If you use the VCM/vC Ops integration, the 5.7 update may have caused a little problem for you. As you may know, vC Ops 5.7 introduced the "balanced profile" for limited metric collection and scale - basically, this setting (in the Admin UI) tells vC Ops to collect a subset of metrics from vCenter, which in turn not only allows you to scale to more VMs (12,000 from the norm of 6,000), you may also see better performance for the analytics and possibly even more accuracy for the major badges.
Anyway, turning on the "balanced profile" with VCM integration causes your Compliance badge and results to go "grey" - this was quickly addressed by the product team and the fix can be found at this link...
https://my.vmware.com/group/vmware/get-download?downloadGroup=VCOPS-PATCH-57
...it also fixes another issue related to time remaining chart not showing on the dashboard. I personally didn't run into this problem, but did see the VCM issue.
Wednesday, April 24, 2013
Friday, March 8, 2013
Updating the AV Dashboard in vCM
Out of the box, vCM has the ability to detect if a managed system is running anti-virus software. The "Windows Anti-Virus Analysis Dashboard" looks for services installed from a list of products from CA, McAfee, Symantec and Trend Micro.
I recently got involved with a customer who was frustrated that his versions of Trend Micro (10.5 and 10.6) wasn't being detected.
As it turns out, this dashboard is based on a view in the VCM SQL database -
ecm_view_rpt_antivirus_vendors
Looking at the view, there are a set of select statements, for example:
SELECT
'Trend' AS vendor,
'Trend Micro OfficeScan' AS service_product_name,
'OfficeScanNT RealTime Scan' AS service_display_name,
'ntrtscan' AS service_internal_name,
'ecm_fn_rpt_antivirus_trend_scanengine_s' AS scanengine_fn,
'ecm_fn_rpt_antivirus_trend_pattern_s' AS pattern_fn
UNION
The "service_display_name" and the "service_internal_name" should match the Windows service information (check services.msc). In the case of my customer, the service_display_name for HIS version of Trend Micro OfficeScan was slightly different, "OfficeScan NT RealTime Scan" and making this modification to the view fixed his problem.
You can also use this view to add AV solutions. Be sure to make a backup of the view script before you modify so you can revert back.
This is not supported, use at your own risk, I'm not responsible if you hose your vCM DB, etc. :)
(Thanks to my VMware EM peers for the help with this.)
I recently got involved with a customer who was frustrated that his versions of Trend Micro (10.5 and 10.6) wasn't being detected.
As it turns out, this dashboard is based on a view in the VCM SQL database -
ecm_view_rpt_antivirus_vendors
Looking at the view, there are a set of select statements, for example:
SELECT
'Trend' AS vendor,
'Trend Micro OfficeScan' AS service_product_name,
'OfficeScanNT RealTime Scan' AS service_display_name,
'ntrtscan' AS service_internal_name,
'ecm_fn_rpt_antivirus_trend_scanengine_s' AS scanengine_fn,
'ecm_fn_rpt_antivirus_trend_pattern_s' AS pattern_fn
UNION
The "service_display_name" and the "service_internal_name" should match the Windows service information (check services.msc). In the case of my customer, the service_display_name for HIS version of Trend Micro OfficeScan was slightly different, "OfficeScan NT RealTime Scan" and making this modification to the view fixed his problem.
You can also use this view to add AV solutions. Be sure to make a backup of the view script before you modify so you can revert back.
This is not supported, use at your own risk, I'm not responsible if you hose your vCM DB, etc. :)
(Thanks to my VMware EM peers for the help with this.)
Monday, March 4, 2013
VCM Server Registration for vC Ops vApp 5.6
You may notice that the vC Ops Admin UI (aka the VAMI) includes a registration option for VCM in 5.6. This enables some really great integration between vC Ops and VCM, chiefly, compliance badge (part of the Risk badge family) and exposure of VCM machine groups for custom grouping.
For whatever reason, getting this set up is slightly challenging and to save time and frustration I thought I'd provide a couple of helpful tips.
- Always use Windows Auth
- Never specify the domain as part of the user credentials
- Never specify the FQDN of the Windows domain
- For a split install (2 or 3 tier) be sure to point at the VCM database server
As in the screen cap below....
For whatever reason, getting this set up is slightly challenging and to save time and frustration I thought I'd provide a couple of helpful tips.
- Always use Windows Auth
- Never specify the domain as part of the user credentials
- Never specify the FQDN of the Windows domain
- For a split install (2 or 3 tier) be sure to point at the VCM database server
As in the screen cap below....
Thursday, February 21, 2013
vC Ops 5.6 Custom Groups - Using Wildcards
A question popped up in the vCenter Operations Manager community about using wildcards for custom group membership search criteria. It seems that * is not a valid wildcard. So, I guessed that since the query is performed against the PostgreSQL database in vC Ops then it's likely that PG wildcards could be used - I guessed correctly! And that rarely happens....
This means, if you are defining membership using a search criteria on resource name, for example, you can select the "contains" operation and use the % and _ (that's percent sign and underscore characters) to broaden your criteria.
For example, I have the following VMs in my environment:
BM-SLES11.1-001
BM-W2K3-001
BM-W2K3-002
BM-W2K3-107
If I wanted only the VMs with 'BM-W2K3' in the name I would put 'BM-W2K3%' in the criteria properties. See below.
Which would be the same as '%k%' right? So, what else can we do? The '_' character can be used to specify a wildcard of just one character, and I can stack these to get the results I need. For example, I want all servers which start with 'BM-' and have exactly 8 characters in the middle followed by a '-' and then any number of additional characters (I am using 'BM-________-%' which has 8 underscore characters in the middle)...
This provides a lot of flexibility in setting up search criteria for custom group membership!
This means, if you are defining membership using a search criteria on resource name, for example, you can select the "contains" operation and use the % and _ (that's percent sign and underscore characters) to broaden your criteria.
For example, I have the following VMs in my environment:
BM-SLES11.1-001
BM-W2K3-001
BM-W2K3-002
BM-W2K3-107
If I wanted only the VMs with 'BM-W2K3' in the name I would put 'BM-W2K3%' in the criteria properties. See below.
Keep in mind, I don't have to put any wildcard characters. It looks like the % wildcard is added on either side of the property if you don't put it. So, doing something like just 'k' would return resources with 'k' anywhere in the name. Like this...
This provides a lot of flexibility in setting up search criteria for custom group membership!
Friday, January 25, 2013
vC Ops - Why Won't My License Apply?
Just a little heads up on frustration that you may encounter with vC Ops 5.6, which is documented in KB 2040718. Here's how it usually plays out...
The vSphere admin decides to upgrade to or install vC Ops 5.6 and hasn't yet upgraded vCenter to 5.1. The default license provided is for vCenter 5.1 installs and the product entitlement is downgraded to Foundation because the license is not recognized.
Reading the KB above the admin is able to obtain and apply the correct key. However, they see that vC Ops is STILL not licensed at the appropriate level.
Here's a pro-tip - vC Ops vApp updates license entitlement from vCenter once an hour. To immediately apply new license entitlement, run the following from the UI VM...
vcops-admin license update
...and you're good to go without needing to restart the vApp.
The vSphere admin decides to upgrade to or install vC Ops 5.6 and hasn't yet upgraded vCenter to 5.1. The default license provided is for vCenter 5.1 installs and the product entitlement is downgraded to Foundation because the license is not recognized.
Reading the KB above the admin is able to obtain and apply the correct key. However, they see that vC Ops is STILL not licensed at the appropriate level.
Here's a pro-tip - vC Ops vApp updates license entitlement from vCenter once an hour. To immediately apply new license entitlement, run the following from the UI VM...
vcops-admin license update
...and you're good to go without needing to restart the vApp.
Wednesday, December 5, 2012
vC Ops and Hyperic - Dynamic Duo of Enterprise Management
In this post I will explain how to configure vC Ops 5.6 and Hyperic
5.0 integration. A few requirements and assumptions need to be stated
up front.
- You own vC Ops 5.6 Advanced or Enterprise and have access to the Custom UI.
- You have installed and configured Hyperic 5.0 (I highly recommend the new Hyperic vApp - easy to install and configure plus it scales nicely).
Why would you want to do this? Very briefly, Hyperic adds a capability to combine metrics analysis from the guest OS (as well as physical systems) with the analytics already being derived for the vSphere environment. Basically, there's only so much that vC Ops can "see" via the vCenter API and it's important to understand what's going on in the guest OS on a VM to have a more complete picture of performance and health.
Onward and upward, time to get this working.
First, you will need to obtain the Hyperic adapter for vC Ops from VMware. Once you've downloaded the adapter, connect to the Admin UI of your vC Ops UI VM and log in as the admin user. Under the "Update" tab you will find the option to browse for the adapter file (should be a *.pak file). Press the "Update" button and accept the EULA. The install will proceed and you will have nice series of tasks in the Update Status window.
- You own vC Ops 5.6 Advanced or Enterprise and have access to the Custom UI.
- You have installed and configured Hyperic 5.0 (I highly recommend the new Hyperic vApp - easy to install and configure plus it scales nicely).
Why would you want to do this? Very briefly, Hyperic adds a capability to combine metrics analysis from the guest OS (as well as physical systems) with the analytics already being derived for the vSphere environment. Basically, there's only so much that vC Ops can "see" via the vCenter API and it's important to understand what's going on in the guest OS on a VM to have a more complete picture of performance and health.
Onward and upward, time to get this working.
First, you will need to obtain the Hyperic adapter for vC Ops from VMware. Once you've downloaded the adapter, connect to the Admin UI of your vC Ops UI VM and log in as the admin user. Under the "Update" tab you will find the option to browse for the adapter file (should be a *.pak file). Press the "Update" button and accept the EULA. The install will proceed and you will have nice series of tasks in the Update Status window.
Once this is done, you will now log into the Custom UI of your vC Ops UI VM where you will click on "Support" link in the upper right section of the UI. In the Support page, select the "Info" tab to get to Adapters Info.
You will need to allow vC Ops to initialize (or "Describe" as it is
called) this adapter so you can use it. Click on the small gear icon in
the "Adapters Info" section to start the describe process. Just select
"Yes" on the confirmation diaglog. You can refresh the "Info" tab
after a minute to make sure that your adapter has been added to the list
- here you see I've already described a Hyperic adapter.
Next you'll need to configure an adapter instance of the Hyperic adapter to point to your Hyperic server. From the "Environment" pull down menu, select Configuration > Adapter Instances.
This will bring up the Adapter Instances manager where you can add/edit/delete adapter instances. You will select the green plus icon in the manager to add the Hyperic instance.
This is a simple dialog and you can see
the fields I have completed. The "Adapter Instance Name" can be
whatever you wish, I recommend you make it descriptive as you would in
naming a VM or server. If you are using the Hyperic vApp, note that you
will use -
- DB Type = PostgreSql
- Port = 5432 (NOT the default 9432)
- DB Name = HQ
Again here
is an example completed. The "Instance name" is a descriptive name you
provide - it doesn't have to match the adapter instance, I just like to
do that for simplicity. The user name is hqadmin for DB access if you
are using the vApp. Once completed, click OK to return to the instance
configuration.
At this point you can confirm you settings by clicking the "Test" button - if all is well, you'll get a pop up like the one above. If not, you'll get a pop up that is really not helpful at all but never fear, just validate the settings and credential and try again. You may also want to make sure you can ping the Hyperic DB server from the vC Ops Analytics VM. That's the extent of troubleshooting I'll provide here, but feel free to leave questions in the comments section - or even better, head over the VMware's Community and post your question in the vC Ops or Hyperic community (I regularly monitor the vC Ops community).
Now that your adapter instance is configured and working, head over the the Environment Overview page and after about 5 - 10 minutes you will have some new resources. Open and select Adapter Instances - Hyperic Adapter Instances - (your instance name) to see.
Notice I now have good stuff like various platforms (Windows, Linux) and some services.
*this post was created with a trial version of ScreenSteps
Friday, July 27, 2012
Protecting vC Ops Data with VADP and SRM
If you use vC Ops to monitor and report on your environment, you are aware of how important the historical analysis and metrics collected are to getting value out of the product.
Yesterday, VMware published three KB articles outlining ways to protect your vC Ops data.
KB 2031899 - Managing a VMware vCenter Operations Manager 5.x deployment where the vApp is broken
KB 2031890 - vCenter Operations Manager 5.0.x: Using VMware Data Recovery to Back Up and Restore a vApp deployment
KB 2031891 - vCenter Operations Manager 5.0.x: Using Site Recovery Manager to Protect a vApp Deployment
A couple of things to call out from these KBs...
- While VDR may not be a viable option for your environment, note that it's the VADP capabilities that allow you to perform an snapshot based backup of your vC Ops vApp that is critical. So, if you are using an enterprise backup solution which supports VADP you're in good shape. Ideally, your backup solution will include support for vApp aware backups - but even if not you can still take advantage of VADP-based backups to protect your vC Ops data.
- Embrace the broken vApp! As you can see from KB 2031899, the vApp is not necessary for running vC Ops as long as you are aware that things like startup/shutdown sequence as well as IP address management are going to require a little more attention. I've had some customers ask about moving or re-IP of vC Ops and this KB should help. This is also key information if you are using a non-vApp aware backup solution and you have to restore the two VMs - you need not worry about recreating the vApp at that point.
- Speaking of vApps - while SRM isn't going to support protection of vC Ops as a vApp, you can still protect the two VMs individually as described in KB 2031891.
Hopefully this helps customers who are concerned about losing months of collected data and analysis!
Yesterday, VMware published three KB articles outlining ways to protect your vC Ops data.
KB 2031899 - Managing a VMware vCenter Operations Manager 5.x deployment where the vApp is broken
KB 2031890 - vCenter Operations Manager 5.0.x: Using VMware Data Recovery to Back Up and Restore a vApp deployment
KB 2031891 - vCenter Operations Manager 5.0.x: Using Site Recovery Manager to Protect a vApp Deployment
A couple of things to call out from these KBs...
- While VDR may not be a viable option for your environment, note that it's the VADP capabilities that allow you to perform an snapshot based backup of your vC Ops vApp that is critical. So, if you are using an enterprise backup solution which supports VADP you're in good shape. Ideally, your backup solution will include support for vApp aware backups - but even if not you can still take advantage of VADP-based backups to protect your vC Ops data.
- Embrace the broken vApp! As you can see from KB 2031899, the vApp is not necessary for running vC Ops as long as you are aware that things like startup/shutdown sequence as well as IP address management are going to require a little more attention. I've had some customers ask about moving or re-IP of vC Ops and this KB should help. This is also key information if you are using a non-vApp aware backup solution and you have to restore the two VMs - you need not worry about recreating the vApp at that point.
- Speaking of vApps - while SRM isn't going to support protection of vC Ops as a vApp, you can still protect the two VMs individually as described in KB 2031891.
Hopefully this helps customers who are concerned about losing months of collected data and analysis!
Subscribe to:
Posts (Atom)