Quantcast
Channel: VMware Communities : Blog List - All Communities
Viewing all articles
Browse latest Browse all 3135

vSphere 5.x Notes & Tips - Part I: ESXi Hosts & vCenter Server - Basic/Best Practices:

$
0
0

Hi All ..
This is the first part of our series. In this part, we'll cover basic concepts and best practices guides of ESXi hosts and vCenter Server installation and configuration.
Credits:

  • Derek Seaman
  • Justin King

Let's Start...

 

1. Joining ESXi Hosts to AD Domain:

To make an ESXi Host join an AD Domain in a certain OU:

1-) Host-> Configuration-> Authentication Services-> Properties.

2-) Change Directory Service Type to AD.

3-) Enter Domain Name in the format: Domain_Name.Top_Level_Domain.Suffix/OU1/OU2/...

 

 

2. Error Joining ESXi server to AD Domain:

This KB article from VMware is to solve error: AD operations error
VMware KB: Adding the ESX/ESXi host to an Active Directory domain fails with the error: Errors in Active Directory o…

 

 

3. Local Users and Group Best Practices:

1-)  For any AD Users which will have Administrator privileges over a stand-alone ESXi 5.1 hosts, it should have a clone from Administrators Role on these hosts. Any users or group have a clone from Administrators Role won’t have SSH privilege enabled. Only Administrators Role users and group will have SSH privilege enabled.

2-) Do not create a user named ALL. Privileges associated with the name ALL might not be available to all users in some situations.

3-)  By default, some versions of the Windows operating system include the NTAUTHORITY\INTERACTIVE user in the Administrators group. When the NT AUTHORITY\INTERACTIVE user is in the Administrators group, all users you create on the vCenter Server system have the Administrator privilege. To avoid this, remove the NT AUTHORITY\INTERACTIVE user from the Administrators group on the Windows system where you run vCenter Server.

4-) Because of the confusion that duplicate naming can cause, check the vCenter Server Users List before you create ESXi host users to avoid duplicating names. To check for vCenter Server users, review the Windows domain list.

 

 

4. Configuring Stand-alone ESXi 5.1 Hosts to Authenticate AD Users for SSH and Direct Login:

In case you want dedicated AD users or groups to access ESXi hosts with certain permissions, follow steps in item (1 - Joining ESXi Hosts to AD Domain), then using (Permissions) tab add the required permissions to required groups or users. Keep in mind that a clone of Administrator role doesn’t have SSH permission on ESXi hosts. To grant certain AD user or group SSH permission, they must have Administrator role not a clone of it.

 

 

5. Installing vCenter Server 5.1 Best Practices:

Best practices to install vSphere 5.1 U1 Environment by Derek Seaman.

http://www.derekseaman.com/2012/09/vmware-vcenter-51-installation-part-1.html

Keep in mind the following:

1-) Best practice is to install every component separately instead of simple installation.

2-) Make sure of that the Domain Admin Account used for installation is entered each time needed in form of: admin@domain.domainsuffix.

 

 

6. vCenter Single Sign-on Server:

Sufficient group of articles about vSphere SSO by Justin King:

vCenter Single Sign-On Part 1: what is vCenter Single Sign-On? | VMware vSphere Blog - VMware Blogs

 

 

7. vCenter SSO Server Components:

Official article by VMware about main components of vSphere SSO:

vSphere 5.5 Documentation Center - SSO Components

 

 

8. Inventory Service URL:

https://vCenter_Server.Domain.Domain_Suffix:10443

 

 

9. Look-up Service URL:

https://vCenter_Server.Domain.Domain_Suffix:7444

 

 

10. vCenter M/C virtual or physical:

IMHO, it’s better to make it virtual, as it’ll have the advantages of HA, DRS and vMotion. It must be pinned down to 2 or 3 servers when using HA and DRS. When vMotioned due to HA action, the vCenter M/C will restart, the connection is lost and then, Administrator will have to look for it on the entire cluster if it’s not pinned to certain hosts. Some designers like to make it physical so that they can provide Power Supply redundancy, physical security, etc.

 

 

11. vCenter Server Services:

1-) vCenter Single Sign On (ssotomcat).

2-) vCenter Inventory Service (vimQueryService).

3-) Virtual Center Server (vpxd).

4-) Virtual Center Management Web Services.

5-) VMware USB Arbitration Service.

6-)  VMware Tools Service.

 

Share the knowledge ..


Previous:vSphere 5.x Notes & Tips - Welcome

Next: vSphere 5.x Notes & Tips - Part II



Viewing all articles
Browse latest Browse all 3135

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>