So several days ago I blogged about Derek Seamans’ blog regarding how to install vCenter Server with custom SSL certificates. I also mentioned that I was going through the process once again with vCenter 5.1 u1….. well suffice to say I used the new tool provided by VMware to install some custom certificates and it all went pretty well….. apart from 2 things – Orchestrator and VUM.
VMware pretty much state that there’s a limitation to the tool if you use a FQDN rather than an IP Address to register the VUM server to vCenter Server….. which is a bit of a strange limitation as you would expect to use a FQDN rather than an IP Address as best practice (and let DNS sort out the mess)…. =)
Anyways, I tried a manual process of updating VUM using the VMwareUpdateManagerUtility.exe found in C:\Program Files (x86)\VMware\Infrastructure\Update Manager. Unfortunately it kept erroring out every time I tried to add in the SSL certificate – which is strange as it’s a simple GUI utility….. in the end I gave up and just uninstalled VUM and then pre-populated the SSL certificates in C:\Program Files (x86)\VMware\Infrastructure\Update Manager\SSL before re-installing VUM. That seems to have worked as I can now access VUM via the vSphere Client. =)
Orchestrator was a bit more of a problem….. The VMware tool displayed an error saying it couldn’t find an installation of Orchestrator. I thought it could be because when you install vCenter Server, the Orchestrator services are disabled by default…. so having started the services and re-tried, it still errored out!
Turns out the Orchestrator service doesn’t fully start unless you go into the configuration web GUI and fix all the ‘warning and errors’…. and the main error was ‘Authentication’…… in the end the only way I could fix this error and get the services started was to actually install the root certificates, vCenter/SSO certificates and the Orchestrator certificate via the configuration web GUI…… kinda defeated the point of the tool from VMware!
I’ll have to re-visit this some other time to find out why it didn’t work!
On another note, my installation of SRM with custom SSL certificates went without too many hitches….. so all I need to do is collate all my screenshots and instructions together for a future post! Stay tuned…… =)
Interesting article in the Reg on Weds about where to start in your Cloud journey…..
With so many virtualisation vendors and cloud offerings, sometimes it’s wise to take time and see which product (or cloud model) fits your business and IT strategy! The worst thing anyone can do is jump straight into the cloud just because their C-level have been cloud-washed by a marketing dept or sales guy! Your cloud journey will be more painful if you try to avoid any due-diligence! (Just look at all those clients who got locked in when 2e2 went tits up!)
In fact it’s worth sitting back and letting the vendors fight amongst themselves for your services!
Entering a public cloud may seem a great way of offsetting infrastructure and support costs, but you need to have a plan in place to exit the cloud – something that probably 90% of cloud customers don’t have!! When you embrace any sort of new technology, it’s always worth having an exit strategy in case everything goes wrong!
As for deploying cloud applications and custom apps…. well, they’ll all be redundant if someone in upper management decide that they don’t want to use VMware and want to put it all in Amazon (or vice-versa)!! Time and effort for cloud-integration is commonly overlooked…… What may work in a VMware cloud may not work in Microsoft Azure or Amazon EC2!
In my opinion, the journey to the cloud should be the same process as the journey to virtualisation…… and that is only throw your dev/test environment in first! Don’t start customising your applications and infrastructure for Cloud in case you need to swap vendors or pull out!
Whilst it’s possible and tempting to push everything into the cloud, it’s more advisable to ensure you have control over your engagement, that you understand the implications of cloud and how it will integrate with business services…. it’s far easier to scrap a test/dev cloud environment and reclaim data (or even lose it all) than if you had pushed out your mail services or your file server!
Another thing a lot of companies overlook is training…… Cloud computing is a different beast from standard Wintel support….. how do you manage your cloud infrastructure? How do you monitor it for performance? What’s your capacity to grow? A lot of companies pay for consulting services to help them into the cloud, but after splashing out £1-2k per day, make sure that you get your IT some knowledge transfer so that you don’t have to keep paying consultants to come in and fix your problems or even maintain the environment for you! It’s far cheaper in the long run to train your in-house staff and get them managing your cloud than to go outside!
So when I started this blog one of the posts I was planning to write was how to install SSL certificates in vCenter Server in order to replace the self-signed VMware ones.
I kind of realised that it would be far simpler just to refer everyone to the great articles written by Derek Seaman which I’ve used time and again! After all, why re-invent the wheel?!? I’ve read so many blogs out there where people have just re-worded Derek’s instructions….. plagiarism is so rife on the internet!
So here it is:
His blog post covers the whole process of replacing SSL certificates for vCenter Server components, and even goes into detail about how to create the correct Certificate Templates in a Microsoft CA (I’m assuming you know how to setup a Microsoft Active Directory Certificate Services?? If not then visit Microsofts TechNet: http://technet.microsoft.com/en-us/library/cc772393(v=ws.10).aspx).
It’s a 15 part blog, with sub-blogs about setting up the correct CA template and generating CSRs, pre-staging SSL certs….. he’s even written a 4 part article on how to use the new VMware vCenter Certificate Automation Tool – which is VMware’s first stab at trying to tackle this complicated and tedious process (http://www.derekseaman.com/2013/04/using-vmware-vcenter-certificate.html)!
Anyways, I’m currently running through the process of deploy signed SSL certs for the latest update to vCenter Server (5.1 u1). Hopefully it’ll be painless like my past deployments! =)
I’m hoping to put together a post on changing SSL certs for Site Recovery Manager as this is usually the next VMware product that people tend to deploy with signed-certs…. and I’ve yet to discover a blog like Derek’s which covers the process is such clarity!
I always find it interesting that the demise of 2e2 has lead to numerous articles popping up in the channel websites (like The Reg) about the downfalls of outsourcing and the need to have a ‘backup plan’ in place if your supplier goes bust….. =)
I think we all have to agree that the collapse of 2e2 has affected how a lot of companies view cloud-computing and outsourcing….. where in the past many directors (C-board) were eager to offload their IT depts from their books, the whole fiasco of 2e2 and the real problem of accessing their data if something happens has really spooked the industry…..!
I can foresee that a lot of companies will now ensure there is an ‘exit-strategy’ in place before they dip their toes back into the cloud!
….. two steps forward, one step back for cloud in the UK!
On another note, VMware Forum 2013 was awesome! Learnt loads…… got loads of freebies (after all, that’s the real reason you go to expos right?!?)…. and caught up with loads of old mates! Roll on VMworld 2013!!!
So if anyone’s heading out to VMware Forum 2013 tomorrow at Wembley Stadium, London…. then come say hi to me at the EMC stand…. =)