Job Management Partner 1/Integrated Management - Manager Configuration Guide

3.5.1 Using IM Configuration Management to manage a virtualization configuration

This subsection describes the settings for using IM Configuration Management to manage a virtualization configuration.

To manage a virtualization configuration, you need VMware ESX.

Organization of this subsection

(1) Setting information about virtual hosts

(2) Adding virtual hosts to the system hierarchy

(3) Applying the system hierarchy to the system

(4) Installing a certificate for VMware ESX

(5) Changing the communication type for VMware ESX

(1) Setting information about virtual hosts

Use one of the following methods to specify information about the virtual hosts that are to be added to the JP1/IM system:

• Use IM Configuration Management - View to register the virtual hosts into IM Configuration Management.
  For details about how to register hosts, see 3.1 Registering hosts.
  
• Import into the manager where IM Configuration Management is running the virtualization configuration information acquired from VMware ESX where the virtual hosts are running.

To import into the manager where IM Configuration Management is running the virtualization configuration information acquired from VMware ESX:

1. Export the management information in IM Configuration Management.
   At the manager where IM Configuration Management is running, execute the jcfexport command to export the management information in IM Configuration Management registered in the IM Configuration Management database.
   
2. Output the virtualization configuration information of VMware ESX to a file.
   At the same manager, execute the jcfcolvmesx command to output the virtualization configuration information of VMware ESX to a virtualization configuration information file.
   If you use SSL (https) for communication, you must install a certificate for VMware ESX. For details about how to install a certificate, see 3.5.1(4) Installing a certificate for VMware ESX.
   
3. Apply the contents of the virtualization configuration information file to the exported management information in IM Configuration Management.
   At the same manager, execute the jcfmkhostsdata command to apply the contents of the virtualization configuration information file to the exported management information in IM Configuration Management.
   
4. Import the updated management information in IM Configuration Management.
   At the same manager, execute the jcfimport command to import the management information in IM Configuration Management that was updated in step 3.
   

(2) Adding virtual hosts to the system hierarchy

Use IM Configuration Management - View to add to the system hierarchy virtual hosts registered in 3.5.1(1) Setting information about virtual hosts. For details about how to add hosts to the JP1/IM system configuration, see 3.2.4 Editing the system hierarchy.

(3) Applying the system hierarchy to the system

Use IM Configuration Management - View to apply to the system the system hierarchy that was set in 3.5.1(2) Adding virtual hosts to the system hierarchy. For details about how to apply the system hierarchy to a system, see 3.2.5 Applying the system hierarchy.

Once you have applied the system hierarchy to the system, you can view the hierarchical relationships between physical and virtual hosts on the IM Configuration page in the IM Configuration Management window.

(4) Installing a certificate for VMware ESX

Two communication methods are available for acquiring virtualization configuration information from VMware ESX with the jcfcolvmesx command. One method uses SSL (https), and the other method does not use SSL (http).

If you use SSL for communication with VMware ESX, you must install a certificate for the target VMware ESX host on the manager where JP1/IM - Manager is running. Install as many certificates as there are VMware ESXs with which communication is to be established.

This subsection explains how to install a certificate for a VMware ESX host. For details, see the VMware ESX documentation.

(a) Obtaining certificates

The two ways to obtain an SSL certificate from VMware ESX are by using Internet Explorer and by obtaining the certificate files directly. This subsection describes both methods.

n Using Internet Explorer

The procedure that uses Internet Explorer 6.0 with Windows Server 2003 is explained below. If you are using any other browser, see the browser's Help.

To obtain a certificate:

1. Access https://VMware-ESX-host-name.
   A Security Alert dialog box appears.
   If the View Certificate button is displayed in the Security Alert dialog box, proceed to step 3.
   If the Security Alert dialog box is not displayed, double-click the key icon (SSL authentication) that is displayed in the lower right part of the browser, and then proceed to step 4.
   
2. Click the OK button.
   Another Security Alert dialog box, which is different from the one in step 1, is displayed.
   
3. Click the View Certificate button.
   The Certificate dialog box is displayed.
   
4. Click the Details tab and then click the Copy to File button.
   The Certificate Export Wizard dialog box is displayed.
   
5. Click the Next button.
6. Select DER encoded binary X509 (CER) and then click the Next button.
7. In the File name text box, specify the name of the certificate file that is to be saved, and then click the Next button.
8. Click the Finish button.

n Obtaining certificate files directly

In the case of VMware ESX 3.5, a certificate file is stored in /etc/vmware/ssl/rui.crt on the VMware ESX host.

(b) Installing certificates in IM Configuration Management

Install the obtained certificate in IM Configuration Management using the procedure described below.

n In Windows

This procedure must be performed by a user with Administrator permissions.

To install a certificate in IM Configuration Management:

1. Open a command prompt and move to Manager-path\bin\jre\bin.
2. Execute the Keytool command to install the certificate in IM Configuration Management.
   

   keytool -import -file certificate-file-name -alias VMware-ESX-host-name -keystore ..\..\..\data\imcf\vmware.keystore

   For certificate-file-name, specify the name of the certificate file (including path) that was acquired in (a) Obtaining certificates.
   For VMware-ESX-host-name, specify the name of the VMware ESX host from which the certificate was acquired.
   
3. Enter any password for the key store.
   If you install multiple certificates, enter the same password for each of them.
   
4. When a message asking whether the certificate is to be trusted is displayed, enter yes.
   The certificate is installed in IM Configuration Management.
   
5. Repeat steps 1 through 4 as many times as there are VMware ESX hosts.

n In UNIX

This procedure must be performed by a user with superuser permissions.

To install a certificate in IM Configuration Management:

1. Open the console or terminal, and then execute cd /opt/jp1imm/bin/jre/bin.
2. Execute the Keytool command to install the certificate in IM Configuration Management.
   

   ./keytool -import -file certificate-file-name -alias VMware-ESX-host-name -keystore /var/opt/jp1imm/data/imcf/vmware.keystore

   For certificate-file-name, specify the name of the certificate file (including path) that was acquired in (a) Obtaining certificates.
   For VMware-ESX-host-name, specify the name of the VMware ESX host from which the certificate was acquired.
   
3. Enter any password for the key store.
   If you install multiple certificates, enter the same password for each of them.
   
4. When a message asking whether the certificate is to be trusted is displayed, enter yes.
   The certificate is installed in IM Configuration Management.
   
5. Repeat steps 1 through 4 as many times as there are VMware ESX hosts.

(c) Deleting certificates

This subsection explains how to delete certificates from IM Configuration Management.

n In Windows

1. Open a command prompt and move to Manager-path\bin\jre\bin.
2. Execute the Keytool command to delete a certificate from IM Configuration Management.
   

   keytool -delete -alias VMware-ESX-host-name -keystore ..\..\..\data\imcf\vmware.keystore

   For VMware-ESX-host-name, specify the name of the VMware ESX host that corresponds to the certificate that is to be deleted.
   
3. Enter the password that was specified in (b) Installing certificates in IM Configuration Management.
   The certificate for the specified VMware ESX host is deleted from IM Configuration Management.
   

n In UNIX

1. Open the console or terminal, and then execute cd /opt/jp1imm/bin/jre/bin.
2. Execute the Keytool command to delete a certificate from IM Configuration Management.
   

   ./keytool -delete -alias VMware-ESX-host-name -keystore /var/opt/jp1imm/data/imcf/vmware.keystore

   For VMware-ESX-host-name, specify the name of the VMware ESX host that corresponds to the certificate that is to be deleted.
   
3. Enter the password that was specified in (b) Installing certificates in IM Configuration Management.
   The certificate for the specified VMware ESX host is deleted from IM Configuration Management.
   

(5) Changing the communication type for VMware ESX

The jcfcolvmesx command enables you to communicate with VMware ESX using an interface of VMware Infrastructure SDK in order to acquire virtualization configuration information.

In VMware Infrastructure SDK, you can select the setting that allows only the method that uses SSL (https) or the setting that allows only the method that does not use SSL (http) during communication with VMware ESX. The default is the setting that allows only the method that uses SSL (https).

This subsection provides an overview of how to change the communication type permitted by VMware Infrastructure SDK. For details, see the VMware ESX documentation.

To change the communication type for VMware ESX:

1. Log on to the service console of VMware ESX with superuser permissions.
2. Move to /etc/vmware/hostd.
3. Use a text editor to open the proxy.xml file.
4. Change the VMware Infrastructure SDK item in the <EndpointList> tag in the proxy.xml file and then save the file.
   In the following example, change the item in bold type according to the communication type that is to be used.
   

   ...
   <e id="1">
        <_type>vim.ProxyService.NamedPipeServiceSpec</_type>
        <accessMode>httpsWithRedirect</accessMode>
        <pipeName>/var/rum/vmware/proxy-sdk</pipeName>
        <serverNamespace>/sdk</serverNamespace>
   </e>
   ...

   • To allow only the method that uses SSL (https), specify httpsWithRedirect.
   • To allow only the method that does not use SSL (http), specify httpOnly.
   • To allow both the method that uses SSL (https) and the method that does not use SSL (http), specify httpAndHttps.
5. Execute the following command to restart the vmware-hostd process:
   service mgmt-vmware restart
   

[Contents][Back][Next]

All Rights Reserved. Copyright (C) 2009, Hitachi, Ltd.