the mnner in whih it is provisioned, nd its poliy nd mngement settings. VMwre, In. 196

197 Repet this proedure to rete the following six lueprints. Blueprint Nme VM Templte Customiztion Spe Reservtion Poliy Windows Server 2012 R2 - SFO Prod windows-2012r2-64 (sfo01w01v01.sfo01.rinpole.lol) it-windowsjoindomin-ustom-spe SFO-Prodution- Poliy Windows Server 2012 R2 - SFO Dev windows-2012r2-64 (sfo01w01v01.sfo01.rinpole.lol) it-windowsjoindomin-ustom-spe SFO-Development- Poliy Windows Server 2012 R2 With SQL SFO Prod windows-2012r2-64- sql2012(sfo01w01v01.sfo01.rinpole.lol) it-windowsjoindomin-ustom-spe SFO-Prodution- Poliy Windows Server 2012 R2 With SQL SFO Dev windows-2012r2-64- sql2012(sfo01w01v01.sfo01.rinpole.lol) it-windowsjoindomin-ustom-spe SFO-Development- Poliy Redht Enterprise Linux 6 - SFO Prod it-linux-ustom-spe redht6- enterprise-64(sfo01w01v01.sfo01.rinpole.lol) SFO-Prodution- Poliy Redht Enterprise Linux 6 - SFO Dev it-linux-ustom-spe redht6- enterprise-64(sfo01w01v01.sfo01.rinpole.lol) SFO-Development- Poliy 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Nvigte to Design > Blueprints. 3 Clik New. 4 In the New Blueprint dilog ox, onfigure the following settings on the Generl t. Clik OK. Nme Windows Server 2012 R2 - SFO Prod Arhive (dys) 15 Deployment limit Defult setting (lnk) Minimum 30 Mximum Selet nd drg the vsphere Mhine ion to Design Cnvs. VMwre, In. 197

198 6 Clik the Generl t, onfigure the following settings, nd lik Sve. ID Desription Disply lotion on request Reservtion poliy Mhine prefix Minimum Mximum Defult Defult setting (vsphere_mhine_1) Defult setting (lnk) Deseleted SFO-Prodution-Poliy Use group defult Defult setting (lnk) Defult setting (lnk) 7 Clik the Build Informtion t, onfigure the following settings, nd lik Sve. Blueprint type Ation Provisioning workflow Clone from Customiztion spe Server Clone CloneWorkflow windows-2012r2-64 templte it-windows-joindomin-ustom-spe Note If the vlue of the Clone from setting does not list windows-2012r2-64 templte, you must perform dt olletion on the sfo01-w01-omp01 Compute Resoure. VMwre, In. 198

199 8 Clik the Mhine Resoures t, onfigure the following settings, nd lik Sve. Minimum Mximum CPU 2 4 Memory (MB): Storge Defult setting (lnk) Defult setting (60) 9 Clik the Network t. Selet Network & Seurity in the Ctegories setion to disply the list of ville network nd seurity omponents. Selet the Existing Network omponent nd drg it onto the design nvs. Clik in the Existing network text ox nd selet the Ext-Net-Profile-Prodution-We network profile. Blueprint Nme Windows Server 2012 R2 - SFO Prod Windows Server 2012 R2 - SFO Dev Windows Server 2012 R2 With SQL SFO Prod Windows Server 2012 R2 With SQL SFO Dev Redht Enterprise Linux 6 - SFO Prod Redht Enterprise Linux 6 - SFO Dev Existing network Ext-Net-Profile-Prodution-We Ext-Net-Profile-Development-We Ext-Net-Profile-Prodution-DB Ext-Net-Profile-Development-DB Ext-Net-Profile-Prodution-App Ext-Net-Profile-Development-App d e Clik Sve. Selet vsphere_mhine properties from the design nvs. VMwre, In. 199

200 f Selet the Network t, lik New, nd onfigure the following settings. Clik OK. Network Assignment Type Address Ext-Net-Profile-Prodution-We Stti IP Defult setting (lnk) Ext-Net-Profile-Development-We Stti IP Defult setting (lnk) Ext-Net-Profile-Prodution-DB Stti IP Defult setting (lnk) Ext-Net-Profile-Development-DB Stti IP Defult setting (lnk) Ext-Net-Profile-Prodution-App Stti IP Defult setting (lnk) Ext-Net-Profile-Development-App Stti IP Defult setting (lnk) g Clik Finish to sve the lueprint. 10 Selet the lueprint Windows Server 2012 R2 - SFO Prod nd lik Pulish. 11 Repet this proedure to rete dditionl lueprints. Crete Entitlements for Business Groups for Consolidted SDDC You dd servie, tlog item, or tion to n entitlement, llowing the users nd groups identified in the entitlement to request provisionle items in the servie tlog. The entitlement llows memers of prtiulr usiness group (for exmple, the Prodution usiness group) to use the lueprint. Without the entitlement, users nnot use the lueprint. Perform this proedure twie to rete entitlements for oth the Prodution nd Development usiness groups. VMwre, In. 200

201 Entitlement Nme Sttus Business Group User & Groups Prod-SingleVM-Entitlement Ative Prodution ug-itac-tenntadmins Dev-SingleVM-Entitlement Ative Development ug-itac-tenntadmins 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Clik the Administrtion t, nd lik Ctlog Mngement > Entitlements. 3 Clik New. The New Entitlement pge ppers. 4 On the New Entitlement pge, selet the Generl t, onfigure the following vlues, nd lik Next. Prodution Development Nme Prod-SingleVM-Entitlement Dev-SingleVM-Entitlement Desription Defult setting (lnk) Defult setting (lnk) Expirtion Dte Defult setting (lnk) Defult setting (lnk) Sttus Ative Ative Business Group Prodution Development All Users nd Groups Unseleted Unseleted Users & Groups ug-itac-tenntadmins ug-itac-tenntadmins VMwre, In. 201

202 5 Clik the Items & Approvls t. On the Entitlement Ations pge, lik the Add Ation ion nd dd the following tions. Connet using RDP (Mhine) Power Cyle (Mhine) Power Off (Mhine) Power On (Mhine) Reoot (Mhine) Shutdown (Mhine) Clik Finish. 6 Repet this proedure to rete n entitlement for the Development usiness group. Use the sme Entitled Ations s for the Prodution usiness group. Configure Entitlements for Blueprints for Consolidted SDDC You entitle users to the tions nd items tht elong to the servie tlog y ssoiting eh lueprint with n entitlement. Repet this proedure to ssoite the lueprints with their entitlement. Blueprint Nme Servie Ctlog Add to Entitlement Windows Server 2012 R2 - SFO Prod SFO Servie Ctlog Prod-SingleVM-Entitlement Windows Server 2012 R2 - SFO Dev SFO Servie Ctlog Dev-SingleVM-Entitlement Windows Server 2012 R2 With SQL SFO Prod SFO Servie Ctlog Prod-SingleVM-Entitlement Windows Server 2012 R2 With SQL SFO Dev SFO Servie Ctlog Dev-SingleVM-Entitlement Redht Enterprise Linux 6 - SFO Prod SFO Servie Ctlog Prod-SingleVM-Entitlement Redht Enterprise Linux 6 - SFO Dev SFO Servie Ctlog Dev-SingleVM-Entitlement VMwre, In. 202

203 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword rinpole.lol 2 Selet the Administrtion t nd nvigte to Ctlog Mngement > Ctlog Items. 3 On the Ctlog Items pne, selet the Windows Server 2012 R2 - SFO Prod lueprint in the Ctlog Items list nd lik Configure. 4 On the Generl t of the Configure Ctlog Item dilog ox, selet SFO Servie Ctlog from the Servie drop-down menu, nd lik OK. VMwre, In. 203

204 5 Assoite the lueprint with the Prod-SingleVM-Entitlement entitlement. Clik Entitlements nd selet Prod-SingleVM-Entitlement. The Edit Entitlement pne ppers. Selet the Items & Approvls t nd dd the Windows Server 2012 R2 - SFO Prod lueprint to the Entitled Items list. Clik OK. Clik Finish. 6 Selet the Ctlog t nd verify tht the lueprints re listed in the Servie Ctlog. 7 Repet this proedure to ssoite ll of the lueprints with their entitlements. Test the Deployment of Single Mhine Blueprint for Consolidted SDDC Test your environment nd onfirm the suessful provisioning of virtul mhines using the lueprints tht hve een reted. VMwre, In. 204

205 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword Rinpole.lol 2 Selet the Ctlog t, nd lik SFO Servie Ctlog from the tlog of ville servies. 3 Clik the Request utton for the Windows Server 2012 R2 - SFO Prod lueprint. 4 Clik Sumit. 5 Verify the request finishes suessfully. Selet the Requests t. Selet the request you sumitted nd wit severl minutes for the request to omplete. Clik the Refresh ion every few minutes until Suessful messge ppers under Sttus. d Clik View Detils. Under Sttus Detils, verify tht the virtul mhine suessfully provisioned. 6 Verify the virtul mhine provisions in the onsolidted luster. Open We rowser nd go to Log in s the vcenter Server dministrtor using the following redentils. User nme Pssword dministrtor@vsphere.lol venter_dmin_pssword Selet Home > VMs nd Templtes. d In the Nvigtor pnel, expnd the vcenter Server luster sfo01w01v01.sfo01.rinpole.lol > sfo01-w01-onsolidted01 > sfo01-w01-user-vrm, nd verify the existene of the virtul mhine. VMwre, In. 205

206 Opertions Implementtion for Consolidted SDDC 4 Deploy vrelize Opertions Mnger, vrelize Log Insight nd Updte Mnger Downlod Servie in the onsolidted luster to dd monitoring pilities to your SDDC. vrelize Opertions Mnger Implementtion for Consolidted SDDC Deploy the vrelize Opertions Mnger nlytis luster with single node to monitor the resoures in your SDDC. Deploy lso the remote olletor group with single node to ollet dt from the mngement omponents in the onsolidted SDDC. vrelize Log Insight Implementtion for Consolidted SDDC Deploy vrelize Log Insight in single-node onfigurtion onsisting of single mster node with n integrted lod lner. vsphere Updte Mnger Downlod Servie Implementtion for Consolidted SDDC Instll the vsphere Updte Mnger Downlod Servie (UMDS) on Linux virtul mhine to downlod nd store inries nd metdt in shred repository for onsolidted SDDC. vrelize Opertions Mnger Implementtion for Consolidted SDDC Deploy the vrelize Opertions Mnger nlytis luster with single node to monitor the resoures in your SDDC. Deploy lso the remote olletor group with single node to ollet dt from the mngement omponents in the onsolidted SDDC. 1 Deploy vrelize Opertions Mnger for Consolidted SDDC Strt the deployment of vrelize Opertions Mnger in the onsolidted luster y deploying the nodes of the nlytis luster nd the remote olletor group. 2 Configure the Lod Blner for vrelize Opertions Mnger for Consolidted SDDC Configure lod lning for the nlytis luster on the dedited sfo01w01l01 NSX Edge servies gtewy. The remote olletor group does not require lod lning. 3 Add n Authentition Soure for the Ative Diretory for Consolidted SDDC Connet vrelize Opertions Mnger to the Ative Diretory of the Consolidted SDDC for entrl user mngement nd ess ontrol. VMwre, In. 206

207 4 Configure User Aess in vsphere for Integrtion with vrelize Opertions Mnger for Consolidted SDDC Configure opertions servie ounts with permissions tht re required to enle vrelize Opertions Mnger ess to monitoring dt on the onsolidted luster. 5 Add vcenter Adpter Instne to vrelize Opertions Mnger for Consolidted SDDC After you deploy the nlytis luster nd the remote olletor node of vrelize Opertions Mnger nd strt vrelize Opertions Mnger, dd vcenter Adpter for the Consolidted vcenter Server. 6 Connet vrelize Opertions Mnger to the NSX Mnger for Consolidted SDDC Instll nd onfigure the vrelize Opertions Mngement Pk for NSX for vsphere to monitor the NSX networking servies deployed in the vsphere luster nd view the vsphere hosts in the NSX trnsport zones. You n lso ess end to end logil network topologies etween ny two virtul mhines or NSX ojets for etter visiility into logil onnetivity. Physil host nd network devie reltionship in this view lso helps in isolting prolems in the logil or physil network. 7 Connet vrelize Opertions Mnger to vrelize Automtion for Consolidted SDDC Configure the vrelize Opertions Mnger Mngement Pk for vrelize Automtion to monitor the helth nd pity risk of your loud infrstruture in the ontext of the tennt's usiness groups. 8 Connet vrelize Opertions Mnger with vrelize Business for Consolidted SDDC Configure the vrelize Opertions Mnger Mngement Pk for vrelize Business to view your infrstruture performne, ost informtion, nd lso trouleshooting tips. You n onnet vrelize Opertions Mnger to single instne of vrelize Business for Cloud. 9 Enle Storge Devie Monitoring in vrelize Opertions Mnger for Consolidted SDDC Instll nd onfigure the vrelize Opertions Mngement Pk for Storge Devies to view the storge topology, nd to monitor the pity nd prolems on storge omponents. 10 Enle vsan Monitoring in vrelize Opertions Mnger for Consolidted SDDC Configure the vrelize Opertions Mngement Pk for vsan to view the vsan topology nd to monitor pity nd prolems. 11 Configure E-Mil Alerts in vrelize Opertions Mnger for Consolidted SDDC You onfigure e-mil notifitions in vrelize Opertions Mnger so tht users nd pplitions reeive the dministrtive lerts from vrelize Opertions Mnger out ertin situtions in the dt enter. Deploy vrelize Opertions Mnger for Consolidted SDDC Strt the deployment of vrelize Opertions Mnger in the onsolidted luster y deploying the nodes of the nlytis luster nd the remote olletor group. VMwre, In. 207

208 1 Prerequisites for Deploying vrelize Opertions Mnger for Consolidted SDDC Before you deploy vrelize Opertions Mnger, verify tht your environment stisfies the requirements for this deployment. 2 Deploy the Virtul Appline for the Anlytis Cluster for Consolidted SDDC Use the vsphere We Client to deploy the vrelize Opertions Mnger node s virtul ppline in the onsolidted luster. 3 Configure the Anlytis Cluster Node for Consolidted SDDC After you deploy the virtul ppline for the mster node of the vrelize Opertions Mnger nlytis luster, enle its dministrtion role in the luster. 4 Deploy the Remote Colletor Virtul Appline for Consolidted SDDC After you deploy the mster node in nlytis luster, use the vsphere We Client to deploy the virtul ppline for the remote olletor for the Consolidted SDDC. You deploy remote olletor to forwrd dt from the vcenter Server instne to the nlytis luster. 5 Connet the Remote Colletor Node to the Anlytis Cluster for Consolidted SDDC After you deploy the virtul ppline for the remote olletor node, onfigure the settings of the remote olletor nd onnet it to the nlytis luster. 6 Strt vrelize Opertions Mnger for Consolidted SDDC After you deploy the virtul pplines for the nlytis luster node nd for the remote olletor node, strt the nlytis luster. 7 Assign Liense to vrelize Opertions Mnger for Consolidted SDDC After you deploy nd strt vrelize Opertions Mnger, you ssign vlid liense. 8 Group Remote Colletor Nodes for Consolidted SDDC After you strt vrelize Opertions Mnger nd ssign it liense, join the remote olletor node into olletor group for dpter resilieny in the ses where the olletor experienes network interruption or eomes unville. Prerequisites for Deploying vrelize Opertions Mnger for Consolidted SDDC Before you deploy vrelize Opertions Mnger, verify tht your environment stisfies the requirements for this deployment. IP Addresses nd Host Nmes Verify tht stti IP ddresses nd FQDNs for the pplition virtul networks re ville for the onsolidted SDDC deployment. For the nlytis luster pplition virtul network, llote one stti IP ddress nd FQDN for the mster node nd one for the lod lner, nd mp the host nme to the IP ddress. For the remote olletor group, llote one stti IP ddress nd FQDN. VMwre, In. 208

209 Tle 4 1. Applition Virtul Network Nmes for vrelize Opertions Mnger vrelize Opertions Mnger Component Anlytis Cluster Remote Colletor Group Applition Virtul Network Mgmt-xRegion01-VXLAN Mgmt-RegionA01-VXLAN Tle 4 2. IP Addresses nd Host Nmes for the Anlytis Cluster Role IP Address FQDN Externl lod lner VIP ddress vrops01svr01.rinpole.lol Mster node vrops01svr01.rinpole.lol Defult gtewy DNS server Sunet msk NTP servers ntp.sfo01.rinpole.lol 1.ntp.sfo01.rinpole.lol Tle 4 3. IP Addresses nd Host Nmes for the Remote Colletor Group Role IP Address FQDN Remote olletor node sfo01vrops01.sfo01.rinpole.lol Defult gtewy DNS server Sunet msk NTP servers ntp.sfo01.rinpole.lol 1.ntp.sfo01.rinpole.lol Deployment Prerequisites Verify tht your environment stisfies the following prerequisites to deploy vrelize Opertions Mnger. VMwre, In. 209

210 Tle 4 4. Deployment Prerequisites for vrelize Opertions Mnger Prerequisite Storge requirements Virtul disk provisioning. Thin Required storge per nlytis luster node. Initil storge per node: 274GB Additionl storge for monitoring dt per node: none Required storge per remote olletor group node. Initil storge per node: 274GB Softwre Fetures Verify tht vcenter Server is opertionl. Verify tht the vsphere luster hs DRS nd HA enled. Verify tht the NSX Mnger is opertionl. Verify tht the pplition virtul networks re ville. Verify tht the Lod Blner servie is enled on the NSX Edge servies gtewy. Verify tht vrelize Automtion is opertionl. Verify tht vrelize Business for Cloud is opertionl. Verify tht Postmn REST API pplition is instlled in your Chrome rowser. Instlltion Pkge Downlod the.ov file of the vrelize Opertions Mnger virtul ppline on the mhine where you use the vsphere We Client. Downlod the.pk file for the vrelize Opertions Mnger Mngement Pk for NSX for vsphere from VMwre Solutions Exhnge. Downlod the.pk file for the vrelize Opertions Mnger Mngement Pk for Storge Devies from VMwre Solutions Exhnge. Liense Verify tht you hve otined liense tht overs the use of vrelize Opertions Mnger. Ative Diretory Verify tht you hve prent Ative Diretory with the SDDC user roles onfigured for the rinpole.lol domin. Certifition Authority Configure the root Ative Diretory domin ontroller s ertifite uthority for the environment. Downlod the CertGenVVD tool nd generte the signed ertifite for the nlytis luster. See the VMwre Vlidted Design Plnning nd Preprtion doumenttion. Externl Servies Verify tht you hve ess to n SMTP server. Verify tht SNMP is enled in your network environment to monitor network devies. Verify tht Link Lyer Disovery Protool (LLDP) or Ciso Disovery Protool (CDP) is enled on eh network devie for omplete monitoring of your environment. Deploy the Virtul Appline for the Anlytis Cluster for Consolidted SDDC Use the vsphere We Client to deploy the vrelize Opertions Mnger node s virtul ppline in the onsolidted luster. VMwre, In. 210

211 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the sfo01w01v01.sfo01.rinpole.lol vcenter Server ojet. 3 Right-lik the sfo01w01v01.sfo01.rinpole.lol ojet nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, rowse to the lotion of the vrelize Opertions Mnger OVA file on your file system, nd lik Next. 5 On the Selet nme nd lotion pge, enter node nme, selet the inventory folder for the virtul ppline, nd lik Next. Nme vcenter Server Dtenter Folder vrops01svr01 sfo01w01v01.sfo01.rinpole.lol sfo01-w01d sfo01-w01fd-vrops 6 On the Selet resoure pge, selet the following vlues, nd lik Next. Dtenter Cluster Resoure Pool sfo01-w01d sfo01-w01-onsolidted01 sfo01-w01rp-sdd-mgmt 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt, version, downlod nd disk size, nd lik Next. 8 On the Aept liense greements pge, ept the end user liense greements nd lik Next. 9 On the Selet onfigurtion pge, from the Configurtion drop-down menu, selet the Medium deployment onfigurtion of the virtul ppline, nd lik Next. VMwre, In. 211

212 10 On the Selet storge pge, selet the following dtstore nd onfigure its settings, nd lik Next. Selet virtul disk formt VM storge poliy Dtstore Thin provision vsan Defult Storge Poliy sfo01-w01-vsn01 11 On the Selet networks pge, selet the distriuted port group tht ends with Mgmt-xRegion01- VXLAN on the sfo01-w01-vds01 Distriuted Swith, nd lik Next. 12 On the Customize templte pge, set the IPv4 settings nd selet the time zone for the virtul ppline, nd lik Next. In the Networking Properties setion, onfigure the following IPv4 settings. DNS Defult gtewy Stti IPv4 ddress Sunet msk Timezone setting Et/UTC 13 On the Redy to omplete pge, verify tht the settings for deployment re orret, nd lik Finish. 14 Right-lik the virtul ppline ojet nd selet Power > Power On. During the power-on proess, the virtul ppline expnds the vrelize Opertions Mnger dt prtition s well. 15 Chnge the defult empty pssword for the root user. In the vsphere We Client, right-lik the nlytis virtul ppline nd selet Open Console to open the remote onsole to the ppline. Nme vrops01svr01 Role Mster node d e Press ALT+F1 to swith to the ommnd prompt. At the ommnd prompt, log in s the root user using empty pssword. At the ommnd prompt, hnge the defult empty pssword for the root user ount with new vrops_root_pssword pssword. Close the virtul ppline onsole. Configure the Anlytis Cluster Node for Consolidted SDDC After you deploy the virtul ppline for the mster node of the vrelize Opertions Mnger nlytis luster, enle its dministrtion role in the luster. VMwre, In. 212

213 Prerequisites Generte the PEM file for vrelize Opertions Mnger y using the CertGenVVD tool nd downlod it to your omputer. See the VMwre Vlidted Design Plnning nd Preprtion doumenttion or VMwre Knowledge Bse rtile Open We rowser nd go to 2 On the Get Strted pge, lik New Instlltion. 3 On the Getting Strted pge, review the steps for reting luster, nd lik Next. 4 On the Set Administrtor Pssword pge, type nd onfirm the pssword for dmin user ount, nd lik Next. 5 On the Choose Certifite pge, lik the Instll ertifite utton, lik Browse, selet the ertifite hin.pem file tht ontins the privte key nd the issuer nd ertifite files, nd lik Next. You generte PEM file vrops-for-1-pod.2.hin.pem y using the CertGenVVD tool. After the setup imports nd vlidtes the ertifite, notie tht the ertifite hs ommon nme, vrops01svr01.rinpole.lol, nd sujet lterntive nme tht ontins vrops01svr01.rinpole.lol for the mster node. 6 On the Deployment s pge, onfigure the following settings, nd lik Next. Cluster Mster Node Nme NTP Server Address vrops01svr01 ntp.sfo01.rinpole.lol 7 On the Redy To Complete pge, lik Finish. After the onfigurtion proess ompletes, the vrelize Opertions Mnger Administrtion onsole opens. 8 Clik System Sttus in the Administrtion pnel to verify tht you hve vrelize Opertions Mnger instne reted. The virtul ppline instne ting s the mster node ppers in the Nodes in the vrelize Opertions Mnger Cluster list. Deploy the Remote Colletor Virtul Appline for Consolidted SDDC After you deploy the mster node in nlytis luster, use the vsphere We Client to deploy the virtul ppline for the remote olletor for the Consolidted SDDC. You deploy remote olletor to forwrd dt from the vcenter Server instne to the nlytis luster. VMwre, In. 213

214 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the sfo01w01v01.sfo01.rinpole.lol vcenter Server ojet. 3 Right-lik the sfo01w01v01.sfo01.rinpole.lol ojet nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, rowse to the lotion of the vrelize Opertions Mnger OVA file on your file system, nd lik Next. 5 On the Selet nme nd lotion pge, enter node nme, selet the inventory folder for the virtul ppline, nd lik Next. Nme vcenter Server Dt enter Folder sfo01vrops01 sfo01w01v01.sfo01.rinpole.lol sfo01-w01d sfo01-w01fd-vropsr 6 On the Selet resoure pge, selet the following vlues, nd lik Next. Dtenter Cluster sfo01-w01d sfo01-w01-onsolidted01 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt, version, downlod nd disk size, nd lik Next. 8 On the Aept liense greements pge, ept the end user liense greements nd lik Next. 9 On the Selet onfigurtion pge, from the Configurtion drop-down menu, selet the Remote Colletor (Stndrd) deployment onfigurtion of the virtul ppline, nd lik Next. 10 On the Selet storge pge, selet the dtstore indited in the tle elow, nd lik Next. Selet virtul disk formt VM Storge Poliy Dtstore tle Thin provision vsan Defult Storge Poliy sfo01-w01-vsn01 VMwre, In. 214

215 11 On the Selet networks pge, selet the distriuted port group tht ends with Mgmt-RegionA01- VXLAN on the sfo01-w01-vds01 Distriuted Swith nd lik Next. 12 On the Customize templte pge, set the IPv4 settings nd selet the time zone for the virtul ppline nd lik Next. In the Networking Properties setion, onfigure the following IPv4 settings. Option Desription DNS server Defult gtewy Stti IPv4 ddress Sunet msk From the Timezone setting drop-down menu, selet the Et/UTC time zone. 13 On the Redy to omplete pge, verify tht the settings for deployment re orret, nd lik Finish. 14 After the virtul ppline is deployed, right-lik the virtul ppline ojet nd selet Power > Power On. 15 Chnge the defult empty pssword for the root user. In the vsphere We Client, right-lik the remote olletor virtul ppline nd selet Open Console to open the remote onsole to the ppline. Nme sfo01vrops01 Role Remote olletor d e Press ALT+F1 to swith to the ommnd prompt. At the ommnd prompt, log in s the root user using empty pssword. At the ommnd prompt, hnge the defult empty pssword for the root user ount with new vrops_root_pssword pssword. Close the virtul ppline onsole. Connet the Remote Colletor Node to the Anlytis Cluster for Consolidted SDDC After you deploy the virtul ppline for the remote olletor node, onfigure the settings of the remote olletor nd onnet it to the nlytis luster. 1 Open We rowser, nd go to the initil setup user interfe of the remote olletor node virtul ppline. Remote Colletor Node Remote olletor URL for Setup Interfe VMwre, In. 215

216 2 On the Get Strted pge, lik Expnd n Existing Instlltion. 3 On the Getting Strted pge, review the steps for expnding existing luster, nd lik Next. 4 On the Node s nd Cluster Info pge, onfigure the settings of the remote olletor node. Enter node nme, selet node type, nd enter mster node ddress. Node nme Node type Mster node IP ddress or FQDN sfo01vrops01 Remote Colletor vrops01svr01.rinpole.lol Clik Vlidte next to the Mster node IP ddress or FQDN text ox. The ertifite of the mster node ppers in the text ox. d Vlidte tht the mster ertifite is orret, nd lik Aept this ertifite. Clik Next. 5 On the Usernme nd Pssword pge, selet Use luster dministrtor user nme nd pssword, enter the vrops_dmin_pssword pssword for the dmin user, nd lik Next. 6 On the Redy to Complete pge, lik Finish. After onfigurtion of the remote olletor is omplete, the luster on the System Sttus pge of the dministrtion user interfe onsists of the following nodes: vrops01svr01 nd the remote olletor sfo01vrops01. Strt vrelize Opertions Mnger for Consolidted SDDC After you deploy the virtul pplines for the nlytis luster node nd for the remote olletor node, strt the nlytis luster. 1 Log in to vrelize Opertions Mnger y using the dministrtion interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword On the System Sttus pge, the luster sttus is Not Strted, nd the high vilility of the luster is Disled. 2 Clik Strt vrelize Opertions Mnger. VMwre, In. 216

217 3 In the Confirm First Applition Strtup dilog ox, lik Yes to onfirm the strtup of vrelize Opertions Mnger. After severl minutes the luster strts. The nlytis luster nd remote olletor nodes re online. You re logged out from the dministrtor interfe of the mster node. Assign Liense to vrelize Opertions Mnger for Consolidted SDDC After you deploy nd strt vrelize Opertions Mnger, you ssign vlid liense. 1 Log in to vrelize Opertions Mnger y using the dministrtion interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the Welome pge of the vrelize Opertions Mnger Configurtion wizrd, exmine the proess overview, nd lik Next. 3 On the Aept EULA pge, ept the end user liense greement, nd lik Next. 4 On the Enter Produt Liense Key pge, enter the vrelize Opertions Mnger produt liense key. Selet Produt Key nd enter the liense key. Clik Vlidte Liense Key, nd lik Next. 5 On the Customer Experiene Improvement Progrm pge, to send tehnil informtion for produt improvement, selet Join the VMwre Customer Experiene Improvement Progrm nd lik Next. 6 On the Redy to Complete pge, lik Finish. The vrelize Opertions Mnger user interfe opens. Group Remote Colletor Nodes for Consolidted SDDC After you strt vrelize Opertions Mnger nd ssign it liense, join the remote olletor node into olletor group for dpter resilieny in the ses where the olletor experienes network interruption or eomes unville. VMwre, In. 217

218 1 Log in to vrelize Opertions Mnger y using the dministrtion interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, expnd Mngement, lik Colletor Groups, nd lik Add. 4 On the Colletor Groups pge, lik Add. 5 In the Add New Colletor Group dilog ox, onfigure the following settings, nd lik Sve. Nme Desription sfo01vrops01 sfo01-remote-olletors Remote olletor group for sfo01 Seleted The sfo01-remote-olletors group ppers on the Colletor Groups pge under the Administrtion view of the user interfe. Configure the Lod Blner for vrelize Opertions Mnger for Consolidted SDDC Configure lod lning for the nlytis luster on the dedited sfo01w01l01 NSX Edge servies gtewy. The remote olletor group does not require lod lning. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu, selet Networking & Seurity. The vsphere We Client displys the NSX Home pge. VMwre, In. 218

219 3 On the NSX Home pge, lik NSX Edges nd selet from the NSX Mnger dropdown menu t the top of the NSX Edges pge. 4 On the NSX Edges pge, doule-lik the sfo01w01l01 NSX edge. 5 Configure the lod lning VIP ddress for nlytis luster. d On the Mnge t, lik the s t nd lik Interfes. Selet the OneArmLB interfe nd lik the Edit ion. In the Edit NSX Edge Interfe dilog ox, lik the Edit ion nd in the Seondry IP Addresses text ox enter the VIP ddress. Clik OK to sve the onfigurtion. 6 Crete n pplition profile. On the Mnge t for the sfo01w01l01 devie, lik the Lod Blner t. Clik Applition Profiles, nd lik the Add ion. In the New Profile dilog ox, onfigure the profile using the following onfigurtion settings, nd lik OK. Nme Type Enle SSL Pssthrough Persistene vrops-https HTTPS Seleted Soure IP Expires in (Seonds) 1800 Client Authentition Ignore 7 Crete servie monitoring entry. On the Lod Blner t for the of the sfo01w01l01 devie, lik Servie Monitoring nd lik the Add ion. In the New Servie Monitor dilog ox, onfigure the helth hek prmeters using the following onfigurtion settings, nd lik OK. Nme vrops-443-monitor Intervl 3 Timeout 5 Mx Retries 2 Type Method URL Reeive HTTPS GET /suite-pi/pi/deployment/node/sttus ONLINE (must e upper se) VMwre, In. 219

220 8 Add server pool. On the Lod Blner t of the sfo01w01l01 devie, selet Pools, nd lik the Add ion. In the New Pool dilog ox, onfigure the lod lning profile using the following onfigurtion settings. Nme Algorithm Monitors vrops-svr-443 LEASTCONN vrops-443-monitor d Under Memers, lik the Add ion to dd the pool memers. In the New Memer dilog ox, dd one memer for eh node of the nlytis luster nd lik OK. Nme vrops01svr01 IP Address Stte Enle Port 443 Monitor Port 443 Weight 1 Mx Connetions 8 Min Connetions 8 e In the New Pool dilog ox, lik OK. VMwre, In. 220

221 9 Add virtul server. On the Lod Blner t of the sfo01w01l01 devie, selet Virtul Servers nd lik the Add ion. In the New Virtul Server dilog ox, onfigure the settings of the virtul server for the nlytis luster nd lik OK. Enle Virtul Server Applition Profile Nme Desription Seleted vrops_https vrops-svr-443 vrelize Opertions Mnger Cluster IP Address Clik Selet IP Address, selet OneArmLB from the drop-down menu nd selet IP for the virtul NIC. Protool HTTPS Port 443 Defult Pool vrops-svr-443 Connetion Limit 0 Connetion Rte Limit 0 You n now onnet to the nlytis luster using the puli Virtul Server IP ddress over HTTPS t the ddress. 10 Configure uto-rediret from HTTP to HTTPS requests. The NSX Edge n rediret users from HTTP to HTTPS without entering nother URL in the rowser. On the Lod Blner t of the sfo01w01l01 devie, selet Applition Profiles nd lik the Add ion. In the New Profile dilog ox, onfigure the pplition profile settings nd lik OK. Nme Type HTTP Rediret URL Persistene vrops-http-rediret HTTP Soure IP Expires in (Seonds) 1800 VMwre, In. 221

222 d On the Lod Blner t of the sfo01w01l01 devie, selet Virtul Servers nd lik the Add ion. Configure the settings of the virtul server for HTTP redirets. Enle Virtul Server Applition Profile Nme Seleted vrops-http-rediret vrops-svr-80-rediret IP Address Protool HTTP Port 80 Defult Pool NONE Connetion Limit 0 Connetion Rte Limit 0 You n onnet to the nlytis luster t the puli Virtul Server IP ddress over HTTP t the ddress. 11 Verify the pool onfigurtion y exmining the pool sttistis tht reflet the sttus of the omponents ehind the lod lner. d e f g h Log out nd log in gin to the vsphere We Client. From the Home menu, selet Networking & Seurity. On the NSX Home pge, lik NSX Edges nd selet from the NSX Mnger drop-down menu t the top of the NSX Edges pge. On the NSX Edges pge, doule-lik the sfo01w01l01 NSX edge. On the Mnge t, lik the Lod Blner t. Selet Pools nd lik Show Pool Sttistis. In the Pool nd Memer Sttus dilog ox, selet the vrops-svr-443 pool. Verify tht the lod lner pool is up. Add n Authentition Soure for the Ative Diretory for Consolidted SDDC Connet vrelize Opertions Mnger to the Ative Diretory of the Consolidted SDDC for entrl user mngement nd ess ontrol. VMwre, In. 222

223 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Aess nd lik Authentition Soures. 4 On the Authentition Soures pge, lik the Add utton. 5 In the Add Soure for User nd Group Import dilog ox, enter the settings for the rinpole.lol nd sfo01.rinpole.lol Ative Diretories, nd lik OK. Ative Diretory s rinpole.lol sfo01.rinpole.lol Soure Disply Nme RAINPOLE.LOCAL SFO01.RAINPOLE.LOCAL Soure Type Ative Diretory Ative Diretory Integrtion Mode Bsi Bsi Domin/Sudomin RAINPOLE.LOCAL SFO01.RAINPOLE.LOCAL Use SSL/TLS Deseleted Deseleted User Nme sv-vrops@rinpole.lol sv-vrops@rinpole.lol Pssword sv-vrops_pssword sv-vrops_pssword s under the Detils setion Automtilly synhronize user memership for onfigured groups Seleted Seleted Host d01rpl.rinpole.lol d01sfo.sfo01.rinpole.lol Port Bse DN d=rainpole,d=local d=sfo01,d=rainpole,d=local Common Nme userpriniplnme userpriniplnme 6 Clik the Test utton to test the onnetion to the domin ontroller nd in the Info dilog lik OK. 7 In the Add Soure for User nd Group Import dilog ox, lik OK. The users nd user groups in the two Ative Diretories rinpole.lol nd sfo01.rinpole.lol re dded to vrelize Opertions Mnger. VMwre, In. 223

224 Configure User Aess in vsphere for Integrtion with vrelize Opertions Mnger for Consolidted SDDC Configure opertions servie ounts with permissions tht re required to enle vrelize Opertions Mnger ess to monitoring dt on the onsolidted luster. You ssoite the sv-vrops-xxx servie ounts in Ative Diretory with user roles tht hve ertin privileges nd you ssign the users to the vcenter Server instne in the inventory. 1 Define User Role in vsphere for Storge Devies Adpters in vrelize Opertions Mnger for Consolidted SDDC In vsphere, rete user role with privileges tht re required for olleting dt out storge devies nd vsan helth in vrelize Opertions Mnger. 2 Configure User Privileges in vsphere for Integrtion with vrelize Opertions Mnger for Consolidted SDDC Assign glol permissions in onsolidted SDDC to the opertions servie ounts in order to enle vrelize Opertions Mnger ess to monitoring dt on the onsolidted pod for the region. Define User Role in vsphere for Storge Devies Adpters in vrelize Opertions Mnger for Consolidted SDDC In vsphere, rete user role with privileges tht re required for olleting dt out storge devies nd vsan helth in vrelize Opertions Mnger. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 On the Home pge of the vsphere We Client, lik Roles under Administrtion. VMwre, In. 224

225 3 Crete new role for olleting storge devie dt. On the Roles pge, lik the Crete role tion ion. In the Crete Role dilog ox, onfigure the role using the following onfigurtion settings, nd lik OK. Role nme MPSD Metris User Privilege Host.CIM.CIM intertion Host.Configurtion.Storge prtition onfigurtion Profile-driven storge.profile-driven storge view Storge views.view This role inherits the System.Anonymous, System.View, nd System.Red privileges. Configure User Privileges in vsphere for Integrtion with vrelize Opertions Mnger for Consolidted SDDC Assign glol permissions in onsolidted SDDC to the opertions servie ounts in order to enle vrelize Opertions Mnger ess to monitoring dt on the onsolidted pod for the region. The sv-vrops-vsphere nd sv-vrops-nsx users hve red-only ess on ll ojets in vcenter Server. The sv-vrops-mpsd nd sv-vrops-vsn users hve rights tht re speifilly required for ess to storge devie nd vsan informtion, respetively, in vrelize Opertions Mnger on ll ojets in vcenter Server. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu, selet Administrtion. 3 Assign glol permissions to the following users ording to their roles. User sv-vrops-vsphere@rinpole.lol sv-vrops-nsx@rinpole.lol Role Red-only Red-only VMwre, In. 225

226 User Role MPSD Metris User MPSD Metris User Clik Glol Permissions under Aess Control. Clik Add permission in the Mnge t. d e f g In the Glol Permissions Root - Add Permission dilog ox, lik Add to ssoite user or group with role. In the Selet Users/Groups dilog ox, from the Domin drop-down menu, selet rinpole.lol, in the filter ox type sv-vrops nd press Enter. From the list of users nd groups, selet sv-vrops-vsphere, lik Add, nd lik OK. In the Glol Permissions Root - Add Permission dilog ox, from the Assigned Role dropdown menu, selet Red-only, ensure tht Propogte to hildren is seleted, nd lik OK. Repet the steps to ssign the Red-only user role to the sv-vrops-nsx user, nd the MPSD Metris User user role to the sv-vrops-mpsd nd sv-vrops-vsn users. Add vcenter Adpter Instne to vrelize Opertions Mnger for Consolidted SDDC After you deploy the nlytis luster nd the remote olletor node of vrelize Opertions Mnger nd strt vrelize Opertions Mnger, dd vcenter Adpter for the Consolidted vcenter Server. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 From the solution tle on the Solutions pge, selet the VMwre vsphere solution, nd lik Configure. The Mnge Solution - VMwre vsphere dilog ox ppers. VMwre, In. 226

227 5 Under Instne s, enter the settings for onnetion to the Consolidted vcenter Server. Enter the disply nme, desription, nd FQDN of the Consolidted vcenter Server. Disply Nme Desription vcenter Server for Consolidted vcenter Server vcenter Adpter - sfo01w01v01 Consolidted vcenter Server sfo01w01v01.sfo01.rinpole.lol Clik the Add ion on the right side, onfigure the redentils for onnetion to the Consolidted vcenter Server instne, nd lik OK. vcenter Server Credentils Attriute Credentil nme User Nme Pssword vcenter Adpter Credentils - sfo01w01v01 sv-vrops-vsphere@rinpole.lol sv-vrops-vsphere-pssword d Leve Enle Ations set to Enle so tht vcenter Adpter n run tions on ojets in vcenter Server from vrelize Opertions Mnger. Clik Test Connetion to vlidte the onnetion to the vcenter Server instne. The vcenter Server ertifite ppers. e f g h i In the Review nd Aept Certifite dilog ox, verify the ertifite informtion, nd lik Aept. Clik OK in the Info dilog ox. Expnd the Advned s setion of settings. From the Colletors/Groups drop-down menu, selet the sfo01-remote-olletors group. Speify user ount with dministrtor privileges to register vrelize Opertions Mnger with the vcenter Server. Registrtion user Registrtion pssword dministrtor@vsphere.lol vsphere_dmin_pssword 6 Clik Define Monitoring Gols. 7 In the Define Monitoring Gols dilog ox, under Enle vsphere Hrdening Guide Alerts?, selet Yes, leve the defult onfigurtion for the other options, nd lik Sve. 8 Clik OK in the Suess dilog ox. 9 Clik Sve s. 10 In the Info dilog ox, lik OK. 11 In the Mnge Solution - VMwre vsphere dilog ox, lik Close. VMwre, In. 227

228 12 On the Solutions pge, selet VMwre vsphere from the solution tle to view the olletion stte nd olletion sttus of the dpter. The Colletion Stte olumn for the vcenter Adpters displys Colleting, nd the Colletion Sttus olumn displys Dt reeiving. Connet vrelize Opertions Mnger to the NSX Mnger for Consolidted SDDC Instll nd onfigure the vrelize Opertions Mngement Pk for NSX for vsphere to monitor the NSX networking servies deployed in the vsphere luster nd view the vsphere hosts in the NSX trnsport zones. You n lso ess end to end logil network topologies etween ny two virtul mhines or NSX ojets for etter visiility into logil onnetivity. Physil host nd network devie reltionship in this view lso helps in isolting prolems in the logil or physil network. 1 Instll the vrelize Opertions Mnger Mngement Pk for NSX for vsphere for Consolidted SDDC Instll the.pk file for the mngement pk for NSX for vsphere to dd the solution entry nd dpter to vrelize Opertions Mnger. 2 Configure User Privileges in NSX Mnger for Integrtion with vrelize Opertions Mnger for Consolidted SDDC Assign the permissions tht re required to ess monitoring dt from the Consolidted NSX Mnger in vrelize Opertions Mnger for the servie ount sv-vrops-nsx. 3 Add NSX-vSphere Adpter Instnes to vrelize Opertions Mnger for Consolidted SDDC After you instll the mngement pk, onfigure NSX-vSphere Adpter for the NSX Mnger in the onsolidted luster. 4 Add Network Devies Adpter to vrelize Opertions Mnger for Consolidted SDDC Configure Network Devies Adpter to monitor the swithes nd routers in your environment, nd view relted lerts, metris nd ojet pity. Instll the vrelize Opertions Mnger Mngement Pk for NSX for vsphere for Consolidted SDDC Instll the.pk file for the mngement pk for NSX for vsphere to dd the solution entry nd dpter to vrelize Opertions Mnger. VMwre, In. 228

229 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, lik the Add ion. 5 On the Selet Solution pge from the Add Solution wizrd, rowse to the.pk file of the vrelize Opertions Mnger Mngement Pk for NSX for vsphere nd lik Uplod. After the NSX mngement pk file hs een uploded, you see detils out the mngement pk. 6 After the uplod is omplete, lik Next. 7 On the End User Liense Agreement pge, ept the liense greement nd lik Next. The instlltion of the mngement pk strts. You see its progress on the Instll pge. 8 After the instlltion is omplete, lik Finish on the Instll pge. The Mngement Pk for NSX-vSphere solution ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. Configure User Privileges in NSX Mnger for Integrtion with vrelize Opertions Mnger for Consolidted SDDC Assign the permissions tht re required to ess monitoring dt from the Consolidted NSX Mnger in vrelize Opertions Mnger for the servie ount sv-vrops-nsx. VMwre, In. 229

230 1 Log in to the NSX Mnger y using Seure Shell (SSH) lient. Open n SSH onnetion to the NSX Mnger virtul mhine. NSX Mnger NSX Mnger for the onsolidted luster Host nme sfo01w01nsx01.sfo01.rinpole.lol Log in using the following redentils. User nme Pssword dmin sfo01nsx_dmin_pssword 2 Crete the lol servie ount sv-vrops-nsx on the NSX Mnger instne. Run the following ommnd to swith to Privileged mode of the NSX Mnger. enle Enter the dmin pssword when prompted nd press Enter. Swith to Configurtion mode. onfigure terminl d Crete the servie ount sv-vrops-nsx. user sv-vrops-nsx pssword plintext sv-vrops-nsx_pssword e Assign the sv-vrops-nsx user ess to NSX Mnger from the vsphere We Client. user sv-vrops-nsx privilege we-interfe f Exit Configurtion mode exit g Commit these updtes to the NSX Mnger. opy running-onfig strtup-onfig 3 Assign the seurity_dmin role to the sv-vrops-nsx servie ount. Log in to the Windows host tht hs ess to your dt enter. In Chrome We rowser, strt the Postmn pplition nd log in. Selet POST from the drop-down menu tht ontins the HTTP request methods. VMwre, In. 230

231 d In the URL text ox next to the seleted method, enter the following URL. NSX Mnger Consolidted NSX Mnger POST URL -vrops-nsx?iscli=true e On the Authoriztion t, onfigure the following uthoriztion settings nd lik Updte Request. Type User nme Pssword Bsi Auth dmin sfo01nsx_dmin_pssword f On the Heders t, enter the following heder detils. Key Content-Type pplition/xml g On the Body t, selet rw, pste the following request ody in the Body text ox, nd lik Send. <esscontrolentry> <role>seurity_dmin</role> <resoure> <resoureid>glolroot-0</resoureid> </resoure> </esscontrolentry> The Sttus hnges to 204 No Content. VMwre, In. 231

232 Add NSX-vSphere Adpter Instnes to vrelize Opertions Mnger for Consolidted SDDC After you instll the mngement pk, onfigure NSX-vSphere Adpter for the NSX Mnger in the onsolidted luster. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet Mngement Pk for NSX-vSphere from the solution tle, nd lik Configure. 5 In the Mnge Solution - Mngement Pk for NSX-vSphere dilog ox, from the Adpter Type tle t the top, selet NSX-vSphere Adpter. Empty settings for the NSX-vSphere Adpter pper under Instne s if vrelize Opertions Mnger does not hve NSX-vSphere Adpters onfigured. VMwre, In. 232

233 6 Under Instne s, enter the settings for onnetion to the NSX Mnger in the onsolidted luster. Enter the disply nme, the FQDN of NSX Mnger, nd the FQDN of the vcenter Server instne tht is onneted to the NSX Mnger. Disply Nme Desription NSX Mnger Host VC Host Enle Log Insight integrtion if onfigured for the NSX Mnger in the Consolidted Cluster NSX Adpter - sfo01w01nsx01 Consolidted NSX Mnger sfo01w01nsx01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol flse Clik the Add ion next to the Credentil text ox, onfigure the redentils for the onnetion to NSX Mnger nd vcenter Server, nd lik OK. Credentil nme NSX Mnger User Nme NSX Mnger Pssword vcenter User Nme vcenter Pssword for the NSX Mnger for the Consolidted Cluster NSX Adpter Credentils - sfo01w01nsx01 sv-vrops-nsx sv-vrops-nsx_pssword sv-vrops-nsx@rinpole.lol sv-vrops-nsx-pssword Clik Test Connetion to vlidte the onnetion to the Consolidted NSX Mnger. The NSX Mnger ertifite ppers. d e f g h In the Review nd Aept Certifite dilog ox, verify the ertifite informtion nd lik Aept. In the Info dilog, lik OK. Expnd the Advned s pne, selet sfo01-remote-olletors from the Colletors/Groups drop-down menu. Clik Sve s. In the Info dilog, lik OK. 7 In the Mnge Solution - Mngement Pk for NSX-vSphere dilog ox, lik Close. The NSX-vSphere Adpter is ville on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. VMwre, In. 233

234 Add Network Devies Adpter to vrelize Opertions Mnger for Consolidted SDDC Configure Network Devies Adpter to monitor the swithes nd routers in your environment, nd view relted lerts, metris nd ojet pity. The Network Devies Adpter ollets dt ross ll network devies tht you wnt to monitor using vrelize Opertions Mnger. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet the Mngement Pk for NSX-vSphere from the solution tle, nd lik Configure. 5 In Mnge Solution - Mngement Pk for NSX-vSphere dilog ox, from the Adpter Type tle t the top, selet Network Devies Adpter. VMwre, In. 234

235 6 Under Instne s, enter the settings for SNMP onnetion to the network devies for the mngement luster. Enter the disply nme, SNMP version nd redentils. Disply Nme Desription Network Devies Adpter Glol Network Devies Adpter SNMP Ports 161 SNMP Version SNMPv3 Privy Protool SNMPv3 Authentition Protool SNMPv2 AES MD5 Clik the Add ion, nd onfigure the redentils for onneting the Network Devies Adpter to the network devies, nd lik OK. Credentil Credentil Kind Credentil Nme SNMP Red Community Strings SNMPv1, SNMPv2 Credentil Network Devies Adpter Credentils - sfo01 puli Note For SNMPv1 nd SNMPv2 devies, enter omm-seprted list of ommunity nmes (defult is puli). For SNMPv3 devies, provide SNMPv3 redentils in ddition to the settings for SNMPv1 nd SNMPv2. d e f Clik Test Connetion to verify the settings, nd if the test is suessful lik the OK utton. Expnd the Advned s setion of settings, nd verify tht the Colletors/Groups option is set to Defult olletor group. Clik Sve s. Clik OK in theinfo dilog ox tht ppers. 7 In the Mnge Solution - Mngement Pk for NSX-vSphere dilog ox, lik Close. The Network Devies Adpter ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. The dpter is olleting dt out the network devies for the lol region of the SDDC. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. Connet vrelize Opertions Mnger to vrelize Automtion for Consolidted SDDC Configure the vrelize Opertions Mnger Mngement Pk for vrelize Automtion to monitor the helth nd pity risk of your loud infrstruture in the ontext of the tennt's usiness groups. VMwre, In. 235

236 1 Configure Colletion of Metris from vrelize Automtion in vrelize Opertions Mnger for Consolidted SDDC Connet vrelize Automtion to vrelize Opertions Mnger for olleting sttistis out the tennt worklods tht re provisioned using vrelize Automtion. 2 Configure Integrtion of vrelize Opertions Mnger with vrelize Automtion for Worklod Relmtion for Consolidted SDDC Connet vrelize Automtion with vrelize Opertions Mnger to ollet metris tht vrelize Automtion n use to identify tennt worklods for relmtion in the onsolidted SDDC. Suh worklods hve low use of CPU, memory use, or disk spe. Configure Colletion of Metris from vrelize Automtion in vrelize Opertions Mnger for Consolidted SDDC Connet vrelize Automtion to vrelize Opertions Mnger for olleting sttistis out the tennt worklods tht re provisioned using vrelize Automtion. 1 Configure User Privileges on vrelize Automtion for Integrtion with vrelize Opertions Mnger for Consolidted SDDC Assign the permissions tht re required to ess monitoring dt from the vrelize Automtion in vrelize Opertions Mnger to the sv-vrops-vr opertions servie ount. The sv-vrops-vr user hs rights tht re speifilly required for ess to vrelize Automtion in vrelize Opertions Mnger. 2 Add vrelize Automtion Adpter to vrelize Opertions Mnger for Consolidted SDDC Configure vrelize Automtion dpter to ollet monitoring dt from vrelize Automtion. Configure User Privileges on vrelize Automtion for Integrtion with vrelize Opertions Mnger for Consolidted SDDC Assign the permissions tht re required to ess monitoring dt from the vrelize Automtion in vrelize Opertions Mnger to the sv-vrops-vr opertions servie ount. The sv-vrops-vr user hs rights tht re speifilly required for ess to vrelize Automtion in vrelize Opertions Mnger. VMwre, In. 236

237 1 Log in to the vrelize Automtion portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin dministrtor vr_dministrtor_pssword vsphere.lol 2 On the Tennts t, lik the Rinpole tennt. 3 Clik the Administrtors t to ssign tennt dministrtor nd IS dministrtor roles to the svvrops-vr servie ount. Enter sv-vrops-vr in the Tennt dministrtors serh text ox, lik the Serh ion, nd lik sv-vrops-vr (sv-vrops-vr@rinpole.lol) tht shows in the serh result list to ssign the role to the ount. Enter sv-vrops-vr in the IS dministrtors serh text ox, lik Serh ion, nd lik sv-vrops-vr (sv-vrops-vr@rinpole.lol) tht shows in the serh result list to ssign the role to the ount. Clik Finish. 4 Log out of the vrelize Automtion Defult tennt portl. 5 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword Rinpole.lol 6 Nvigte to Administrtion > Users & Groups > Diretory Users nd Groups to ssign the softwre rhitet role to the sv-vrops-vr servie ount. Enter sv-vrops-vr in the serh ox, lik the Serh ion nd lik sv-vrops-vr (svvrops-vr@rinpole.lol) user. The setting of the sv-vrops-vr ount pper. On the Generl t, selet Infrstruture Arhitet nd Softwre Arhitet under Add roles to this User, nd lik Finish. VMwre, In. 237

238 7 Nvigte to Infrstruture > Endpoints > Fri Groups to ssign the fri dministrtor role to the sv-vrops-vr servie ount. On the Fri Groups pge, lik SFO Fri Group. On Edit Fri Group pge, enter sv-vrops-vr in Fri dministrtors serh text ox nd lik the Serh ion. Clik in the serh result list to ssign the fri dministrtor role to the ount, nd lik OK. Add vrelize Automtion Adpter to vrelize Opertions Mnger for Consolidted SDDC Configure vrelize Automtion dpter to ollet monitoring dt from vrelize Automtion. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 From the solution tle on the Solutions pge, selet VMwre vrelize Automtion nd lik Configure. The Mnge Solution - VMwre vrelize Automtion dilog ox ppers. VMwre, In. 238

239 5 In the Mnge Solution - VMwre vrelize Automtion dilog ox, under Instne s, enter the settings for onnetion to vrelize Automtion. Enter the disply nme, desription, nd the FQDN of vrelize Automtion front-end portl, nd turn dt olletion on for the Rinpole tennt. Disply Nme Desription vrelize Automtion Appline URL vrelize Automtion Adpter - vr01svr01 (Rinpole) vrelize Automtion - Rinpole Tennt Clik the Add ion, onfigure the redentils for onnetion to vrelize Automtion, nd lik OK. Credentil Credentil nme SysAdmin Usernme SysAdmin Pssword SuperUser Usernme SuperUser Pssword vra Adpter Credentils - vr01svr01 dministrtor@vsphere.lol vr_dministrtor_pssword sv-vrops-vr@rinpole.lol sv_vrops_vr_pssword d e f Clik Test Connetion to vlidte the onnetion to vrelize Automtion. In the Review nd Aept Certifite dilog ox, verify the vrelize Automtion ertifite informtion, nd lik Aept. Clik OK in the Info dilog ox. Expnd the Advned s setion, nd verify the following onfigurtion. Advned Colletors/Groups Tennts vra Endpoint Monitoring Auto Disovery Defult olletor group rinpole Enled true g Clik Sve s nd lik OK in the Info ox tht ppers. 6 In the Mnge Solution - VMwre vrelize Automtion dilog ox, lik Close. The vrelize Automtion Adpter ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. VMwre, In. 239

240 Configure Integrtion of vrelize Opertions Mnger with vrelize Automtion for Worklod Relmtion for Consolidted SDDC Connet vrelize Automtion with vrelize Opertions Mnger to ollet metris tht vrelize Automtion n use to identify tennt worklods for relmtion in the onsolidted SDDC. Suh worklods hve low use of CPU, memory use, or disk spe. 1 Configure User Privileges on vrelize Opertions Mnger for Tennt Worklod Relmtion for Consolidted SDDC Configure red-only privileges for the sv-vr-vrops@rinpole.lol servie ount on vrelize Opertions Mnger. You onfigure these privileges so tht vrelize Automtion n pull metris from vrelize Opertions Mnger for relmtion of tennt worklods in the onsolidted SDDC. 2 Add vrelize Opertions Mnger s Metris Provider for vrelize Automtion for Consolidted SDDC Integrte vrelize Automtion with vrelize Opertions Mnger to pull metris for relmtion of tennt worklods. Configure User Privileges on vrelize Opertions Mnger for Tennt Worklod Relmtion for Consolidted SDDC Configure red-only privileges for the sv-vr-vrops@rinpole.lol servie ount on vrelize Opertions Mnger. You onfigure these privileges so tht vrelize Automtion n pull metris from vrelize Opertions Mnger for relmtion of tennt worklods in the onsolidted SDDC. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, expnd Aess, nd lik Aess Control. 4 On the Aess Control pge, lik the User Aounts t nd lik the Import Users ion. 5 On the Import Users pge, import the sv-vr-vrops@rinpole.lol servie ount. From the Import From drop-down menu, selet RAINPOLE.LOCAL. Selet the Bsi option for the serh query. VMwre, In. 240

241 In the Serh String text ox, enter sv-vr-vrops nd lik Serh. The serh results ontin the sv-vr-vrops user ount. d Selet sv-vr-vrops@rinpole.lol nd lik Next. 6 On the Assign Groups nd Permissions pge, ssign the RedOnly role to the sv-vrvrops@rinpole.lol servie ount, lik the Ojets t, onfigure the following settings nd lik Finish. Selet Role Assign this role to the user Selet Ojet RedOnly Seleted vcenter Adpter > vcenter Adpter - sfo01w01v01 Add vrelize Opertions Mnger s Metris Provider for vrelize Automtion for Consolidted SDDC Integrte vrelize Automtion with vrelize Opertions Mnger to pull metris for relmtion of tennt worklods. 1 Log in to the vrelize Automtion Rinpole portl. Open We rowser nd go to Log in using the following redentils. User nme Pssword Domin it-tenntdmin it-tenntdmin_pssword Rinpole.lol 2 Nvigte to Administrtion > Relmtion > Metris Provider. 3 On the Metris Provider pge, onfigure the vrelize Opertions Mnger settings. Selet vrelize Opertions Mnger endpoint. Configure the following settings for vrelize Opertions Mnger. URL Usernme Pssword sv-vr-vrops@rinpole.lol sv-vr-vrops_pssword d Clik Test Connetion, verify tht the test onnetion is suessful, nd lik Sve. In the ertifite wrning messge ox, lik OK. The vsphere metris provider updted suessfully messge ppers. VMwre, In. 241

242 Connet vrelize Opertions Mnger with vrelize Business for Consolidted SDDC Configure the vrelize Opertions Mnger Mngement Pk for vrelize Business to view your infrstruture performne, ost informtion, nd lso trouleshooting tips. You n onnet vrelize Opertions Mnger to single instne of vrelize Business for Cloud. Connet vrelize Opertions Mnger to vrelize Business for Cloud for Consolidted SDDC Configure vrelize Business for Cloud dpter to ollet monitoring dt from vrelize Business for Cloud. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 From the solution tle on the Solutions pge, selet VMwre vrelize Business for Cloud solution nd lik Configure. The Mnge Solution - VMwre vrelize Business for Cloud dilog ox ppers. 5 Under Instne s, enter the settings for onnetion to vrelize Business for Cloud. Enter the disply nme, desription nd FQDN of the vrelize Business for Cloud Server. Disply Nme Desription vrelize Business for Cloud server for vrelize Business for Cloud Server vrelize Business Adpter - vr01svr01 vrelize Business for Cloud Server vr01svr01.rinpole.lol d e Clik Test Connetion to vlidte the onnetion to the vrelize Business server instne. Clik OK in the Test Connetion Info dilog ox. Expnd the Advned s setion of settings. From the Colletors/Groups drop-down menu, mke sure tht the Defult olletors group is seleted. VMwre, In. 242

243 6 Clik Sve s. 7 Clik OK in the Adpter Instne Informtion dilog ox. 8 In the Mnge Solution - VMwre vrelize Business for Cloud dilog ox, lik Close. The vrbc Adpter ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. Verify Connetivity to vrelize Business for Cloud for Consolidted SDDC To verify integrtion of VMwre vrelize Business for Cloud with vrelize Opertions Mnger, run Privte Cloud Relmtion report from the vrelize Opertions Mnger opertions interfe. If the integrtion is interrupted, re-register the Consolidted vcenter Server with vrelize Business. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Home. 3 In the left pne of vrelize Opertions Mnger, lik Business Mngement. 4 Log in to vrelize Business using the following redentils. User nme Tennt Pssword it-tenntdmin rinpole it-tenntdmin_pssword The dshord of vrelize Business opens on the Business Mngement pge of the vrelize Opertions Mnger opertions interfe. 5 On the Business Mngement pge, lik Overview nd lote the Privte Cloud Relmtion widget on the right. VMwre, In. 243

244 6 If on running the report, the integrtion messge Cost Svings from Privte Cloud relmtion requires integrtion with vrelize Opertions Mnger ppers, reregister vrelize Business with the vcenter Server. Open We rowser nd go to Log in using the following redentils. User nme Pssword root vr_olletor_root_pssword d Clik Mnge Privte Cloud Connetions nd selet vcenter Server. Selet the vcenter Server sfo01w01v01.sfo01.rinpole.lol nd lik the Delete ion. The onnetion to vcenter Server is removed. e Clik Add. f In the Add vcenter Server Connetions dilog ox, enter the following settings nd lik Sve. Nme vcenter Server Usernme Pssword sfo01w01v01.sfo01.rinpole.lol sfo01w01v01.sfo01.rinpole.lol sv-vr@rinpole.lol sv_vr_pssword g h In the SSL Certifite dilog ox, lik Instll. In the Suess dilog ox, lik OK. 7 Wit few minutes for vrelize Business for Cloud to initite synhroniztion, run the report gin nd verify tht it is generted suessfully. Enle Storge Devie Monitoring in vrelize Opertions Mnger for Consolidted SDDC Instll nd onfigure the vrelize Opertions Mngement Pk for Storge Devies to view the storge topology, nd to monitor the pity nd prolems on storge omponents. 1 Instll the vrelize Opertions Mnger Mngement Pk for Storge Devies for Consolidted SDDC Instll the.pk file of the mngement pk for storge devies to dd the mngement pk s solution to vrelize Opertions Mnger. 2 Add Storge Devies Adpter in vrelize Opertions Mnger for Consolidted SDDC After you instll the mngement pk, onfigure Storge Devies dpter to ollet monitoring dt out the storge devies in the SDDC. VMwre, In. 244

245 Instll the vrelize Opertions Mnger Mngement Pk for Storge Devies for Consolidted SDDC Instll the.pk file of the mngement pk for storge devies to dd the mngement pk s solution to vrelize Opertions Mnger. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, lik the Add ion. 5 On the Selet Solution pge from the Add Solution wizrd, rowse to the.pk file of the vrelize Opertions Mnger Mngement Pk for Storge Devies nd lik Uplod. 6 After the uplod is omplete, lik Next. 7 On the End User Liense Agreement pge, ept the liense greement nd lik Next. The instlltion of the mngement pk strts. You see its progress on the Instll pge. 8 After the instlltion is omplete, lik Finish on the Instll pge. The Mngement Pk for Storge Devies solution ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. Add Storge Devies Adpter in vrelize Opertions Mnger for Consolidted SDDC After you instll the mngement pk, onfigure Storge Devies dpter to ollet monitoring dt out the storge devies in the SDDC. VMwre, In. 245

246 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet Mngement Pk for Storge Devies from the solution tle nd lik Configure. The Mnge Solution - Mngement Pk for Storge Devies dilog ox ppers. 5 Under Instne s, enter the settings for onnetion to the Consolidted vcenter Server. Enter the disply nme, desription, nd FQDN of the vcenter Server instne. Disply Nme Desription vcenter Server for the Consolidted vcenter Storge Devies Adpter - sfo01w01v01 Connetion to Consolidted vcenter for Storge Devies sfo01w01v01.sfo01.rinpole.lol SNMP Community Strings - Clik the Add ion, onfigure the redentils for onnetion to the Consolidted vcenter Server, nd lik OK. Credentil nme User Nme Pssword for the Consolidted vcenter Storge Devies Adpter Credentils - sfo01w01v01 sv-vrops-mpsd@rinpole.lol sv-vrops-mpsd-pssword d e f g Clik Test Connetion to vlidte the onnetion to the Consolidted vcenter Server. In the Review nd Aept Certifite dilog ox, verify the vcenter Server ertifite informtion nd lik Aept. Clik OK in the Info dilog ox. Expnd the Advned s setion of settings, nd from the Colletors/Groups drop-down menu, selet the sfo01-remote-olletors olletor group. Clik Sve s nd lik OK in the Info dilog ox tht ppers. 6 In the Mnge Solution - Mngement Pk for Storge Devies dilog ox, lik Close. VMwre, In. 246

247 The Storge Devies Adpter pper on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. Enle vsan Monitoring in vrelize Opertions Mnger for Consolidted SDDC Configure the vrelize Opertions Mngement Pk for vsan to view the vsan topology nd to monitor pity nd prolems. 1 Turn On the vsan Performne Servie for Consolidted SDDC When you rete vsan luster, the performne servie is disled. Turn on the vsan performne servie to monitor the performne of vsan lusters, hosts, disks, nd VMs. 2 Add vsan Adpter in vrelize Opertions Mnger for Consolidted SDDC Configure the vsan dpter to ollet monitoring dt out vsan usge in the Consolidted SDDC. Turn On the vsan Performne Servie for Consolidted SDDC When you rete vsan luster, the performne servie is disled. Turn on the vsan performne servie to monitor the performne of vsan lusters, hosts, disks, nd VMs. When you turn on the performne servie, vsan ples Stts dtse ojet in the dtstore to ollet sttistil dt. The Stts dtse is nmespe ojet in the luster's vsan dtstore. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Enle the vsan performne servie. In the Nvigtor, expnd the sfo01-w01d dt enter ojet. Clik the sfo01-w01-onsolidted01 luster ojet nd lik the Configure t. VMwre, In. 247

248 d Under vsan, selet Helth nd Performne. Next to the Performne Servie settings, lik Edit, onfigure the following settings nd lik OK. Turn ON vsan performne servie Storge poliy Seleted vsan Defult Storge Poliy Add vsan Adpter in vrelize Opertions Mnger for Consolidted SDDC Configure the vsan dpter to ollet monitoring dt out vsan usge in the Consolidted SDDC. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet VMwre vsan from the solution tle nd lik Configure. The Mnge Solution - VMwre vsan dilog ox ppers. 5 Under Instne s, enter the settings for onnetion to the Consolidted vcenter Server. Enter the disply nme, desription nd FQDN of the vcenter Server instne. Disply Nme Desription vcenter Server for the Consolidted vcenter vsan Adpter - sfo01w01v01 vsan Adpter for Consolidted vcenter Server sfo01w01v01.sfo01.rinpole.lol Clik the Add ion, onfigure the redentils for onnetion to the Consolidted vcenter Server, nd lik OK. Credentil nme User Nme Pssword for the Consolidted vcenter vsan Adpter Credentils - sfo01w01v01 sv-vrops-vsn@rinpole.lol sv-vrops-vsn-pssword Clik Test Connetion to vlidte the onnetion to the Consolidted vcenter Server. VMwre, In. 248

249 d e f g h i In the Review nd Aept Certifite dilog ox, verify the vcenter Server ertifite informtion nd lik Aept. Clik OK in the Info dilog ox. Expnd the Advned s setion of settings. From the Colletors/Groups drop-down menu, selet the sfo01-remote-olletors olletor group. Mke sure Auto Disovery is set to true. Clik Sve s nd lik OK in the Info dilog ox tht ppers. 6 In the Mnge Solution - VMwre vsan dilog ox, lik Close. The vsan Adpter ppers on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpters is Colleting nd the Colletion Sttus is Dt reeiving. Configure E-Mil Alerts in vrelize Opertions Mnger for Consolidted SDDC You onfigure e-mil notifitions in vrelize Opertions Mnger so tht users nd pplitions reeive the dministrtive lerts from vrelize Opertions Mnger out ertin situtions in the dt enter. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Mngement nd lik Outound s. 4 On the Outound s pge, lik the Add ion to rete n outound lert instne. 5 In the Add/Edit Outound Instne dilog ox, onfigure the settings for the Stndrd Emil Plugin, nd lik OK. Alert Instne Plugin Type Instne Nme Use Seure Connetion SMTP Host Stndrd Emil Plugin SMTP Alert Mil Rely Seleted milserver.rinpole.lol SMTP Port 25 VMwre, In. 249

250 Alert Instne Seure Connetion Type Sender Emil Address Sender Nme TLS vrelize Opertions Admin 6 Clik Test to verify the onnetion with the SMTP server nd lik OK. 7 Clik Sve. vrelize Log Insight Implementtion for Consolidted SDDC Deploy vrelize Log Insight in single-node onfigurtion onsisting of single mster node with n integrted lod lner. 1 Deploy vrelize Log Insight for Consolidted SDDC Strt the deployment of vrelize Log Insight in the Consolidted SDDC y deploying the mster node nd enling the integrted lod lner. 2 Reple the Certifite of vrelize Log Insight for Consolidted SDDC After you generte the PEM ertifite hin file tht ontins the own ertifite, the signer ertifite nd the privte key file, uplod the ertifite hin to vrelize Log Insight. 3 Connet vrelize Log Insight to the vsphere Environment for Consolidted SDDC Strt olleting log informtion out the ESXi nd vcenter Server instnes in the Consolidted SDDC. 4 Connet vrelize Log Insight to vrelize Opertions Mnger for Consolidted SDDC Connet vrelize Log Insight to vrelize Opertions Mnger so tht you n use the Lunh in Context funtionlity etween the two pplitions to trouleshoot vrelize Opertions Mnger y using dshords nd lerts in the vrelize Log Insight user interfe. 5 Connet vrelize Log Insight to the NSX Instnes for Consolidted SDDC Instll nd onfigure the vrelize Log Insight Content Pk for NSX for vsphere for log visuliztion nd lerting of the NSX for vsphere rel-time opertion. You n use the NSX-vSphere dshords to monitor logs out instlltion nd onfigurtion, nd out virtul networking servies. 6 Connet vrelize Log Insight to vrelize Automtion for Consolidted SDDC Connet the vrelize Log Insight to vrelize Automtion to reeive log informtion from ll omponents of vrelize Automtion in the vrelize Log Insight user interfe. 7 Instll the Linux Content Pk nd Configure the Virtul Appline Agent Group for vrelize Log Insight for Consolidted SDDC Instll the ontent pk for VMwre Linux to dd the dshords for viewing log informtion out the mngement virtul pplines in vrelize Log Insight. VMwre, In. 250

251 8 Configure Log Retention nd Arhiving for Consolidted SDDC Set log retention to one week nd rhive logs for 90 dys ording to the VMwre Vlidted Design Arhiteture nd Design doumenttion. Deploy vrelize Log Insight for Consolidted SDDC Strt the deployment of vrelize Log Insight in the Consolidted SDDC y deploying the mster node nd enling the integrted lod lner. 1 Prerequisites for Deploying vrelize Log Insight for Consolidted SDDC Before you deploy vrelize Log Insight, verify tht your environment stisfies the requirements for this deployment. 2 Deploy the Virtul Appline for the Mser Node of the vrelize Log Insight Cluster for Consolidted SDDC Use the vsphere We Client to deploy the vrelize Log Insight mster node s virtul ppline in the Consolidted SDDC. 3 Strt the vrelize Log Insight Instne for Consolidted SDDC Configure nd strt the vrelize Log Insight mster node. 4 Enle the Integrted Lod Blner of vrelize Log Insight for Consolidted SDDC After you rete the vrelize Log Insight luster, enle the Integrted Lod Blner (ILB) for lning inoming ingestion trffi of syslog dt nd for high vilility. 5 Join vrelize Log Insight to the Ative Diretory for Consolidted SDDC To use user roles in vrelize Log Insight tht re mintined entrlly nd re inline with the other solutions in the SDDC, enle Ative Diretory support. Prerequisites for Deploying vrelize Log Insight for Consolidted SDDC Before you deploy vrelize Log Insight, verify tht your environment stisfies the requirements for this deployment. IP Addresses nd Host Nmes Verify tht stti IP ddresses nd FQDNs for the vrelize Log Insight re ville in the pplition virtul network for the Consolidted SDDC. For the pplition virtul network, llote stti IP ddress for the vrelize Log Insight mster node nd nother IP ddress for the integrted lod lner. Mp host nmes to the IP ddresses. Note Consolidted SDDC must e routle vi the vsphere mngement network. VMwre, In. 251

252 Tle 4 5. IP Addresses nd Host Nmes for the vrelize Log Insight Instne in Consolidted SDDC Role IP Address FQDN Integrted lod lner VIP ddress sfo01vrli01.sfo01.rinpole.lol Mster node sfo01vrli01.sfo01.rinpole.lol Defult gtewy DNS server Sunet msk NTP servers ntp.sfo01.rinpole.lol Deployment Prerequisites Verify tht your environment stisfies the following prerequisites to deploying vrelize Log Insight. Prerequisite Storge Virtul disk provisioning. Thin Required storge per node Initil storge for node deployment: 510 GB Softwre Fetures Verify tht vcenter Server is opertionl. Verify tht the vsphere luster hs DRS nd HA enled. Verify tht the Consolidted NSX Mnger is opertionl. Verify tht vrelize Opertions Mnger is opertionl. Verify tht the pplition virtul networks for the single-node vrelize Log Insight luster re ville. Verify tht vrelize Automtion is opertionl. Verify tht vrelize Business for Cloud is opertionl. Verify tht Postmn REST API pplition is instlled in your Chrome rowser. Verify the following NFS dtstore requirements: Crete n NFS shre of 250 GB for the onsolidted pod nd export it s /V2D_vRLI_Consolidted_250GB. Verify tht the NFS server supports NFS v3. Verify tht the NFS prtition llows red nd write opertions for guest ounts. Verify tht the mount does not require uthentition. Verify tht the NFS shre is diretly essile to vrelize Log Insight. If using Windows NFS server, llow unmpped user Unix ess (y UID/GID). Instlltion Pkge Liense Ative Diretory Downlod the.ov file of the vrelize Log Insight virtul ppline on the mhine where you use the vsphere We Client. Otin liense tht overs the use of vrelize Log Insight. Verify tht you hve prent nd hild Ative Diretory domin ontrollers onfigured with the role-speifi SDDC users nd groups for the rinpole.lol domin. VMwre, In. 252

253 Prerequisite Certifition Authority E-mil ount Configure the Ative Diretory domin ontroller s ertifite uthority for the environment. Provide n emil ount to send vrelize Log Insight notifitions from. Deploy the Virtul Appline for the Mser Node of the vrelize Log Insight Cluster for Consolidted SDDC Use the vsphere We Client to deploy the vrelize Log Insight mster node s virtul ppline in the Consolidted SDDC. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Nvigte to the sfo01w01v01.sfo01.rinpole.lol vcenter Server ojet. 3 Right-lik sfo01w01v01.sfo01.rinpole.lol nd selet Deploy OVF Templte. 4 On the Selet templte pge, selet Lol file, lik Browse, rowse to the lotion of the vrelize Log Insight.ov file on your lol file system, nd lik Next. 5 On the Selet nme nd lotion pge, mke the following seletions, nd lik Next. Enter nme for the node ording to its role. Nme sfo01vrli01 Role Mster node Selet the inventory folder for the virtul ppline. vcenter Server Dt enter Folder sfo01w01v01.sfo01.rinpole.lol sfo01-w01d sfo01-w01fd-vrli VMwre, In. 253

254 6 On the Selet resoure pge, selet the following vlues, nd lik Next. Dt enter Cluster Resoure Pool sfo01-w01d sfo01-w01-onsolidted01 sfo01-w01rp-sdd-mgmt 7 On the Review detils pge, exmine the virtul ppline detils, suh s produt, version, downlod size, nd disk size, nd lik Next. 8 On the Aept liense greements pge, ept the end user liense greements nd lik Next. 9 On the Selet onfigurtion pge, from the Configurtion drop-down menu, selet the Smll deployment onfigurtion, nd lik Next. 10 On the Selet storge pge, selet the dtstore informtion. From Selet virtul disk formt drop-down menu, selet Thin provision. From the VM storge poliy drop-down menu, selet vsan Defult Storge Poliy. From the Dtstores tle, selet the sfo01-w01-vsn01 dtstore nd lik Next. 11 On the Selet networks pge, selet the distriuted port group on the distriuted swith tht ends with Mgmt-RegionA01-VXLAN, nd lik Next. VMwre, In. 254

255 12 On the Customize templte pge, set networking settings nd the root user redentils for the virtul ppline. In the Networking Properties setion, onfigure the following networking settings. Property DNS , DNS domin DNS serhpth sfo01.rinpole.lol sfo01.rinpole.lol,rinpole.lol Defult gtewy Hostnme sfo01vrli01.sfo01.rinpole.lol Network 1 IP Address Network 1 Netmsk In the Other Properties setion, enter nd onfirm pssword for the root user. The pssword must ontin t lest 8 hrters, nd must inlude: One upperse hrter One lowerse hrter One digit One speil hrter Use this pssword when you log in to the onsole of the vrelize Log Insight virtul ppline. Clik Next. 13 On the Redy to omplete pge, review the onfigurtion dt nd lik Finish. The deployment of the virtul ppline strts. 14 After the deployment, right-lik the virtul ppline ojet sfo01vrli01 nd selet Power > Power On. Strt the vrelize Log Insight Instne for Consolidted SDDC Configure nd strt the vrelize Log Insight mster node. 1 Open We rowser nd go to The initil onfigurtion wizrd opens. 2 On the Setup pge, lik Next. 3 On the Choose Deployment Type pge, lik Strt New Deployment. VMwre, In. 255

256 4 After the deployment is lunhed, on the Admin Credentils pge, set the emil ddress nd the pssword of the dmin user, nd lik Sve And Continue. The pssword must e t lest 8 hrters long, nd must ontin one upperse hrter, one lowerse hrter, one numer, nd one speil hrter. 5 On the Liense pge, enter the liense key, lik Add Liense, nd lik Sve And Continue. 6 On the Generl Configurtion pge, enter the following settings nd lik Sve And Continue. Emil System Notifitions To Send HTTP Post System Notifitions To emil_ddress_to_reeive_system_notifitions 7 On the Time Configurtion pge, enter the following settings, lik Test, nd lik Sve And Continue. Syn Server Time With NTP Servers NTP server (reommended) ntp.sfo01.rinpole.lol 8 On the SMTP Configurtion pge, speify the properties of n SMTP server to enle outgoing lerts nd system notifition emils, nd to test the emil notifition. Set the onnetion setting for the SMTP server tht will send the emil messges from vrelize Log Insight. Contt your system dministrtor for detils out the emil server. SMTP Option SMTP Server Port SSL (SMTPS) STARTTLS Enryption Sender Usernme Pssword Desription FQDN of the SMTP server Server port for SMTP requests Sets whether enryption should e enled for the SMTP trnsport option onnetion. Enle or disle the STARTTLS enryption. Address tht ppers s the sender of the emil. User nme on the SMTP server Pssword for the SMTP server you speified in Usernme To verify tht the SMTP onfigurtion is orret, type vlid emil ddress nd lik Send test Emil. vrelize Log Insight sends test emil to the ddress tht you provided. 9 On the Setup Complete pge, lik Finish. vrelize Log Insight strts operting in stndlone mode. VMwre, In. 256

257 Enle the Integrted Lod Blner of vrelize Log Insight for Consolidted SDDC After you rete the vrelize Log Insight luster, enle the Integrted Lod Blner (ILB) for lning inoming ingestion trffi of syslog dt nd for high vilility. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 Clik the onfigurtion drop-down menu ion nd selet Administrtion. 3 Under Mngement, lik Cluster. 4 Under Integrted Lod Blner, lik New Virtul IP Address. 5 In the New Virtul IP dilog ox, enter the following settings nd lik Sve. IP FQDN sfo01vrli01.sfo01.rinpole.lol Join vrelize Log Insight to the Ative Diretory for Consolidted SDDC To use user roles in vrelize Log Insight tht re mintined entrlly nd re inline with the other solutions in the SDDC, enle Ative Diretory support. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 Clik the onfigurtion drop-down menu ion nd selet Administrtion. 3 Under Configurtion, lik Authentition. VMwre, In. 257

258 4 On the Authentition Configurtion pge, lik the Ative Diretory t nd onfigure the following Ative Diretory settings. Enle Ative Diretory support Defult Domin Domin Controller(s) Usernme Pssword Connetion Type Require SSL Seleted RAINPOLE.LOCAL d01rpl.rinpole.lol sv-vrli sv-vrli_pssword Stndrd Yes or No ording to the instrutions from the IT dministrtor 5 Clik Test Connetion to verify the onnetion, nd lik Sve. Reple the Certifite of vrelize Log Insight for Consolidted SDDC After you generte the PEM ertifite hin file tht ontins the own ertifite, the signer ertifite nd the privte key file, uplod the ertifite hin to vrelize Log Insight. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Administrtion. 3 Under Configurtion, lik SSL. 4 On the SSL Configurtion pge, lik Choose File next to New Certifite File (PEM formt), rowse to the lotion of the PEM file on your omputer, nd lik Sve. Certifite Genertion Option Using the CertGenVVD tool Certifite File vrli-for-1-pod.2.hin.pem The ertifite is uploded to vrelize Log Insight. 5 Open We rowser nd go to A wrning messge tht the onnetion is not trusted ppers. VMwre, In. 258

259 6 To review the ertifite, lik the pdlok in the ddress r of the rowser, nd verify tht Sujet Alterntive Nme ontins the nme of the vrelize Log Insight luster node. 7 Import the ertifite in your We rowser. For exmple, in Google Chrome under the HTTPS/TLS settings lik Mnge ertifites, nd in the Certifites dilog ox import vrli-hin.pem. You n lso use Certifite Mnger on Windows or Keyhin Aess on MAC OS X. Connet vrelize Log Insight to the vsphere Environment for Consolidted SDDC Strt olleting log informtion out the ESXi nd vcenter Server instnes in the Consolidted SDDC. 1 Configure User Privileges in vsphere for Integrtion with vrelize Log Insight for Consolidted SDDC Assign glol permissions in the Consolidted SDDC to the opertions servie ount sv-vrli in order to ollet log informtion from the vcenter Server instnes nd ESXi hosts with vrelize Log Insight. The sv-vrli user ount is speifilly dedited to olleting log informtion from vcenter Server nd ESXi. 2 Connet vrelize Log Insight to vsphere for Consolidted SDDC After you onfigure the sv-vrli Ative Diretory user with the vsphere privileges tht re required for retrieving log informtion from the vcenter Server instne nd ESXi hosts, onnet vrelize Log Insight to vsphere. 3 Configure vcenter Server to Forwrd Log Events to vrelize Log Insight for Consolidted SDDC You n onfigure eh vcenter Server nd Pltform Servies Controller ppline to forwrd system logs nd events to the vrelize Log Insight luster. You n then view nd nlyze ll syslog informtion in the vrelize Log Insight we interfe. 4 Updte the Host Profile for the Consolidted Cluster with Syslog s In order to hve onsistent logging onfigurtion ross ll ESXi hosts in the onsolidted luster, updte the host profile to ommodte the syslog settings for onnetion to vrelize Log Insight. Configure User Privileges in vsphere for Integrtion with vrelize Log Insight for Consolidted SDDC Assign glol permissions in the Consolidted SDDC to the opertions servie ount sv-vrli in order to ollet log informtion from the vcenter Server instnes nd ESXi hosts with vrelize Log Insight. The sv-vrli user ount is speifilly dedited to olleting log informtion from vcenter Server nd ESXi. VMwre, In. 259

260 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu, selet Administrtion. 3 Under Aess Control, lik Roles. VMwre, In. 260

261 4 Crete role for vrelize Log Insight. Selet Red-only nd lik the Clone role tion ion. You lone the Red-only role euse it inludes the System.Anonymous, System.View, nd System.Red privileges. vrelize Log Insight requires those privileges for essing log informtion relted to the vcenter Server instnes. In the Clone Role Red-only dilog ox, omplete the onfigurtion of the role nd lik OK. Role nme Desription Log Insight User Privilege Host.Configurtion.Advned settings Host.Configurtion.Chnge settings Host.Configurtion.Network onfigurtion Host.Configurtion.Seurity profile nd firewll These host privileges llow vrelize Log Insight to onfigure the syslog servie on the ESXi hosts. VMwre, In. 261

262 5 Assign glol permissions to the servie ount. d e f In the vsphere We Client, selet Administrtion from the Home menu nd lik Glol Permissions under Aess Control. On the Mnge t, lik Add Permission ion. In the Glol Permissions Root - Add Permission dilog ox, lik Add to ssoite user or group with role. In the Selet Users/Groups dilog ox, from the Domin drop-down menu, selet rinpole.lol, in the filter ox type sv, nd press Enter. From the list of users nd groups, selet the sv-vrli user, lik Add, nd lik OK. In the Glol Permissions Root - Add Permission dilog ox, from the Assigned Role dropdown menu, selet Log Insight User, selet Propgte to hildren, nd lik OK. The glol permissions of the sv-vrli@rinpole.lol user propgte to ll linked vcenter Server instnes. Connet vrelize Log Insight to vsphere for Consolidted SDDC After you onfigure the sv-vrli Ative Diretory user with the vsphere privileges tht re required for retrieving log informtion from the vcenter Server instne nd ESXi hosts, onnet vrelize Log Insight to vsphere. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 Clik the onfigurtion drop-down menu ion nd selet Administrtion. 3 Under Integrtion, lik vsphere. VMwre, In. 262

263 4 In the vcenter Servers pne, enter the onnetion settings for vcenter Server. Enter the host nme, user redentils, nd olletion options for the vcenter Server instne, nd lik Test Connetion. vcenter Server Option Hostnme Usernme Pssword Collet vcenter Server events, tsks, nd lrms Configure ESXi hosts to send logs to Log Insight sfo01w01v01.sfo01.rinpole.lol sv-vrli_user_pssword Seleted Seleted Clik Advned Options nd exmine the list of ESXi hosts tht re onneted to the vcenter Server instne to verify tht you re onneted to the orret vcenter Server. 5 Clik Sve. A progress dilog ox ppers. 6 Clik OK in the onfirmtion dilog ox tht ppers fter vrelize Log Insight ontts the vcenter Server instne. You see the vsphere dshords uder the VMwre - vsphere ontent pk Dshords tegory. Configure vcenter Server to Forwrd Log Events to vrelize Log Insight for Consolidted SDDC You n onfigure eh vcenter Server nd Pltform Servies Controller ppline to forwrd system logs nd events to the vrelize Log Insight luster. You n then view nd nlyze ll syslog informtion in the vrelize Log Insight we interfe. In the Consolidted SDDC, you onfigure the following vcenter Server nd Pltform Servies Controller instnes: Appline Type vcenter Server instne Pltform Servies Controller instne Virtul Appline Mngement Interfe URL Rediret the log events from the vcenter Server ppline to vrelize Log Insight. Open We rowser nd go to Log in using the following redentils. User nme Pssword root v_root_pssword VMwre, In. 263

264 d In the Nvigtor, lik Syslog Configurtion. On the Syslog Configurtion pge, lik Edit, onfigure the following settings, nd lik OK. Common Log Level * Remote Syslog Host sf01vrli01.sfo01.rinpole.lol Remote Syslog Port 514 Remote Syslog Protool UDP e Repet the steps for the Pltform Servies Controller ppline. 2 Verify tht the pplines re forwrding their syslog trffi to vrelize Log Insight. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword d In the vrelize Log Insight user interfe, lik Dshords nd selet VMwre - vsphere under Content Pk Dshords. Verify tht the vcenter Server nd Pltform Servies Controller nodes re presented on the All vsphere events y hostnme widget of the Generl Overview dshord. Updte the Host Profile for the Consolidted Cluster with Syslog s In order to hve onsistent logging onfigurtion ross ll ESXi hosts in the onsolidted luster, updte the host profile to ommodte the syslog settings for onnetion to vrelize Log Insight. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 Updte the host profile to the onsolidted luster. From the vsphere We Client Home menu, selet Home. In the Nvigtor, lik Poliies nd Profiles nd lik Host Profiles. VMwre, In. 264

265 d Right-lik sfo01-w01-onsolidted01 nd selet Copy s from Host. Selet sfo01w01esx01.sfo01.rinpole.lol nd lik OK. 3 Verify tht the syslog host settings hve een updted. d On the Host Profiles pge in the Nvigtor, lik sfo01-w01-onsolidted01. On the Configure t, lik s. In Filter serh ox, type in Syslog.glol.logHost. Selet the Syslog.glol.logHost entry from the list nd verify tht vlue of the option is udp://sfo01vrli01.sfo01.rinpole.lol. 4 Verify ompline for the hosts in the onsolidted luster. From the vsphere We Client Home menu, selet Hosts nd Clusters. Clik the sfo01-w01-onsolidted01 luster, lik the Monitor t, nd lik Profile Compline. Clik the Chek Compline Now utton. Verify All hosts re omplint with the tthed profile. Connet vrelize Log Insight to vrelize Opertions Mnger for Consolidted SDDC Connet vrelize Log Insight to vrelize Opertions Mnger so tht you n use the Lunh in Context funtionlity etween the two pplitions to trouleshoot vrelize Opertions Mnger y using dshords nd lerts in the vrelize Log Insight user interfe. 1 Configure User Privileges on vrelize Opertions Mnger for Integrtion with vrelize Log Insight for Consolidted SDDC Configure dministrtor privileges for the sv-vrli-vrops@rinpole.lol servie ount on vrelize Opertions Mnger. 2 Enle the vrelize Log Insight Integrtion with vrelize Opertions Mnger for Consolidted SDDC Connet vrelize Log Insight in the Consolidted SDDC with vrelize Opertions Mnger to lunh vrelize Log Insight from within vrelize Opertions Mnger nd to send lerts to vrelize Opertions Mnger. 3 Connet vrelize Opertions Mnger to vrelize Log Insight for Consolidted SDDC 4 Configure the Log Insight Agent on vrelize Opertions Mnger to Forwrd Log Events to vrelize Log Insight in Consolidted SDDC After you instll the ontent pk for vrelize Opertions Mnger, onfigure the Log Insight gent on vrelize Opertions Mnger to send udit logs nd system events to vrelize Log Insight in Consolidted SDDC. VMwre, In. 265

266 Configure User Privileges on vrelize Opertions Mnger for Integrtion with vrelize Log Insight for Consolidted SDDC Configure dministrtor privileges for the servie ount on vrelize Opertions Mnger. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword 2 On the min nvigtion r, lik Administrtion. 3 In the left of vrelize Opertions Mnger, expnd Aess nd lik Aess Control. 4 On the Aess Control pge, lik the User Aounts t nd lik the Import Users ion. 5 On the Import Users pge, import the sv-vrli-vrops@rinpole.lol servie ount. From the Import From drop-down menu, selet RAINPOLE.LOCAL. Selet the Bsi option for the serh query. In the Serh String text ox, enter sv-vrli-vrops nd lik Serh. The serh result ontins the sv-vrli-vrops user ount. d Selet sv-vrli-vrops@rinpole.lol user nd lik Next. 6 On the Assign Groups nd Permissions pge, to ssign the Administrtor role to the sv-vrlivrops@rinpole.lol servie ount, lik the Ojets t, onfigure the following settings, nd lik Finish. Selet Role Assign this role to the user Allow ess to ll ojets in the system Administrtor Seleted Seleted 7 When prompted with the wrning out llowing ess to ll ojets on the system, lik Yes. Enle the vrelize Log Insight Integrtion with vrelize Opertions Mnger for Consolidted SDDC Connet vrelize Log Insight in the Consolidted SDDC with vrelize Opertions Mnger to lunh vrelize Log Insight from within vrelize Opertions Mnger nd to send lerts to vrelize Opertions Mnger. VMwre, In. 266

267 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Administrtion. 3 Under Integrtion, lik vrelize Opertions. 4 On the vrelize Opertions Mnger pge, onfigure the integrtion settings for vrelize Opertions Mnger. Hostnme Usernme Pssword Enle lerts integrtion Enle lunh in ontext vrops01svr01.rinpole.lol sv-vrli-vrops@rinpole.lol sv-vrli-vrops_pssword Seleted Seleted 5 Clik Test Connetion to vlidte the onnetion nd lik Sve. A progress dilog ox ppers. 6 Clik OK to lose the dilog. Connet vrelize Opertions Mnger to vrelize Log Insight for Consolidted SDDC Configure vrelize Log Insight Adpter to integrte vrelize Log Insight with vrelize Opertions Mnger in your environment. You n ess unstrutured log dt out ny ojet in your environment y using Lunh in Context in vrelize Opertions Mnger. 1 Log in to vrelize Opertions Mnger y using the opertions interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrops_dmin_pssword VMwre, In. 267

268 2 On the min nvigtion r, lik Administrtion. 3 In the left pne of vrelize Opertions Mnger, lik Solutions. 4 On the Solutions pge, selet VMwre vrelize Log Insight from the solution tle, nd lik Configure. The Mnge Solution - VMwre vrellize Log Insight dilog ox ppers. 5 Under Instne s, enter the settings for onnetion to vrellize Log Insight. Enter the disply nme, desription nd the FQDN of the vrelize Log Insight instne. Disply Nme Desription Log Insight server for vrelize Log Insight Log Insight Adpter - sfo01vrli01 vrelize Log Insight - sfo01 sfo01vrli01.sfo01.rinpole.lol d e f Clik Test Connetion to vlidte the onnetion to vrelize Log Insight. Clik OK in the Adpter Instne Info ox. Expnd the Advned s pne nd selet sfo01-remote-olletors from the Colletors/Groups drop-down menu. Clik Sve s. Clik OK in the Info ox out the dpter instne. 6 In the Mnge Solution - VMwre vrelize Log Insight dilog ox, lik Close. The vrelize Log Insight Adpter is ville on the Solutions pge of the vrelize Opertions Mnger user interfe. The Colletion Stte of the dpter is Colleting nd the Colletion Sttus is Dt reeiving. Configure the Log Insight Agent on vrelize Opertions Mnger to Forwrd Log Events to vrelize Log Insight in Consolidted SDDC After you instll the ontent pk for vrelize Opertions Mnger, onfigure the Log Insight gent on vrelize Opertions Mnger to send udit logs nd system events to vrelize Log Insight in Consolidted SDDC. VMwre, In. 268

269 1 Enle Seure Shell (SSH) on eh node of vrelize Opertions Mnger in vcenter Server. Open We rowser nd go to Log in using the following redentils. User nme Pssword vsphere_dmin_pssword Under the sfo01w01v01.sfo01.rinpole.lol vcenter Server, nvigte to the virtul ppline for the node. Virtul Appline Nme vrops01svr01 sfo01vrops01 Role Mster node Remote olletor d e f Right-lik the ppline node nd selet Open Console to open the remote onsole to the ppline. Press ALT+F1 to swith to the ommnd prompt. Log in using the following redentils. User nme Pssword root vrops_root_pssword g Strt the SSH servie y running the following ommnd. servie sshd strt 2 Configure the Log Insight gent in vrelize Opertions Mnger. Open n SSH onnetion to the vrelize Opertions Mnger pplines using the following settings. Hostnme vrops01svr01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol User nme Pssword root vrops_root_pssword Edit the ligent.ini file using text editor suh s vi. vi /vr/li/loginsight-gent/ligent.ini VMwre, In. 269

270 Lote the [server] setion nd unomment the following prmeters. [server] ; Log Insight server hostnme or ip ddress ; If omitted the defult vlue is LOGINSIGHT hostnme=sfo01vrli01.sfo01.rinpole.lol ; Set protool to use: ; fpi - Log Insight REST API ; syslog - Syslog protool ; If omitted the defult vlue is fpi ; proto=fpi ; Log Insight server port to onnet to. If omitted the defult vlue is: ; for syslog: 512 ; for fpi without ssl: 9000 ; for fpi with ssl: 9543 port=9000 ;ssl - enle/disle SSL. Applies to fpi protool only. ; Possile vlues re yes or no. If omitted the defult vlue is no. ssl=no ; Time in minutes to fore reonnetion to the server ; If omitted the defult vlue is 30 ;reonnet=30 d After the [server] setion, dd the following lok on eh vrelize Opertions Mnger node. [ommon filelog] tgs={"vmw_vr_ops_ppnme":"vrops", "vmw_vr_ops_lusternme":"vrops01svr01", "vmw_vr_ops_lusterrole":"<vrops Node Role Here>", "vmw_vr_ops_nodenme":"<your vrops Node Nme Here>", "vmw_vr_ops_hostnme":"<your vrops Hostnme Here>"} VMwre, In. 270

271 e Modify the following prmeters speifilly for eh node. Prmeter Desription Lotion in ligent.ini vmw_vr_ops_lusterrole vmw_vr_ops_nodenme vmw_vr_ops_hostnme Role of the vrelize Opertions Mnger node IP ddress or FQDN of the vrelize Opertions Mnger node Nme of the vrelize Opertions Mnger node tht is set during node initil onfigurtion Set to Mster, Repli, Dt or Remote Colletor ording to the role of the node. Reple eh <Your VROPS Node Nme Here> with the following nmes: vrops01svr01 sfo01vrops01 Reple eh <Your VROPS Hostnme Here> with the following nmes: vrops01svr01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol Use the following s n exmple, on the mster node you hnge the [ommon filelog] setion in order to dd ontext to the logs tht re sent to the vrelize Log Insight luster: [ommon filelog] tgs={"vmw_vr_ops_ppnme":"vrops", "vmw_vr_ops_lusternme":"vrops01svr01", "vmw_vr_ops_lusterrole":"mster", "vmw_vr_ops_nodenme":"vrops01svr01", "vmw_vr_ops_hostnme":"vrops01svr01.rinpole.lol"} f g Press Es nd enter :wq! to sve the file. Restrt the Log Insight gent on the node y running the following onsole ommnd. /et/init.d/ligentd restrt h Verify tht the Log Insight gent is running. /et/init.d/ligentd sttus i Stop the SSH servie on the virtul ppline y running the following ommnd. servie sshd stop 3 Repet the steps to onfigure the remining vrelize Opertions Mnger pplines. 4 Configure the Linux Agent group for the vrelize Opertions Mnger omponents from the vrelize Log Insight We user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword VMwre, In. 271

272 Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e f g Under Mngement, lik Agents. From the drop-down menu t the top, selet vrops 6.4 or higher - Smple from the Aville Templtes setion nd lik Copy Templte utton t the ottom. In the Copy Agent Group dilog ox, enter vrops6 - Agent Group in the Nme text ox nd lik Copy. In the gent filter fields, enter the following vlues pressing Enter fter eh host nme. Filter Opertor s Hostnme mthes vrops01svr01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol h i j Clik Refresh nd verify tht ll the gents in the filter pper in the Agents list. Clik Sve New Group utton t the ottom of the pge. Clik the Dshords t nd selet the VMwre - vrops 6.x dshord under the Content Pk Dshords on the left. All VMwre - vrops 6 dshords eome ville on the home pge of vrelize Log Insight. You see Totl numer of vrops Clusters showing 1 nd Totl numer of vrops nodes over time showing the host nmes of the vrelize Opertions Mnger nodes. Connet vrelize Log Insight to the NSX Instnes for Consolidted SDDC Instll nd onfigure the vrelize Log Insight Content Pk for NSX for vsphere for log visuliztion nd lerting of the NSX for vsphere rel-time opertion. You n use the NSX-vSphere dshords to monitor logs out instlltion nd onfigurtion, nd out virtul networking servies. 1 Instll the vrelize Log Insight Content Pk for NSX for vsphere for Consolidted SDDC Instll the ontent pk for NSX for vsphere to dd the dshords for viewing log informtion in vrelize Log Insight. 2 Configure NSX Mnger to Forwrd Log Events to vrelize Log Insight for Consolidted SDDC Configure the NSX Mnger for the onsolidted luster to send udit logs nd system events to vrelize Log Insight in the Consolidted SDDC. 3 Configure the NSX Controllers to Forwrd Events to vrelize Log Insight for Consolidted SDDC Configure the NSX Controller instnes for the onsolidted luster to forwrd log informtion to vrelize Log Insight in Consolidted SDDC y using the NSX REST API. To enle log forwrding, you n use REST lient, suh s the Postmn pplition for Google Chrome. VMwre, In. 272

273 4 Configure the NSX Edge Instnes to Forwrd Log Events to vrelize Log Insight for Consolidted SDDC Rediret log informtion from the edge servies gtewys, universl distriuted logil router nd lod lner to vrelize Log Insight in the Consolidted SDDC. Instll the vrelize Log Insight Content Pk for NSX for vsphere for Consolidted SDDC Instll the ontent pk for NSX for vsphere to dd the dshords for viewing log informtion in vrelize Log Insight. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Content Pks. 3 Under Content Pk Mrketple, selet Mrketple. 4 In the list of ontent pks, lote the VMwre - NSX-vSphere ontent pk nd lik its ion. 5 In the Instll Content Pk dilog ox, ept the Liense Agreement nd lik Instll. 6 In the VMwre - NSX-vSphere Setup Instrutions dilog ox, lik OK. After the instlltion is omplete, the VMwre - NSX-vSphere ontent pk ppers in the Instlled Content Pks list on the left. Configure NSX Mnger to Forwrd Log Events to vrelize Log Insight for Consolidted SDDC Configure the NSX Mnger for the onsolidted luster to send udit logs nd system events to vrelize Log Insight in the Consolidted SDDC. VMwre, In. 273

274 1 On the Windows host tht hs ess to the dt enter, log in to the NSX Mnger We interfe. Open We rowser nd go to following URL. NSX Mnger NSX Mnger for the onsolidted luster URL Log in using the following redentils. User nme dmin Pssword nsx_mnger_dmin_pssword 2 On the min pge of the ppline user interfe, lik Mnge Appline s. 3 Under s, lik Generl, nd in the Syslog Server pne, lik Edit. 4 In the Syslog Server dilog ox, onfigure vrelize Log Insight s syslog server y speifying the following settings nd lik OK. Syslog Server Syslog Server sfo01vrli01.sfo01.rinpole.lol Port 514 Protool UDP Configure the NSX Controllers to Forwrd Events to vrelize Log Insight for Consolidted SDDC Configure the NSX Controller instnes for the onsolidted luster to forwrd log informtion to vrelize Log Insight in Consolidted SDDC y using the NSX REST API. To enle log forwrding, you n use REST lient, suh s the Postmn pplition for Google Chrome. 1 Log in to the Windows host tht hs ess to your dt enter. 2 In Chrome We rowser, strt the Postmn pplition nd log in. VMwre, In. 274

275 3 Speify the request heders for requests to the NSX Mnger. On the Authoriztion t, onfigure the following uthoriztion settings nd lik Updte Request. Type User nme Pssword Bsi Auth dmin sfo01nsx_dmin_pssword The Authoriztion:Bsi XXX heder ppers in the Heders pne. On the Heders t, enter the following heder detils. Request Heder Attriute Content-Type pplition/xml The Content-Type:pplition/xml heder ppers in the Heders pne. 4 Contt the NSX Mnger to retrieve the IDs of the ssoited NSX Controllers. Selet GET from the drop-down menu tht ontins the HTTP request methods. In the URL text ox next to the seleted method, enter the following URL, nd lik Send. NSX Mnger NSX Mnger for the onsolidted luster URL The Postmn pplition sends query to the NSX Mnger out the instlled NSX ontrollers. VMwre, In. 275

276 After the NSX Mnger sends response k, lik the Body t in the response pne. The response ody ontins root <ontrollers> XML element tht groups the detils out the three ontrollers tht form the ontroller luster. d Within the <ontrollers> element, lote the <ontroller> element for eh ontroller nd write down the ontent of the id element. Controller IDs hve the ontroller-id formt where id represents the sequene numer of the ontroller in the luster, for exmple, ontroller-2. VMwre, In. 276

277 5 For eh NSX Controller, send request to onfigure vrelize Log Insight s remote syslog server. In the request pne t the top, selet POST from the drop-down menu tht ontins the HTTP request methods, nd in the URL text ox, enter the following URL. NSX Mnger NSX Mnger for the onsolidted luster NSX Controller in the Controller Cluster NSX Controller 1 NSX Controller 2 NSX Controller 3 POST URL ol/pi/2.0/vdn/ontroller/ontroller- 1/syslog ol/pi/2.0/vdn/ontroller/ontroller- 2/syslog ol/pi/2.0/vdn/ontroller/ontroller- 3/syslog Clik the Body t, selet rw, ensure tht the ontent-type is XML (pplition/xml), pste the following request ody in the Body text ox, nd lik Send. <ontrollersyslogserver> <syslogserver> </syslogserver> <port>514</port> <protool>udp</protool> <level>info</level> </ontrollersyslogserver> Repet the steps for the other NSX Controllers. VMwre, In. 277

278 6 Verify the syslog onfigurtion on eh NSX Controller. In the request pne, from the method drop-down menu, selet GET, in the URL text ox, enter the ontroller-speifi syslog URL from the previous step, nd lik the Send utton. After the NSX Mnger sends response k, lik the Body t in the response pne. The response ody ontins root <ontrollersyslogserver> element whih represents the settings for the remote syslog server on the NSX Controller. Verify tht the vlue of the <syslogserver> element is d Repet the steps for the other NSX Controllers to verify the syslog onfigurtion. Configure the NSX Edge Instnes to Forwrd Log Events to vrelize Log Insight for Consolidted SDDC Rediret log informtion from the edge servies gtewys, universl distriuted logil router nd lod lner to vrelize Log Insight in the Consolidted SDDC. 1 Log in to vcenter Server y using the vsphere We Client. Open We rowser nd go to Log in using the following redentils. User nme Pssword dministrtor@vsphere.lol vsphere_dmin_pssword 2 From the Home menu, selet Networking & Seurity. VMwre, In. 278

279 3 From the Networking & Seurity menu on the left, lik NSX Edges. 4 On the NSX Edges pge, selet the NSX Mnger instne from the NSX Mnger drop-down menu. NSX Mnger Instne IP Address Consolidted NSX Mnger The edge devies in the sope of the NSX Mnger pper. 5 Configure the log forwrding on eh edge servie gtewy of the Consolidted NSX Mnger instne. Doule-lik the edge devie to open its user interfe. Trffi North-South Routing North-South Routing Est-West Routing Lod Blner Consolidted NSX Edge Servies Gtewy sfo01w01esg01 sfo01w01esg02 sfo01w01udlr01 sfo01w01l01 d On the NSX Edge devie pge, lik the Mnge t, lik s, nd lik Configurtion. In the Detils pne, lik Chnge next to Syslog servers. In the Edit Syslog Servers Configurtion dilog ox, onfigure the following settings nd lik OK. Syslog Server Protool udp e f Clik OK. Repet the steps for the remining NSX Edge devies of Consolidted NSX Mnger instne. The vrelize Log Insight user interfe strts showing log dt in the NSX-vSphere-Overview dshord. The dshord is under the VMwre - NSX-vSphere group of Content Pk Dshords. Connet vrelize Log Insight to vrelize Automtion for Consolidted SDDC Connet the vrelize Log Insight to vrelize Automtion to reeive log informtion from ll omponents of vrelize Automtion in the vrelize Log Insight user interfe. VMwre, In. 279

280 1 Instll the vrelize Log Insight Content Pks for the Cloud Mngement Pltform for Consolidted SDDC Instll the ontent pks for vrelize Automtion, vrelize Orhestrtor nd Mirosoft SQL Server to dd the dshords for viewing log informtion out the Cloud Mngement Pltform in vrelize Log Insight. 2 Instll nd Configure vrelize Log Insight Windows Agents for Consolidted SDDC Instll the vrelize Log Insight gent on the Windows virtul mhines for the Distriuted Exeution Mnger, IS Mnger Servie, IS We Server, IS SQL Server nd the vsphere proxy gents. Configure Log Insight Windows Agents from the vrelize Log Insight We interfe. 3 Configure vrelize Log Insight Linux Agents in the vrelize Automtion Virtul Applines for Consolidted SDDC vrelize Log Insight Agent omes pre-instlled on the vrelize Automtion virtul ppline. Configure the ligent.ini onfigurtion file on the virtul ppline using the ppline mngement interfe. 4 Configure the vrelize Log Insight Linux Agents on vrelize Business for Consolidted SDDC vrelize Log Insight Agent omes pre-instlled on the vrelize Business virtul pplines. Configure the ligent.ini onfigurtion file on eh virtul ppline. 5 Configure Emedded vrelize Orhestrtor to Forwrd Log Events to vrelize Log Insight for Consolidted SDDC You enle the vrelize Log Insight gent nd onfigure the gent group for the emedded vrelize Orhestrtor to strt olleting log dt in the vrelize Orhestrtor dshords. Instll the vrelize Log Insight Content Pks for the Cloud Mngement Pltform for Consolidted SDDC Instll the ontent pks for vrelize Automtion, vrelize Orhestrtor nd Mirosoft SQL Server to dd the dshords for viewing log informtion out the Cloud Mngement Pltform in vrelize Log Insight. You instll the following ontent pks: VMwre - vra 7 VMwre - Orhestrtor Mirosoft - SQL Server VMwre, In. 280

281 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Content Pks. 3 Under Content Pk Mrketple, selet Mrketple. 4 In the list of ontent pks, lote the VMwre - vra 7 ontent pk nd lik its ion. 5 In the Instll Content Pk dilog ox, ept the liense greement nd lik Instll. 6 In the VMwre - vra 7 Setup Instrutions dilog ox, lik OK. 7 Repet the proedure to instll the VMwre - Orhestrtor nd Mirosoft - SQL Server ontent pks. After the instlltions re omplete, the VMwre - vra, VMwre - Orhestrtor nd Mirosoft - SQL Server ontent pks pper in the Instlled Content Pks list on the left. Instll nd Configure vrelize Log Insight Windows Agents for Consolidted SDDC Instll the vrelize Log Insight gent on the Windows virtul mhines for the Distriuted Exeution Mnger, IS Mnger Servie, IS We Server, IS SQL Server nd the vsphere proxy gents. Configure Log Insight Windows Agents from the vrelize Log Insight We interfe. VMwre, In. 281

282 1 Instll the Log Insight Windows Agents on ll the vrelize Automtion Windows VMs. Open Remote Desktop Protool (RDP) onnetion to eh of the following vrelize Automtion virtul mhines. vrelize Automtion Component IS We Server IS Mnger Servie nd DEM Orhestrtor Mirosoft SQL Server Host Nme or VM Nme vr01iws01.rinpole.lol vr01ims01.rinpole.lol vr01mssql01.rinpole.lol Log in using the following redentils. User nme Pssword Rinpole\sv-vr sv-vr-user-pssword d Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword e Clik the onfigurtion drop-down menu ion nd selet Administrtion. f g h i j k l m Under Mngement, lik Agents. On the Agents pge, lik the Downlod Log Insight Agent Version xxx link. In the Downlod Log Insight Agent Version xxx dilog ox, lik Windows MSI (32-it/64-it) nd sve the.msi file on your omputer. Doule-lik the.msi file to run the instller. In the VMwre vrelize Log Insight Agent Setup wizrd, ept the liense greement nd lik Next. With the Log Insight host nme sfo01vrli01.sfo01.rinpole.lol shown in the Host text ox, lik Instll. After the instlltion is omplete, lik Finish. Repet the steps for other Windows VMs. VMwre, In. 282

283 2 Configure the Log Insight Windows gent group for the vrelize Automtion IS omponents from the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e Under Mngement, lik Agents. From the drop-down t the top, selet vrelize Automtion 7 - Windows from the Aville Templtes setion. f Clik Copy Templte. g h In the Copy Agent Group dilog ox, enter vra7 - Windows Agent Group in the Nme text ox nd lik Copy. In the gent filter fields, use the following seletions. Press ENTER to seprte the host nme vlues. Filter Opertor s Hostnme mthes vr01iws01.rinpole.lol vr01ims01.rinpole.lol i j Clik Refresh nd verify tht ll the gents listed in the filter pper in the Agents list. Clik Sve New Group t the ottom of the pge. 3 Configure the Log Insight Windows Agent Group for the Mirosoft SQL Server omponent tht is used y vrelize Automtion. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e f Under Mngement, lik Agents. From the drop down on the top, selet Mirosoft - SQL Server from the Aville Templtes setion. Clik Copy Templte. VMwre, In. 283

284 g h In the Copy Agent Group dilog ox, enter vra7 - Mirosoft SQL Server Agent Group in the Nme text ox nd lik Copy. In the gent filter fields, use the following seletions. Press ENTER to seprte the host nme vlues. Filter Opertor s Hostnme mthes vr01mssql01.rinpole.lol i j Under Agent Configurtion, lik Edit. Lote diretory=c:\progrm Files\Mirosoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Log nd hnge it to diretory=c:\progrm Files\Mirosoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Log In this VMwre Vlidted Design, Mirosoft SQL Server 2012 R2 hs een instlled in the defult lotion on the Windows Server virtul mhine. k l Clik Refresh nd verify tht ll the gents listed in the filter pper in the Agents list. Clik Sve New Group t the ottom of the pge. All VMwre - vra 7 dshords eome ville on the vrelize Log Insight Home pge. Configure vrelize Log Insight Linux Agents in the vrelize Automtion Virtul Applines for Consolidted SDDC vrelize Log Insight Agent omes pre-instlled on the vrelize Automtion virtul ppline. Configure the ligent.ini onfigurtion file on the virtul ppline using the ppline mngement interfe. 1 Configure Log Insight gent in the mngement interfe of the vrelize Automtion Appline. Open We rowser nd log in to the following URL. URL User nme Pssword root vr_pplinea_root_pssword On the VRA s t, lik the Logs t. VMwre, In. 284

285 d Sroll down to the Log Insight Agent Configurtion setion Enter the following vlues nd lik Sve s, Host sfo01vrli01.sfo01.rinpole.lol Port 9000 Protool SSL Enled CFAPI Unheked Reonnet 30 Mx Buffer Size Configure the Linux gent group on the vrelize Log Insight server. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e f g h Under Mngement, lik Agents. From the drop-down menu on the top, selet vrelize Automtion 7 - Linux from the Aville Templtes setion. Clik Copy Templte t the ottom of the pge. In the Copy Agent Group dilog ox, enter vra7 - Linux Agent Group in the nme field nd lik Copy. In the gent filter fields, enter the following vlues pressing Enter fter eh host nme. Filter Opertor s Hostnme mthes vr01svr01.rinpole.lol i j k Clik Refresh nd verify tht ll the gents in the filter pper in the Agents list. Clik Sve New Group t the ottom of the pge. Clik the Dshord t nd selet the VMwre - VR 7 dshord from the drop-down menu on the left. All VMwre vra 7 dshords eome ville on the vrelize Log Insight Home pge. VMwre, In. 285

286 Configure the vrelize Log Insight Linux Agents on vrelize Business for Consolidted SDDC vrelize Log Insight Agent omes pre-instlled on the vrelize Business virtul pplines. Configure the ligent.ini onfigurtion file on eh virtul ppline. 1 Enle Seure Shell on oth the vrelize Business pplines. Open We rowser nd go to the following URLs, vrelize Business node vrelize Business Server Appline vrelzie Business Dt Colletor Virtul Appline Mngement Interfe URL Log in using the following redentils. User nme Pssword root vr_server_root_pssword The ppline mngement interfe of the ppline opens. d e Clik the Administrtion t nd lik Administrtion. Under the Ations setion, lik Toggle SSH setting. Verify tht the SSH servie sttus reports Enled. VMwre, In. 286

287 2 Configure the Log Insight gent in on the vrelize Business pplines. Open n SSH onnetion to the vrelize Business ppline using the following settings. Hostnme vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol User nme Pssword root vr_server_ppline_root_pssword Edit the ligent.ini file using text editor suh s vi. vi /vr/li/loginsight-gent/ligent.ini Add the following informtion under [server] setion [server] hostnme=sfo01vrli01.sfo01.rinpole.lol proto = fpi port = 9000 ssl = no d Reple ll instnes of FQDN_lolhost prmeter loted fter gent_nme with vr01svr01.rinpole.lol. e f Press ESC nd enter :wq! to sve the file. Strt the Log Insight gent. /et/init.d/ligentd strt VMwre, In. 287

288 g Verify tht the Log Insight gent is running. /et/init.d/ligentd sttus h Turn on uto-run y defult for the log insight gent. hkonfig ligentd on i Repet the steps to onfigure the vrelize Business Dt Colletor t vr01u01.sfo01.rinpole.lol. 3 Confirm tht the Log Insight gents re working in the vrelize Log Insight We interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e Under Mngement, lik Agents. Verify tht vr01svr01.rinpole.lol nd sfo01vr01.sfo01.rinpole.lol pper on the pge. Configure Emedded vrelize Orhestrtor to Forwrd Log Events to vrelize Log Insight for Consolidted SDDC You enle the vrelize Log Insight gent nd onfigure the gent group for the emedded vrelize Orhestrtor to strt olleting log dt in the vrelize Orhestrtor dshords. 1 Enle vrelize Log Insight gents for vrelize Orhestrtor. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e Under Mngement, lik Agents. From the drop-down menu t the top, selet vrelize Orhestrtor from the All Agents setion nd lik Copy Templte. VMwre, In. 288

289 f g In the Copy Agent Group dilog ox, enter vro7 - Agent Group in the nme text ox nd lik Copy. To set whih gents reeive the onfigurtion, in the gent filter fields, enter the following vlues pressing Enter fter eh host nme. Filter Opertor s Hostnme mthes vr01svr01.rinpole.lol h i Clik Refresh nd verify tht in the Agents list vrelize Log Insight reeives dt from the two gents in the filter. Clik Sve Agent Group t the ottom of the pge. 2 Verify tht the vrelize Log Insight server is reeiving log events from the vrelize Orhestrtor pplines. On the min nvigtion r, lik Dshords. In the vrelize Log Insight user interfe, lik VMwre - Orhestrtor under Content Pk Dshords. Verify tht the Server nodes grouped y hostnme widget on the Server overview dshord shows the vrelize Appline host nme vr01svr01.rinpole.lol Instll the Linux Content Pk nd Configure the Virtul Appline Agent Group for vrelize Log Insight for Consolidted SDDC Instll the ontent pk for VMwre Linux to dd the dshords for viewing log informtion out the mngement virtul pplines in vrelize Log Insight. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 Instll the ontent pk for VMwre Linux. In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Content Pks. Under Content Pk Mrketple, selet Mrketple. In the list of ontent pks, lote the Linux ontent pk nd lik its ion. VMwre, In. 289

290 d e In the Instll Content Pk dilog ox, ept the Liense Agreement nd lik Instll. After the instlltion is omplete, the Linux ontent pk ppers in the Instlled Content Pks list on the left. 3 Configure the Log Insight Linux gent group for the virtul pplines from the vrelize Log Insight user interfe. Clik the onfigurtion drop-down menu ion nd selet Administrtion. d e f Under Mngement, lik Agents. From the drop-down t the top, selet Linux from the Aville Templtes setion. Clik Copy Templte. In the Copy Agent Group dilog ox, enter vapplines - Agent Group in the Nme text ox nd lik Copy. In the gent filter fields, use the following seletions. Press ENTER to seprte the host nme vlues. Filter Opertor s Hostnme mthes vrops01svr01.rinpole.lol sfo01vrops01.sfo01.rinpole.lol vr01svr01.rinpole.lol vr01svr01.rinpole.lol sfo01vr01.sfo01.rinpole.lol g h Clik Refresh nd verify tht ll the gents listed in the filter pper in the Agents list. Clik Sve New Group t the ottom of the pge. VMwre, In. 290

291 4 Verify logs dt is showing up on the Linux dshords. On the min nvigtion r, lik Dshords. Expnd Linux nd lik Seurity - Overview. Configure Log Retention nd Arhiving for Consolidted SDDC Set log retention to one week nd rhive logs for 90 dys ording to the VMwre Vlidted Design Arhiteture nd Design doumenttion. 1 Log in to the vrelize Log Insight user interfe. Open We rowser nd go to Log in using the following redentils. User nme Pssword dmin vrli_dmin_pssword 2 In the vrelize Log Insight user interfe, lik the onfigurtion drop-down menu ion nd selet Administrtion. VMwre, In. 291