How To

Gotta Love the new Software Components in vRealize Automation 7


You gotta love the new software components feature in vRA 7.  It enables the easy deployment, configuration, and removal of software/applications and makes them reusable across multiple platforms such as vSphere, AWS, and vCloud Air.  I was recently working on a POC with a customer and they were testing out the full VMware stack.  This included vROPs, vRA, NSX, VSAN, etc.  One of the things I proposed is that we use the new software components features to hand the install and initial configuration of the vROPs End Point Operations agent during the deployment of workloads and also make sure to remove the agent when the workload is destroyed.  They are primarily a Windows shop, so the software component I created is based on Windows but if there is enough interest I can also create one for Linux builds.  The software package can be downloaded from the VMware Sample Exchange here.

Once you have downloaded the software component zip, the cloudclient can be used to import the software package.  If you don’t have the cloudclient you can download it from here, along with the documentation on how to setup and configure it.

Login to the cloudclient:

Screen Shot 2016-02-26 at 10.47.32 PMvra login userpass –user username for the tenant –password password for the tenant username –server vRA appliance FQDN –tenant name of tenant you want to import content into

Run the import command to import the software component package:

Screen Shot 2016-02-26 at 11.03.40 PMYou basically run the following command:

vra content import –path Path to Sotware Component .zip package –dry-run false –resolution OVERWRITE –precheck WARN

You could use true option with –dry-run first.  This will test the import and let you know if there were any errors.

Next you add the software component to a Windows vRA blueprint and provide values for the properties:

Screen Shot 2016-02-26 at 11.12.26 PM


Below are the details of the properties:

securePort – The secure port used to connect to vROPS, this is not required and would default to 443

serverCertificateThumbprint- This the the server certificate thumbprint of your vRealize Operations Manager server.  This is required to install the EPO agent.

installer- Name of the installer package to be used for the install

passwordUNC- Password used for account to used to connect to share containing the installer package

installerPath- UNC path to the share that contains the installer package

usernameOps- Username used with vROPs to register the agent

serverAddress – FQDN or IP of the vRealize Operations Manager server

usernameUNC- Username to be used for connecting to the share

paswordOps- Password for unsernameOps account used to register agent with vROPs


These property values are used in some windows cmd line scripts that execute for installing the EPO agent and removing it when the workload is destroyed.  These are defined in the software component like below:

Screen Shot 2016-02-26 at 11.30.51 PM

Screen Shot 2016-02-26 at 11.31.18 PM









Upgrading vCould Automation Center 6.0 to 6.1


Wow, its been way too long since I have posted something.  The upgrade from vCAC 6.0.1 to 6.1 is fairly straight forward but I figured it would be a good to get my feet wet again.  The first thing to make sure of is you have all the prerequisites full filled.


1) You will need to be up to 6.0.1 before completing the upgrade

2) Like anything is always good to back things up, well this upgrade is no different.  You should backup the following:

  • The configuration files in /etc/vcac.  The config files that are in this location include configs around SSO admin credentials, vCAC Services that need to be registered at boot,  vPostgres DB details aka JDBC connection info, the vCAC key store, and vCO Endpoint config.  So its all pretty important, BACK IT UP!  In my case, I used WinSCP to connect to the vCAC Appliance, browsed to the location, and backed up the folder to my local box.

vcac folder

  •  The configuration files in /etc/vco.  The config files in this location include vCO password/connection info, web/tomcat configs, etc.  Yet again it pretty in important so back it up.  Used the same process via WinSCP to back it up.
  • All databases, this includes the vPostgres and MS SQL DBs.  Make sure to back up the vCAC DBs, to do this use whatever methods you normally use internally to do backups.

3) Snapshot all the virtual appliances and IaaS Servers.  So obviously if you have a distributed install this means all the distributed components.

4) If you’re using the vSphere SSO, make sure its a supported version.  You can check this on the vCloud Automation Center Support Matrix

5) If you have the old school vCAC Designer Installed, uninstall it.  You will install the newest version after the upgrade is complete. There isn’t an upgrade process for this, uninstall/install is the path forward.

6) If you and only IF you have a highly available setup deployed with multiple vCAC appliance behind a load balancer, you need to make sure the vco-server services is disabled.  Another thing to note is during the upgrade of the appliances you need to also stop the vcac-server serivce on all the appliances but the one currently be upgraded.  Make sure to not start back up any of these services until all the appliances are upgraded.

  • SSH to the appliance and log in
  • Run the following commands:
    • service vco-server stop
    • chkconfig vco-server off
  • If this isn’t the instance you are currently upgrading run the following:
    • service vcac-server stop
  • Once you are completed with the appliance upgrades you should SSH back into the appliance, run chkconfig vco-server on, and start the vco-server service back up.  This will insure that it starts back up appropriately on reboots.

7) Shut down the vCAC services on your IaaS Windows Server.  If its a distributed install these services/roles will be spread out across several IaaS servers.

  • Log in to the IaaS Server
  • Go to Start–>Administrative Tools–>Services
  • Stop the services in the following order:
    • All vCAC Agents
    • All vCAC DEM workers
    • All vCAC DEM Orchestrators
    • vCAC Manager Service

 Upgrading the Identity Appliance

If your running the Identity appliance, the next step is to upgrade it.

1) Log into to the identity appliance management interface by browsing to https://FQDN:5480

Identity login

2) Select the Update tab and then click Check Updates

Identity check updates

3) Once it updates you should see the new appliance version show up  Click Install Updates.

Identity Install Updates

4) Once the update is completed you will be see a message stating the appliance needs to be rebooted.  Click on the System tab and then Reboot.

Note: If your appliance doesn’t have access to download the file you can use one of to methods. 

  • Download the update .zip, great a local http: repository, and pull the update from there
  • Download the update .iso, add a CD-ROM to the appliance, mount the .iso, and update from there.  In my lab, I did this as I only allow a few ports inbound. 

Upgrading the vCAC Appliance

Most of the process here is very similar to that of the identity appliance. Please remember there are additional steps that need to happen here if you are upgrading a highly available install, these steps are listed above under Prerequisites.

1)Log into to the vCAC appliance management interface by browsing to https://FQDN:5480

vcac login

2) Select the Update tab and then click Check Updates

vcac update

3) Once it updates you should see the new appliance version show up  Click Install Updates.

vCAC Install update

4) Once the update is completed you will be see a message stating the appliance needs to be rebooted.  Click on the System tab and then Reboot.

vcac update complete

Note: If your appliance doesn’t have access to download the file you can use one of to methods. 

  • Download the update .zip, great a local http: repository, and pull the update from there
  • Download the update .iso, mount the .iso, and update from there.  In my lab, I did this as I only allow a few ports inbound. 

Upgrading the IaaS servers

There are a couple of prerequisites that need to be in place for this part of the install.

  • The box you are running the Database Upgrade from must have the 64-bit Java version 1.7 installed.  32-bit versions are not supported.  Environment variable JAVA_HOME is set to the Java install folder.  %JAVA_HOME%\bin\java.exe must be available.
  • .NET Framework 4.5.1 is required on the IaaS installation machine.  One thing to note is that you can not do a straight upgrade from 6.0 to 6.1.  You do have to be up to 6.0.1 before you can upgrade to 6.1.

Upgrading the Database

You can run this update from another server on the network long as there is appropriate access.  I went ahead and ran this from another box I had in my lab as I already had the Java components installed and configured.  One thing I did run into is that box that you run DBUpgrade from also needs to have .Net 4.x on it.  I received an error message saying it needed 4.0 but 4.5.1 worked fine.

1) Browse to https://vcac-appilance-FQDN:5480/installer

2) The fourth bullet down is a link to download the “database upgrade scripts” Click the link and download the file.

DB Install Script

3) Extract the file.

4) Open up a windows command prompt and change directories to the location you unzipped the file to

db changes directory

5) Run the following command:

DBUpgrade -S FQDN\Instance Name -d DB Name -E Forces Windows Auth  | -U DB owner username -l logfile location


DBUpgrade -S IaaS.JonsDomains.local\SQLEXPRESS -d vCAC -E

DBUprade Success

 Upgrading the IaaS components

When performing the upgrade of the IaaS components if you have them distributed they should be upgraded in the following order: Websites, Manager Service, DEM Orchestrator and Workers, and finally the agents.  If there are multiple of any of the components do them one at a time.

1) Browse to https://vcac-appilance-FQDN:5480/installer

2) If you haven’t installed .NET Framework 4.5.1, download it from this page and install it. After the install you might be prompted to reboot the server.  If so please do, also remember to stop the vCAC services again when the server reboots.

2) The first bullet down is a link to download the “IaaS Installer” Click the link and download the setup_FQDN-of-vCAC-applinance@5480.exe.  Do not change the name of the file, it is needed during the install to pull down the appropriate packages.

3) Run the install, setup_FQDN-of-vCAC-applinance@5480.exe.  The installation wizard will launch, click next.

4) Accept the EULA and click next

5) Provide credentials to the vCAC Appliance and click next.

VCAC Appliance creds

6) Upgrade will be selected, click next.

7) What you will notice on the next screen is the installer detects what components are installed on the box.  This is nice, and I love how the installation/upgrades have gotten better and better with vCAC versions.  It will prompt for the service account password, DB instance, and DB name.  Click next and then Upgrade.

service upgrade detect

Another cool thing is there is a link to the installer log folder at the bottom of the install progress screen.  This is nice as you can click on it and look at logs to get progress or if you get an error.

vcac upgrade logs

Sit back and relax, it’s going to take a bit.  :) Once it completes click next and finish.  The you are done!

vcac Upgrade complete

So now you think your done, well think again.  The following KB was published:

Cannot find VMware vSphere virtual machines by unique identifier using the vCenter Orchestrator Plug-in for VMware vCloud Automation Center 6.1, or directly in vSphere API (2088838)

Basically there is an issue with version 6.1 and some of the vCO workflows that came with imbedded vCO.  The KB has you download a workflow package import it into the imbedded vCO appliance.

Keep a look out here on the blog, I will have one covering upgrading Application Director and ITBM Std shortly.


Migrating to vCAC 5.2…No its not a simple upgrade.


It’s been awhile since I have posted anything but I figured the new version of vCAC, 5.2, going GA was worthy of a post.  As you all know, I have been knee-deep in implementing vCAC at my current employer and this new release is very exciting to me.  There are several new features added, the ones I am most excited about are the Enhanced vCloud Director Integration and added support for vCNS.  In the previous version of vCAC, 5.1, there was very limited support for vCD.  You could clone vApps but there was no built-in functionality to customize VMs that were a part of the vApp during provisioning.  The work around for this was, you could add vCenter Orchestrator instance as an Endpoint and call workflows to accomplish the customizations.  In, 5.2, the concept of “vApp component blueprints”, is added.  These allow you to customize the VMs within a vApp.  This is a very welcome feature in my opinion.  As far as vCNS goes a vCNS Manager can now be added as an Endpoint.  This allows vCAC to discover network resources and now that the network resources are there they can tied to blueprints.  Pay-as-You-Go- Allocation model and support for KVM were also added.

Ok, now that I have rambled on about the new features on to the meat of the post.  I am going to cover the migration vCAC 4.5/5.1 to 5.2.  Only these releases are supported in migrating to 5.2 so the first step is to verify your version.  This can be done by browsing to the vCAC web portal at https://FQDN/DCAC .  Once their click on the “About” in the upper right hand corner.


Next, make sure you have all the appropriate trusted SSL certs created and imported.  vCAC uses SSL/443 for a lot of the communications between all the components by default.  If you’re migrating, it’s almost a given you already have these in place, but if not you should.  It uses IIS and there really isn’t anything special, but if you need some direction on this refer to the “vCloud Automation Center Installation Guide” SSL Configuration section for more details.  You also need to make sure that there are no active machine provisioning /operations and that all data collections are completed.

Next you need to document the info on all the DEMs, Agents, and Endpoints.  This is done because during the migration, all these components will need to be uninstalled.  To gather info on your DEMs, from the web portal, click on vCAC Administrator==>Distributed Execution Status.

menuagent config

You will presented with a screen that lists all the DEMs.  Document their Name, Host Name/Machine, Role, and Skills (if any).



Next document the agents.  To do this RDP into the vCAC server and navigate to the agent installation location.  This is usually %SystemDrive%\Program Files (x86)\DynamicOps\DCAC Agents.  For each of the directory note the name.  Then open a command prompt, navigate to the agent’s directory, and issue the following command: DynamicOps.Vrm.VRMencrypt.exe VRMAgent.exe.config get.  Document the value of managmentEndPointName. Do this for all the agents listed in the directory.


Next record all service account user credentials.  While on the Windows box go to Start -> Run -> Services.msc .  Find the following services and notate the service account that is being used.

  • Each VMware vCloud Automation Center Agent – agentname service (DynamicOps Cloud Automation Center Agent if upgrading from DCAC 4.5)
  • Each VMware DEM-role – instancename service (DynamicOps Cloud Automation Center DEM if upgrading from DCAC 4.5)
  • The VMware vCloud Automation Center service (DynamicOps Cloud Automation Center if upgrading from DCAC 4.5) — Manager Service host only
  • Repeat these steps for any other host on which agents or DEMs may be installed.

You will need to also record the service accounts that are being used for the Application Pools in IIS.  To do this go to Start–>Run–>inetmgr.exe.  Click on the IIS Server name à then Application pools.


Off to the right hand side you will see Application Pools with an Identity associated with them.  Document the Identity.




In my opinion, if you documented your install you should already have the info but it can’t hurt to verify.  In my demo environment I have all the components on one box, if this were production these would be separated.  For more info one were how to separate the services in a production environment reference the following doc:  vCloud Automation Center Reference Architecture

If you used any customization via the vCAC extensibility toolkits, they will need to be uninstalled.  For more details on this refer to the vCloud Automation Center Extensibility Guide.


Once all of the above is completed, RDP to the vCAC server and stop all the services.  Again, in my demo environment I have all the components on one box, but in production you they would be separated.  You should be able to look back at the info on the DEMs and see where they are installed and stop the services on those boxes.



Next it is suggested that you back up the following customization related files.

Application configuration files, including:

  • ManagerService.exe.config, located in %SystemDrive%\Program Files (x86)\Dynami- cOps\DCAC Server
  • DynamicOps.DEM.exe.config, located in %SystemDrive%\Program Files (x86)\Dynam- icOps\Distributed Execution Manager\instance_name
  • VRMAgent.exe.config, located in %SystemDrive%\Program Files (x86)\Dynami- cOps\Agents\instance_name

Email templates located in %SystemDrive%\Program Files (x86)\DynamicOps\DCAC Server\Templates

Workflow configuration XML files located in %SystemDrive%\Program Files (x86)\Dynami- cOps\DCAC Server\ExternalWorkflow\xmldb

I just created a folder on another disk and copied them over.  VMware also suggests that you take a backup or snapshot (if it’s virtual) of all the vCAC component hosts.  In my case everything was on one host so I snapshotted the VM.  They also recommend you backup the DB and AzMan store.  To be honest with you at this point I was getting pretty concerned as they add you backing up so many things.  Didn’t give me too much confidence in the migration to 5.2.

Ok, finally now on to actually updating vCAC to 5.2.  The first part is to update the database.  This is done through running DBUpgrade.exe.  To get info on the arguments and switches that can be used with it, run it without any.




Since I was local to the box that had the DB on it and logged in with the vCAC service account I ran the following:




As you can see above, the first time I attempted to run the DBupgrade while specifying the I got an error message stating that:

There is no upgrade script to execute from release to release

There is no upgrade script that has its starting version matches the installed database version

So next I tried did a change directory to the location that DBUpgrade is located and ran the same command without any issue:




DBUpgrade.exe must look in the current directory for the script and not the path that is specified to run it.

Uninstall the following components DEMs, Agents, vCAC Designer, vCAC Self Service Portal, and WinPEBuilder.  Make sure not to uninstall the Manger Service, this will cause you to have to do a fresh install of vCAC.  So basically everything but the Manager Service and the default portal.  Obviously this is done through Start à Control Panel à Programs and Features.  In my demo environment I had DEMS, a vCenter Agent, the Self Service portal, and designer.




Next order of business is to make sure you install .Net 4.5 because it is required.  Once this is complete its best to good ahead and install the vCAC Prerequisite Checker, its part of the vCAC 5.2 installation zip and is in the tools folder.  Truth is that if you’re doing a migration you must likely have everything you need installed, but when I first installed the product I missed some pieces.  Can’t hurt to do a sanity check before proceeding.  Once you have installed it, open it up.  In my test environment I have all the components on one server, if there were production you would install the vCAC Prerequisite Checker on all servers.  As you see you have the ability to scan based on the installed components.  Once you have selected all the needed components click Run Checker.




Next you will run the vCAC-Server-Setup.exe install from the vCAC 5.2 installation zip, its in the Setups folder.  Make sure all the options but the Database are selected.  Since the install detects a pervious install this should be the default.




Click Next, Install, and then Finish.


The vCAC Configuration Wizard will auto launch.




Next you will be prompted for license keys.  Add the required keys and click next.



Then you will be prompted for the DB instance and DB name.  If the currently logged in user has the appropriate permissions to DB then leave the box checked to use the currently logged in user.  If not uncheck the box and provide a user with the appropriate permissions.




Then click next.  Next you will be asked to provide a Security Passphrase.




Click Next.  You will next have you will be presented with a screen to verify your IIS settings.  You can click the Test Binding to verify that the port is available.  You should already have a certificate set.  Click Next.




You will then be prompted to provide the username and password that you documented previously that is being used for IIS Application Pools.



The next screen will be already populated and will have authorization store selected,  Click Next.




The Model Manager Service configuration screen will already populated verify the settings and click next.




The Manager Service Screen will be already populated.  Verify the settings and click next.  If this were a failover host you would select the Disaster Recovery cold standby node.




The vCAC Web Configuration screen will already be populated, verify your settings and click next,




On the Ready to Configure screen, click Configure.  Then click next and finish.

Once you are done with the configuration wizard, you need to run vcacMigrationCleanUp.exe.  The executable is part of the install zip.  It’s located in Installation\Database\DBUpgrade\vcacMigrationCleanUp.   You need edit the configuration file before you run it.  Edit the following 2 lines:

<add name=”DB” connectionString=”Integrated Security=SSPI;Data Source=localhost;Initial Catalog=DCAC”/>

<add key=”repositoryAddress” value=”https://localhost/repository/”/>

Change local host to the FQDN of the Model Manager host.  For Data Source use the SQL instance, and for Initial Catalog us the DB name.  Next run vcacMigrationCleanUp.exe à Select Migration Clean Up–>vSphere Agent.  Click Yes, Yes, and then OK.   Exit the migration clean up tool.


Next it’s time to reinstall the DEMs.  I am going to start with the DEM Orchestrator.  First launch the vcac-Dem-Setup.exe and click next.  Accept the End user agreement and click next.  On the DEM instance Configuration screen, from the documentation you gathered, provide the DEM Instance Name, DEM Description and select Orchestrator Role.

On the Custom Setup screen take the defaults and click next.


Dem config2



On the Manager Service and Model Manager Web Service Host configuration screen provide the FQDN for the Model Manager Service, Model Manager Web Services, Model Manager Username/password, and click next.


Dem config3


Next provide a username and a password for the DEM service.


Dem config4


Click Install


Dem config5


Click Finish.


Dem config6


Repeat the above steps form and DEM Workers you might have.  In a production environment their could be several.  Obviously select the Worker Role.  Next you will reinstall the agents, in my case this was a vSphere Agent.  Launch the vCAC-Agent-Setup.exe which is part of the vCAC installation zip in the Setups folder and click next.




Accept the End-User Agreement:



Next you will need to look back in your documentation and provide the Agent Name, FDN for the vCAC Server:port, and Model Manager Web Service Host:port.




Next you will be prompted to select the agent type.  As you can see people there are quite a few.  In my case I selected the vSphere Agent.




Again look back at your documentation and provide the service account info for the vSphere Agent.




Next provide the Model Manager Username and password.  You should have documented this before the upgrade.




You should have documented the name of your vSphere Endpoint, provide that in the screen below.  Endpoints provide the credentials for the agents so this is pretty important.




Click Install



Click Finish




If you have any other agents that need to be reinstalled go through the process again, select the appropriate agent type, provider the agent name, credentials, and endpoint.

If you were using the Self Service portal which is part of the extensibility pack, it’s time to reinstall it.  Download and extract the install bundle.  Then run the vCAC-SelfService-Setup.exe and click next




Accept the License Agreement.




If you’re installing in the default location click next.  If not change the location.




Click Install.




Click Finish and the vCAC Software Configuration wizard will launch. Click Next.




You will then be asked to provide the DB instance and DB Name. Then click next.




The configuration will detect your setting, click next.




On the screen below you need to provide credentials for a service account, the Model Manager FQDN:port, and credentials for the Model Manager.




Click Configure.  Then click next.




Click Finish.




If you uninstalled vCAC Designer or have a need for it run the installer.  It is also a part of the vCAC 5.2 extensibility pack.  It’s a pretty basic install wizard and I am not going to go through all the details here.  You will need the Model Manager Web Service FQDN:port, username, and password.  vCAC Designer is only needed if you are modifying or creating workflows.


vCloud Automation Center: vCenter Agent


Hello again everyone and sorry that the posts are coming far and between.  Been deep in the trenches at work getting lots of details ironed out at work around our self-service/IaaS initiative.  That along with studying pretty heavily for the vCAP-DCD, which I am giving a go at real soon have been pretty consuming.  So is the life of an IT geek, but that is what I love about my job, working with new technologies, digging into the details, and spreading the word about them to others.  Ok, enough ranting for now and on to the details.  In this post I am following up on an earlier post I had on vCAC Endpoints.  In vCAC there are two things that need to be configured in order to scan and pull in the info from your vCenter .  One, Endpoints that basically hold the credential /connection info and the proxy agents that use the Endpoints information to scan the vCenter .  Below is a step by step on how to deploy and configure a vCenter Agent in vCAC.  A vCAC server can have multiple vCenter agents associated with it and there are serveral other types of Proxy Agents that can be used for other purposes.

Download and run the DCAC-Agent-Setup.exe from the server that will be the proxy agent. In many cases this can and will be the vCloud Automation Center

Click install on the following screen and then next

vcac agent 1

I also wanted to cover an interesting error I ran into while deploying the agent.  I understand that’s it’s probably because I tried to do something out of the norm, but it would be great if the error where a little more informative.   On the following screen you are asked to provide the FQDN with port for the vCloud Automation Center and Model Manager Web Service.  In the lab environment these roles where the same server and I created a CNAME for this the server in DNS.  When I attempted to use the CNAME I got a very generic error.

On the following screen I provided a username/password for the vCloud Automation Center Agent service and clicked next.

vcac agent 2

Then I provided a username/password that had access to the model manager  service and clicked next.

vcac agent 3


As you can see I got an access denied error relating to the Model Manager Web Service.  I believe this stems from the fact that it is looking for the actual machines FQDN that was used during the install of the service.  I just doesn’t like the CNAME.

vcac agent error

One thing to note is in my lab I am installing the proxy agent on the box also, so if I  used “localhost:80” or the FQDN that of where these services are run from i.e.  When I used either of these it worked just fine.  You will notice in the lab environment I am using HTTP:80 and in production this would be done over HTTPS:443.  Input this info along with and agent name then click next.

vcac agent 4

vcac agent 13

You will then be asked to provide name for a “vSphere Generic Endpoint”.  In here you can enter the name you would like for the endpoint.  I would like to note that this endpoint could have been pre-configured via the vCloud Automation Center and if it was you would want to provide the name you used for the Endpoint when you created it.

vcac agent 5



Click next and then install.

vcac agent 6


Click finish.  Now when you look in services on you will see a service for the agent you created.

vcac agent 7


If you already have your Proxy Agent assigned to an Endpoint you do the following to make the Compute Resources from the vCenter available.  The cool thing here is as you’re doing this you can bring existing machines in and assign them to provisioning groups.

Browse to https://vCACPortalURL/dcac and click on Discovery off the menu to the left.

vcac agent 8

You will then be presented with the “Infrastructure Organizer”  wizard, click next.

vcac agent 9


There will be new compute resources listed that represent the available clusters within your vCenter.  Select the ones that you would like to use with vCloud Automation Center and click next.

vcac agent 10


Click on the edit icon(a pencil) and assign any additional Enterprise Groups or a Cost Profile to the Compute Resource.  Click the green check mark when you and done and then next.

vcac agent 11

Assign any existing VMs to a Provisioning Group by clicking on the edit icon(a pencil) and selecting the appropriate group.  Click the green check mark when you are done, click next,  finish, and then ok.

vcac agent 12






vCloud Automation Center (vCAC): Endpoints


As I have pointed out before vCAC allows you to pool resources, both private and public, into a central location for your users to consume.  The product obviously also gives you the ability to choose who has access to what resources and what they can consume.  Today, I would like to talk about how to add Endpoints in vCAC.

 So what is an Endpoint?  In vCAC Endpoints are connections into management components that have sets of resources you want to make available for management or consumption by end users.  They could be a vCenter, UCS Manager, Dell iDracs, HP iLO, Hyper-V (SCVMM), vCloud, vCO, etc.  For example, a vCenter Endpoint would collect data from vCenter about its Host Clusters.   With A vCloud Endpoint it would collect data on its ORG vDCs.  Now that you know what an Endpoint is in vCAC on to how to configure one. I want to note that most Endpoint are assoicated with a Proxy Agent that actually collects the data.  The Endpoint is more of a object that has the associated credentials to connect to the resource. 

Browse to the URL of the vCAC server normally in the format of https://FQD/dcac.  This will present you with the welcome screen like below. 

vCAC Login Screen

Please not that when using vCAC with IEs default settings it does a Single Sign On. So make sure that you are logged in with a user that is a vCAC admin, run IE as another user, or reconfigure IE.

Next browse to vCAC Administrator and then Endpoints on the menu bar:

vCAC Menu Bar

In the top right corner select New Point and the type of Endpoint.  In this example I am going to add a vCenter.

vCAC New Endpoint

You will then be present with the following screen.  You will need the IP Address or DNS name for the Endpoint and credentials for it.

vCenter New Endpoint

You will need to provide a Name for the Endpoint, the Address and then click in the Credentials field.  This will bring up a screen that lists all the credentials for Endpoints that vCAC is aware of. 

vcac credentials

If the credentials needed are already available select them and click ok, if not click on New Credentials.  Let’s assume we need new credentials.  When you click on New Credentials you are asked to provide a Name, Description, Username, and Password. 


vcac new credentials

When finished entering in your new credentials click the green check mark and then ok.  You will notice a section below Credentials called Customer Properties.  I am not going to get into the details around their use in this post because I am not really sure of a good case for using them with Endpoints.  But I will go more detail around Custom Properties in a future posts related to Blueprints and Build Profiles.  Click the OK button at the bottom of the New Endpoint Screen.    

vCenter New Endpoint 2

Now that the Endpoint has been added vCAC will launch a Data Collection.  This will allow vCAC to gather information about the Host Cluster within the vCenter and the associated Compute resources.  To view the Compute Resources, mouse over the arrow to the right of the Endpoint name and select View Compute Resources. 

view compute resources



You will then be taken to a screen that shows all the Compute Resources available from that Endpoint, along with information as to how much compute is available from each. 

compute resource details


You have now created an Endpoint in vCAC and have resources available to apply Reservations and Reservation Policies too.  I will cover these in future posts.

i want to note that there is a vSphere Endpoint that is installed on the seperate box that acutally gathers the info and populates its in vCAC.  I will follow up with another post on how to install these agents and add them to vCAC.

VMworld 2012: vBrownBag Tech Talks


The tech talks from VMworld 2012 SF have been posted here:

Here is a direct link to the one I did:

Installing a SSL Certificate to Juniper Security Design vGW appliance


I would first like to start off saying that if you are not familiar with Linux, this one can be a bit of a pain the first time around. I eventually had to contact Juniper support to get the details on this and even they had a little trouble.

1) You will need to have to either SSH into the appliance or have console access. The preferred method would be to use SSH because the VMware console of the machine limits how much of previous commands you can see. Login to the appliance and type “advanced”.

2) Create a Key store and Private Key. This will be done using a Linux utility called “keytool”. You will be asked to provide passwords; Juniper suggests always using “altoraltor”

$JAVA_HOME/bin/keytool -genkey -alias “Name of Alias” -keyalg “Algorithm Type” -keysize “Size of Key” -keystore “Name of Key store”.jks

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore test.jks

3) Generate a CSR

/usr/lib/jvm/sun-java-6u11/jre/bin/keytool -certreq -keyalg “Algorithm Type” -alias “Name of Alias” -keysize “Size of key”-file “Name of CSR”.csr -keystore “Name of Key store”.jks


/usr/lib/jvm/sun-java-6u11/jre/bin/keytool -certreq -keyalg RSA -alias tomcat -keysize 2048 -file test.csr -keystore test.jks

4) Retrieve a certificate from your Certificate of Authority. Make sure to download the chain. With a Microsoft CA this ends up being a .PB7 file.

6) If you end up with a Microsoft Chain in PB7 format, right click the file and open with “Crypto Shell Extensions”. From here you should be able to right click the CA/Sub-CA Certs and export them.

5) Use WinSCP or FastSCP to copy the certificate and CA/Sub-CA Certs to the same location as the key store file.

6) Install the SSL Certs into the key store

/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias “Name of Alias” -keystore “Name of keystore”.jks -file “certificate name”.cer

**Keep in mind that you must install the CA/Sub-CA certs before you can install the SSL Cert for the device, or you will get errors about the chain**


/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias tomcat -keystore test.jks -file CA.cer

/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias tomcat -keystore test.jks -file Sub-CA.cer

/usr/bin/jvm/sun-java-6u11/jre/bin/keytool -import -alias tomcat -keystore test.jks -file test.cer

7) Gain sudo access

sudo su

8 ) Transfer the key store file (jks) to /var/lib/altor/cert

scp /usr/bin/jvm/sun-java-6u11/jre/bin/”Name of Keystore”.jks /var/lib/altor/cert/”Name of Keystore”.jks


scp /usr/bin/jvm/sun-java-6u11/jre/bin/test.jks /var/lib/altor/cert/test.jks

9) Delete the public_keystore file

rm public_keystore

10) Copy Key store (jks) you created to public_keystore

cp “Name of Key store”.jks public_keystore


cp test.jks public_keystore

11) Change ownership and permissions on public_keystore

chown tomcat public_keystore

chgrp tomcat public_keystore

12) Restart the Tomcat Service

god restart tomcat

Documenting Virtual Infrastructure with Visio


Within the past couple of months we have had two major crashes of our virtual infrastructure.  After the first crash we made some changes and moved our production vCenter servers to a management vCenter on separate hosts and our test vCenter servers to our View vCenter and our View vCenter servers to our production vCenter.  This allowed for a lot of separation of our vCenter’s, but also a lot to keep track of when our second crash occurred and we had to figure out where everything was located to start bringing up guests.
So I decided to make a nice diagram to keep in our data center to make things a little clearer on what our infrastructure looks like.  I found some cool Visio stencils for VMware here


I have not used them yet but I will keep you posted on how my diagram comes out.


Go to Top