System Center 2012 R2 Configuration Manager - Adding a Software Update Point to a Standalone Server

1 Reply

This guide is in continuation to my guide on deploying system center 2012 r2 configuration manager, as found here.

Definition
SUP (Software Update Point) - The software update point interacts with the WSUS services to configure update settings, to request synchronization to the upstream update source, and on the central site, to synchronize software updates from the WSUS database to the site server database.  More details on this can be found from the following technet article: http://technet.microsoft.com/en-us/library/bb632674.aspx
WDS (Windows Deployment Services) - Will be used for Operating System deployment.

  1. Launch the System Center 2012 R2 Configuration Manager console
    System Center 2012 R2 Configuration Manager Console - Task Bar
  2. Click on Administration in the bottom left corner
    System Center 2012 R2 Configuration Manager - Administration
  3. Expand Site Configuration and select Servers and Site System Roles
    System Center 2012 R2 Configuration Manager - Administration - Servers and Site System Roles
  4. Right click on your SCCM server and select Add Site System Role
    System Center 2012 R2 Configuration Manager - Administration - Servers and Site System Roles - Add Site System Roles
  5. Click Next > on the General section of the wizard
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - General
  6. Click Next > on the Proxy section of the wizard
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - Proxy
  7. Check Software update point and click Next > on the System Role Selection section of the wizard
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - System Role Selection -Software update point
  8. Check WSUS is configured to use ports 8530 and 8531 for client communications and click Next > on the Software Update Point screen
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - System Role Selection - Software Update Point

      1. NOTE: If you have a PKI environment and want everything to be encapsulated by SSL, you can go ahead and check Require SSL communication to the WSUS server to ensure all traffic is encryptioned.
  9. Click Next > on the Proxy and Account Settings screen
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - System Role Selection - Proxy and Account Settings
  10. Click Next > on the Synchronization Source screen
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - System Role Selection - Synchronization Source
  11. Check Enable Synchronization on a schedule to set how often the check should run.  Click Next > on the Synchronization Schedule screen
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - System Role Selection - Synchronization Schedule

    1. Optionally, check Alert when synchronization fails on any site in the hierarchy to be notified if a synchronization with Microsoft fails.
  12. Click Next > on the Supersedence Rules screen
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - System Role Selection - Supersedence Rules
  13. If you will be deploying System Center Endpoint Protection (SCEP) (Microsoft's Antivirus Solution), check Definition Updates for WSUS to download those. If you wish to have more frequent updates, check Critical Updates to have those pulled down from Microsoft as well.  Click Next >
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - System Role Selection - Classifications
  14. Expand All Products, Microsoft, on the Products page and check the products you wish to download updates for.  Click Next > once done.
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - System Role Selection - Products
  15. On the languages page, select which languages you want to sync and then click Next >
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - System Role Selection - Languages
  16. Click Next > on the Summary page if everything looks correct
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - Summary
  17. Click Close if the settings have successfully applied
    System Center 2012 R2 Configuration Manager - Add Site System Roles Wizard - Completion

Change Office 365 DirSync Synchronization Frequency/Schedule

2 Replies

By default, you have probably noticed it can take up to 3 hours for a change to be in your on-premise environment to be replicated to your Office 365 environment.  In organizations that have a smaller amount of users, you can change the frequency of the synchronization schedule to replicate the changes to Office 365 more quickly.

  1. Login to the server with the DirSync application (Windows Azure Active Directory Sync)
  2. Open up Notepad as an Administrator
    Notepad - Run as Administrator
  3. Open the folllowing file
    1. C:\Program Files\Windows Azure Active Directory Sync\Microsoft.Online.DirSync.Scheduler.exe.config
      Microsoft_Online_DirSync_Scheduler_exe_config
  4. Change the SyncTimeInterval to how often you want the tool to be run.  The time is in hh:mm:ss
    1. For example, to change a sync frequency to every 15 minutes
      1. Change <add key=”SyncTimeInterval” value=”3:0:0″ /> to <add key=”SyncTimeInterval” value=”0:15:0″ />
        Microsoft_Online_DirSync_Scheduler_exe_config - 15 minutes
  5. Save and Close Notepad
  6. Restart the Windows Azure Active Directory Sync Service
    Windows Azure Active Directory Sync Service - Restart

System Center 2012 R2 Configuration Manager - Error - Event ID 4912 - component SMS_SITE_COMPONENT_MANAGER on computer X cannot update the already existing object

9 Replies

Symptom: Inside of Event Viewer, you see the following Error entry.

On 06/27/14 07:29:39, component SMS_SITE_COMPONENT_MANAGER on computer sccm.mydomain.local reported: Configuration Manager cannot update the already existing object "cn=SMS-MP-LAX-sccm.mydomain.LOCAL" in Active Directory (mydomain.local).

Possible cause: The site server's machine account may not have full control rights for the "System Management" container in Active Directory
Solution: Give the site server's machine account full control rights to the "System Management" container, and all child objects in Active Directory.

Possible cause: The Active Directory object "cn=SMS-MP-LAX-sccm.mydomain.LOCAL" has been moved to a location outside of the "System Management" container, or has been lost.
Solution: Delete the object from its current location, and let the site create a new object.

Possible cause: The Active Directory schema has not been extended with the correct ConfigMgr Active Directory classes and attributes.
Solution: Turn off Active Directory publishing for each site in the forest, until the schema can be extended. The schema can be extended with the tool "extadsch.exe" from the installation media.

Event Viewer - Event ID 4912 - SMS Server - Error

Solution: Complete the steps below to ensure that the SCCM computer account has the ability to write to Active Directory.

  1. Add Permission to the System Management Container
    1. From the following technet article: http://technet.microsoft.com/en-us/library/bb633169.aspx
      After you have created the System Management container in Active Directory Domain Services, you must grant the site server’s computer account the permissions that are required to publish site information to the container.

      1. On your domain controller navigate to Server Manager -> Tools -> Active Directory Users and Computers
        Server Manager - Active Directory Users and Computers
      2. Click View and select Advanced Features
        Active Directory Users and Computers - View - Advanced Features
      3. Expand your site, SystemSystem Management and select Properties
        Active Directory Users and Computers - System - System Management - Properties
      4. On the System Management Properties dialog box select the Security Tab
        System Management Properties - General Tab
      5. Click Add.. on the Security Tab
        System Management Properties - Security Tab - Add
      6. Click the Object Types… button, check Computers, and click OK
        Select Active Directory Object - Object Types
      7. Type in the computer’s name and click OK
        Select Active Directory Object - SCCM
      8. Check Full Control on the Security Permissions for your SCCM machine
        System Management Properties - Security Tab - Full Control - SCCM
      9. Click the Advanced button, select the computer account, and click Edit
        Advanced Security Settings for System Management - SCCM
      10. Select This object and all descendant objects in the Applies to section and click OK
        Permission Entry for System Management - Advanced - SCCM
      11. Restart the SMS_SITE_COMPONENT_MANAGER and service
        Servers - SMS_SITE_COMPONENT_MANAGER

 

System Center 2012 Configuration Manager R2 (SCCM 2012 R2) Standalone Deployment

4 Replies

Recently, I had to install System Center 2012 Configuration Manager R2.  I have had no prior experience using this product up to this point, so I thought I would document my notes and findings while giving the installation a whirl.

Prerequisites

  • Domain Controller
    • DNS Role (could be on a seperate machine)
    • DHCP Role (could be on a seperate machine)
  • Server 2012 R2 instance for SCCM
    • Should be joined to the domain
    • 200GB HDD
      • 40-50GB for OS
      • 150GB for SCCM
  • Windows 7 Client for Testing
    • Should be joined to the domain

If you wish to use a different Operating System version for your server or client, you can find a list of supported configurations from the following technet article: http://technet.microsoft.com/en-us/library/gg682077.aspx

Here are my tutorials on deploying System Center 2012 R2 Configuration Manager Standalone

  1. Deploying System Center 2012 R2 Configuration Manager
  2. Adding a Software Update Point
  3. Discovery Methods and Boundaries
  4. Client Web Service Point and Deploying the SCCM Agent
  5. Deploying Endpoint Protection

Tutorial

  1. Manually create the System Management Container in Active Directory Domain Services
    1. From the following technet article: http://technet.microsoft.com/en-us/library/bb632591.aspx
      Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services.

      1. Log on to one of your domain controllers
      2. From Server Manager, select Tools -> ADSI Edit
        Server Manager - ADSI Edit
      3. Right click ADSI Edit and select Connect to...
        ADSI Edit - Connect To
      4. Ensure the Connection Point is set as Default naming Context and click OK
        ADSI Edit - Connection Settings - Default naming context
      5. Expand Default naming context <FQDN>, expand <distinguished name>, right-click CN=System, click New, and then click Object
        ADSI Edit - System - New - Object
      6. In the Create Object dialog box, select Container, and then click Next
        ADSI Edit - Create Object - Container
      7. In the Value box, type System Management, and then click Next
        ADSI Edit - Create Object - System Management
      8. Click Finish
        ADSI Edit - Create Object - Finish
  2. Add Permission to the System Management Container
    1. From the following technet article: http://technet.microsoft.com/en-us/library/bb633169.aspx
      After you have created the System Management container in Active Directory Domain Services, you must grant the site server's computer account the permissions that are required to publish site information to the container.

      1. On your domain controller navigate to Server Manager -> Tools -> Active Directory Users and Computers
        Server Manager - Active Directory Users and Computers
      2. Click View and select Advanced Features
        Active Directory Users and Computers - View - Advanced Features
      3. Expand your site, System, System Management and select Properties
        Active Directory Users and Computers - System - System Management - Properties
      4. On the System Management Properties dialog box select the Security Tab
        System Management Properties - General Tab
      5. Click Add.. on the Security Tab
        System Management Properties - Security Tab - Add
      6. Click the Object Types... button, check Computers, and click OK
        Select Active Directory Object - Object Types
      7. Type in the computer's name and click OK
        Select Active Directory Object - SCCM
      8. Check Full Control on the Security Permissions for your SCCM machine
        System Management Properties - Security Tab - Full Control - SCCM
      9. Click the Advanced button, select the computer account, and click Edit
        Advanced Security Settings for System Management - SCCM
      10. Select This object and all descendant objects in the Applies to section and click OK
        Permission Entry for System Management - Advanced - SCCM
  3. Create Service Accounts for System Center in Active Directory
    1. SCCMDJ
      1. This service account is actually defined as the Task Sequence Editor Domain Joining Account.  The account is used in a task sequence to join a newly imaged computer to a domain. This account is required if you add the step Join Domain or Workgroup to a task sequence, and then select Join a domain. This account can also be configured if you add the step Apply Network Settings to a task sequence, but it is not required.
    2. SCCMCP
      1. The Client Push Installation Account is used to connect to computers and install the Configuration Manager client software if you deploy clients by using client push installation. If this account is not specified, the site server account is used to try to install the client software.  This account will need to be a local administrator on the machine we want to push software to.
    3. SCCMNA
      1. The Network Access Account is used by client computers when they cannot use their local computer account to access content on distribution points. For example, this applies to workgroup clients and computers from untrusted domains. This account might also be used during operating system deployment when the computer installing the operating system does not yet have a computer account on the domain.
    4. SCCMRA
      1. The Reporting Services Point Account is used by SQL Server Reporting Services to retrieve the data for Configuration Manager reports from the site database. The Windows user account and password that you specify are encrypted and stored in the SQL Server Reporting Services database.
    5. NOTE: There are other service accounts that can be created for SCCM other than these as well.  You can see a full listing from the following technet article (additional note, descriptions for the service accounts above were copied from this same article): http://technet.microsoft.com/en-us/library/hh427337
  4. Download a copy of Microsoft System Center 2012 R2 Configuration Manager and Endpoint Protection from the Volume Licensing Center or the Technet Evaluation Center
    1. This is called System Center 2012 R2 Config Mgr Client Mgmt License in the Volume Licensing Center
    2. The evaluation copy can be found here: http://technet.microsoft.com/en-us/evalcenter/dn205297.aspx
    3. NOTE: In this tutorial, I will be using the ISO distributed from the volume licensing center
  5. Extend the Active Directory schema for Configuration Manager
    1. Mount/extract the System Center 2012 R2 Configuration Manager media to your SCCM machine
    2. Navigate to D:\SMSSETUP\BIN\X64 (or where ever your installation media is).  Right click on a file called extadsch.exe and right click, Run as Administrator
      extadsch_exe - Run as administrator
    3. You will notice a black command prompt popup and then dissappear.  Once it has dissappeared, open the following text document: c:\ExtADSch.txt
      ExtADSch - Extended Schema Results
    4. Verify the schema has been successfully extended
      ExtADSch - Successfully extended the Active Directory Schema
  6. Install Pre-requisits to System Center Configuration Manager 2012 R2
    1. Execute the following powershell command
      1. Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat -Restart
        Add-WindowsFeature - SCCM Prerequisites
    2. Execute the following command
      1. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -r
        aspnet_regiis_exe - PowerShell
      2. NOTE: Apparently there was/is? a bug in the .NET framework which causes an error later on.  Although optional, I would run this just be sure the .NET framework works properly with two different versions installed.  You can read more about this command here: http://msdn.microsoft.com/en-US/library/k6h9cz8h(v=vs.80).ASPX
    3. Install Windows Server Update Services
      1. Execute the following commands (ensure you change the values to where you want the WSUS definitions and SQL server locations reside)
        1. Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB -IncludeManagementToolsInstall-WindowsFeature -Name UpdateServices_UpdateServices-DB -IncludeManagementTools
        2. cd "c:\Program Files\Update Services\Tools"
        3. ./wsusutil.exe postinstall CONTENT_DIR=E:\WSUS sql_instance_name=SQLSERVERNAME
          wsusutil postinstall content_dir sql_instance_name
    4. Install User State Migration Tool (USMT)
      1. Download a copy of the User State Migration Tool (USMT) from Microsoft's website: http://go.microsoft.com/fwlink/?LinkId=301570
      2. Right click and run adksetup.exe as an administrator (Click Yes if prompted by UAC)
        adksetup_exe - Run as administrator
      3. Click Next on the Specify Location screen
        Windows Assessment and Deployment Kit for Windows 8_1 - Specify Location
      4. Click Next on the Join the Customer Experience Imporovement Program (CEIP) screen
        Windows Assessment and Deployment Kit for Windows 8_1 - Join the Customer Experience Improvement Program (CEIP)
      5. Click Accept on the License Agreenment screen
        Windows Assessment and Deployment Kit for Windows 8_1 - License Agreement
      6. Check Deployment Tools, Windows Preinstallation Environment (Windows PE), and User State Migration Tool (USMT), and then click Install
        Windows Assessment and Deployment Kit for Windows 8_1 - Select the features you want to install - Deployemnt Tools - Windows PE - USMT
      7. Click Close on the Welcome to Windows Assessment and Deployment Kit for Windows 8.1
        Windows Assessment and Deployment Kit for Windows 8_1 - Welcome to the Windows Assessment and Deployment Kit for Windows 8_1
    5. Run Windows Updates to ensure you are fully patched
      Latest Windows Updates
  7. Install and Configure SQL Server
    1. Install SQL Server
      1. This step can vary on how you want to deploy SQL server.  In this particular environment, a SQL cluster had already been deployed in the organization, so I will take advantage of that.  However, in smaller environments, you can install the SQL Service on the same machine.  You can find a compatibility matrix and which versions of SQL Server can be installed: http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigSQLDBconfig
    2. If you have a remote SQL server, make sure you add the SCCM computer account as a local administrator of the SQL server.  More information on how to do that can be found in this guide: http://jackstromberg.com/2014/06/sccm-2012-r2-site-server-computer-account-administrative-rights-failed/
  8. Install System Center 2012 Configuration Manager R2
    1. Navigate to your installation media and double click on splash.hta to launch the installer
      SCCMSCEP - splash_hta

      1. NOTE: If you are doing an offline install (no internet), run the setupdl.exe installer from your installation media (example: D:\SMSSETUP\BIN\X64\setupdl.exe)
    2. Click on Install (Click Yes if prompted by UAC)
      System Center 2012 R2 Configuration manager Setup - Install
    3. Click Next >
      System Center 2012 R2 Configuration manager Setup - Before You Begin
    4. Ensure Install a Configuration Manager primary site is checked and click Next >
      System Center 2012 R2 Configuration manager Setup - Getting Started - Install a Configuration Manager primary site
    5. Enter your license key or hit Install the evaluation edition of this product and click Next >
      System Center 2012 R2 Configuration manager Setup - Install the licensed edition of this product
    6. Accept the license agreemt for the Microsoft Software License Terms
      System Center 2012 R2 Configuration manager Setup - Microsoft Software License Terms
    7. Accept the license agreements for SQL Server 2012 Express, SQL Server 2012 Native Client, and Silverlight, then click Next >
      System Center 2012 R2 Configuration manager Setup - Prerequisite Licenses
    8. Check Download required files and put them on your desktop
      1. This will grab the latest copy of SCCM.  If you need to do an offline installation, you can manually run the offline installer from your installation media (in my case: D:\SMSSETUP\BIN\X64\setupdl.exe).
        System Center 2012 R2 Configuration manager Setup - Prerequisite Downloads
    9. Select your language to run System Center server in and then click Next >
      System Center 2012 R2 Configuration manager Setup - Server Language Selection
    10. Select your languages to support on your client devices and click Next >
      System Center 2012 R2 Configuration manager Setup - Client Language Selection
    11. Set a site code (I would use an airport code if you only have one office in each office location), enter your site name, and then change the installation folder to use your second partition.  Once done, click Next >
      System Center 2012 R2 Configuration manager Setup - Site and Installation Settings
    12. Check Install the primary site as a stand-alone site and click Next >
      System Center 2012 R2 Configuration manager Setup - Primary Site Installation - Install the primary site as a stand-alone site
    13. Click Yes on the Configuration Manager dialog box that explains you can configure SCCM to be in a heirrachy to scale at a later time
      System Center 2012 R2 Configuration manager Setup - Primary Site Installation - Install the primary site as a stand-alone site - Dialog Confirm
    14. Enter in the SQL Server Name (FQDN) to your database server and click Next >
      1. If you installed the SQL Server service on this same machine, it should be the FQDN to your SCCM machine.  If you have a SQL Server you would like to point to, enter in the FQDN of that server.
        System Center 2012 R2 Configuration manager Setup - Database Information
    15. Click Next > on the Database Information screen
      System Center 2012 R2 Configuration manager Setup - Database Information
    16. Click Next > on the SMS Provider Settings
      System Center 2012 R2 Configuration manager Setup - SMS Provider Settings
    17. Check Configure the communication method on each site system role and then click Next > if you do not have  PKI setup.  If you have a PKI implemented in your environment, you may go ahead and choose All site system roles accept only HTTPS communication from clients.
      System Center 2012 R2 Configuration manager Setup - Client Computer Communication Settings

      1. Click Yes to continue if you selected All site system roles accept only HTTPS communication from clients
        System Center 2012 R2 Configuration manager Setup - Client Computer Communication Settings - Confirmation Dialog
    18. Ensure Install a management point and Install a distribution point are checked and click Next >
      System Center 2012 R2 Configuration manager Setup - Site System Roles
    19. Click Next > on the Customer Experience Improvement Program
      System Center 2012 R2 Configuration manager Setup - Customer Experience Improvement Program
    20. Verify the settings you chose on the Settings Summary and then click Next >
      System Center 2012 R2 Configuration manager Setup - Settings Summary
    21. Click Begin Install on the Prerequisite Check once you have passed all of the potential issues.  In this case, I have a few that are false possitives, so I am going to go ahead with the install.
      System Center 2012 R2 Configuration manager Setup - Prerequisite Check
    22. Once done installing, hit Close
      System Center 2012 R2 Configuration manager Setup - Install Completed

Try opening up the System Center 2012 R2 Configuration manager console.  If it opens, congrats on your newly deployed System Center! 🙂

System Center 2012 R2 Configuration Manager - Overview

SCCM 2012 R2 - Warning - IIS HTTPS Configuration for management point

2 Replies

Symptom: When installing System Center 2012 R2 Configuration Manager and requiring all communications to be secure via HTTPS you receive the following Warning on the Prerequisite Check screen of the installation wizard.

Warning: IIS HTTPS Configuration for managment point
Warning: IIS HTTPS Configuration for distribution point

Internet Information Services (IIS) website bindings for HTTPS communication protocol is required for some site roles.  If you have selected to install site roles requiring HTTPS, please configure IIS website bindings on the specified server with a valid PKI server certificate.

System Center 2012 R2 Configuration Manager Setup Wizard - Prerequisite Check - Warning IIS HTTPS Configuration for managment point

 

Solution: You need to add bindings for HTTPS to the Default Website inside of IIS Manager.

  1. Open up Internet Information Services (IIS) Manager
    Server 2008 R2 - Start - Administrative Tools - Internet Information Services IIS Manager
  2. Expand your server and select Default Web Site
    IIS - Default Web Site
  3. Select Bindings... on the right side
    IIS - Bindings
  4. Click the Add... button
    IIS - Site Bindings
  5. Select https as the connection type and then select the SSL certificate you wish to use
    IIS - Site Bindings - Add Site Binding - SCCM
  6. Click OK
    IIS - Site Bindings - SCCM

SCCM 2012 R2 - Site server computer account administrative rights failed

13 Replies

Symptom: When trying to deploy System Center Configuration Manager 2012 R2, you receive the following status under the Prerequisite Check of the deployment.

Configuration Manager Setup requires that the site server computer has administrative rights on the SQL Server and management point computers.

System Center 2012 R2 Configuration Manager Setup Wizard - Site server computer account administrative rights failed

Solution: You will need to add the computer account as a local administrator of the SQL server.  Follow the steps below to accomplish this task.

  1. Login to the SQL server
  2. Open up Server Manager
    Server Manager
  3. Select Configuration and double click on Local Users and Groups
    Server Manager - Configuration
  4. Double click on Groups
  5. Server Manager - Configuration - Local Users and Groups
  6. Double click on Administrators
    Server Manager - Configuration - Local Users and Groups - Administrators
  7. Click the Add... button
    Server Manager - Configuration - Local Users and Groups - Administrators - Add
  8. Click on the Object Types... button
    Server 2008 - Select Users - Computers - Service Accounts - Groups
  9. Check Computers and click OK
    Server 2008 - Select Users - Computers - Service Accounts - Groups - Object Typers - Computers
  10. Type in the name of your SCCM server and click OK
    Server 2008 - Select Users - Computers - Service Accounts - Groups - SCCM
  11. Click OK
    Server Manager - Configuration - Local Users and Groups - Administrators - SCCM

Configure call forwarding on unassigned number ranges in Lync

2 Replies

One of the new features introduced in Lync Server 2010 and kept in 2013 is the ability to assign a block of numbers to Lync and have Lync handle a call made to an unassigned number a specific way rather than just have a fast-busy signal.

While it is easy to configure a call to be handled by a simple announcement (a sound file saying you have reached a number that has not been assigned to an individual at your corporation or a text-to-speech version translated by Lync), there is really no easy way to configure the call to be routed a specific way via the CSCP (Lync GUI control panel).  In this tutorial, we will cover some of the powershell commands to create an announcement to forward the call to an operator or response group and then assign the announcement to an unassigned number range.

  1. Open up the Lync Server Management Shell as an administrator on one of your Front End servers
    Lync Server Management Shell - Run as administrator
    Lync Server Management Shell - Running as Administrator
  2. Execute the following powershell command to configure how the call should be handled
    1. To route to a response group or user
      New-CsAnnouncement -Identity ApplicationServer:lyncpool.mydomain.com -Name "Forward Announcement" -TextToSpeechPrompt "Thank you for calling my company, please wait while we redirect your call." -Language "en-US" -TargetUri sip:[email protected]
    2. To route to a specific phone number (make sure you specify ;user=phone)
      New-CsAnnouncement -Identity ApplicationServer:lyncpool.mydomain.com -Name "Forward Announcement" -TextToSpeechPrompt "Thank you for calling my company, please wait while we redirect your call." -Language "en-US" -TargetUri "sip:+[email protected];user=phone"
    3. Alternatively, you can use your own recording in a .wav format rather than use the robotic Lync voice by specifying using either of the following commands:
      New-CsAnnouncement -Identity ApplicationServer:lyncpool.mydomain.com -Name "Forward Announcement" -AudioFilePrompt "WelcomeMessage.wav" -TargetUri sip:[email protected]
      New-CsAnnouncement -Identity ApplicationServer:lyncpool.mydomain.com -Name "Forward Announcement" -AudioFilePrompt "WelcomeMessage.wav" -TargetUri "sip:+[email protected];user=phone"
      New-CsAnnouncement -TextToSpeech - forward to user
  3. Execute the following powershell command to create the unassigned number range and assign our announcement/forward to the unassigned number range
    1. New-CsUnassignedNumber -Identity "Unassigned Number Range" -NumberRangeStart "+15555555000" -NumberRangeEnd "+15555559000" -AnnouncementName "Forward Announcement" -AnnouncementService ApplicationServer:lyncpool.mydomain.com
      New-CsUnassignedNumber Range - Forward Annoucnement
  4. At this point, once you call a number that has not been assigned to a response group, user, dial-in access number, etc in the 15555555000-9000 range, you should receive your message and in my particiular case, the call should be forwarded to a particular user.  Hope this helps!

Notes: Official technet article on how the New-CsAnnouncement command can be found here: http://technet.microsoft.com/en-us/library/gg398522.aspx

[Tutorial] Deploying VMware vCloud Director 5.5

5 Replies

Here are some notes on deploying VMware vCloud Director 5.5.  I fealt the process as a whole was very confusing as there really isn't a definitive guide out there for folks going from vCenter to a suite product such as vCloud Director.

Prerequisites / Tutorial To-Do List

  • Microsoft SQL Server 2008 R2
    • The SQL Server must use Mixed Mode authentication (cannot use Windows Authentication, must be a SQL account)  We'll go over configuring this in the guide.
  • Linux VM
    • Must run one of the following OSes (I'm using CentOS6 for this guide)
      • CentOS 6 (64-bit) Update 4
      • Red Hat Enterprise Linux 5 (64-bit) Update 4
      • Red Hat Enterprise Linux 5 (64-bit) Update 5
      • Red Hat Enterprise Linux 5 (64-bit) Update 6
      • Red Hat Enterprise Linux 5 (64-bit) Update 7
      • Red Hat Enterprise Linux 5 (64-bit) Update 8
      • Red Hat Enterprise Linux 5 (64-bit) Update 9
      • Red Hat Enterprise Linux 6 (64-bit) Update 1
      • Red Hat Enterprise Linux 6 (64-bit) Update 2
      • Red Hat Enterprise Linux 6 (64-bit) Update 3
      • Red Hat Enterprise Linux 6 (64-bit) Update 4
    • Two network adapters
    • At least 4 GB of memory
    • Hard drive space for the OS and an additional 2 GB of disk space for vmware installation and log files
  • Working ESXi environment with vCenter Server
  • VMware vCloud Networking and Security 5.5.x
  • VMware vCloud Director License Key

Best practicies article can be found here: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2059451

Deploy VMware vCloud Networking and Security 5.5.x 

Prior to installing vCloud Director, you must have the VMware vCloud Networking and Security 5.5.x appliance configured and running.  This product was formally called vShield, as is a required component of vCloud Director.  Instructions on how to deploy this can be found here: http://jackstromberg.com/2014/04/tutorial-deploying-vmware-vcloud-networking-and-security-5-5/

Linux VM Installation (CentOS 6)

  1. Grab a copy of the live CD iso to install the OS
    1. http://isoredirect.centos.org/centos/6/isos/x86_64/
  2. Next your way to victory through the install, substituting in your location and server info.
  3. Install VM tools once you have your OS up and running
    1. Tutorial on how to install VMtools on CentOS 6 can be found here: http://jackstromberg.com/2014/04/tutorial-how-to-install-vmtools-on-centos-6/
  4. Configure static IPs on each of your network cards
  5. Enable the firewall to allow inbound connections on port 443 (HTTPS)
    1. Tutorial on how to add firewall rules to CentOS 6 can be found here: http://jackstromberg.com/2014/04/tutorial-adding-firewall-rules-via-system-config-firewall-tui-on-centos-6/

Generate SSL certificates

We will need to generate some SSL certificates before running the vCloud Director installation.  Please follow the steps below to create a java keystore that vCloud director will use for SSL.  Below are two different methods of generating certificates.  Use the first if you don't want to sign your certificates, use the second if you want to sign your certificate with an internal or external certificate authority.  Note: Usually I create seperate keystores with for each service, in this case, VMware wants both certificates in the same keystore.  Additionally, make sure you change the default password in the commands below to something stronger (other VMware products want you to use a generic password, this one you can change as it will be prompted during the install process).

Creating Self-Signed Certificates

keytool -genkey -keyalg RSA -storetype JCEKS -alias http -keystore certificates.ks -storepass passwd -validity 360 -keysize 2048
Self-Signed vCloud Director Certificate - http

keytool -genkey -keyalg RSA -storetype JCEKS -alias consoleproxy -keystore certificates.ks -storepass passwd -validity 360 -keysize 2048
Self-Signed vCloud Director Certificate - consoleproxy

--Verify both certificates are in the same keystore--

keytool -list -keystore certificates.ks -storetype JCEKS -storepass "passwd"
Self-Signed vCloud Director Certificate - keystore

Creating Signed Certificate Requests (use this if you have an internal PKI, skip this step if you used self-signed certs above)

--Create the certificate requests--

  • HTTP Web Cert Request
    • keytool –certreq -keystore certificates.ks -storetype JCEKS -storepass passwd -alias http -file http.csr -validity 360 -keysize 2048
  • Console Proxy Cert Request
    • keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -certreq –alias consoleproxy -file consoleproxy.csr -validity 360 -keysize 2048

--Import CA Chain--

  • Root Certificate Authority
    • keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import –alias root -file root.cer
  • Intermediate Certificate Authority (only needed if you have one)
    • keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import –alias intermediate -file intermediate.cer

--Import Signed Cert--

  • HTTP Web Signed Cert
    • keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import –alias http -file http.cer
  • Console Proxy Signed Cert
    • keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import –alias consoleproxy -file consoleproxy.cer

Note: Official VMware KB article on generating SSL certificates for vCloud Director: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1026309

Configure the Microsoft SQL (MSSQL) Server Database

  1. Login to your SQL Server/Cluster
  2. Right click on your SQL Server and select Properties
    msSQL - Server Properties
  3. Select the Security page and ensure SQL Server and Windows Authentication mode is checked
    1. Per VMware's documentation, Windows Authentication is not supported when using Microsoft SQL with vCloud Director.
      Server Properties - SQL Server and Windows Authentication Mode
  4. Click OK
  5. Click on the New Query button and Execute the following query (make sure you change the path to the database and log files). This command will create the database instance and log files, specifying the proper collation sequence:
    USE [master]
    GO
    CREATE DATABASE [vcloud] ON PRIMARY
    (NAME = N'vcloud', FILENAME = N'C:\vcloud.mdf', SIZE = 100MB, FILEGROWTH = 10% )
    LOG ON
    (NAME = N'vcdb_log', FILENAME = N'C:\vcloud.ldf', SIZE = 1MB, FILEGROWTH = 10%)
    COLLATE Latin1_General_CS_AS
    GO
    msSQL - vCloud Director - Database Creation
  6. Use VMware's recommended transaction isolation level.  Click the New Query button again and then Execute the following query:
    USE [vcloud]
    GO
    ALTER DATABASE [vcloud] SET SINGLE_USER WITH ROLLBACK IMMEDIATE;
    ALTER DATABASE [vcloud] SET ALLOW_SNAPSHOT_ISOLATION ON;
    ALTER DATABASE [vcloud] SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT;
    ALTER DATABASE [vcloud] SET MULTI_USER;
    GO
    msSQL - vCloud Director - Transaction Isolation Level
  7. Next, create the SQL User to connect to the database (we will use vcloud as the username, you can change this if you would like).  Click the New Query button again and then Execute the following query (amke sure to change the default password):
    USE [vcloud]
    GO
    CREATE LOGIN [vcloud] WITH PASSWORD = 'vcloudpass', DEFAULT_DATABASE =[vcloud],
    DEFAULT_LANGUAGE =[us_english], CHECK_POLICY=OFF
    GO
    CREATE USER [vcloud] for LOGIN [vcloud]
    GO
    msSQL - vCloud Director - Create User Account
  8. Last, assign the proper permissions to the SQL user.  We will need the user to have db_owner permissions for the install.  Click the New Query button again and then Execute the following query:
    USE [vcloud]
    GO
    sp_addrolemember [db_owner], [vcloud]
    GO
    msSQL - vCloud Director - db_owner privileges

The official VMware KB article on configuring MSSQL Server (and oracle) can be found here: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034540

Install vCloud Director

  1. Copy the certificates.ks keystore over to the vCloud Director VM if you didn't generate them on it.
    1. I placed my ssl certificates in the following directory (VMware doesn't recommend a location, so I just picked this one): /opt/vmware/
  2. Download a copy of VMware vCloud Director 5.5.X from myvmware.com
  3. Open up Terminal
    CentOS6 - Terminal
  4. Execute the following command to install one of the prerequisites for the vcloud director installer (CentOS should come preinstalled with the others)
    1. yum install redhat-lsb
      yum install redhat-lsb
  5. Enter y and then press enter to continue the install
    yum install redhat-lsb - Download Packages
  6. Enter y and then press enter to continue the install
    yum install redhat-lsb - Install Packages
  7. Navigate to the folder where you downloaded the vmware-vcloud-director bin file and execute the following command to allow the bin file to be executed
    1. chmod u+x vmware-vcloud-director-5.5 (tab to the end of the file)
      chmod vmware-vcloud-director
  8. Execute the following command to begin the installation
    1. ./vmware-vcloud-director (tab to the end of the file)
      Install vmware-vcloud-director-5.5
  9. Enter y to run the script after the installer verifies prerequisites
    Install vmware-vcloud-director-5.5 - Run the script
  10. Select which adapter you would like to assign the HTTP service to and press enter (this will be for the web management interface)
    Install vmware-vcloud-director-5.5 - HTTP service adapter
  11. Select which adapter you would like to assign the console proxy IP address to and press enter
    Install vmware-vcloud-director-5.5 - Remote console proxy adapter
  12. Enter in the path to your certificates.ks file and press enter (in this tutorial, I used /opt/vmware/certificates.ks for example)
    Install vmware-vcloud-director-5.5 - Java keystore - SSL Certificates
  13. Enter in the password to the keystore when prompted and press enter
    Install vmware-vcloud-director-5.5 - Java keystore - SSL Certificates - Password
  14. If you have a syslog server enter in the IP to it, otherwise press enter to skip it
    Install vmware-vcloud-director-5.5 - Syslog host name
  15. Type 2 to use Microsoft SQL Server and press enter
    Install vmware-vcloud-director-5.5 - Microsoft SQL Server
  16. Enter in the hostname or IP address to your MSSQL server and press enter
    Install vmware-vcloud-director-5.5 - Microsoft SQL Server - host
  17. Press enter to use the default SQL server port
    Install vmware-vcloud-director-5.5 - Microsoft SQL Server - port
  18. Enter in the name of your sql database (using the default database name vcloud for this guide) and press enter
    Install vmware-vcloud-director-5.5 - Microsoft SQL Server - database name
  19. Press enter to use the default database instance
    Install vmware-vcloud-director-5.5 - Microsoft SQL Server - database instance
  20. Enter your database user (vcloud is what we have been using for this tutorial) and press enter
    Install vmware-vcloud-director-5.5 - Microsoft SQL Server - database user
  21. Enter the password to your sql user and press enter
    Install vmware-vcloud-director-5.5 - Microsoft SQL Server - database password
  22. Type y and press enter to start the service
    Install vmware-vcloud-director-5.5 - Start Service

Configuring vCloud Director

  1. Open up your web browser and navigate over to your vCloud instance
  2. Optionally, install the VMware Remote Console Plug-in if prompted and then click Next
    1. The VMware Remote Console plug-in is used to manage your VMs through the web.  It is not needed during the installation process.
      vCloud Director - Setup Wizard - Welcome
  3. "Read" and check Yes, I accept the terms in the license agreement and click Next
    vCloud Director - Setup Wizard - License Agreement
  4. Enter your vCloud Director license key (can be obtained my myvmware.com) and click Next
    vCloud Director - Setup Wizard - Licensing
  5. Enter in an administrator account used to manage vCloud Director and then click Next
    vCloud Director - Setup Wizard - Create an Administrator Account
  6. Enter a system name (I used vCloudDirector) that gets added to vSphere.  This is where all the vCloud Director VMs will go when they are provisioned.  Click Next
    vCloud Director - Setup Wizard - System Settings
  7. Click Finish
    vCloud Director - Setup Wizard - Ready to Complete
  8. Login using your Administrator account once redirected
  9. Click on Attach a vCenter undernetth provision your Cloud resources...
    vCloud Director - Attach a vCenter
  10. Enter in your vCenter info and click Next
    vCloud Director - Attach a vCenter - Name this vCenter
  11. Enter in the username and password to your vShield Manager instance and click Next
    vCloud Director - Connect to vShield Manager
  12. Verify your settings and click Finish
    vCloud Director - Connect to vShield Manager - Ready to Complete
  13. Click on Step 2, Create a Provider VDC
    vCloud Director - Create Provider VDC
  14. If you have different resource pools with different configurations, I would create a similar name for your vDC.  In this example, I only have one resource pool containing all the resources in my environment, so I am going to name my vDC (Virtual Data Center) My Company.  Click Next when ready to proceed.
    1. Additionally, you can select what supported hardware version you wish to use.  As I have no ESX 4.x hosts, I am going to select Hardware version 9 as I have a newer environment.
    2. Note: Per VMware's website, here is the definition of a Provider vDC: A Provider vDC is a collection of compute, memory, and storage resources from one vCenter. A Provider vDC provides resources to organization vDCs.
      vCloud Director - Create Provider VDC - Name this Provider VDC
  15. Select a resource pool you wish to deploy the VMs to and click Next
    vCloud Director - Create Provider VDC - Select a Resource Pool
  16. If you have a specific datastore or storage policy you wish to use for this vDC, select the Storage Policy/Datastore, click the Add button, and then click Next.
    vCloud Director - Create Provider VDC - Select a Resource Pool - Add
  17. Enter in the credentials to each of the hosts to deploy the vCloud Director agent.  Once completed, click Next.
    vCloud Director - Create Provider VDC - Prepare Hosts
  18. Click Finish if the provided information looks correct
    vCloud Director - Create Provider VDC - Ready to Complete
  19. Now, depending on your configuration, if you had other VMs deployed to this resource pool, you may receive an error stating that the machines cannot enter maintennace mode.  The reason behind this is that DRS is preventing the hosts from entering maintnenace mode because DRS cannot move the VMs around to achieve High Availablity.
    vCloud Director - vCenter - Operation timed out - Prepare Host

    1. If you see this behavior, you will have to manually deploy the vCloud Director agents to the hosts.  To do this, click on the Manage & Monitor tab inside of vCloud Director.
      vCloud Director - Manage & Monitor
    2. Select Hosts
    3. Right click on one of the hosts and select Prepare Host...
      vCloud Director - Manage & Monitor - Prepare Host
    4. Enter the username and password to the host and click OK
      vCloud Director - Manage & Monitor - Prepare Host - Credentials
    5. Repeat this process for the other hosts in your cluster (you can select multiple hosts at a time. Now that we have at least one host available, we can failover a few VMs via)
      vCloud Director - Manage & Monitor - Prepare Host - Success
      vCloud Director - Manage & Monitor - Prepare Host - Success All Hosts
  20. Click on the Home tab and then click on the Create a new organization link
    vCloud Director - Create a new organization
  21. Enter in your organization information and click Next
    1. The Organization name is simply a code used to generate a short url to identify the organization.  Only letters and numbers are accepted in this field.
      vCloud Director - Create a new organization - Name this Organization
  22. Optionally select whether you want to use LDAP to provide access to vCloud Director and then click Next.
    vCloud Director - Create a new organization - LDAP Options
  23. On the Add Local Users page, click Add to add virtual vCloud Users (non-ldap).  Click Next once you have added the users of your choice or click Next if you want to add users later.
    vCloud Director - Create a new organization - Add Local Users
  24. On the Catalog page, select whether or not you want to allow sharing/publishing between organizations.  In this case, just click Next.
    (oops, no picture for this one 🙁 )
  25. On the Email Preferences page, click Next
    vCloud Director - Create a new organization - Email Preferences
  26. Configure the policies to your liking.  In this case I am going to leave things with their default settings and click Next
    (Oops, no picture for this one 🙁 )
  27. Click Finish
    vCloud Director - Create a new organization - Ready to Complete
  28. Click on Step 6 Allocate resources to an organization
    vCloud Director - Allocate resources to an organization
  29. Select the Organization you created and click Next
    vCloud Director - Allocate resources to an organization - Select Organization
  30. Select your Provider VDC and click Next
    vCloud Director - Allocate resources to an organization - Select Provider VDC
  31. Select the allocation model you choose to best fit your organization.  In this case, I am going to use Pay-As-You-Go to only allocate used resources.  Click Next.
    vCloud Director - Allocate resources to an organization - Select Allocation Model
  32. Choose you you want to configure your allocation model from the previous step and click Next.
    vCloud Director - Allocate resources to an organization - Configure Pay-As-You-Go Model
  33. Select the storage you want to use, click Add, and then click Next
    vCloud Director - Allocate resources to an organization - Allocate Storage
  34. Click Next on the Select Network Pool & Services page
    vCloud Director - Allocate resources to an organization - Select Network and Services
  35. Click Next if you don't need an edge gateway to an external network
    1. An edge gateway is needed to provide access to other internal and external (internet) networks.
      vCloud Director - Allocate resources to an organization - Create a new edge gateway
  36. Enter a name for the new Organization VDC and click Next
    vCloud Director - Allocate resources to an organization - Name this Organization VDC
  37. Click Finish
    vCloud Director - Allocate resources to an organization - Ready to Complete

At this point you should be able to publish a catalog or create a new VM from scratch in a completely isolated environment.  You can add an external network or utilize a VXLAN with additional configurations to begin to connect your network to an outside world.

Hope this helps!

[Tutorial] Deploying VMware vCloud Networking and Security 5.5

2 Replies

Here is a tutorial on deploying VMware vCloud Networking and Security 5.5 (formerlly called vShield).  Unlike other VMware products, this product must be installed as an appliance.  VMware provides you an OVA file that contains the entire virtual appliance, so minimal configuration is needed.  Here is a good overview of the product and how it works: http://vmwarelearning.com/vcloud_net_sec/

Before beginning, here are the following hardware prerequisites.  These prerequisites can be found from the official VMware deployment guide: http://www.vmware.com/pdf/vshield_51_quickstart.pdf

  • Memory
    • vShield Manager: 8GB allocated, 3GB reserved
    • vShield App: 1GB allocated, 1 GB reserved
    • vShield Edge compact: 256 MB, large: 1 GB, x-large: 8 GB
    • vShield Data Security: 512 MB
  • Disk Space
    • vShield Manager: 60 GB
    • vShield App: 5 GB per vShield App per ESX host
    • vShield Edge compact and large: 320 MB, lx-Large: 4.4 GB (with 4 GB swap file)
    • vShield Data Security: 6GB per ESX host
  • vCPU
    • vShield Manager: 2
    • vShield App: 2
    • vShield Edge compact: 1, large and x-Large: 2
    • vShield Data Security: 1

Installing VMware vCloud Networking and Security 5.5 Appliance

  1. Download the VMware vCloud Networking and Security 5.5 OVA file from myvmware.com
  2. Login to vCenter
  3. Select File->Deploy OVF Template...
    Deploy OVF Template...
  4. Click Browse...
    Deploy OVF Template - Browse
  5. Select the VMware-vShield-Manager-5.5.x-xxxxxxx.ova file you downloaded and click OK
    Deploy OVF Template - VMware vShield Manager Appliance
  6. Select Next >
    Deploy OVF Template - Browse - vShield Appliance
  7. Select Next >
    Deploy OVF Template - vShield Manager
  8. Select Accept and then click Next >
    Deploy OVF Template - vShield Manager - Accept EULA
  9. Enter a name for the VM and click Next >
    Deploy OVF Template - vShield Manager - Name and Location
  10. Select a datastore to place the VM on storage and click Next >
    Deploy OVF Template - vShield Manager - Deploy OVF Template
  11. Select how you want to provision the VM and click Next >
    Deploy OVF Template - vShield Manager - Disk Format
  12. Select the destination network and click Next >
    Deploy OVF Template - vShield Manager - Network Mapping
  13. Enter in a password for the default admin user and for privileged CLI access and click Next >
    Deploy OVF Template - vShield Manager - Properties - User Accounts
  14. Click Finish
    Deploy OVF Template - vShield Manager - Finish Deployment
  15. Power on the VM
    Power On vShield Appliance
  16. Open up a console the VM
  17. Login to the VM using the username admin and the "user password" you specified in step 13.
    Login vShield Appliance - CLI
  18. Type enable and hit enter (use the "privileged user password" you specified in step 13).
    Login vShield Appliance - CLI - Privileged
  19. Type setup and hit enter to launch the network configuration wizard
    Enter in the static IP Address you wish to assign to the appliance and hit enter
    Enter in the Subnet Mask for your network and hit enter
    Enter in the Default gateway for your network and hit enter
    Enter in your Primary DNS server's IP address and hit enter
    Enter in your Secondary DNS server's IP addres and hit enter
    Enter in your domain search list (DNS Suffix if you host your own internal DNS) and hit enter
    Login vShield Appliance - CLI - Network Setup
  20. Type y to confirm your changes and hit enter
    Login vShield Appliance - CLI - Network Setup - Confirm
  21. Press control+alt+insert to send the control+alt+delete command to the VM to restart the guest.
    Note: Logging out like the wizard tells you didn't work for me.  Had to do the reboot.
    Login vShield Appliance - CLI - Network Setup - Logout
  22. Open up your webbrowser and head over to the static IP address you gave your appliance
    VMware vShield Manager - Login
  23. Enter in the username admin and the password default to login
    VMware vShield Manager - Login - Default Credentials

Configuring VMware vCloud Networking and Security 5.5 for vCenter

  1. Click on the Edit button next to Lookup Service
    vShield Manager
  2. Check Configure Lookup Service and enter in the information to your vCenter's Lookup Service instance:
    Lookup Service Host
    Lookup Service Port
    SSO Administrator Username (should be admin@System-Domain or [email protected] if you used the default installation options)
    SSO Administrator Password.
    Click OK once configured.
    vShield Manager - Edit - Lookup Service
  3. Click Yes to trust the server's SSL certificate
    vShield Manager - Edit - Lookup Service - Verify SSL
  4. Click Edit next to vCenter Server
    vShield Manager - vCenter Server
  5. Enter in your vCenter info and click OK
    vCenter Server
    Administrator Username
    Administrator Password
    vShield Manager - Edit - vCenter Server
  6. Select Yes to trust the vCenter SSL certificate
    vShield Manager - Edit - vCenter Server - Verify SSL
  7. Check Install this certificate and do not display any security warnings and then click the Ignore button when prompted
    VMware Security Warning - SSL Certificate
  8. Click the Edit button next to NTP Server
    vShield Manager - NTP Server
  9. Specify the IP address of the NTP server you wish to sync to and click OK
    vShield Manager - Edit - NTP Server
  10. Click the Change Password link at the top to change the default admin password.  Click OK when you are done.
    vShield Manager - Edit - Admin Password

At this point, you can begin to install the vShield App, vShield Endpoint, and vShield Data Security services by selecting one of your hosts and clicking the Install links.  However, configuration of these options is outside the scope of this tutorial.

vShield Manager - vShield Host Prepartion Status

Note: One thing that I did notice that is different from vShield 5.1 is that once vShield Manager 5.5 is synchronized with vCenter, the management plugin will automatically be registered to vCenter and you can access vShield Manager from the vSphere Client.

[Tutorial] Adding firewall rules via system-config-firewall-tui on CentOS 6

Leave a reply

Here is a quick tutorial on how to add an ingress firewall rule on your CentOS 6 machine.  In this example, we will be forwarding port 443 for HTTPS.

  1. Open up terminal if you are on the GUI version of CentOS 6
    CentOS6 - Terminal
  2. Execute the following command
    1. system-config-firewall-tui
      Terminal - system-config-firewall-tui
  3. Use your arrow keys to select Customize and hit enter
    system-config-firewall-tui - Customize Rules
  4. Use your arrow keys to select which service you would like to allow.  Hit the spacebar to enable or disable the rule and then select Close once you have enabled/disabled the rules you wish.
    1. In this case, I arrowed down to HTTPS and hit the spacebar.
      system-config-firewall-tui - Select Rules
  5. Select OK
    system-config-firewall-tui - Apply Rules
  6. Select Yes
    system-config-firewall-tui - Apply Rules - Confirmation