Vma 51 Guide

vSphere Management Assistant Guide
vSphere 5.1
This document supports the version of each product listed and

supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs.
EN-000852-00
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright 20082012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
VMware, Inc.
Contents
AboutThisBook
1 IntroductiontovMA 7
vMACapabilities 7
vMAComponentOverview 8
vSphereAuthenticationMechanism 8
vMASamples 9
vMAUseCases 9
WritingorConvertingScripts 9
WritingorConvertingAgents 9
2 GettingStartedwithvMA 11
HardwareRequirements 12
SoftwareRequirements 12
RequiredAuthenticationInformation 12
DeployvMA 13
ConfigurevMAatFirstBoot 13
vMAConsoleandWebUI 14
ConfigurevMAforActiveDirectoryAuthentication 15
ConfigureUnattendedAuthenticationforActiveDirectoryTargets
TroubleshootingUnattendedAuthentication 16
EnabletheviuserAccount 16
vMAUserAccountPrivileges 17
AddTargetServerstovMA 17
RunningvSphereCLIfortheTargets 20
ReconfigureaTargetServer 20
RemoveTargetServersfromvMA 21
ModifyingScripts 21
ConfigurevMAtoUseaStaticIPAddress 22
ConfigureaStaticIPAddressfromtheConsole 22
ConfigureaStaticIPAddressfromtheWebUI 23
ConfigurevMAtoUseaDHCPServer 23
ConfigurevMAtoUseaDHCPServerfromtheConsole 23
ConfigurevMAtoUseaDHCPServerfromtheWebUI 23
SettingtheTimeZone 24
SettingtheTimeZonefromtheConsole 24
SettingtheTimeZonefromtheWebUI 24
ShutDownvMA 24
DeletevMA 24
TroubleshootingvMA 25
UpdatevMA 26
ConfigureAutomaticvMAUpdates 26
15
3 vMAInterfaces 27
vMAInterfaceOverview 27
vifptargetCommandforvifastpassInitialization 27
VMware, Inc.
vifpTargetManagementCommands 28
vifpaddserver 28
vifpremoveserver 29
vifprotatepassword 30
vifplistservers 31
vifpreconfigure 32
TargetManagementExampleSequence 32
UsingtheVmaTargetLibLibrary 33
VmaTargetLibReference 33
EnumeratingTargets 33
QueryingTargets 33
ProgrammaticLogin 34
ProgrammaticLogout 34
Index 35
VMware, Inc.
About This Book
ThevSphereManagementAssistantGuideexplainshowtodeployandusevMAandincludesreference
informationforvMACLIsandlibraries.
Toviewthecurrentversionofthisbook,aswellasallVMwareAPIandSDKdocumentation,goto
http://www.vmware.com/support/pubs/sdk_pubs.html.
NOTEThetopicsinwhichthisdocumentationusestheproductnameESXiareapplicabletoallsupported
releasesofESXandESXi.
Revision History
Thisbook,thevSphereManagementAssistantGuide,isrevisedwitheachreleaseoftheproductorwhen
necessary.Arevisedversioncancontainminorormajorchanges.Table 1summarizesthesignificantchanges
ineachversionofthisbook.
Table 1. Revision History
Revision
Description
10SEP2012
vMA5.1release
20JAN2012
Chapter2,sectionConfigureUnattendedAuthenticationforActiveDirectoryTargetsisupdated.
24AUG2011
vMA5.0release.
13JUL2010
vMA4.1release
16NOV2009
Chapter1isenhancedtoprovidedetailsaboutvMAsenhancedcapabilities,authenticationmechanisms
andthechangestothesamples.
Chapter2providesinformationaboutconfiguringvMAforActiveDirectory.Italsoexplainshowto
reconfigureatargetserver.
Chapter3providesinformationaboutthenewvifptargetandvifp reconfigurecommands.Italso
describestheVmaTargetLiblibrary.
21MAY2009
vMA4.0documentation
27OCT2008
VIMA1.0documentation
Intended Audience
ThisbookisforadministratorsanddeveloperswithsomeexperiencesettingupaLinuxsystemandworking
inaLinuxenvironment.AdministratorscanusethevMAautomatedauthenticationfacilitiesandthesoftware
packagedwithvMAtointeractwithESXihostsandvCenterServersystems.Developerscancreateagentsthat
interactwithESXihostsandvCenterServersystems.
VMware, Inc.
VMware Technical Publications Glossary

VMwareTechnicalPublicationsprovidesaglossaryoftermsthatmightbeunfamiliartoyou.Fordefinitions
oftermsastheyareusedinVMwaretechnicaldocumentationgotohttp://www.vmware.com/support/pubs.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Sendyourfeedbackto
docfeedback@vmware.com.
Technical Support and Education Resources

Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Toaccessthecurrentversions
ofotherVMwarebooks,gotohttp://www.vmware.com/support/pubs.
Online and Telephone Support

Touseonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and
registeryourproducts,gotohttp://www.vmware.com/support.
Support Offerings
TofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,goto
http://www.vmware.com/support/services.
VMware Professional Services

VMwareEducationServicescoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerials
designedtobeusedasonthejobreferencetools.Coursesareavailableonsite,intheclassroom,andlive
online.Foronsitepilotprograms andimplementationbestpractices,VMwareConsultingServicesprovides
offeringsto helpyouassess,plan,build,andmanageyourvirtualenvironment.Toaccessinformationabout
educationclasses,certificationprograms,andconsultingservices,gotohttp://www.vmware.com/services.
VMware, Inc.
Introduction to vMA
ThevSphereManagementAssistant(vMA)isaSUSELinuxEnterpriseServer11basedvirtualmachinethat
includesprepackagedsoftwaresuchasthevSpherecommandlineinterface,andthevSphereSDKforPerl.
vMAallowsadministratorstorunscriptsoragentsthatinteractwithESXihostsandvCenterServersystems
withouthavingtoauthenticateeachtime.
Thechapterincludesthefollowingtopics:
vMACapabilitiesonpage 7
vMAComponentOverviewonpage 8
vMAUseCasesonpage 9
TogetstartedwithvMArightaway,gotoGettingStartedwithvMAonpage 11.
vMA Capabilities
vMAprovidesaflexibleandauthenticatedplatformforrunningscriptsandprograms.
Asadministrator,youcanaddvCenterServersystemsandESXihostsastargetsandrunscriptsand
programsonthesetargets.Onceyouhaveauthenticatedwhileaddingatarget,youneednotloginagain
whilerunningavSphereCLIcommandoragentonanytarget.
Asadeveloper,youcanusetheAPIsprovidedwiththeVmaTargetLiblibrarytoprogrammatically
connecttovMAtargetsbyusingPerlorJava.
vMAenablesreuseofserviceconsolescriptsthatarecurrentlyusedforESXiadministration,though
minormodificationstothescriptsareusuallynecessary.
vMAcomespreconfiguredwithtwouseraccounts,namely,viadminandviuser.
Asviadmin,youcanperformadministrativeoperationssuchasadditionandremovaloftargets.
You canalsorunvSphereCLIcommandsandagentswithadministrativeprivilegesonthe
added targets.
Asviuser,youcanrunthevSphereCLIcommandsandagentswithreadonlyprivilegesonthe
target.
YoucanmakevMAjoinanActiveDirectorydomainandloginasanActiveDirectoryuser.Whenyourun
commandsfromsuchauseraccount,theappropriateprivilegesgiventotheuseronthevCenterServer
systemortheESXihostwouldbeapplicable.
vMAcanrunagentcodethatmakeproprietaryhardwareorsoftwarecomponentscompatiblewith
VMwareESX.ThesecodecurrentlyrunintheserviceconsoleofexistingESXhosts.Youcanmodifymost
oftheseagentcodetoruninvMA,bycallingthevSphereAPI,ifnecessary.Developersmustmoveany
agentcodethatdirectlyinterfaceswithhardwareintoaprovider.
VMware, Inc.
vMA Component Overview

WhenyouinstallvMA,youarelicensedtousethevirtualmachinethatincludesallvMAcomponents.
vMAincludesthefollowingcomponents.
SUSELinuxEnterpriseServer11SP1vMArunsSUSELinuxEnterpriseServeronthevirtualmachine.
YoucanmovefilesbetweentheESXihostandthevMAconsolebyusingthevifsvSphereCLIcommand.
VMwareToolsInterfacetothehypervisor.
vSphereCLICommandsformanagingvSpherefromthecommandline.SeethevSphereCommandLine
InterfaceInstallationandReferenceGuide.
vSphereSDKforPerlClientsidePerlframeworkthatprovidesascriptinginterfacetothevSphereAPI.
TheSDKincludesutilityapplicationsandsamplesformanycommontasks.
JavaJREversion1.6RuntimeengineforJavabasedapplicationsbuiltwithvSphereWebServicesSDK.
vifastpassAuthenticationcomponent.
vSphere Authentication Mechanism

vMAsauthenticationinterfaceallowsusersandapplicationstoauthenticatewiththetargetserversusing
vifastpassorActiveDirectory.Whileaddingaserverasatarget,theAdministratorcandetermineifthetarget
needstousevifastpassorActiveDirectoryauthentication.Forvifastpassauthentication,thecredentialsthat
auserhasonthevCenterServersystemorESXihostarestoredinalocalcredentialstore.ForActiveDirectory
authentication,theuserisauthenticatedwithanActiveDirectoryserver.
WhenyouaddanESXihostasafastpasstargetserver,vifastpasscreatestwouserswithobfuscated
passwordsonthetargetserverandstoresthepasswordinformationonvMA:
viadminwithadministratorprivileges
viuserwithreadonlyprivileges
ThecreationofviadminandviuserdoesnotapplyforActiveDirectoryauthenticationtargets.Whenyouadd
asystemasanActiveDirectorytarget,vMAdoesnotstoreanyinformationaboutthecredentials.Tousethe
ActiveDirectoryauthentication,theadministratormustconfigurevMAforActiveDirectory.Formore
informationonhowtoconfigurevMAforActiveDirectory,seeConfigurevMAforActiveDirectory
Authenticationonpage 15.
Afteraddingatargetserver,youmustinitializevifastpasssothatyoudonothavetoauthenticateeachtime
yourunvSphereCLIcommands.IfyourunavSphereCLIcommandwithoutinitializingvifastpass,youwill
beaskedforusernameandpassword.
Youcaninitializevifastpassbyusingoneofthefollowingmethods:
Runvifptarget.Formoreinformationaboutthisscript,seevifptargetCommandforvifastpass
Initializationonpage 27.
CalltheLoginmethodinaPerlorJavaprogram.Formoreinformationaboutthismethod,see
VmaTargetLibReferenceonpage 33.
Aftersettingupatargetusingthevifptargetcommand,youcanrunvSphereCLIcommandsorscriptsthat
usevSphereSDKforPerlwithoutprovidinganyauthenticationinformation.Toruncommandsagainstan
ESXihostthatismanagedbyavCenterServer,youcanusethe--vihostoption.
EachtimeyoulogintovMA,youmustrunthevifptargetcommandortheLoginmethodonce.Thetarget
thatyouspecifyinthevifptargetcommandisthedefaulttarget.Targetserversremaintargetsacross
reboots.Youcanoverrideitbyusingthe--serveroptionofthevSphereCLIcommandsasshowninthe
followingexample:
vifptarget -s esx1.foo.com
vicfg-nics -l
#lists the nics on esx1.foo.com
vicfg-nics -l --server esx2.foo.com #lists the nics on esx2.foo.com
VMware, Inc.
Chapter 1 Introduction to vMA
vMA Samples
vMAsamplesillustratethevMACLIsandtheVmaTargetLiblibrary.ThesamplesareavailableinvMAat
/opt/vmware/vma/samples.
bulkAddServers.plPerlsamplethataddsmultipletargetstovMA.
mcli.plPerlsamplethatrunsavSphereCLIcommandonmultiplevMAtargetsspecifiedinafile
suppliedasanargument.Youmustrunvifptargetbeforerunningthisscript.
listTargets.pl PerlsamplethatretrievesinformationandversionofvMAtargetsusing
VmaTargetLib.
listTargets.sh JavasamplethatdemonstratesuseofVmaTargetLib.
vMA Use Cases

Thissectionlistsafewtypicalusecases.
Writing or Converting Scripts

YoucanrunexistingvSphereCLIorvSphereSDKforPerlscriptsfromvMA.Tosettargetserversandinitialize
vifastpass,thescriptcanusetheVmaTarget.login() methodofVmaTargetLib.
Writing or Converting Agents

PartnersorcustomerscanusevMAtowriteorconvertagents.
ApartnerorcustomerwritesanewagentinPerl.
WhenapartnerorcustomerwritesanewagentinPerl,thePerlscriptmustimporttheVmaTargetLib
PerlmoduleandallvSphereSDKforPerlmodules.InsteadofcallingthevSphereSDKforPerlsubroutine
Util::Connect(targetUrl, username, password),theagentcalls
VmaTargetLib::VmaTarget.login().
ApartnerorcustomerrunsanagentwritteninPerlorJavaintheserviceconsoleandwantstoportthe
agenttovMA.
TheagentusescodesimilartothefollowingPerllikepseudocodetologintoESXihosts:
LoginToMyEsx() {
SessionManagerLocalTicket tkt = SessionManager.AcquireLocalTicket(userName);
UserSession us = sm.login(tkt.userName, tkt.passwordFilePath);
}
Thepartnerchangestheagenttousecodesimilartothefollowingpseudocodeinstead:
LoginToMyEsx(String myESXName) {
VmaTarget target = VmaTargetLib.query_target(myESXName);
UserSession us = target.login();
}
ThispseudocodeassumesonlyonevMAtarget.Formultipletargetservers,thecodecanspecifyany
targetserverorloopthroughalistoftargetservers.
ApartnerorcustomerrunsanagentwritteninPerloutsidetheESXihostandportstheagenttovMA.
InsteadofcallingthevSphereSDKforPerlmethodUtil::Connect(),theagentcallsthevifplibrary
methodVmaTargetLib::VmaTarget.login().
VMware, Inc.
10
VMware, Inc.
Getting Started with vMA
YoushouldhavesomeexperiencesettingupaLinuxsystemandworkinginaLinuxenvironment.This
chapterexplainshowtodeployandconfigurevMA,howtoaddandremovetargetservers,andhowto
prepareandrunscripts.Thechapteralsoincludestroubleshootinginformation.
ReadChapter 1,IntroductiontovMA,onpage 7forbackgroundinformationonvMAfunctionalityand
availablevMAcomponents.
IMPORTANTYoucannotupgradeapreviousversionofvMAtovMA5.1.YoumustinstallafreshvMA5.1
instance.
Thischapterincludesthefollowingtopics:
HardwareRequirementsonpage 12
SoftwareRequirementsonpage 12
RequiredAuthenticationInformationonpage 12
DeployvMAonpage 13
ConfigurevMAatFirstBootonpage 13
vMAConsoleandWebUIonpage 14
ConfigurevMAforActiveDirectoryAuthenticationonpage 15
ConfigureUnattendedAuthenticationforActiveDirectoryTargetsonpage 15
EnabletheviuserAccountonpage 16
vMAUserAccountPrivilegesonpage 17
AddTargetServerstovMAonpage 17
RunningvSphereCLIfortheTargetsonpage 20
ReconfigureaTargetServeronpage 20
RemoveTargetServersfromvMAonpage 21
ModifyingScriptsonpage 21
ConfigurevMAtoUseaStaticIPAddressonpage 22
ConfigurevMAtoUseaDHCPServeronpage 23
SettingtheTimeZoneonpage 24
ShutDownvMAonpage 24
DeletevMAonpage 24
TroubleshootingvMAonpage 25
VMware, Inc.
11
UpdatevMAonpage 26
ConfigureAutomaticvMAUpdatesonpage 26
Hardware Requirements
TosetupvMA,youmusthaveanESXihost.BecausevMArunsa64bitLinuxguestoperatingsystem,the
ESXihostonwhichitrunsmustsupport64bitvirtualmachines.
TheESXihostmusthaveoneofthefollowingCPUs:
AMDOpteron,revEorlater
IntelprocessorswithEM64TsupportwithVTenabled.
Opteron64bitprocessorsearlierthanrevE,andIntelprocessorsthathaveEM64Tsupportbutdonothave
VTsupportenabled,donotsupporta64bitguestoperatingsystem.Fordetailedhardwarerequirements,see
theHardwareCompatibilityListontheVMwareWebsite.
Bydefault,vMAusesonevirtualprocessor,andrequires3GBofstoragespaceforthevMAvirtualdisk.The
recommendedmemoryforvMAis600MB.
Software Requirements
YoucandeployvMAonthefollowingsystems:
vSphere5.1
vSphere5.0andlater
vSphere4.1andlater
vCenterApplication5.0andlater
YoucandeployvMAbyusingavSphereClientconnectedtoanESXihostorbyusingavSphereClient
connectedtovCenterServer5.1,vCenterServer5.0orlater,vCenterServer4.1orlater,orvCenterApplication
5.0andlater.
YoucanusevMAtotargetvSphere4.1andlater,vSphere5.0andlater,andvSphere5.1systems.
Atruntime,thenumberoftargetsasinglevMAinstancecansupportdependsonhowitisused.
Required Authentication Information

BeforeyoubeginvMAconfiguration,obtainthefollowingusernameandpasswordinformation:
vCenterServersystemIfyouwanttouseavCenterServersystemasthetargetserver,youmustbeable
toconnecttothatsystem.
IfyouareusingavCenterServertarget,youdonotneedpasswordsfortheESXihoststhatthevCenter
Serversystemmanages,unlessyouruncommandsthatdonotsupportvCenterServertargets.
ESXihostYoumusthavetherootpasswordortheusernameandpasswordforauserwith
administrativeprivilegesforeachESXihostyouaddasavMAtarget.Youdonotneedtheauthentication
informationwhenyouremoveatargethost.
vMAWhenyoufirstconfigurevMA,vMApromptsforapasswordfortheviadminuser.Specifya
passwordandrememberitforsubsequentlogins.TheviadminuserhasrootprivilegesonvMA.
IMPORTANTTherootuseraccountisdisabledonvMA.Torunprivilegedcommands,typesudo
<command>.Bydefault,onlyviadmincanruncommandsthatrequiresudo.
12
VMware, Inc.
Chapter 2 Getting Started with vMA
Deploy vMA
YoucandeployvMAbyusingafileorfromaURL.Ifyouwanttodeployfromafile,downloadandunzipthe
vMAZIPfilebeforeyoustartthedeploymentprocess.
IMPORTANTYoucannotupgradeanearlierversionofvMAtovMA5.1.YoumustinstallafreshvMA5.1
instance.
To deploy vMA
1
UseavSphereClienttoconnecttoasystemthatisrunningthesupportedversionofESXiorvCenter
Server.
IfconnectedtoavCenterServersystem,selectthehosttowhichyouwanttodeployvMAintheinventory
pane.
SelectFile>DeployOVFTemplate.
TheDeployOVFTemplatewizardappears.
SelectDeployfromafileorURLifyouhavealreadydownloadedandunzippedthevMAvirtual
appliancepackage.
Click Browse,selecttheOVF,andclickNext.
ClickNextwhentheOVFtemplatedetailsaredisplayed.
AcceptthelicenseagreementandclickNext.
Specifyanameforthevirtualmachine.
Youcanalsoacceptthedefaultvirtualmachinename.
Selectaninventorylocationforthevirtualmachinewhenprompted.
IfyouareconnectedtoavCenterServersystem,youcanselectafolder.
10
IfconnectedtoavCenterServersystem,selecttheresourcepoolforthevirtualmachine.
Bydefault,thetoplevelrootresourcepoolisselected.
11
Ifprompted,selectthedatastoretostorethevirtualmachineonandclickNext.
12
SelecttherequireddiskformatoptionandclickNext.
13
SelectthenetworkmappingandclickNext.
IMPORTANTEnsurethatvMAisconnectedtothemanagementnetworkonwhichthevCenterServer
systemandtheESXihoststhatareintendedvMAtargetsarelocated.
14
ReviewtheinformationandclickFinish.
ThewizarddeploysthevMAvirtualmachinetothehostthatyouselected.The deployprocesscantake
severalminutes.
NextyouconfigureyourvMAvirtualmachine.YouperformthistaskwhenyoulogintovMAthefirsttime.
Configure vMA at First Boot

WhenyoustartthevMAvirtualmachinethefirsttime,youcanconfigureit.
To configure vMA
1
InthevSphereClient,rightclickthevirtualmachine,andclickPowerOn.
SelecttheConsoletab.
VMware, Inc.
13
Selecttheappropriatemenuoptiontoconfigurethenetworksettings.
YoucanindividuallyconfigurethevariousnetworksettingssuchasIPaddress,hostname,DNS,proxy
server,anddefaultgateway,byselectingtheappropriatemenuoption.
Thehostnamecancontain64alphanumericcharacters.YoucanchangethevMAhostnamelaterby
modifyingthe/etc/HOSTNAME and/etc/hostsfiles,asyouwouldforaLinuxhost.Youcanalsousethe
vMAconsoletochangethehostname.ForaDHCPconfiguration,thehostnameisobtainedfromthe
DNSserver.
IfyouuseastaticIPv4networkconfigurationtoconfiguretheIPaddress,DNS,defaultgateway,and
hostname,thenyoumustalsoconfigureadefaultIPv6gatewayduringthefirstbootnetwork
configuration,elsethevMAmightbeunreachableinthenetworkafterlogin.
Ensurethatyoucompletethenetworkconfigurationatthefirstboot.Ifyouskipthenetwork
configuration,theappliancetakesthedefaultnetworkconfigurationfromtheguestoperatingsystem,
whichmayleadtosomeinconsistencies.
NOTEYoucanconfigureonlyonenetworkadapterinvMA.Youcannotaddandconfiguremultiplenetwork
adaptersinvMA.
4
Whenprompted,specifyapasswordfortheviadminuser.
Ifpromptedforanoldpassword,pressEnterandcontinue.
ThenewpasswordmustconformtothevMApassword policy.Thepasswordmusthaveatleast:
Ninecharacters
Oneuppercasecharacter
Onelowercasecharacter
Onenumeralcharacter
Onesymbolsuchas#,$
YoucanlaterchangethepasswordfortheviadminuserusingtheLinuxpasswdcommand.
Thisuserhasrootprivileges.
vMAisnowconfiguredandthevMAconsoleappears.TheconsoledisplaystheURLfromwhichyoucan
accesstheWebUI.
vMA Console and Web UI

vMAprovidestwointerfaces,theconsole,whichisacommandlineinterfaceandthebrowserbasedWebUI.
Fromtheconsole,youcandothefollowingtasks:
Loginasviadmin
AddserverstovMA
RuncommandsfromthevMAconsole
Configurethenetworksettingsandproxyserversettings
Configurethetimezonesettings.
ThewebUIenablesyoutodothefollowingtasks:
14
Loginasviadmin
Configurethenetworksettingsandproxyserversettings
Configurethetimezonesettings.
UpdatevMA
VMware, Inc.
Configure vMA for Active Directory Authentication

ConfigurevMAforActiveDirectoryauthenticationsothatESXihostsandvCenterServersystemsaddedto
ActiveDirectorycanbeaddedtovMAwithouthavingtostorethepasswordsinvMAscredentialstore.This
isamoresecurewayofaddingtargetstovMA.
EnsurethattheDNSserverconfiguredforvMAisthesameastheDNSserverofthedomain.Youcanchange
theDNSserverbyusingthevMAConsoleortheWebUI.EnsurethatthedomainisaccessiblefromvMA.
Also,YoumustbeabletopingtheESXiandvCenterServersystemsthatyouwanttoaddtovMA.Ensurethat
pingingresolvestheIPaddressto<targetservername.domainname>,wheredomainnameisthedomainto
whichvMAistobeadded.
To add vMA to a domain
1
FromthevMAconsole,runthefollowingcommand:
sudo domainjoin-cli join <domain-name> <domain-admin-user>
Whenprompted,providetheActiveDirectoryadministratorspassword.
Onsuccessfulauthentication,thecommandaddsvMAasamemberofthedomain.Thecommandalso
addsentriesinthe/etc/hostsfilewithvmaHostname.domainname.
RestartvMA.
Now,youcanaddanActiveDirectorytargettovMA.Forstepstodothis,seeAddTargetServersto
vMAonpage 17.
To check vMA's domain settings

sudo domainjoin-cli query
ThecommanddisplaysthenameofthedomaintowhichvMAhasjoined.
To remove vMA from the domain
sudo domainjoin-cli leave
ThevMAconsoledisplaysamessagestatingwhethervMAhaslefttheActiveDirectorydomain.
Configure Unattended Authentication for Active Directory Targets

Toconfigureunattendedauthentication(authenticationfromviadminorrootcontext)toActiveDirectory
targets,youmustrenewtheKerberosticketsforthedomainuserusingwhichthetargetisadded.Unattended
authenticationissupportedforESXi4.1Update3andlater.YoumustensurethattheActiveDirectoryissetup
forunattendedlogin.
To configure unattended authentication for Active Directory targets
1
OnanyWindowsServer2003computerthatispartofthedomaintowhichvMAisadded,downloadand
installtheKtpasstoolfromtheMicrosoftwebsite.
Openthecommandpromptandrunthefollowingcommand:
ktpass /out foo.keytab /princ foo@VMA-DC.ENG.VMWARE.COM /pass ca... /ptype KRB5_NT_PRINCIPAL
-mapuser <vma-dc>\<foo>
where,<vmadc>isthenameofthedomainandfooistheuserhavingpermissionsforthevCenter
administration.
Thiscommandcreatesafilecalledfoo.keytab.
3
Movethefoo.keytabfileto/home/local/VMA-DC/foo.
YoucanuseWinSCPandloginasuservma-dc\footomovethefile.
VMware, Inc.
15
(Optional)Makesurethattheuservmadc\fooonvMAownsthefoo.keytabfilebyusingthefollowing
commands:
ls -l /home/local/VMA-DC/foo/foo.keytab
chown vma-dc\foo/home/local/VMA-DC/foo/foo.keytab
OnvMA,createascriptin/etc/cron.hourly/kticket-renewwiththefollowingcontents:
#!/bin/sh
su - vma-dc\\foo -c '/usr/bin/kinit -k -t /home/local/VMA-DC/foo/foo.keytab foo'
Thisscriptwillrenewtheticketfortheuserfooeveryhour.
Youcanalsoaddtheabovescripttoaservicein/etc/init.dtorefreshtheticketswhenvMAisbooted.
Troubleshooting Unattended Authentication

IfyouarenotabletoauthenticatefromvMAorcannotaddvMAtothedomaincontroller,verifythefollowing
conditions:
YourDNSserversetupinvMAresolvestheIPaddressorhostnameofthevCenterservertoafully
qualifieddomainname(FQDN)andthattheFQDNcontainsthedomainnametowhichvMAisadded.
Thecommandvifp listserversshowsthenameofvCenterserverastheFQDNthatcontainsthe
domainnametowhichvMAisaddedasthesuffix.
ThedateandtimesettingsonvMA,thedomaincontrollerandthevCenterserverarethesame.Verifythe
timezoneaswell.Thetimemayvarybyanhour,butalargetimeskewmightcauseauthentication
problems.
Enable the vi-user Account

Aspartofconfiguration,vMAcreatesaviuseraccountwithnopassword.However,youcannotusethe
viuseraccountuntilyouhavespecifiedaviuserpassword.
IMPORTANTTheviuseraccounthaslimitedprivilegesonthetargetESXihostsandcannotrunany
commandsthatrequiresudoexecution.YoucannotuseviusertoruncommandsforActiveDirectorytargets
(ESXiorvCenterServer).ToruncommandsfortheActiveDirectorytargets,usethevi-adminuserorlogin
asanActiveDirectoryusertovMA.
To enable the vi-user account
1
LogintovMAasviadmin.
RuntheLinuxpasswdcommandforviuserasfollows:
sudo passwd vi-user
IfthisisthefirsttimeyouusesudoonvMA,amessageaboutrootuserprivilegesappears,andyouare
promptedfortheviadminpassword.
3
Specifytheviadminpassword.
Whenprompted,typeandconfirmthepasswordforviuser.
AftertheviuseraccountisenabledonvMA,ithasnormalprivilegesonvMAbutisnotinthesudoerslist.
WhenyouaddESXitargetservers,vMAcreatestwousersoneachtarget:
viadminhasadministrativeprivilegesonthetargetsystem.
viuserhasreadonlyprivilegesonthetargetsystem.vMAcreatesviuseroneachtargetthatyouadd,
evenifviuserisnotcurrentlyenabledonvMA.
WhenauserisloggedintovMAasviuser,vMAusesthataccountontargetESXihosts,andtheusercanrun
onlycommandsontargetESXihoststhatdonotrequireadministrativeprivileges.
16
VMware, Inc.
vMA User Account Privileges

Table 21liststheprivilegesthatthedifferentuseraccountshaveforvCLIusageagainstdifferenttargets.
Table 2-1. Account Privileges for vCLI Usage
Target
Authentication
Policy
vi-admin
vi-user
domain user
ESXi
fpauth
ESXi
adauth
vCenterServer
fpauth
vCenterServer
adauth
Add Target Servers to vMA

AfteryouconfigurevMA,youcanaddtargetserversthatrunthesupportedvCenterServerorESXiversion.
ForvCenterServerandESXisystemtargets,youmusthavethenameandpasswordofauserwhocanconnect
tothatsystem.
Seevifpaddserveronpage 28forthecompletesyntax.
To add a vCenter Server system as a vMA target for Active Directory Authentication
1
AddaserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver vc1.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1
Here,--authpolicy adauthindicatesthatthetargetneedstousetheActiveDirectoryauthentication.
Ifyourunthiscommandwithoutthe--usernameoption,vMApromptsforthenameoftheuserthatcan
connecttothevCenterServersystem.Youcanspecifythisusernameasshowninthefollowingexample:
Enter username for machinename.example.com: ADDOMAIN\user1
If--authpolicyisnotspecifiedinthecommand,thenfpauthistakenasthedefaultauthentication
policy.
3
Verifythatthetargetserverhasbeenadded.
Thedisplayshowsalltargetserversandtheauthenticationpolicyusedforeachtarget.
vifp listservers --long
server1.mycomp.com
server2.mycomp.com
server3.mycomp.com
vc1.mycomp.com
ESX
ESX
ESXi
vCenter
adauth
fpauth
adauth
adauth
Setthetargetasthedefaultforthecurrentsession:
vifptarget --set | -s <server>
VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommandonone
oftheESXihosts,forexample:
esxcli --server <VC_server> --vihost <esx_host> network nic list
Thecommandrunswithoutpromptingforauthenticationinformation.
IMPORTANTIfthenameofatargetserverchanges,youmustremovethetargetserverbyusingvifp
removeserverwiththeoldname,thenaddtheserverusingvifp addserverwiththenewname.
VMware, Inc.
17
To add a vCenter Server system as a vMA target for fastpass Authentication

1
AddaserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver vc2.mycomp.com --authpolicy fpauth
Here,--authpolicy fpauthindicatesthatthetargetneedstousethefastpassauthentication.
3
Specifytheusernamewhenprompted:
Enter username for machinename.example.com: MYDOMAIN\user1
Specifythepasswordforthatuserwhenprompted.
user1@machine.company.com's password: <not echoed to screen>
Reviewandacceptthesecurityriskinformation.
server1.mycomp.com
server2.mycomp.com
server3.mycomp.com
vc1.mycomp.com
vc2.mycomp.com
ESX
ESX
ESXi
vCenter
vCenter
adauth
fpauth
adauth
adauth
fpauth
Setthetargetasthedefaultforthecurrentsession.
VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommandonone
oftheESXihosts,forexample:
esxcli --server <VC_server> --vihost <esx_host> network nic list
To add an ESXi host as a vMA target for Active Directory Authentication
1
AddanESXiserverasavMAtargetbyrunningthefollowingcommand:
vifp addserver server3.mycomp.com --authpolicy adauth --username ADDOMAIN\\user1
Here,--authpolicy adauthindicatesthatthetargetneedstousetheActiveDirectoryauthentication.
Ifyourunthiscommandwithoutthe--usernameoption,vMApromptsforthenameoftheuserthatcan
connecttotheESXiServer.Youcanspecifythisusernameasshowninthefollowingexample:
Enter username for machinename.example.com: ADDOMAIN\user1
If--authpolicyisnotspecifiedinthecommand,thenfpauthistakenasthedefaultauthentication
policy.
3
server1.mycomp.com
server2.mycomp.com
server3.mycomp.com
vc1.mycomp.com
18
ESX
ESX
ESXi
vCenter
adauth
fpauth
adauth
adauth
VMware, Inc.
Setthetargetasthedefaultforthecurrentsession:
VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommand,forexample:
esxcli network nic list
To add an ESXi host as a vMA target for fastpass Authentication
1
AddanESXiServerasavMAtargetbyrunningthefollowingcommand:
vifp addserver server2.mycomp.com --authpolicy fpauth
Here,--authpolicy fpauthindicatesthatthetargetneedstousethefastpassauthentication.
Youarepromptedforthetargetserversrootuserpassword.
root@<servername>s password:
SpecifytherootpasswordfortheESXihostthatyouwanttoadd.
vMAdoesnotretaintherootpassword.Instead,vMAaddsviadminandviusertotheESXihost,and
storestheobfuscatedpasswordsthatitgeneratesforthoseusersintheVMwarecredentialstore.
InavSphereclientconnectedtothetargetserver,theRecentTaskspaneldisplaysinformationaboutthe
usersthatvMAadds.ThetargetserversUsersandGroupspaneldisplaystheusersifyouselectit.
CAUTIONRemoveusersaddedbyvMAfromthetargetserveronlyifyouhavedeletedthevMAvirtual
machinebutdidnotremovethetargetservers.
Reviewandacceptthesecurityriskinformation.
server1.mycomp.com
server2.mycomp.com
server3.mycomp.com
vc1.mycomp.com
vc2.mycomp.com
ESX
ESX
ESXi
vCenter
vCenter
adauth
fpauth
adauth
adauth
fpauth
Setthetargetasthedefaultforthecurrentsession.
VerifythatyoucanrunavSphereCLIcommandwithoutauthenticationbyrunningacommand,forexample:
esxcli network nic list
VMware, Inc.
19
Running vSphere CLI for the Targets

Ifyouhaveaddedmultipletargetservers,youshouldspecifythetargetserverexplicitlywhenrunning
commands.Bydefault,vMAexecutescommandsontheserverthatisconfiguredasthedefaulttargetbyusing
thevifptarget -scommand.Ifnoneoftheaddedtargetserversareconfiguredasthedefaulttargetandno
targetserverisexplicitlyspecifiedwhenrunningthevSphereCLIcommands,thenthecommandsarerun
againstthevMAitself.
To run vSphere CLI for the targets
1
AddserversasvMAtargets.
vifp addserver <server1>
vifp addserver <server2>
Verifythatthetargetserverhasbeenadded:
vifp listservers
Runvifptarget.
vifptarget -s <server2>
Thecommandinitializesthespecifiedtargetserver.Now,thisserverwillbetakenasthedefaulttargetfor
thevSphereCLIorvSphereSDKforPerlscripts.
4
RunvSphereCLIorvSphereSDKforPerlscripts,byspecifyingthetargetserver.Forexample:
esxcli --server server2 network nic list
Reconfigure a Target Server

Youcanreconfigureatargetserverifyouwanttoperformanyofthefollowingtasks:
ChangetheauthenticationmodeofavMAtargetfromvifastpasstoActiveDirectoryorviceversa.
ChangetheconfigureduserfortheActiveDirectorytarget.
Recoverusersforthevifastpasstarget.AuserneedstoberecoveredifthecredentialstoreonvMAis
corruptedorifthecredentialsofuserscorrespondingtovMAusersaremodifiedandnotreflectedinvMA.
To change the authentication policy

1
Runreconfigure
vifp reconfigure <servername> --authpolicy <authpolicy>
Whenprompted,provideyourcredentials.
IfyoureconfigureanActiveDirectorytargettovifastpassauthentication,thenspecifytheroot
passwordforESXitargetsandtherootusernameandpasswordforvCentertargets.
IfyoureconfigureavifastpasstargettoActiveDirectoryauthentication,thenspecifytheroot
usernameforthetarget.
To change the configured user or to recover users

1
Runreconfigure.
vifp reconfigure <servername>
Whenprompted,provideyourcredentials.
20
IfyoureconfigureanActiveDirectorytarget,specifyausernameforthetarget.
VMware, Inc.
Ifyoureconfigureavifastpasstarget,specifytherootpasswordoftheESXitarget,andthepassword
forusernameusedtoaddthevCenterServertarget.
NOTEIfthetargetserverisnotinitializedasthedefaulttarget,thenyoumustrunthevifptarget -s
commandagainstthetargetservertoreinitializeitwiththenewcredentialsafteryoureconfigurethetarget.
Example 2-1. Adding and Reconfiguring a Target
vi-admin@example-dhcp:~> vifp addserver 90.100.110.120
Enter username for 90.100.110.120: administrator
administrator@90.100.110.120's password:
This will store username and password in credential store which is a security risk. Do you want
to continue?(yes/no): yes
vi-admin@example-dhcp:~> vifp reconfigure 90.100.110.120
administrator@90.100.110.120's password:
vi-admin@example-dhcp:~>
Remove Target Servers from vMA

BeforeyoudeleteavMAvirtualmachine,removealltargetserversfromvMA.Ifyoudonotremovetarget
ESXihosts,theviadminandviuserusersremainonthetargetservers.
To remove a vCenter Server system from vMA
1
ToremoveatargetvCenterServersystemfromvMA,runthefollowingcommand:
vifp removeserver <servername>
ThevCenterServersystemisnolongeravMAtarget.
To remove an ESXi host from vMA
1
ToremoveanESXihostthatisavMAtarget,runthefollowingcommand:
vifp removeserver <host>
TheRecentTaskspanelofthetargetserverdisplaysinformationabouttheviadminandviuserusersthat
arebeingremoved.TheUsersandGroupspanelofthetargetservernolongerdisplaystheusers.
Modifying Scripts
YoucanmodifyserviceconsolescriptstorunfromvMA.
LinuxcommandsScriptsrunninginvMAcannotuseLinuxcommandsinthewaythattheydoonthe
ESXserviceconsolebecausetheLinuxcommandsarerunningonvMAandnotontheESXhost.
AccesstoESXifilesIfyouneedaccesstofoldersorfilesonanESXihost,youcanmakethathostatarget
serverandusethevifsvSphereCLIcommandtoview,retrieve,ormodifyfoldersandfiles.
ReferencestolocalhostScriptscannotrefertolocalhost.
Ifvifastpassisinitialized,allcommandsthatdonotspecify--serverapplytothedefaulttarget.
Ifvifastpassisinitialized,allcommandsthatspecifyhostnameorIPofthetargetapplytothetarget
specified.
ProgrammaticconnectionInPerlscriptsorJavaprograms,youcancallVmaTarget.login() method
of VmaTargetLibandspecifythehosttoconnectto.Thedirectory/opt/vmware/vma/samplescontains
examplesinPerlandJava.vMAhandlesauthenticationiftheserverhasbeenestablishedasatarget
server.ProgramscanuseVmaTargetLiblibrarycommands.SeeUsingtheVmaTargetLibLibraryon
page 33.
VMware, Inc.
21
NoprocnodesSomeserviceconsolescriptsstilluseVMwareprocnodes,whichwereofficiallymade
obsoletewithESXServer3.0andarenotavailableinESX/ESXi4.0andlater.Youcanextractinformation
thatwasavailableinVMwareprocnodesusingthevSphereCLIcommandsavailableonvMA.
TargetspecificationYoumustspecifythetargetserverwhenyouruncommandsorscripts.
Table 22liststhevMAcomponentsthatyoucanuseformodifyingscriptsthatincludeprocnodesandLinux
commands.
Table 2-2. vMA Components for Use in Scripts
vMA Component
Description
For more information
vSphereCLIcommands
ManageESXihostsandvirtualmachines.
vSphereCommandLineInterface
InstallationandReferenceGuide.
vifsvSphereCLI
command
Performcommonoperations,suchascopy,remove,
get,andput,onfilesanddirectories.
vSphereCommandLineInterface
InstallationandReferenceGuide.
vSphereSDKforPerl
AccessthevSphereAPI,aWebservicesbasedAPIfor
managing,monitoring,andcontrollingthelifecycleof
allvSpherecomponents.
vSphereSDKforPerlProgramming
Guide.
vSphereSDKforPerl
utilityapplications
Performcommonadministrativetasks.
vSphereSDKforPerlUtility
ApplicationsReference.
CommandsareonvMAin
/usr/lib/vmware-vcli/apps
vSphereSDKforPerlWS
Managementcomponent
AccessCIM/SMASHdata.ESXisupportsmany
SystemsManagementArchitectureforServer
Hardware(SMASH)profiles,enablingsystem
managementclientapplicationstocheckthestatusof
underlyingservercomponentssuchasCPU,fans,
powersupplies,andsoon.
vSphereSDKforPerlProgramming
Guide.
Configure vMA to Use a Static IP Address

Duringthefirstboot,youcanconfigurevMAtouseaDHCPserverorspecifyastaticIPaddress.TheDHCP
serverassignsanetworkaddress,allowingyoutorunthevirtualmachinewithoutsetup.Thisnetwork
addressmightchangeafterthevirtualmachinehasbeenpoweredofflongerthantheDHCPleasetime.Most
serverapplicationsshouldbeconfiguredtoastaticnetworkaddressthatisconstantandwellknown.
Configure a Static IP Address from the Console

YoucanconfigureastaticIPaddressfromthevMAconsoleorthewebUI.
To configure a static IP address from the console
1
Intheconsole,selectConfigureNetworkandpressEnter.
Selectmenuoption6toconfiguretheIPaddress.
IfyouwanttoconfigureanIPv6address,typeyandpressEnter.
22
PressEntertospecifyastaticIPaddressandprovidetheIPaddressandNetmask
TypeyandpressEntertoconfirmtheIPaddress.
a
PressEntertospecifyastaticIPaddressandprovidetheIPaddressandNetmask
TypeyandpressEntertoconfirmtheIPaddress.
Toconfiguretheothernetworksettings,suchasDNSanddefaultgateway,selecttheappropriatemenu
optionandprovidetherequirednetworkconfigurationdetails.
VMware, Inc.
Configure a Static IP Address from the Web UI

YoucanconfigureastaticIPaddressfromthevMAconsoleorthewebUI.
To configure a static IP address from the web UI
1
LogintothewebUI.
OpentheNetworkpageandclicktheAddresstab.
SelecttheUsethefollowingIPsettingsoptionandprovidetheIPaddressesforthefollowing:
IPAddress
Netmask
Gateway
PreferredDNSServer
AlternateDNSServer
Hostname
ClickSaveSettings.
Configure vMA to Use a DHCP Server

YoucanreconfigurevMAtouseaDHCPserverinsteadofusingastaticIPaddress.
Configure vMA to Use a DHCP Server from the Console

To configure vMA to use a DHCP server from the console
1
OnthevMAconsole,selectConfigureNetworkandpressEnter.
Selectmenuoption6toconfiguretheIPaddress.
TypeyandpressEntertouseaDHCPserver.
ProvidethedetailsoftheDHCPserver.
a
TypeyandpressEntertouseaDHCPserver.
ProvidethedetailsoftheDHCPserver.
Toconfiguretheothernetworksettings,suchasDNSanddefaultgateway,selecttheappropriatemenu
optionandprovidetherequirednetworkconfigurationdetails.
Configure vMA to Use a DHCP Server from the Web UI

To configure vMA to use a DHCP server from the web UI
1
LogintothewebUI.
OpentheNetworkpageandclicktheAddresstab.
SelecttheObtainconfigurationfromDHCPserveroption.
ClickSaveSettings.
VMware, Inc.
23
Setting the Time Zone

Bydefault,thevirtualhardwareclockismaintainedinCoordinatedUniversalTime(UTC),whichvMA
convertstolocaltime.Youcan,however,setittoalocaltime,whichisimportantfortheupdaterepositoryand
VMwarevCenterUpdateManager.
Setting the Time Zone from the Console

Youcansettimezonefromtheconsoleasdescribedhere.
To set the time zone from the console
1
Ontheconsole,selectSetTimezoneandpressEnter.
Whenprompted,selectyourcontinentorregionandpressEnter.
Whenprompted,selectyourcountryandpressEnter.
Thescreendisplaystheinformationthatyouhaveselectedandthetimethatwillbeset.
Type1iftheinformationiscorrect.
vMAsetsthetimezone.
Setting the Time Zone from the Web UI

YoucansetthetimezonefromthewebUIbyusingthefollowingsteps.
To set the time zone from the Web UI
1
AccessthewebUIandlogin.
ClicktheSystemtabthenclicktheTimeZonebutton.
FromtheTimeZoneSettingslist,selectyourcountryandcity.
ClickSaveSettings.
Shut Down vMA

BeforeyoupoweroffvMA,shutdownthevirtualmachine.
To shut down vMA from vSphere Client
1
ShutdowntheoperatingsystemusingaLinuxcommandsuchasthehaltcommandonthevMA
commandline.
PoweroffthevMAvirtualmachineusingthevSphereClient.
To shut down vMA from the Web UI

3
LogintotheWebUIasviadmin.
IntheInformationtab,clickShutdown.
Delete vMA
IfyouintendtodeployanewerversionofvMA,orifyounolongerneedvMA,youcandeletethevMAvirtual
machine.
IMPORTANTIfyoudeletevMAwithoutremovingallservers,theviadminandviuserusersremainonthe
targetESXihosts.ThenexttimeyouaddthehosttoavMAinstance,vMAcreatesausernamewithadifferent
numericextension.
24
VMware, Inc.
To delete the vMA virtual machine

1
RemoveallvMAtargetserversyouadded.SeeRemoveTargetServersfromvMAonpage 21.
ShutdownvMA.
PoweroffthevirtualmachinebyusingthevSphereClient.
InthevSphereClient,rightclickthevirtualmachineandselectDeletefromDisk.
Troubleshooting vMA
YoucanfindtroubleshootinginformationforallVMwareproductsinVMwareKnowledgeBasearticlesand
informationaboutvMAknownissuesinthereleasenotes.Table 23explainsafewcommonlyencountered
issuesthatareeasilyresolved.
Table 2-3. Troubleshooting vMA
Issue
Resolution
YoucandeployvMAbutwhenyoustartupthevirtual
machine,anerroroccurs.
Checkwhetheryoursetupmeetsthehardwareandsoftware
requirementslistedinHardwareRequirementson
page 12.
YouaddaserverbutthevSphereCLIcommandorPerl
scriptstillpromptsforauthentication.
Runviftargetforthetargetserver.
Youhaveaddedmultipleservers.Youdonotknow
wherevMArunsvSphereCLIcommandsifyoudonot
specify--server.
Afteracalltovifptarget,yourpromptchangestoinclude
thecurrenttarget.
YouwanttoenableDNSresolutioninvMA.
YoucanconfiguretheDNSresolutionnameserverforvMA
byupdatingthe/etc/resolv.conffile.Addthefollowing
lineforeachDNSserverinyournetwork:
nameserver <dns server ip address>
Typeman resolv.conffordetailsonthatfile.
IfvMAissetupforDHCP,andthenetworkisrestarted,
changesyoumadeto/etc/resolv.confarelost.
ProblemswhileaddingActiveDirectorytarget
orconfiguringvMAforActiveDirectory.
IfyouareunabletoauthenticatefromvMAorcannotadd
vMAtothedomaincontroller,checkthefollowing:
YourDNSserversetupinvMAresolvestheIPaddressor
hostnameofthevCenterservertoanFQDNandthe
FQDNcontainsthedomainnametowhichvMAis
added.
Thevifp listservercommandshowsthenameof
vCenterastheFQDNthatcontainsthedomainnameto
whichvMAisaddedasthesuffix.
ThedateandtimesettingsonvMA,thedomain
controllerandvCenterServerareidentical.Checkthe
timezoneaswell.Thetimemaynotexactlybethesame
butmayvarybyanhour.However,alargeskewinthe
timemaycauseauthenticationproblems.
ThisreleaseofvMAprovidesthevma-supportscriptthatenablesyoutocollectvarioussystemconfiguration
informationandotherlogs.Youcanrunthisscriptbyissuingthefollowingcommand:
> sudo vma-support
Thescriptgeneratestheinformationandlogbundleandappendsittothevmware.logfileontheESXihost
onwhichvMAisdeployed.
VMware, Inc.
25
Update vMA
YoucandownloadsoftwareupdatesincludingsecurityfixesfromVMwareandcomponentsincludedinvMA,
suchastheSUSELinuxEnterpriseServerupdatesandJRE.
IMPORTANTYoucannotupgradeapreviousversionofvMAtovMA5.1.YouneedtoinstallvMA5.1.
To update vMA
1
AccesstheWebUI.
Loginasviadmin.
ClicktheUpdatetabandthentheStatustab.
OpentheSettingstabandthenfromtheUpdateRepositorysection,selectarepository.
ClickCheckUpdates.
ClickInstallUpdates.
Configure Automatic vMA Updates

YoucanconfigureautomaticdownloadofvMAupdates.
To configure automatic updates
26
AccesstheWebUI.
Loginasviadmin.
ClicktheUpdatetabandthentheSettingstab.
ClickAutomaticcheckforupdates.
Setthescheduleforperformingtheautomaticchecksbyselectingadayandtimefromthedropdown
lists.
IntheUpdateRepositorysection,selectarepository.
ClickSaveSettings.
VMware, Inc.
vMA Interfaces
vMAinterfacesallowyoutoinitializevifastpass,add,remove,andlisttargetservers,andmanagepasswords.
TheinterfacesareavailableasPerlcommandsandJavamethods.
Thischapterincludesthefollowingtopics:
vMAInterfaceOverviewonpage 27
vifptargetCommandforvifastpassInitializationonpage 27
vifpTargetManagementCommandsonpage 28
TargetManagementExampleSequenceonpage 32
UsingtheVmaTargetLibLibraryonpage 33
VmaTargetLibReferenceonpage 33
vMA Interface Overview

Table 31showswhichinterfacesincludewhichcommandandmethod.
Table 3-1. vMA Interface Overview
Interface / Library
Commands
Methods
For More Information
vifptarget
vifptarget
vifptargetCommandforvifastpass
vifp
addserver
(administrative
interface)
removeserver
vifpTargetManagementCommands
onpage 28.
rotatepassword
listservers
reconfigure
VmaTargetLib
enumerate_targets
enumerateTargets
(library)
query_target
queryTarget
login
login
logout
logout
UsingtheVmaTargetLibLibraryon
page 33.
vifptarget Command for vi-fastpass Initialization

Youcanrunthiscommandtoperformthefollowingtasks:
InitializevifastpassforthevSphereCLIandthevSphereSDKforPerl.
Resetfastpasstarget
Displaytheinitializedfastpasstarget
VMware, Inc.
27
Usage
vifptarget
--set
|
--clear
|
--display |
--help
|
-s <server>
-c
-d
-h
Description
ThevifptargetcommandenablesseamlessauthenticationforremotevSphereCLIandvSphereSDKforPerl
commands.
Youcanestablishmultipleserversastargetservers,andthencallvifptargetoncetoinitializeallserversfor
vifastpassauthentication.Youcanthenruncommandsagainstanytargetserverwithoutadditional
authentication.Youcanusethe--serveroptiontospecifytheservertoruncommandson.
ThevMApromptdisplaysthecurrentdefaultexecutionserver.Ifyouremovethatdefaultserver,theserver
nameisremovedfromthepromptbutthevifastpassenvironmentisnotclearedandthevCLIcommandscan
stillrunseamlesslyagainstallthetargets.
WhilehostsremaintargetserversacrossvMAreboots,youmustrunvifptargetaftereachlogouttoenable
vifastpassforvSphereCLIandvSphereSDKforPerlcommands.
Options
Option
Description
set
Initializesthefastpasstarget.
display
Displaystheinitializedfastpasstarget.
clear
Clearsthevifastpassenvironment.
help
Displayhelpforthecommand.
Example
Initializesthefastpasstarget.
vifptarget --display | -d
Displaystheinitializedfastpasstarget.
vifptarget --clear | -c
Clearsthevifastpassenvironment.
vifp Target Management Commands

Thevifpinterfaceallowsadministratorstoadd,list,andremovetargetserversandtomanagetheviadmin
userspassword.
vifp addserver
AddsavCenterServersystemorESXihostasavMAtargetserver.
Usage
vifp addserver <server>
[--authpolicy <fpauth | adauth>]
[--protocol <http | https>]
[--portnumber <portnum>]
[--servicepath <servicepath>]
[--username <username>]
[--password <password>]
28
VMware, Inc.
Chapter 3 vMA Interfaces
Description
AfteraserverisaddedasavMAtarget,youmustrunvifptarget <server>beforeyourunvSphereCLI
commandsorvSphereSDKforPerlscriptsagainstthatsystem.ThesystemremainsavMAtargetacrossvMA
reboots,butrunningvifptargetagainisrequiredaftereachlogout.SeevifptargetCommandforvifastpass
Afteryourunvifptarget,youcanrunvSphereCLIorvSphereSDKforPerlcommandsandscriptsandyou
arenolongerpromptedforauthenticationinformation,asfollows:
IfyouaddavCenterServersystemasavMAtarget,youcanrunmostcommandsonallESXihoststhat
thevCenterServersystemmanagesusingthevSphereCLI--vihostoption.ThevSphereCLIInstallation
andReferenceGuideincludesatablethatshowswhichcommandscannottargetavCenterServersystem.
IfyouaddonlyoneESXihost,youcanruncommandswithoutspecifyingthetarget.
IfyouaddmultipleESXihosts,specifythetargettoavoidconfusion.
SeeAddTargetServerstovMAonpage 17andRunningvSphereCLIfortheTargetsonpage 20.

IMPORTANTIfyouchangeatargetserversname,youmustremoveit,andthenaddittovMAwiththenew
name.
Options
Option
Description
server
NameorIPaddressoftheESXihostorvCenterServersystemtoaddasavMAtarget.
authpolicy
SetstheauthenticationpolicytofastpassauthenticationortheActiveDirectory
authentication.Thedefaultvalueisfpauth.
protocol
Connectionprotocol.HTTPSbydefault.
portnumber
Connectionportnumberofthetargetserver.Thedefaultis443.
servicepath
ServicepathURLofthetargetserver.Thedefaultis/sdk.
username
Userwhoconnectstothetargetserver.
IfthetargetserverpointstoanESXihost,thedefaultisroot.Theusermusthave
superuserprivilegesontheESXihost.
IfthetargetserverpointstoavCenterServersystem,thereisnodefault.Youare
promptedforausernameifyoudonotspecifyoneusingthisoption.Theusermusthave
privilegestoconnecttothevCenterServersystem.
password
Passwordoftheuserspecifiedbyusername.
Example
vifp addserver my_vCenter
AddsavCenterServersystemasavMAtarget.Youarepromptedforausernameandpassword.Theuser
musthaveloginprivilegesonthevCenterServersystem.
vifp addserver myESX42
AddsanESXihosttovifastpass.Youarepromptedfortherootpasswordforthetargetsystem.
vifp removeserver
RemovesaspecifiedvMAtargetthatwaspreviouslyaddedwithvifp addserver.
IfthetargetisanESXisystem,youneedsuperuserprivilegesforremoval.IfthetargetisavCenterServer
system,anyuserwithconnectionprivilegescanremovethetarget.Youonlyhavetospecifythe<server>
option,withoutthepassword.
VMware, Inc.
29
Usage
vifp removeserver
<server>
[--force]
Description
Runvifp removeserverforeachvMAtargetbeforeyoudeletethevMAinstance.Ifyoudonotrunvifp
removeserver,theviuserandviadminusersremainonthetargetserver.IfyoulaterthisservertovMA,
vMAcreatestwomoreaccountsonthisserver.Runvifp removeservertoavoidhavingmultipleusers
createdbyvMAoneachtargetserver.
Options
Option
Description
server
NameorIPaddressoftheESXihostorthevCenterServersystemtoremove.
protocol
portnumber
servicepath
username
ForESXihosts,thedefaultisrootandtheusermusthavesuperuserprivilegesonthetarget
server.
password
Passwordoftheuserspecifiedby--username.Usethepasswordyouusedwhenaddingthe
server.
force
Forcesremovaloftheserver.
Examples
vifp removeserver <vCenter_Address>
RemovesavCenterServersystem.Youarenotpromptedforapassword.
vifp removeserver <esxi_Address>
RemovesanESXihost.
vifp rotatepassword
Specifiesviadminandviuserpasswordrotationparameters.
IMPORTANTThiscommandappliesonlytoESXitargetserverswiththefpauthauthenticationpolicy.You
cannotrotatepasswordsfortargetswithadauthauthenticationpolicyandforvCenterServertargets.
Usage
vifp rotatepassword
[--now [--server <server>] |
--never |
--days <days>]
Description
vMAchangespasswordsforviadminandviuserbothinthelocalcredentialstoreandonthetargetserver.
vMAattemptsthepasswordrotationatmidnight.
IfoneormoreofthetargetserversisdownwhenvMAattemptspasswordrotation,vMArepeatstheattempt
thenextdayatmidnight.
30
VMware, Inc.
Options
Option
Description
now
Immediatelyrotatesthepasswordforallserversoraspecifiedserver.
server
ESXihostforwhichyouwanttorotatethepassword.Use--serveronlywith--now.
never
Neverrotatethepasswordforanytargetserver.
days
Rotatethepasswordforalltargetserversafterthespecifiednumberofdays.
Examples
vifp rotatepassword --now
ImmediatelyrotatespasswordsofallESXivMAtargetservers.
vifp rotatepassword --now --server <server_address>
Immediatelyrotatesthepasswordofaspecificserver.
vifp rotatepassword --days 7
SetsthepasswordrotationpolicytorotatethepasswordofallESXivMAtargetseverysevendays.
Forexample,ifyouaddserver1on9/1,andserver2on9/2,andrunvifp rotatepassword --days 7,vMA
rotatesthepasswordforserver1atmidnighton9/8andthepasswordforserver2atmidnighton9/9.vMA
rotatestheserver1passwordagainon9/15andtheserver2passwordagainon9/16.Ifyouthenrunvifp
rotatepassword --days 3,vMArotatestheserver1passwordon9/18andtheserver2passwordon9/19.
vifp rotatepassword
Displaysthecurrentpasswordrotationpolicy.
vifp listservers
Liststargetsystems.
Usage
listservers [-l | --long]
Description
Youcanusethiscommandtoverifythataddserversucceeded.Thiscommanddoesnotrequireadministrator
privilegesonvMA.
Example
ListsallserversthatarevMAtargets,forexample:
server1.mycomp.com
server2.mycomp.com
server3.mycomp.com
vc42.mycomp.com
VMware, Inc.
ESX
ESX
ESXi
vCenter
fpauth
adauth
fpauth
adauth
31
vifp reconfigure
Reconfigurestargetsystems.ThiscanbedonetochangeauthenticationpolicyortheconfiguredActive
Directoryuser.
Usage
reconfigure <server>
[--authpolicy <fpauth | adauth>]
Description
Youcanusethiscommandtoreconfiguretheauthenticationpolicyortheusers.Thiscommandcanberunonly
byadministrators.
Options
Option
Description
server
NameorIPaddressoftheESXihostorthevCenterServersystemtobereconfigured.
authpolicy
IndicatesifthetargetusesthefastpassauthenticationortheActiveDirectory
authentication.Thedefaultvalueisfpauth.
protocol
portnumber
servicepath
username
IfthetargetserverpointstoanESXihost,thedefaultisroot.Theusermusthave
superuserprivilegesonthetargetserver.
IfthetargetserverpointstoavCenterServersystem,thedefaultuseristheone
configuredforthevCentersystemintheprevioussession.Forexample,ifvCenterwas
addedorreconfiguredwiththeusernameadministratorintheprevioussession,the
defaultuserforthevifp reconfigurecommandisadministrator.
password
Passwordoftheuserspecifiedbyusername.
Target Management Example Sequence

ThefollowingsequenceofcommandsaddsanESXihost,listsservers,runsvifptargettoenablevifastpass,
runsavSphereCLIcommand,andremovestheESXihost.
vifp addserver server1.company.com
root@server1.company.coms password: <password, not echoed to screen>
vifp listservers
server1.company.com
ESX
vifptarget --set server1.company.com
esxcli storage core path list
cdrom vmhba0:1:0 (0MB has 1 paths and policy of fixed
Local 0:7:1 vmhba0:1:0 On active preferred
.....
vifp removeserver server1.company.com
root@server1.company.coms password: <password, not echoed to screen>
32
VMware, Inc.
Using the VmaTargetLib Library

TheVmaTargetLib libraryallowsyoutoprogrammaticallyconnecttovMAtargetsbyusingPerlorJava.
AgentscanlinkwithVmaTargetLib andusevifastpassfunctionality.TheVmaTargetLiblibraryallowsyou
toenablevifastpassauthenticationandtoqueryorlistoneormoretargetswiththefollowingcommands:
EnumerateTargetsRetrievesalistofallserversthatarevMAtargets.
QueryTargetRetrievesconnectioninformationforatargetserver.
LoginConnectstoatargetserver.
LogoutLogsyououtofthetargetserver.
SeetheVmaTargetLibjavalibraryforamoredetailedreferencetotheJavainterface.Youcanfindsamplesin
/opt/vmware/vma/samples.
VmaTargetLib Reference
YoucanusethefollowingVmaTargetLibcommandsinPerlorJavaprograms.
Enumerating Targets
Usage
Perl
enumerate_targets()
Java
enumerateTargets()
Description
ReturnsalistoftargetvCenterServerorESXisystemsaddedtothevMAinstancebyusingvifp addserver.
Options
None
Returns
Returnsalistofalltargetservers.
Querying Targets
Usage
Perl
query_target (<servername>)
Java
queryTarget (string <servername>)
Description
Allowsthecaller,forexample,anagent,toretrievelogincredentialsfromavMAtargetandusethose
credentialstoconnecttothevMAtarget.
Options
Option
Description
servername
OneoftheserversaddedtothisvMAinstanceusingvifp addserver.CanbeanESXihostor
avCenterServersystem.
Returns
ReturnsaspecificvMAtargetserver.
VMware, Inc.
33
Programmatic Login
Usage
Perl
VmaTarget.login()
Java
VmaTarget.login()
Description
Allowsaprogramtologintoatargetserverprogrammatically.
Options
Option
Language
Description
service
Java
Javaserviceinstance.
svcRef
Java
JavaserviceManagedObjectReference.
servername
Java,Perl
OneoftheserversaddedtothisvMAinstanceusingvifp addserver.
Returns
Returns1ifsuccessfuland0otherwise.
Programmatic Logout
Usage
Perl
VmaTarget.logout()
Java
VmaTarget.logout()
Description
Allowsaprogramtologoutofatargetserverprogrammatically.
Options
34
Option
Language
Description
servername
Java,Perl
OneoftheserversaddedtothisvMAinstanceusingvifp addserver.
VMware, Inc.
Index
adding target servers 17

addserver command 28
authentication component 8
authentication prerequisites 12
removeservers command 29
removing target servers 21
root user account 12
rotatepassword command 30
rotatepassword example 31
C
configuring vMA 16
D
deleting vMA 24
deploying vMA 13
DNS resolution 25
S
scripts, modifying 21
shutting down vMA 24
storage required for vMA 12
sudo 12
T
E
ESXi systems, vMA target 18
example sequence 32
H
hardware prerequisites 12
I
initialization 27
J
Java JRE 8
L
listservers command 31
localhost 21
M
modifying scripts 21
multiple target servers 20
N
name change 17, 18, 19
network configuration 14
network setup 14
P
passwords
ESXi hosts 12
vCenter Server systems 12
proc nodes 22
VMware, Inc.
target servers
commands 28
multiple 20
name change 17, 18, 19
removing 21
single 17
technical support resources 6
troubleshooting vMA 25
U
user account
privileges 17
V
vCenter Server systems, vMA target 17
VI CLI
vifptarget 27
vifs 21
without vi-fastpass 20
vi-admin
privileges 16
vi-fastpass
initialization 27
overview 8
vifp addserver 28
vifp listservers 31
vifp removeserver 29
vifp rotatepassword 30
vifp target management 28
vifptarget command 27
vifs command 21
vi-user
35
privileges 16
setup 16
vMA
component overview 8
getting started 11
interface overview 27
samples 9
use cases 9
vMA targets
ESXi systems 18
vCenter Server systems 17
VmaTargetLib 33
VMware Tools 8
vSphere CLI 8
vSphere SDK for Perl 8
36
VMware, Inc.

Vma 51 Guide

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Vma 51 Guide

Caricato da

Copyright:

Formati disponibili

vSphere Management Assistant Guide

This document supports the version of each product listed and

vSphere Management Assistant Guide

vSphere Management Assistant Guide

About This Book

vSphere Management Assistant Guide

VMware Technical Publications Glossary

Technical Support and Education Resources

Online and Telephone Support

VMware Professional Services

vSphere Management Assistant Guide

vMA Component Overview

vSphere Authentication Mechanism

Chapter 1 Introduction to vMA

vMA Use Cases

Writing or Converting Scripts

Writing or Converting Agents

vSphere Management Assistant Guide

Getting Started with vMA

vSphere Management Assistant Guide

Required Authentication Information

Chapter 2 Getting Started with vMA

Configure vMA at First Boot

vSphere Management Assistant Guide

vMA Console and Web UI

Chapter 2 Getting Started with vMA

Configure vMA for Active Directory Authentication

To check vMA's domain settings

Configure Unattended Authentication for Active Directory Targets

vSphere Management Assistant Guide

Troubleshooting Unattended Authentication

Enable the vi-user Account

Chapter 2 Getting Started with vMA

vMA User Account Privileges

Add Target Servers to vMA

vSphere Management Assistant Guide

To add a vCenter Server system as a vMA target for fastpass Authentication

Chapter 2 Getting Started with vMA

vSphere Management Assistant Guide

Running vSphere CLI for the Targets

Reconfigure a Target Server

To change the authentication policy

To change the configured user or to recover users

Chapter 2 Getting Started with vMA

Remove Target Servers from vMA

vSphere Management Assistant Guide

For more information

Configure vMA to Use a Static IP Address

Configure a Static IP Address from the Console

Chapter 2 Getting Started with vMA

Configure a Static IP Address from the Web UI

Configure vMA to Use a DHCP Server

Configure vMA to Use a DHCP Server from the Console

Configure vMA to Use a DHCP Server from the Web UI

vSphere Management Assistant Guide

Setting the Time Zone

Setting the Time Zone from the Console

Setting the Time Zone from the Web UI

Shut Down vMA

To shut down vMA from the Web UI

Chapter 2 Getting Started with vMA

To delete the vMA virtual machine

vSphere Management Assistant Guide

Configure Automatic vMA Updates