VCP-IaaS Study Notes: Section 1.3

This is Section 1.3 in the VCP-IaaS blueprint Guide 1.2. The rest of the (completed) sections can be found here.

Identify vCloud Director pre-requisites

Cite the steps to deploy a vShield Manager appliance

Identify relationship between vCenter Server and vShield Manager

  • At first time logon into the vShield GUI you will be prompted to connect to a vCenter server
  • The vShield Manager connects to the vCenter Server, logs on, and utilizes the VMware Infrastructure SDK to populate the vShield Manager inventory panel. The inventory panel is presented on the left side of the screen. This resource tree should match your VMware Infrastructure inventory panel.

Generate self-signed certificates

    • vShield
      • You can generate or import an SSL certificate into the vShield Manager to authenticate the identity of the vShield Manager web service and encrypt information sent to the vShield Manager web server. As a security best practice, you should use the generate certificate option to generate a private key and public key, where the private key is saved to the vShield Manager.
      • Settings and Reports->Configuration->SSL certificate->Generate Certificate Signing Request.

    • vCloud
      • Create an untrusted certificate for the HTTP service.
        • This command        creates an untrusted certificate in a keystore file named        certificates.ks.

    keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -keyalg RSA -alias http

    • Create an untrusted certificate for the console proxy service.
      • This command adds an untrusted certificate to the keystore file created in Step 1.

    keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -keyalg RSA -alias consoleproxy

    • To verify that all the certificates are imported, list the contents of the keystore file.

    keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -list

Import self-signed or CA issued certificates

  • vShield
    • Click Settings & Reports from the vShield Manager inventory panel.
    • Click the Configuration tab.
    • Click SSL Certificate.
    • Under Import Signed Certificate, click Browse at Certificate File to find the file.
    • Select the type of certificate file from the Certificate Type drop-down list.
    • Click Apply.
  • vCloud – I will be listing the main commands:
    •  /opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass passwd –genkey -keyalg RSA -alias http -keysize 2048
  • CN = name of your site as it will be called, eg.
  • OU = Corp
  • O = Corp Inc
  • L = City
  • S = City
  • C = US
  •  /opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass passwd  -certreq -alias http – file http.csr
  •  /opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass passwd –genkey -keyalg RSA -alias consoleproxy -keysize 2048
  • CN = name of your console site as it will be called, eg.
  • OU = Corp
  • O = Corp Inc
  • L = City
  • S = City
  • C = US
  •  /opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass passwd  -certreq -alias consoleproxy – file consoleproxy.csr
  • Send the *.csr files to a Certification company that will send you a signed certificates.
  • When you get your certificate you will need to open it up and save it into three parts. One root certificate, one intermediate certificate and one http certificate and consoleproxy cetificate.þ Note that the certificates need to use these exact names:(root.cer, intermediate.cer,http.cer and consoleproxy.cer)
  • Next thing to do is to import them into the vCloud installation.
    • /opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import -alias root -file root.cer
    • /opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import -alias intermediate -file intermediate.cer
    • /opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import -alias http -file http.cer
    • /opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import -alias consoleproxy -file consoleproxy.cer

Add additional vCenter Servers to a vCloud Director implementation

  • Type the host name or IP address of the vCenter Server.
  • Select the port number that vCenter Server uses. The default port number is 443.
  • Type the user name and password of a vCenter Server administrator.
  • The user account must have the Administrator role in vCenter.
  • Type a name for the vCenter Server.
      • The name you type becomes the display name for the vCenter Server in vCloud Director.
  • (Optional) Type a description for the vCenter Server.
  • Click Next to save your choices and go to the next page.

Configure licensing for vCloud Director and vShield Manager

  • vCloud
    • When logging onto the webportal for the first time you enter the licence for the vCloud.
    • Also you can change the licence in the portal in Administration->License.
  • vShield
    • After you attach a vCenter Server to vCloud Director, you must use the vSphere Client to assign a vShield for VMware vCloud Director license key.
    • From a vSphere Client host that is connected to the vCenter Server system, select Home >Licensing.
    • For the report view, select Asset.
    • Right-click the vShield-edge asset and select Change license key.
  •  Select Assign a new license key and click Enter Key.
  •  Enter the license key, enter an optional label for the key, and click OK.
    • Use the vShield for VMware vCloud Director license key you received when you purchased vCloud Director. You can use this license key in multiple vCenter Servers.
    • Click OK.

Leave a Reply

Your email address will not be published. Required fields are marked *