Dell EMC Extensions for VMware vrealize Automation

Size: px
Start display at page:

Download "Dell EMC Extensions for VMware vrealize Automation"

Transcription

1 Dell EMC Extensions for VMware vrealize Automation Administration Guide Version 1.0 May 2018 H Administration Guide Abstract This administration guide describes how to implement and manage Dell EMC Extensions for VMware vrealize Automation. Dell EMC Extensions for VMware vrealize Automation enable IT organizations to deliver infrastructure, backup, and encryption as cloud services. Dell Solutions

2 Copyright 2018 Dell Inc. or its subsidiaries. All rights reserved. Published May 2018 Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS-IS. DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners. Published in the USA. EMC Corporation Hopkinton, Massachusetts In North America Dell EMC Extensions for VMware vrealize Automation

3 CONTENTS Chapter 1 Executive summary 5 Document purpose... 6 Audience... 6 Essential reading... 6 We value your feedback... 6 Chapter 2 Backup Extension 7 Backup extension overview... 8 Installing the backup extension...8 vra details Active Directory details...11 vrealize Automation IaaS web server details...12 SMTP server details SQL Server details Backup services add-on details Chapter 3 Encryption Extension 19 Encryption extension overview...20 Installing the encryption extension Adding entitlements for encryption services...22 CloudLink Center configuration Chapter 4 Workload domains 25 Workload domain overview...26 Managing a workload domain...26 Chapter 5 Backup services 29 Backup services overview...30 Managing the backup topology...30 Configuring the initial backup topology Managing backup policies...34 Adding a backup policy Deleting backup policies Remediating a single failed Avamar system Adding entitlements for backup actions...36 Virtual machine backup lifecycle...37 Enabling backup and restore for a blueprint...37 Deploying a VM with backup and restore services Requesting an on-demand backup...39 Requesting an on-demand restore...39 Restore points during an on-demand restore (multisite, single vcenter)...40 Importing existing VMs...40 Assigning backup services to existing VMs Decommissioning a VM with data protection backup...44 Requesting backup reports for a VM Requesting backup usage reports for a VM Dell EMC Extensions for VMware vrealize Automation 3

4 CONTENTS Data Protection Advisor reporting Enabling Data Protection Advisor Requesting backup details reports for a VM Chapter 6 Encryption services 49 Encryption services overview CloudLink and vsan encryption Adding a CloudLink Center cluster Configuring encryption groups Reporting bulk encryption status...53 Provisioning an encrypted virtual machine...54 Updating a blueprint Customizing encryption properties in the blueprint Selecting encryption options during provisioning...55 Existing virtual machine operations Adding user entitlements to encryption resource actions Showing the encryption status of a virtual machine Encrypting or decrypting a virtual machine s volumes Installing or uninstalling the SecureVM agent Accepting or rejecting pending key releases Blocking or unblocking a virtual machine Releasing the encryption license...58 Deleting a CloudLink Center cluster...58 Chapter 7 Security management 61 Security hardening Role-based access control...63 Dell EMC Extensions for vrealize Automation installer...63 Password Management overview Service accounts Changing the svc_iaas password Active Directory bind accounts...65 Changing the adbind_vra user password Changing the adbind_vro user password Changing adbind_dpa user password...66 Application accounts Changing the app_vra_vcenter user password Changing the app_vra_vro user password Changing the app_vro_vcenter user password...67 Changing the app_vro_dpa user password Changing the app_avamar_vcenter user password Managing environment connections Security settings Updating Avamar certificates Enabling encrypted server authentication...75 Updating the Avamar Proxy certificate...76 Updating the Data Protection Advisor certificate Dell EMC Extensions for VMware vrealize Automation

5 CHAPTER 1 Executive summary Document purpose...6 Audience... 6 Essential reading... 6 We value your feedback... 6 Executive summary 5

6 Executive summary Document purpose Audience Essential reading This administration guide describes the functionality and use cases of Dell EMC Extensions for VMware vrealize Automation. It explains how IT organizations can use Dell EMC Extensions for vrealize Automation to deliver backup and encryption as services. This administration guide is for architects, cloud administrators, and technical administrators of IT environments who want to implement or use Dell EMC Extensions for vrealize Automation. Readers should be familiar with the VMware vrealize Suite and general IT functions and requirements, and how they fit into a hybrid cloud architecture. The following guides provide more information about Dell EMC Extensions for vrealize Automation: Dell EMC Extensions for vrealize Automation 1.0 Reference Architecture Guide Dell EMC VxRack System SDDC Technology Overview Dell EMC VxRack System SDDC Architecture Overview Dell EMC VxRack System SDDC Tech Book VMware Cloud Foundation documentation VMware vrealize Automation documentation We value your feedback Dell EMC and the authors of this document welcome your feedback on the solution and the solution documentation. Contact Solution Feedback with your comments. Authors: Brian O'Connell, Fiona O'Neill 6 Dell EMC Extensions for VMware vrealize Automation

7 CHAPTER 2 Backup Extension This chapter presents the following topics: Backup extension overview... 8 Installing the backup extension... 8 Backup Extension 7

8 Backup Extension Backup extension overview vrealize Automation tenant VMs running on either a VxRack SDDC or VxRail are not protected out of the box with backup services. Therefore, a mechanism is required to offer backup services to those tenant virtual machines that are running. Dell EMC Backup Extensions for vrealize Automation enable you to protect tenant workloads using Dell EMC technologies such as Avamar, Data Domain, and Data Protection Advisor. Dell EMC Backup Extensions for vrealize Automation offer an easy-to-use, policy-driven mechanism using Dell EMC backup technologies to enable administrators and users to protect their virtual machines. Installing the backup extension Install the Dell EMC Backup Extensions for vrealize Automation. 1. Obtain a copy of the Dell EMC Backup Extensions for vrealize Automation executable file. 2. Double-click the executable file. 3. Review the end user license agreement and click Accept EULA, as shown in the following figure. Figure 1 End User License Agreement window 4. Under Preparing for Installation in the Installer, enter the initial installation details: 8 Dell EMC Extensions for VMware vrealize Automation

9 Backup Extension vra Portal FQDN Enter the FQDN of your vrealize Automation portal, for example, vra-vip.domain.local. vro Administrator Username Enter a user in samaccountname format. The user must be assigned the vrealize Orchestrator administrator role, for example, vro_admin. vro Administrator Password Enter the password for the username. AD DNS Name Enter the Active Directory domain that is used by the vrealize Automation tenant directory, for example, domain.local. Figure 2 Preparing for Installation window 5. Click Install to begin the installation and observe the progress of the installation. Installing the backup extension 9

10 Backup Extension Figure 3 Currently Installing window The installer installs the necessary components in vrealize Orchestrator. If this is the first extension to be installed, the installer will initialize the environment by asking for environment details to enable publishing of catalog items to vrealize Automation. If another extension has been installed before the encryption extension, no additional inputs are required. 6. Under Preparing to run initialization workflow in the Installer, provide the environment details by clicking the following tabs and entering in the required information: vra See vra details on page 10. AD See Active Directory details on page 11. IAAS SeevRealize Automation IaaS web server details on page 12. SMTP See SMTP server details on page 13. SQL See SQL Server details on page To complete the installation, click Install. vra details The vra tab in the Installer includes these fields that require your environment details: vra Tenant URL Name Type the tenant URL that matches the case of what was created in vrealize Automation, for example, cloudx. 10 Dell EMC Extensions for VMware vrealize Automation

11 Backup Extension XaaS Administrator Username Type the username in UPN format of a user with XaaS administrator role in vrealize Automation, for example, cloud_admin@domain.local. XaaS Administrator Password Type the password for the username. System Admin Business Group Type the name of the business group to use to inject catalog items to vrealize Automation, for example, SystemBG. Figure 4 Initialization Details - vra tab Active Directory details The AD tab in the Installer includes these fields that require your environment details: AD Port Type the Active Directory Port, for example, 389. AD Base Search DN Type the DN where all cloud users are stored, for example, OU=cloudx,DC=domain,DC=local. AD Bind Account Username Type a user account to bind to Active Directory, for example, adbind_vro@domain.local. AD Bind Account Password Type the password for the user account. Active Directory details 11

12 Backup Extension Figure 5 Initialization Details - AD tab vrealize Automation IaaS web server details The IAAS tab in the Installer includes these fields that require your environment details: vra IaaS Server FQDN Type the FQDN of the vrealize Automation IaaS web server load balancer, for example, web-vip.domain.local. vra IaaS Local Admin Username Type a domain account in samaccountname format, with local administrator privileges in the IaaS web servers, for example, vra_iaas. Local Admin Password Type the password for the domain account. NetBIOS Name of AD Domain Type the NetBios name of the Active Directory domain, for example, DOMAIN. 12 Dell EMC Extensions for VMware vrealize Automation

13 Backup Extension Figure 6 Initialization Details - IAAS tab SMTP server details The SMPT tab in the Installer includes these fields that require your environment details: SMTP Server FQDN Type a valid SMTP server FQDN, for example, mail.domain.local. SMTP Server Port Type the SMTP Server Port, for example, 25. Sender Name Type a name for the notification sender, for example, Cloud Admin. Sender Address Type an address from which to send notifications, for example, cloud_admin@domain.local. SMTP Username If the SMTP server requires authentication, type a username. SMTP Password If the SMTP server requires authentication, type a password for the username. SMTP server details 13

14 Backup Extension Figure 7 Initialization Details - SMTP tab SQL Server details The SQL tab in the Installer includes these fields that require your environment details: SQL Server FQDN Type the FQDN of the SQL Server, for example, autosql.domain.local. SQL Server Port Type the firewall port that is used by SQL Server, for example, SQL Server Username Type the username in samaccountname format, with rights to the metadata database, for example, app_vro_sql. SQL Server User Domain Type the domain for the username, for example, domain.local. SQL Server User Password Type the password for the username. MetaData Database Name Type the name of the SQL Server database for metadata storage. 14 Dell EMC Extensions for VMware vrealize Automation

15 Backup Extension Figure 8 Initialization Details - SQL tab Backup services add-on details The BAAS tab in the Installer includes this field that require your environment details: Avamar Passphrase Type the passphrase to use to create SSH keys for accessing Avamar Systems. Avamar Key Type Enter an SSH key type. Acceptable values are rsa or dpe. Avamar Key Size Enter an SSH key size. Acceptable values are 512, 1024, or Backup services add-on details 15

16 Backup Extension Figure 9 Initialization Details - BACKUP tab To complete the installation click Install. On completion, the installer will displayed a completed status, as shown in the following figures. 16 Dell EMC Extensions for VMware vrealize Automation

17 Backup Extension Figure 10 Currently Installing window Backup services add-on details 17

18 Backup Extension Figure 11 Successfully Installed window 18 Dell EMC Extensions for VMware vrealize Automation

19 CHAPTER 3 Encryption Extension Encryption extension overview CloudLink Center configuration...23 Encryption Extension 19

20 Encryption Extension Encryption extension overview Installing the encryption extension Tenant virtual machines running on either a VxRack SDDC or VxRail are not protected out of the box with encryption services. Therefore, a mechanism is required to offer encryption services for those tenant virtual machines that are running. Dell EMC Encryption Extensions for vrealize Automation enable you to protect tenant workloads using Dell EMC technologies such as Cloudlink. Dell EMC Encryption Extensions for vrealize Automation offer easy-to-use vrealize Automation catalog items and actions, which provide encryption services to virtual machines. Install the Dell EMC Encryption Extensions for vrealize Automation. 1. Obtain a copy of the Dell EMC Encryption Extensions for vrealize Automation executable. 2. Double-click the executable file. 3. Review the end user license agreement and click Accept EULA, as shown in the following figure. Figure 12 End User License Agreement window for encryption extension 20 Dell EMC Extensions for VMware vrealize Automation 4. Under Preparing for Installation in the Installer, enter the initial installation details: vra Portal FQDN Type the FQDN of your vrealize Automation portal, for example, vra-vip.domain.local.

21 Encryption Extension vro Administrator Username Type a user in samaccountname format. The user must be assigned the vrealize Orchestrator administrator role, for example, vro_admin. vro Administrator Password Type the password for the username. AD DNS Name Type the Active Directory domain that is used by the vrealize Automation tenant directory, for example, domain.local. Figure 13 Preparing for Installation window for encryption extension 5. Click Install to begin the installation. The progress of the installation is shown as follows. Installing the encryption extension 21

22 Encryption Extension Figure 14 Currently Installing window for encryption extension The installer installs the necessary components in vrealize Orchestrator. If this is the first extension that has been installed, the installer will initialize the environment by asking for environment details to enable publishing of catalog items to vrealize Automation. If another extension has been installed before the encryption extension, no additional inputs are required. 6. Under Preparing to run initialization workflow in the Installer, provide the environment details by clicking the following tabs and typing in the required information: vra See vra details on page 10. AD See Active Directory details on page 11. IAAS SeevRealize Automation IaaS web server details on page 12. SMTP See SMTP server details on page 13. SQL See SQL Server details on page To complete the installation, click Install. Adding entitlements for encryption services Add encryption services to entitlements: 22 Dell EMC Extensions for VMware vrealize Automation 1. Browse to Administration > Catalog Management > Entitlements and select either New to create a new entitlement or Edit for existing entitlements. 2. On the Items and Approvals tab, click Add beside Entitled Actions.

23 Encryption Extension CloudLink Center configuration 3. From the available actions, select Accept or Reject Pending Key Release, Block or Unblock VM, Encrypt or Decrypt, Encryption Status, and Release Encryption License. 4. After the rest of the required changes for the entitlement are complete, click OK and then Finish. If encryption services are required, install and configure the CloudLink Center virtual appliance before you install the Dell EMC Encryption Extensions for vrealize Automation. For more information, see Dell EMC support and documentation for CloudLink deployment and administration. Create a new user on the CloudLink Center server before implementing encryption as a service. That user should be a Client User Type. Create new machine groups on the CloudLink Center server specifically for encryption as a service or current machine groups. For CloudLink Center-based machine groups to appear in vrealize Automation as potential encryption groups, the new user must belong to a CloudLink Center role that is capable of managing and configuring the machine group. CloudLink Center configuration 23

24 Encryption Extension 24 Dell EMC Extensions for VMware vrealize Automation

25 CHAPTER 4 Workload domains Workload domain overview Managing a workload domain Workload domains 25

26 Workload domains Workload domain overview Managing a workload domain A workload domain is a VMware vcenter server that is added to vrealize Automation as an endpoint for virtual machine workload deployments. Dell EMC Encryption Extensions for vrealize Automation support adding workload domains by using the Manage Workload Domains catalog item. Adding a workload domain associates the workload domain vcenter with a region and registers a cluster and datastores for use for virtual machine provisioning operations. Before you begin To add a workload domain, ensure that the following prerequisites are met: The workload domain vcenter has been provisioned and is available. The workload domain vcenter has been added to the vrealize Orchestrator vcenter plug-in. 1. Log in to the vrealize Automation tenant portal as the system administrator with entitlements to the Workload Domain Services catalog items, for example, cloud_admin@domain.local. 2. Go to Catalog > Workload Domain Services and select Manage Workload Domains, as shown in the following figure. The Service Catalog appears. Figure 15 Manage Workload Domains 3. Under Action, select an action to perform: 26 Dell EMC Extensions for VMware vrealize Automation

27 Workload domains Figure 16 Workload domain actions Add a Workload Domain The following table lists the domain catalog item requirements. Table 1 Add workload domain catalog item requirements Parameter Add new region? Region Name Workload Domain Name Select vcenter Select Cluster Select Datacenter Select Datastores Description Select Yes to add a region or No to use an existing region. Add a region or select an existing region from the drop-down list. Enter a user-friendly name for the workload domain. Select a Fully Qualified Domain Name (FQDN) with values from the vrealize Orchestrator vcenter plug-in. vcenters that are already added as workload domains are not shown. Select an initial cluster to add. You can add clusters from workload domains that support more than one cluster later. Select a single datacenter from the list of datacenters that are discovered in the chosen vcenter. Select all datastores to use for virtual machine provisioning operations. Local datastores might be shown; however, do not use them. Remove a Workload Domain Note Because removing a workload domain is an irreversible operation, proceed with caution. The following table lists the domain catalog item requirements. Managing a workload domain 27

28 Workload domains Table 2 Remove workload domain catalog item requirements Parameter Workload Domain Confirm Description Select a vcenter from the list of previously added Workload Domains. Select Yes or No. Add a cluster to a workload domain Use this action when additional clusters are required for an existing workload domain vcenter. The following table lists the parameters. Table 3 Add cluster requirements Parameter Select Workload Domain Select Cluster Select Datastores Description Select an existing workload domain from the list. Select a cluster. Select all datastores that will be used for virtual machine provisioning operations. Local datastores might be shown but should not be used. 28 Dell EMC Extensions for VMware vrealize Automation

29 CHAPTER 5 Backup services This chapter provides information about the backup services that are available with Dell EMC Encryption Extensions for vrealize Automation. It focuses on the services available to cloud users responsible for the administration and management of backup services. This chapter presents the following topics: Backup services overview Managing the backup topology Managing backup policies...34 Virtual machine backup lifecycle Data Protection Advisor reporting...46 Backup services 29

30 Backup services Backup services overview Dell EMC Encryption Extensions for vrealize Automation present catalog services to enable you to perform infrastructural and operational tasks to protect virtual machines. Cloud infrastructure or backup administrators, as well as cloud end users, consume the backup and recovery services that are available with Dell EMC Encryption Extensions for vrealize Automation. vrealize Automation cloud administrators use their service catalog to create backup policies. When deploying virtual machines, cloud users can use the vrealize Automation self-service portal to protect their machines with a predefined backup policy and initiate on-demand, point-in-time backups and restores of their virtual machines. Before you can take advantage of Dell EMC Encryption Extensions for vrealize Automation, you must set up your environment using the Manage Backup Topology catalog item in the vrealize Automation Service Catalog. The following table lists the catalog items. Table 4 vrealize Automation catalog items Catalog item Manage Backup Topology Manage Backup Policies Backup Reporting Used to Set up associations between Avamar systems and workload domain vcenter servers. Create Avamar backup policies. Enable Dell EMC Data Protection Advisor integration for reporting. Managing the backup topology After the Dell EMC Encryption Extensions for vrealize Automation are installed and initialized, Avamar systems are associated with Workload Domains to provide backup services to tenant users. The Manage Backup Topology catalog item allows the administrator to create these associations. 1. Log in to the vrealize Automation tenant portal as the system administrator with entitlements to the Backup Services catalog items, for example, vra_backup_admin@domain.local. 2. Go to Catalog > Backup Services > Manage Backup Topology. 30 Dell EMC Extensions for VMware vrealize Automation

31 Backup services Figure 17 Manage Backup Topology catalog item 3. Under Action Choice, select an action to perform. Figure 18 Manage Backup Topology Action Choice Configuring the initial backup topology Use the Configure Initial Backup Topology parameter to set up the first Avamar system to workload domain association in each region. Any subsequent associations in the same region must use the alternative options under Manage Backup Services, as described later in this chapter. Prerequisites Ensure that the following prerequisites are met: The Avamar grid has been deployed and configured for authentication. A minimum of one Avamar proxy is deployed and registered to Avamar. At least one workload domain is added in the region. Configure Initial Backup Topology parameters The following table describes the Configure Initial Backup Topology parameters. Configuring the initial backup topology 31

32 Backup services Table 5 Configure Initial Backup Topology parameters Parameter Avamar System Name Avamar System FQDN Avamar System Admin User Avamar System Admin Password Select Region Select Workload Domain Select Cluster Add Proxies Description User-friendly name for the Avamar system. FQDN of the Avamar system. Username of the admin user of the Avamar system (for example, admin). Password of the admin user of the Avamar system. List of available regions to associate with the Avamar system. Select the workload domain to associate with the Avamar system. Select the workload domain cluster to associate with the Avamar system. Choose from a list of proxies registered with the Avamar system. Expand Backup Topology parameters The following table lists the Expand Backup Topology parameters. Table 6 Expand Backup Topology parameters Parameter Avamar System Name Avamar System FQDN Avamar System Admin User Avamar System Admin Password Select Region Add Proxies Description User-friendly name for the Avamar System. FQDN of the Avamar System. Username of the admin user of the Avamar System, for example, admin. Password of the admin user of the Avamar System. List of available regions to associate with the Avamar System. Choose from a list of proxies registered with the Avamar System. Modify Backup Topology parameters The Modify Backup Topology action enables the administrator to modify backup system details such as passwords. The following table lists the Modify Backup Topology parameters. Table 7 Modify Backup Topology parameters Parameter Modify Avamar System details Description Allows the administrator to edit all values entered during the Add Avamar System catalog item. 32 Dell EMC Extensions for VMware vrealize Automation

33 Backup services Table 7 Modify Backup Topology parameters (continued) Parameter Associate manually deployed Avamar proxies with Avamar System Set Avamar System to Admin Full Description Allows the administrator to select an Avamar System and then associate manually deployed proxies with that system. Allows the administrator to set an Avamar system to Admin Full when a system is full or when maintenance operations are required. All backup operations to that system are suspended. Enable backup services on a new workload domain The Enable Backup Services on a new workload domain parameter enables the protection of virtual machines on newly added workload domains. Table 8 Enable Backup Services on a new workload domain parameters Parameter Select Workload Domain Select Cluster Add Proxies Description Select the workload domain to associate with the Avamar system. Select the workload domain cluster to associate with the Avamar system Choose from a list of proxies registered with the Avamar system. Enable backup services on an additional cluster Enable backup services on an additional cluster enables the protection of virtual machines on a newly added cluster in an existing workload domain. Table 9 Enable backup services on an additional cluster parameters Parameter Select Workload Domain Select Cluster Description Select the workload domain to associate with the Avamar system. Select the workload domain cluster to associate with the Avamar system Remediate a single failed Avamar system Remediate Single Failed Avamar enables the administrator to recreate all backup policies on a new Avamar system in the event of an Avamar system failure, or after an Avamar system has been replaced or brought back online. Configuring the initial backup topology 33

34 Backup services Managing backup policies Use the vrealize Automation Manage Backup policies catalog item to create backup policies. An IaaS user can select a backup policy when deploying a workload or apply BaaS policies to a workload as a Day 2 operation. The Manage Backup policies catalog item enables the administrator to change backup policies. 1. Log in to the vrealize Automation tenant portal as the system administrator with entitlements to the Dell EMC Encryption Extensions for vrealize Automation catalog items (for example, vra_backup_admin@domain.local). 2. Go to Catalog > Backup Services and select Manage Backup Policies. Figure 19 Manage Backup Policies catalog item 3. Under Action Choice, select an action to perform. Figure 20 Manage Backup Policies: Choose Action Adding a backup policy Before you begin Ensure that the following prerequisites have been met: vcenter Endpoint is added to the vrealize Orchestrator vcenter plug-in. 34 Dell EMC Extensions for VMware vrealize Automation

35 Backup services The Avamar system is online. Avamar proxies are deployed to the vcenter cluster you plan to add. Note Dell EMC recommends using the Avamar proxy deployment tool that is part of Avamar administrator to deploy proxies. This tool provides deployment recommendations for proxies to ensure optimal placement. 1. Select Add Backup policy from the Manage Backup policies catalog item actions list. 2. Under Backup Schedule, enter a name for the new backup policy. 3. Select a backup schedule. The options are Daily, Weekly, and Monthly. When selecting a daily schedule, specify one or more time intervals (for example, 03:00 and 03:30). When selecting a monthly schedule, specify the week in which the backup will take place. The backup time follows the default backup window. 4. On the Retention Policy tab, specify a retention policy appropriate for this backup policy You can specify or create one of several types of retention policies: Retain the backups indefinitely. To retain a backup retention indefinitely, select Forever. Retain the backups for a certain number of days, weeks, months, or years. To keep the backups for a certain number of days, weeks, months, or years, select for, type a number, and select days, weeks, months, or years from the menu, as required. Retain the backups until a specific date. To keep the backup until a specific date, select Until, which enables you to choose any future date. Define a custom retention period. You can apply a custom retention schedule that is based on each of the backup types by making selections from all of the possible parameters available. 5. Under Replication Schedule, select a schedule from the list. 6. Click Next and Submit. Results Deleting backup policies When complete, the newly created backup policy will be available to virtual machines that are deployed from a blueprint with backup services enabled. An message notifies the requestor when the operation completes. Users can only delete a backup policy if the associated vcenter folder does not contain any virtual machines. The following parameters are available: Deleting backup policies 35

36 Backup services Select Backup policy Select the backup policy to delete. Confirm Select Yes or No. Before deleting the backup policy, the operation checks for any virtual machines that are actively using that backup policy. If any exist, the operation stops and instructs the user to remove the virtual machine from that backup policy before trying to delete the backup policy again. To remove the virtual machine from the backup policy, the user in vrealize Automation can retire the virtual machine. Also, the vcenter administrator can manually move the virtual machine from the backup policy folder to the VRM folder in vcenter. The user can also change the backup policy to NoProtection. Note When a virtual machine is retired, a long-term backup is created before the machine is destroyed. Moving the virtual machine to another vcenter folder keeps the virtual machine active, but no further backups are performed. Remediating a single failed Avamar system Use the Remediate Single Failed Avamar service when an Avamar system has been replaced or brought back online. Unless all the backup and replication policies on the failed unit are disabled when the unit comes back online, both the primary and secondary Avamar instances try to run parallel scheduled backups of the virtual machines. As the following figure shows, the Remediate Single Failed Avamar service requires you to select the Avamar system for remediation. Figure 21 Select Avamar grid for remediation The service interrogates the Avamar system and remediates any missing information. Adding entitlements for backup actions Before you begin Before executing virtual machine-specific backup tasks, enable backup actions for business group users. 36 Dell EMC Extensions for VMware vrealize Automation 1. Browse to Administration > Catalog Management > Entitlements and select either New to create a new entitlement or Edit for existing entitlements.

37 Backup services 2. On the Items and Approvals tab, click Add beside Entitled Actions. 3. From the available actions select the following actions: On Demand Backup On Demand Restore Get Backup Status Set Backup Policy 4. Click OK and then Finish. Virtual machine backup lifecycle The virtual machine backup lifecycle includes: Enabling backup and restore for a blueprint Deploying a virtual machine with backup and restore services Requesting an on-demand backup Requesting an on-demand restore Importing existing virtual machines Applying data protection backup services to imported virtual machines Assigning backup services to existing virtual machines Decommissioning a virtual machine with data protection backup Enabling backup and restore for a blueprint To enable backup and restore functionality for a vrealize Automation blueprint, enable the BackupAndRestoreFunctions build profile on the blueprint, as shown in the following figure. This build profile is made available once the Dell EMC Backup Extensions for vrealize Automation is successfully installed. Figure 22 BackupAndRestoreFunctions build profile Deploying a VM with backup and restore services Deploy a VM with automatic data protection. Before you begin Ensure that: The Avamar system is online. Avamar proxies are deployed. At least one backup policy has been created. At least one workload domain has been created. Virtual machine backup lifecycle 37

38 Backup services Configure Initial Backup Topology has been run. A blueprint with BackupAndRestoreFunctions enabled has been created and is available to the business group. 1. In the vrealize Automation self-service portal, log in to your account, click Catalog, and select a blueprint from the list of available blueprints, as shown in the following figure. Figure 23 Service catalog services 2. Within the VM blueprint, select the required backup policy, as shown in the following figure. Figure 24 Backup policies You can also select the number of VMs to deploy, and increase or decrease VM resources, depending on your entitlements 3. Review and edit the storage options for the VM, click Next to view the Cost Summary, and then click Submit. Results 38 Dell EMC Extensions for VMware vrealize Automation The VM is provisioned into the relevant folder that is defined in vcenter for that service level, and the VM inherits the backup schedules that are defined for that service level. Cloud users receive the name of the VM in an notification from the administrator after the provisioning process successfully completes. The notification advises the user to wait a period of time before trying to access the newly deployed VM. The

39 Backup services Requesting an on-demand backup customization operations, which are required to automatically protect the VM, are run during that time From the vrealize Automation self-service portal, request an on-demand backup of a virtual machine. You do not have to wait for the completion of the backup task. An notification of the backup status is automatically generated when the task is complete, whether the task succeeded or failed. After logging in to the vrealize Automation self-service portal, select On Demand Backup from the Actions menu for a virtual machine, as shown in the following figure. Figure 25 Actions menu Requesting an on-demand restore The on-demand backup request starts the relevant vrealize Orchestrator workflow, which performs the backup using the dataset and retention policy that is defined by the backup policy. When the task is complete, you receive an automated notification that indicates the status of the task. Because the status workflow runs asynchronously, you do not have to wait for the completion status of the backup. From the vrealize Automation self-service portal, request an on-demand restore of a virtual machine. You can choose to restore from a list of the available backups. 1. Power off the virtual machine 2. Log in to the vrealize Automation self-service portal and browse to Items. 3. Under Actions, select a virtual machine to restore and click On Demand Restore to open the On Demand Restore request wizard. 4. Under Request Information, enter a description, optionally enter a reason, and click Next. 5. Under Choose Backup Point, select the backup point-in-time. Requesting an on-demand backup 39

40 Backup services Figure 26 Backup points Results After requesting the on-demand restore, you receive an notification that indicates the success or failure status of the job, including the reason for a failure if applicable, and how long it took to restore the backup. If, for example, a virtual machine is powered on and then the restore operation fails, you receive an that identifies the power state as the reason for the failure. Restore points during an on-demand restore (multisite, single vcenter) Restore points of a virtual machine are for backups performed locally to the primary Avamar system. During an on-demand restore operation, Dell EMC Encryption Extensions for vrealize Automation workflows dynamically interrogate the primary Avamar instance for relevant backups, and present a consolidated list of available backups from which to choose, as shown in the following figure. Figure 27 On demand restore request: Selecting a backup point Importing existing VMs The Dell EMC Encryption Extensions for vrealize Automation workflows implement the relevant restore tasks to return the virtual machine to the correct point in time. Regardless of where the backup is taken (that is, to which Avamar instance) the data is always restored from the Avamar system currently configured as the primary. For environments that require existing VMs to be imported and backup services applied, the vrealize Automation bulk import feature enables the import of one or more VMs. This functionality is available only to vrealize Automation users who have Fabric Administrator and Business Group Manager privileges. The Bulk Import feature imports VMs complete with defining data such as reservation, storage path, blueprint, owner, and any custom properties. Dell EMC Encryption Extensions for vrealize Automation offer the ability to layer backup services onto pre-existing VMs by using the bulk import process. Before you can begin the bulk import process, the following must be true: Target VMs are located in a workload domain vcenter endpoint. 40 Dell EMC Extensions for VMware vrealize Automation

41 Backup services Target VMs are on the correct vrealize Automation-managed compute resource cluster and that cluster is already added as part of a workload domain. In cases where data protection services are required for the target VMs, the machines are on a cluster that is associated with an Avamar system. Target VMs are on the correct vrealize Automation-managed datastore. In cases where data protection services are required for the target VMs, they are on a datastore that is registered with an Avamar system. Applying data protection backup services to imported virtual machines Before you begin To apply data protection backup services to newly imported virtual machines, first create a new blueprint with the BackupAndRestoreForBulkImport build profile. This build profile is available after you install the Dell EMC Encryption Extensions for vrealize Automation. To import existing virtual machines, first generate a CSV file containing the virtual machines to be imported, and then edit the CSV file to specify the virtual machine reservation details. 1. In the vrealize Automation portal, select Infrastructure > Administration > Bulk Imports. 2. Under Generate CSV File, make the following selections: a. For virtual machines currently outside of vrealize Automation management, set Machines to Unmanaged. b. Select the relevant vrealize Automation Business group, and Owner, and the Blueprint that you created earlier. You can create the associated virtual machine blueprint specifically for the import or you can use an existing blueprint. Note Ensure that virtual machine blueprint parameters are appropriate to incoming virtual machines and do not cause conflict. The parameters specified in the blueprint are assigned to virtual machines that are attached to the blueprint. Pay particular attention to lease and archive periods. c. At Resource, select either EndPoint (for example, vcenter) or Compute Resource (for example, vsphere cluster) to locate the virtual machines to import. d. At Name, depending on the resource type you have chosen, select an endpoint or vsphere cluster. Importing existing VMs 41

42 Backup services Figure 28 Generate CSV File window 3. Click OK. 4. Edit the CSV file to specify the virtual machine reservation details. Figure 29 CSV file details All of the values for each machine must be present in the target vrealize Automation deployment for the import to succeed. Edit the CSV file to change the values for reservation, storage location, blueprint, and owner for each machine that you want to import. Note 42 Dell EMC Extensions for VMware vrealize Automation The storage location (which is listed in the Host To Storage column of the CSV file) is the name of the storage device/path, not the storage reservation policy or the name of the storage reservation for the business group. If any virtual machines that do not need to be imported, are discovered and present in the CSV file, manually set their value for Import Yes or No to No in the first column of the CSV file. To apply data protection services to newly imported virtual machines, type epc.backup.servicelevels in the Property Name column and the backup Service Level name in the Property Value column. 1. To import existing virtual machines, select the CSV file containing the virtual machines to be imported and then begin the import, as follows: 5. In the vrealize Automation portal, navigate to Infrastructure > Administration > Bulk Imports.

43 Backup services 6. Select New Bulk Import, and provide the following details: a. Type a name for the import and select the CSV file, as shown in the following figure. Figure 30 New Bulk Import window b. At Start time, select Now or specify a date and time. c. At Batch size, select Batch to define the total number of machines being registered at a specified time. d. Select Ignore managed machines to omit managed machines during the import process. e. Select Skip user validation to omit validating users during the import process. f. Complete other options as appropriate to the import. 7. Click OK. Results When the import operation is complete, the requestor receives an notification for each virtual machine that is successfully imported. Newly imported virtual machines are now available in the portal. Assigning backup services to existing VMs This use case describes how a cloud user or administrator can assign backup policies to an existing VM. 1. In the vrealize Automation portal, browse to Items, and select the VM to which you wish to apply backup services. 2. Click Actions and select Set Backup Policy. 3. Enter a description and click Next. 4. Select the required backup policy. 5. Click Submit. Assigning backup services to existing VMs 43

44 Backup services Results The selected backup policy is applied to the VM. Decommissioning a VM with data protection backup Request the decommissioning of a VM that has backup services applied. From the vrealize Automation self-service portal, request that a VM be destroyed (or retired), as shown in the following figure. Figure 31 Destroying a VM The request starts a number of tasks. Based on the service level of the VM, a final backup is taken and the VM is retired in the Avamar system, meaning that the VM is permanently deleted from the service-level folder. A retired VM can be restored from Avamar at any time before the backup expiration date. Retired VM backups expire according to the retention policy of the service level, but the last backup expires according to the long-term retention policy applied at the time of retirement. Retired VMs do not participate in any further backup schedules after they have been retired. RetireVM is the vrealize Orchestrator workflow that orchestrates the various tasks that are required to decommission a VM. The RetireVM workflow steps are as follows: 1. Create a Retire VM folder. A temporary VM folder is created with a unique string. The name of the folder also contains the long retention name and the VM name, as a result of using a VMware vcenter API call. 2. Move VM to Retire folder. The VM is moved to the Retire folder from its service-level folder. 3. Perform on-demand backup Because this VM is retired permanently and no further backups of the machine are possible, a final backup is taken with a long-term retention policy that is based on the service level. 4. Retire Client 44 Dell EMC Extensions for VMware vrealize Automation After the backup is complete, the client is retired in the Avamar system. This step removes the VM from the list of Avamar backups, and no further backups

45 Backup services are performed on this VM. The VM is also removed from the active view of the Avamar client folder. 5. Move VM back to Service Level folder The VM is moved to its original service level and the vrealize Automation destroy process deletes it permanently from vcenter. 6. Delete the temporary SL folder Requesting backup reports for a VM As a cleanup process, the temporary VM folder is deleted from vcenter. From the vrealize Automation self-service portal, run an on-demand status report of available VM backups. 1. Log in to the vrealize Automation self-service portal and browse to the VM under Items. 2. Under Actions, click Get Backup Status. 3. Provide the required information in the New Request dialog box. The vrealize Orchestrator workflow that supports this operation runs an Avamar command requesting that all the available backups for a VM are ed to the cloud user. When the workflow is complete, an notification lists all the backups that are available for the VM, as shown in the following figure. Figure 32 showing available backups Requesting backup usage reports for a VM From the vrealize Automation self-service portal, request cost and usage information about any of your VMs. Select Get Backup Summary from the VM Actions menu. You receive an notification containing the relevant backup usage information, as shown in the following figure. Requesting backup reports for a VM 45

46 Backup services Figure 33 Backup report Data Protection Advisor reporting Data protection reporting includes enabling Data Protection Advisor and the following two actions: Get Machine Backup Detailed Report Get Machine Backup Summary Enabling Data Protection Advisor Data Protection Advisor is required for data protection reporting workflows. Before you request reports, you must enable Data Protection Advisor for use with the backup module. 1. Log in to the vrealize Automation tenant portal as the system administrator with entitlements to the Workload Domain Services catalog items (for example, 2. Go to Catalog > Backup Services and select Backup Reporting. Figure 34 Backup Reporting option 3. Select Enable DPA from the Action list. 46 Dell EMC Extensions for VMware vrealize Automation

47 Backup services Figure 35 Backup reporting action items 4. Enter the DPA FQDN, username, and password. Figure 36 Enable DPA details Requesting backup details reports for a VM From the vrealize Automation self-service portal, request a report containing comprehensive backup details that are specific to any of your VMs. Select the VM and select Get Machine Backup Detailed Report from the Actions menu. Note DPA is required for the backup report. This backup report contains the following information categories: Job Summary Failed Jobs Backup Jobs with Last Resolution Estimated Protected Backup Capacity Details Backup Client De-Dupe Ratios Chargeback Summary Client Configuration You receive an message that contains a report with backup information specific to the VM. Requesting backup details reports for a VM 47

48 Backup services Figure 37 Backup report for VM 48 Dell EMC Extensions for VMware vrealize Automation

49 CHAPTER 6 Encryption services This chapter presents the following topics: Encryption services overview...50 Adding a CloudLink Center cluster Configuring encryption groups...53 Reporting bulk encryption status Provisioning an encrypted virtual machine Existing virtual machine operations...56 Encryption services 49

50 Encryption services Encryption services overview CloudLink and vsan encryption The Dell EMC Encryption Extensions for vrealize Automation and Dell EMC CloudLink and the SecureVM agent provide encryption for virtual machines. CloudLink uses the SecureVM agent that is installed in the virtual machine to control the native operating system's encryption technologies. The encryption keys are stored within CloudLink Center. If the key release policies are met, the keys are returned to the virtual machine when requested. If the policies are not met, the key request is placed in a pending state and the request must be manually accepted or rejected. To use CloudLink as a KMIP key management server with vsan encryption, apply a KMIP license and configure the CloudLink server for KMIP use. See CloudLink SecureVM Administrator Guide and the CloudLink Key Management for VMware vcenter Server Configuration Guide for more information about implementation and configuration. Adding a CloudLink Center cluster After you have installed the Dell EMC Encryption Extension for vrealize Automation, you need to add a CloudLink Center cluster to vrealize Orchestrator before you can encrypt a virtual machine. To do this, use the following procedure. 1. Validate that the vrealize Orchestrator cluster is in a synchronized state before proceeding, by navigating to the vrealize Orchestrator control center web UI at control-app/ha 2. Determine the hostname for the Local Node, as shown in the following figure. Figure 38 vrealize Orchestrator nodes in initial synchronized state 3. Open the vrealize Orchestrator client and connect to the node determined in the previous step as a vrealize Orchestrator administrator. 4. Select the Workflows tab on the left navigation pane. 5. Select Library > CloudLink SecureVM > Cluster Configuration > Add cluster. 6. Click the Start workflow icon. a. Enter a unique name in the Cluster unique name field. 50 Dell EMC Extensions for VMware vrealize Automation

51 Encryption services b. Enter the hostname or the IP address of one server in the CloudLink Center cluster in the Cluster known server address field. Only a single value is needed. Additional servers in the cluster are discovered automatically. c. Enter the username and password of a client user in CloudLink Center in the CloudLink Center user name and CloudLink Center password fields. d. Click Submit to run the workflow. Figure 39 Running the Add cluster workflow on the first node 7. After the workflow has run successfully, validate that the affected node has a new pending configuration fingerprint. Figure 40 First vrealize Orchestrator node with new pending fingerprint 8. Connect to the other vrealize Orchestrator node (that is, non-local node) using the vrealize Orchestrator client as a vrealize Orchestrator administrator. 9. Select the Workflows tab on the left navigation pane. 10. Select Library > CloudLink SecureVM > Cluster Configuration > Add cluster. 11. Select the previous run of the workflow, right click and select Run Again. All the previous details should be filled out, with the exception of the password, which you must provide again. 12. Click Submit to run the workflow. 13. After the workflow has run successfully, validate that both nodes now have a new (and identical) pending configuration fingerprint. Adding a CloudLink Center cluster 51

52 Encryption services Figure 41 Both vrealize Orchestrator nodes with new pending fingerprint 14. In the vrealize Orchestrator control center UI navigate to the Startup Options page at and restart the Orchestrator server service on the local node. 15. Wait 3-5 minutes for this to restart and settle and then confirm that the pending fingerprint is now synchronized. Figure 42 Local node with synchronized fingerprint 16. Because of the way load balanced vrealize Orchestrator operates, you must synchronize the second vrealize Orchestrator node in a different manner. To do this: a. Use SSH to access the non-local node. b. Restart the Orchestrator server service using the following command: service vco-server restart 17. Wait 3-5 minutes for this to restart and settle and then confirm that the pending fingerprint is now synchronized. Figure 43 Both nodes in fully synchronized state Results 52 Dell EMC Extensions for VMware vrealize Automation When a CloudLink Center cluster is added, existing machine groups appear as encryption groups in vrealize Automation. Restrict these groups by configuring the

53 Encryption services encryption groups using the Dell EMC Encryption Extensions vrealize Automation catalog item Configure Encryption Groups. Configuring encryption groups When you encrypt a virtual machine, it is automatically registered in the CloudLink Center machine group associated with the encryption group. You can restrict the encryption groups to which a business group has access. For example, a specified business group might want all encrypted virtual machines to be associated with a specific CloudLink Center machine group. 1. Log in to the vrealize Automation tenant portal as the system administrator with entitlements to the Encryption catalog items (for example, vra_encryption_admin@domain.local). 2. Go to Catalog > Encryption Services and select Configure Encryption Groups. 3. Under Request Information, enter a description, optionally enter a reason, and click Next. 4. On the Configure Encryption Groups tab, select the business group in which to configure the encryption groups. 5. Select each encryption group that members of the business group can select when encrypting a virtual machine. The No Encryption group option lets you choose not to encrypt a virtual machine, even if the blueprint is enabled for encryption. 6. Click Next to review the request. 7. On the Review and Submit tab, ensure that the selections are correct and click Submit. Reporting bulk encryption status The Bulk Encryption Status catalog item generates and sends an report about all virtual machines owned by a business group. The report indicates if the SecureVM agent is installed and provides the encryption status for each volume in the virtual machine. You do not have to start the virtual machine. The report includes the encryption status of the volumes when the virtual machine was last running. 1. Log in to the vrealize Automation tenant portal as the system administrator with entitlements to the Encryption catalog items (for example, vra_encryption_admin@domain.local). 2. Go to Catalog > Encryption Services and select Bulk Encryption Status. 3. Under Request Information, enter a description, optionally enter a reason, and click Next. 4. On the Bulk Encryption Status tab, select the business group for which to generate the report. The Encryption Report field shows the entire report. Configuring encryption groups 53

54 Encryption services Note If this report does not provide enough information, click Cancel to dismiss the request without sending the report. 5. Type a valid SMTP address in the Target field and click Next to review the request. 6. On the Review and Submit tab, ensure that the Target is correct and click Submit. Provisioning an encrypted virtual machine Updating a blueprint Provision an encrypted virtual machine by following these steps: Update a blueprint Customize encryption properties in the blueprint Select encryption options during provisioning A blueprint can specify that a virtual machine has encrypted volumes after provisioning. The Dell EMC Encryption Extensions for vrealize Automation is required to encrypt a virtual machine and a CloudLink Center cluster must be added to the environment. See Adding a CloudLink Center cluster on page 50 for more information. To update a virtual machine blueprint in the vrealize Automation console: 1. Log in as a user with vrealize Automation tenant administrator or business group manager privileges. 2. Select Design > Blueprints. 3. Select the blueprint to edit. 4. Select the blueprint properties. 5. Select the Properties tab. 6. Select the Property Groups tab. 7. Click Add and then select CloudLink SecureVM Encryption in the Add Property Groups list. Customizing encryption properties in the blueprint The CloudLink SecureVM Encryption property group contains four properties that control the encryption process. Some of these properties can be customized directly in the blueprint to lock down what you see during provisioning. The following table lists the blueprint properties to set to force the use of a specific encryption group. 54 Dell EMC Extensions for VMware vrealize Automation

55 Encryption services Table 10 Encryption group blueprint properties Property com.dell.cloudservices.encryption.businessgroup com.dell.cloudservices.encryption.group Description Clear Show in Request and enter the name of the business group for the Value. Clear Show in Request and type the name of the encryption group for the Value. The following table lists the blueprint properties to set to deploy the SecureVM agent in the virtual machine without prompting the user for a username and password. Table 11 SecureVM agent blueprint properties Property com.dell.cloudservices.encryption.username com.dell.cloudservices.encryption.password Description Clear Show in Request and type the username of the administrator account in the virtual machine for the Value. Clear Show in Request and type the password of the administrator account in the virtual machine for the Value. Ensure that you clear Encrypted, because otherwise the provisioning workflows have no access to the required clear password. Selecting encryption options during provisioning When requesting a virtual machine from an encryption-enabled blueprint, you are prompted to supply information. The following table lists the encryption options during provisioning. Table 12 Encryption options Field Business Group Encryption Group VM Admin Username VM Admin Password Description List box with available business groups. List box with available encryption groups based on the selected business group. Select No Encryption to deploy the virtual machine without encrypting it. The username of the virtual machine administrator account. The username is required to deploy the SecureVM agent into the virtual machine. The password of the virtual machine administrator account. The password is required to deploy the SecureVM agent into the virtual machine. Selecting encryption options during provisioning 55

56 Encryption services Existing virtual machine operations You can encrypt existing virtual machines when the correct entitlements are granted. Adding user entitlements to encryption resource actions 1. Log in to the vrealize Automation tenant portal as the tenant administrator (for example, 2. From Administration, click Catalog Management and then select Entitlements. 3. Select the entitlement and click Edit. 4. From Items & Approvals, click Add for Entitled Actions. 5. Select the resource action you want, and then click OK. The Encryption Actions are: Accept or Reject Pending Key Release, Block or Unblock VM, Encryption Status, Encrypt or Decrypt, Release Encryption License. 6. Click Update to save your changes. Showing the encryption status of a virtual machine 1. In the vrealize Automation portal, browse to Items. 2. Select the virtual machine. 3. Select Encryption Status from Actions. 4. Under Request Information, type a description, optionally type a reason, and click Next. The SecureVM Summary field shows the current encryption status of the virtual machine. Note If the information is sufficient, click Cancel to dismiss the request without sending the report by Type a valid SMTP address in the Target field and click Next. 6. On the Review and Submit tab, review the Action and Target fields, and then click Submit to send the encryption status report by . Encrypting or decrypting a virtual machine s volumes 1. In the vrealize Automation portal, browse to Items. 2. Select the virtual machine. 3. Select Encrypt or Decrypt from Actions. 56 Dell EMC Extensions for VMware vrealize Automation

57 Encryption services 4. On the Encrypt tab or Decrypt tab (depending on the selected action), check the: Volumes To Encrypt field if encrypting an unencrypted volume Volumes To Decrypt field if decrypting a volume 5. Click Next to review the request. 6. On the Review and Submit tab, review the information and click Submit to implement the encryption. Installing or uninstalling the SecureVM agent 1. In the vrealize Automation portal, browse to Items. 2. Select the virtual machine. 3. Select Encrypt or Decrypt from Actions. 4. Under Request Information, enter a description, optionally enter a reason, and click Next. 5. Under Action Choice, select either Install SecureVM agent or Uninstall SecureVM and click Next. Note If the SecureVM agent is not installed on the virtual machine, you can only select the Install SecureVM agent action. If the SecureVM agent is installed on the virtual machine, you can select one of these actions: Encrypt Decrypt Uninstall SecureVM agent 6. On the Credentials tab, type the username and password of the virtual machine administrator account and click Next. The username and password are required to deploy the SecureVM agent into the virtual machine or to uninstall it. 7. If you are installing the SecureVM agent, on the Install SecureVM options tab select the encryption group and click Next. 8. On the Review and Submit tab, review the Action field, and then click Submit. Accepting or rejecting pending key releases When the key release policies are not met, a key request is placed in a pending state. 1. In the vrealize Automation portal, browse to Items. 2. Select the virtual machine. 3. Select Accept or Reject Pending Key Release from Actions. 4. Under Request Information, enter a description, optionally enter a reason, and click Next. Installing or uninstalling the SecureVM agent 57

58 Encryption services 5. Under Action Choice, choose Accept or Reject for the Action field, and then click Next. Note The virtual machine must be in a pending state. 6. On the Review and Submit tab, select Submit. Blocking or unblocking a virtual machine Block a virtual machine when you do not want to release encryption keys for the virtual machine s volumes. 1. In the vrealize Automation portal, browse to Items. 2. Select the virtual machine. Releasing the encryption license 3. Select Block or Unblock VM from Actions. 4. Under Request Information, enter a description, optionally enter a reason, and click Next. 5. Under the Action Choice tab, choose Block or Unblock for the Action field, and then click Next. 6. On the Review and Submit tab, select Submit. A CloudLink license is used when a virtual machine has an encrypted volume. The license is automatically released when the virtual machine is decrypted. However, the instance license can be manually released if the virtual machine is powered off. When the virtual machine is powered on, it uses a CloudLink license automatically. 1. In the vrealize Automation portal, browse to Items. 2. Select the virtual machine. Deleting a CloudLink Center cluster 3. Select Release Encryption License from Actions. 4. Under Request Information, enter a description, optionally enter a reason, and click Next. 5. On the Release Encryption License tab, review an Action field, and then click Submit. Before you begin If permanently deleting or removing, and then re-adding the same CloudLink cluster, follow these steps: 58 Dell EMC Extensions for VMware vrealize Automation 1. Log in to each vrealize Orchestrator client as the vrealize Orchestrator administrator. 2. On each vrealize Orchestrator server, select the Workflows tab on the left navigation pane.

59 Encryption services 3. Select Library > CloudLink SecureVM > Cluster Configuration > Remove cluster. 4. Click the Start workflow icon. 5. On each vrealize Orchestrator server, select the CloudLink cluster to remove and click Submit. 6. Log in to the vrealize Orchestrator Control Center interface. 7. Navigate to the Orchestrator Cluster Management page and determine which embedded vrealize Orchestrator server is the current local node. 8. Restart the vrealize Automation server, where the embedded vrealize Orchestrator is the local node, and allow time for full recovery and data synchronization. 9. Restart the second vrealize Automation server. Deleting a CloudLink Center cluster 59

60 Encryption services 60 Dell EMC Extensions for VMware vrealize Automation

61 CHAPTER 7 Security management This chapter provides information about security management for the user accounts that the modular add-ons use. This chapter presents the following topics: Security hardening...62 Role-based access control Dell EMC Extensions for vrealize Automation installer Password Management overview...63 Service accounts...64 Active Directory bind accounts Application accounts...66 Managing environment connections...68 Security settings...69 Updating Avamar certificates Updating the Data Protection Advisor certificate...76 Security management 61

62 Security management Security hardening This solution builds on the platform best practices around security and hardening in the documents listed in the following tables. Table 13 Dell EMC documentation Publication Product Security: Enhancing the trustworthiness of EMC Solutions Dell EMC Avamar Product Security Guide Description Describes how Dell EMC embeds security in the company's product development, deployment, and maintenance practices, as well as in its supply chain. Provides an overview of the settings and security provisions that are available in Avamar to ensure secure operation of the product. Table 14 VMware documentation Publication VMware Product Security: An Overview of VMware's Security Programs and Practices VMware vsphere Security Management Guide VMware NSX for vsphere Network Virtualization Design Guide VMware NSX for vsphere Documentation Center VMware Hardened Virtual Appliance Operations Guide Description Describes VMware's approach to security for virtualization software products and solutions. Provides information about securing your vsphere environment for VMware vcenter Server and VMware ESXi. Provides an overview of the VMware NSX network virtualization platform. Provides information about installing, configuring, and using NSX. Addresses the site specific technical requirements to meet Security Technical Information Guides (STIG). NSX Administration Guide Table 15 Security configuration and hardening guides Component Security Guide Notes Avamar Dell EMC Avamar Version Product Security Guide Data Domain Dell EMC Data Domain Security Guide Describes the key security features of Data Domain systems and provides the procedures required to ensure data protection and the appropriate access control. Data Protection Advisor VMware NSX for vsphere VMware vsphere ESX VMware vsphere vcenter Server Appliance Dell EMC Data Protection Advisor Security Configuration Guide VMware NSX Security Hardening Guide VMware vsphere 6.5 Hardening Guide VMware vsphere 6.5 Hardening Guide 62 Dell EMC Extensions for VMware vrealize Automation

63 Security management Table 15 Security configuration and hardening guides (continued) Component Security Guide Notes VMware vrealize Automation VMware vrealize Automation Secure Configuration Guide VMware vrealize Business for Cloud No additional guidance is listed for this component. VMware vrealize Log Insight VMware vrealize Log Insight Security Guide Provides a reference to the security features of vrealize Log Insight. VMware vrealize Operations Manager CloudLink SecureVM VMware Secure Configuration vrealize Operations Manager CloudLink SecureVM Security Configuration Guide Role-based access control Dell EMC Extensions for vrealize Automation install new XaaS blueprints in vrealize Automation, and new workflows in vrealize Orchestrator. The appropriate role based access controls (RBAC) are recommended to be applied. They should be added to correspond to the new entities in the respective elements (vrealize Automation and vrealize Orchestrator). Dell EMC Extensions for vrealize Automation installer Ensure that the installer is completely removed from any device post-installation. Password Management overview In a production environment, using service accounts to track and control applications and to mitigate the impact of a potential systems compromise is a security best practice. Perform all password management operations in a scheduled maintenance window to avoid interruption to service. To remove the risk of unauthorized access, Dell EMC recommends the following actions for accounts created or used as part of the installation process. Table 16 Security best practice for accounts created at installation Account type Installation-only Accounts that continue to be used Action Disable Change password Role-based access control 63

64 Security management Service accounts Changing the svc_iaas password Service accounts are active directory users that are associated with Microsoft Windows services to provide security context for those services. Dell EMC recommends that you use the following service accounts with this solution. The password management operations required for each account are outlined below. svc_iaas Dell EMC recommends that you use the svc_iaas account for all vrealize Automation Infrastructure as a Service (IaaS) Windows services. It is also the service account that is granted access to the IaaS SQL Server database. All vrealize Automation services on the following Windows servers must be updated with any changes: vrealize Automation IaaS Manager servers vrealize Automation IaaS Web servers vrealize Automation IaaS DEM Worker servers vrealize Automation IaaS Agent servers 1. Change the password of svc_iaas in Active Directory. 2. Update the vrealize Automation services on each IaaS Manager server. a. Log in to each manager node and open the Services MMC. b. Update the login password in the service properties for each of the following services: VMware DEM-Orchestrator VMware vcloud Automation Center Management Agent VMware vcloud Automation Center Service c. Restart the services. 3. Update the vrealize Automation services on each IaaS DEM Worker server. a. Log in to each DEM worker node and open the Services MMC. b. Update the login password in the service properties for each of the following services: VMware DEM-Worker (DEM Worker name) Note There might be more than one DEM worker service. VMware vcloud Automation Center Management Agent c. Restart the services. 4. Update the vrealize Automation services on each IaaS Agent server. a. Log in to each web node and open the Services MMC. 64 Dell EMC Extensions for VMware vrealize Automation

65 Security management b. Update the login password in the service properties for each of the following services: VMware vcloud Automation Center Agent (vcenter endpoint name) Note There might be more than one agent service VMware vcloud Automation Center Management Agent 5. Update the vrealize Automation services on each IaaS Web server. a. Log in to each web node and open the Services MMC. b. Update the login password in the service properties for the VMware vcloud Automation Center Management Agent service. c. Restart the services. Active Directory bind accounts Active Directory bind accounts are used to integrate cloud components with Active Directory for authentication. The following Active Directory bind accounts are recommended. Changing the adbind_vra user password The adbind_vra account is used to bind the vrealize Automation tenant directory to Active Directory. Note Until the password is changed, previously synchronized accounts in the vrealize Automation tenant directory continue to work, but a new synchronization does not begin. 1. Change the adbind_vra user password by updating it in Active Directory. 2. Log in to the vrealize Automation tenant as a user with Tenant Administrator privileges. 3. Go to Administration > Directory Management > Directories, and select the directory name to be updated. 4. Under the Bind User Details, update Bind DN Password. 5. Click Test Connection to validate the change and click Save. 6. Click Sync Now to perform a directory sync. Changing the adbind_vro user password The adbind_vro account is used to bind the vrealize Orchestrator Active Directory plugin to Active Directory. 1. Change the adbind_vro user password by updating it in Active Directory. Active Directory bind accounts 65

66 Security management 2. Launch the vrealize Orchestrator client and log in as a user that has vrealize Orchestrator administrator rights. 3. Go to Inventory > Active Directory, right-click the LDAP server, and select Run Workflow. 4. Right-click and select Update. 5. Type the new password for the adbind_vro user. 6. Click Submit. 7. To complete the password update, log in to the vrealize Automation tenant portal as the system administrator with entitlements to the Connection Maintenance catalog item (for example, vra_config_admin@domain.local). 8. Go to Catalog > Workload Domain Services and select Connection Maintenance. 9. Select ActiveDirectoryConnection and type the new password for the adbind_vro user. 10. Click Submit. Changing adbind_dpa user password The account adbind_dpa is used to configure Data Protection Advisor to enumerate Active Directory user accounts and groups. 1. Change the adbind_dpa user password by updating it in Active Directory. 2. Browse and connect to the DPA Server over HTTPS on port 9002, for example, Note Ensure that all pop-up blockers are disabled. 3. Type the username and password. 4. In the main DPA console's navigation pane, select Admin and then select Users & Security. 5. Select Manage External Authentication. 6. In the User Properties section, in the Password field, type the new password for the adbind_dpa user. 7. Click Validate. 8. Click Test User. 9. Click OK. Application accounts Application accounts are used at configuration points between cloud applications. The following application accounts are recommended. 66 Dell EMC Extensions for VMware vrealize Automation

67 Security management Changing the app_vra_vcenter user password The app_vra_vcenter account is used to authenticate with vcenter when creating vcenter endpoints in vrealize Automation 1. Change the app_vra_vcenter user password by updating it in Active Directory. 2. Log in to the vrealize Automation tenant portal with an account that has infrastructure administrator privileges, for example, vra_iaas_admin. 3. Browse to Infrastructure > Endpoints. 4. Edit the relevant vcenter endpoint. 5. Type the new password for app_vra_vcenter and click Test Connection. 6. When Test Connection completes successfully, click OK. Changing the app_vra_vro user password The app_vra_vro account is used when creating a vrealize Orchestrator endpoint in vrealize Automation 1. Change the app_vra_vro user password by updating it in Active Directory. 2. Log in to the vrealize Automation tenant portal with an account that has infrastructure administrator privileges, for example, vra_iaas_admin. 3. Browse to Infrastructure > Endpoints. 4. Edit the relevant vrealize Orchestrator endpoint. 5. Enter the new password for app_vra_vro and click Test Connection. 6. When Test Connection completes successfully, click OK. Changing the app_vro_vcenter user password The app_vro_vcenter account is used to authenticate with vcenter through the vrealize Orchestrator vcenter plug-in. 1. Change the app_vro_vcenter user password by updating it in Active Directory 2. Launch the vrealize Orchestrator client and log in with a user that has vrealize Orchestrator administrator rights. 3. Go to Workflows > Library > vcenter > Configuration. 4. Right-click Update a vcenter Server Instance and select Run Workflow. 5. Type the new password for app_vro_vcenter and click Submit 6. To complete the password update, log in to the vrealize Automation tenant portal as the system administrator with entitlements to the Connection Maintenance catalog item, for example, vra_config_admin@domain.local. 7. Go to Catalog > Workload Domain Services and select Connection Maintenance. 8. Select vroconnection and type the new password for the app_vro_vcenter user. Changing the app_vra_vcenter user password 67

68 Security management 9. Click Submit. Changing the app_vro_dpa user password The app_vro_dpa account is used to connect VMware vrealize Orchestrator to Dell EMC Data Protection Advisor. 1. Log in to the vrealize Automation tenant portal as the system administrator with entitlements to the Connection Maintenance catalog item (for example, 2. Go to Catalog > EHC Configuration and select Connection Maintenance. 3. Select DPAConnection and click Next. 4. Type the new password for app_vro_dpa user. 5. Click Submit. Changing the app_avamar_vcenter user password The app_avamar_vcenter account is used to register VCenter as a client in EMC Avamar. 1. Launch Avamar Administrator and log in using the root account and the password that is provided during installation. 2. Go to Navigation > Administration. 3. Select the vcenter Domain, for example, vc01.domainname.local. 4. Right-click the vcenter Client and select Edit Client. 5. In the Root User panel, type the new password for the app_avamar_vcenter account. 6. Type the new password in the Verify Password field. 7. Click OK. 8. Repeat the preceding steps for all workload domain vcenter instances that are integrated with Avamar. Managing environment connections Use the Connection Maintenance catalog item to update connections in the Dell EMC Encryption Extensions for vrealize Automation metadata database that were created when the environment was first initialized. This functionality is useful for managing the password lifecycle. Note Passwords are updated in the object model only. Update them in other locations manually (for example, Active Directory, service accounts, and so on). 68 Dell EMC Extensions for VMware vrealize Automation 1. Log in to the vrealize Automation tenant portal as the system administrator with entitlements to the Connection Maintenance catalog item (for example, vra_config_admin@domain.local).

69 Security management 2. Go to Catalog > Workload Domain Services and select Connection Maintenance. 3. Follow the steps for the task that you want to complete, as shown in the following table. Table 17 Update connection tasks Task Modify Data Protection Advisor details Modify vrealize Automation IaaS web VIP details Modify VMware vcenter NSX details Modify SMTP server detail Modify Simple Access Object Protocol (SOAP) server details Modify SQL server details Modify vrealize Automation details Steps Select DPAConnection and modify the details. Select IAASConnection and modify the details. Select NSXConnection and modify the details. Select SMTPConnection and modify the details. Select SOAPConnection and modify the details. Select SQLConnection and modify the details. Select vraconnection and modify the details. Security settings The tables in this section provide information about security data for the Dell EMC Encryption Extensions for vrealize Automation. Table 18 Authentication mechanisms and integration Component Active Directory Exceptions Avamar Y MCCLI Data Domain Data Protection Advisor Storage Analytics Microsoft SQL Server Microsoft Windows Server VMware vrealize Automation Application Services Y Y Y Y Y Y Table 19 Log capability matrix for vrealize Log Insight or similar solution (such as Q-Radar) Component Avamar Data Domain Data Protection Advisor Microsoft SQL Server Microsoft Windows Server Format syslog/file syslog/file API/WinRM/file API/WinRM/file API/WinRM/file Security settings 69

70 Security management Table 19 Log capability matrix for vrealize Log Insight or similar solution (such as Q- Radar) (continued) Component VMware vrealize Automation VMware vrealize Orchestrator VMware vrealize Orchestrator Plugins Format syslog/file syslog/file with vrealize Orchestrator Table 20 Operating systems in use System component Operating system OS type Avamar Proxy SLES 11 SP3 Bare metal Avamar Server SLES 11 SP3 Bare metal Data Domain DDOS Bare metal Data Protection Advisor Windows Server 2012 R2 Guest Microsoft SQL Server Windows Server 2012 R2 Guest VMware vcenter Server (for Windows) Windows Server 2012 R2 Guest VMware vrealize Automation Application Services SLES 11 SP3 Appliance VMware vrealize Automation SLES 11 SP3 Appliance VMware vsphere ESXi ESXi 6.5U1 Bare metal Table 21 Ports in use in Avamar Server Application and services Protocol Port Direction ECHO TCP/UDP 7 Both FTP TCP 21 (optional) Inbound SSH TCP 22 Both Telnet TCP 23 (optional) Inbound EMC DD Boost/Port Mapper TCP 111 Inbound NTP TCP/UDP 123 Both LDAP TCP 389 Outbound Client downloads/dtlt TCP 80 (optional) /443 Inbound CIFS (Netbios name services) UDP 137 Inbound CIFS (Datagram services) UDP 138 Inbound CIFS (Netbios session services) UDP 139 Inbound CIFS (Microsoft DS) TCP 445 Inbound SNMP TCP/UDP 161 (optional) Inbound EMC DD Boost/NFS TCP 2049 Inbound Replication TCP 2051 (optional) Inbound 70 Dell EMC Extensions for VMware vrealize Automation

71 Security management Table 21 Ports in use in Avamar Server (continued) Application and services Protocol Port Direction NFS (mountd) TCP/UDP 2052 Inbound DDMC TCP 3009 (optional) Inbound SMTP TCP 25 Outbound SNMP UDP 162 (optional) Outbound Syslog UDP 514 (optional) Outbound Avamar Installer (TLS) TCP 8543 Both GSAN TCP/UDP GSAN TCP/UDP GSAN TCP/UDP GSAN TCP/UDP Avamar Server TCP Inbound Avamar Server TLS TCP Inbound avagent TCP Secure Utility Node/Storage Node TCP Both Avamar System/Client TCP Both Secure Utility Node/Storage Node TCP Both Data Protection Advisor Agent TCP 3741 Inbound Data Protection Advisor Application Server TCP 9002 Inbound Data Protection Advisor Datastore Server TCP 9003 Inbound HTTP TCP 9004 Inbound HTTPS TCP 9002 Inbound MANAGEMENT_NATIVE TCP 9999 Inbound MANAGEMENT_HTTP TCP 9005 Inbound MESSAGING TCP 5445 Outbound MESSAGING_THROUGHPUT TCP 5455 Outbound OSGI TCP 8090 Outbound REMOTING TCP 4447 Outbound TXN_RECOVERY TCP 4712 Outbound TXN_STATUS TCP 4713 Outbound HTTP TCP 5445 Inbound HTTPS TCP 7600 Inbound MANAGEMENT_NATIVE TCP Inbound MANAGEMENT_HTTP UDP 5445 Inbound Security settings 71

72 Security management Table 21 Ports in use in Avamar Server (continued) Application and services Protocol Port Direction MESSAGING UDP 7500 Outbound MESSAGING_THROUGHPUT UDP 9876 Outbound OSGI UDP Outbound REMOTING UDP Outbound TXN_RECOVERY UDP Outbound Table 22 Ports in use in Microsoft SQL Server Application and services Protocol Port Direction SQL Server TCP 1433 Both Dedicated Admin Connection TCP 1434 Inbound SQL Server named instance UDP 1434 Both SQL Server Analysis Service TCP 2383 Inbound Connection request to a named instance of Analysis Services TCP 2383 Both Transact-SQL debugger and SQL Server Integration Services TCP 135 Both Table 23 Ports in use in VMware vrealize Automation Application Services Application and services Protocol Port Direction RPC TCP 111 Inbound Access to vrealize Automation console TCP 443 Inbound VAMI TCP 5480, 5488, 5489 Inbound Internal vcenter TCP 8230, 8280, 8281 Inbound SMTP TCP/UDP 25, 587 Outbound DNS TCP/UDP 53 Both DHCP TCP/UDP 67, 68, 546, 547 Outbound Software updates TCP 80 Inbound POP TCP/UDP 110, 995 Outbound IMAP TCP/UDP 143, 993 Outbound NTP TCP/UDP 123 Both IaaS Manager Service over HTTPS TCP 443 Inbound PostgreSQL database TCP/UDP 5433 Outbound SSO service over HTTPS TCP 443 Outbound vrealize Orchestrator instance TCP 8281 Outbound Manager Service TCP 80 Inbound 72 Dell EMC Extensions for VMware vrealize Automation

73 Security management Table 23 Ports in use in VMware vrealize Automation Application Services (continued) Application and services Protocol Port Direction proxy agents TCP 80 Inbound guest agents TCP 80 Inbound Virtualization host TCP 80 Inbound DEMs TCP 443 Inbound vfabric, RabbitMQ TCP 5671 Inbound Table 24 Ports in use in VMware vrealize Automation IaaS Application and services Protocol Port Direction Manager Service TCP 443 Inbound DNS TCP/UDP 53 Outbound NTP TCP/UDP 123 Both Manager Service TCP 443 Outbound Website TCP 443 Outbound Distributed Execution Managers TCP 443 Outbound Manager Service, Website TCP 1433 Outbound Manager Service (optional) TCP 80 Outbound Table 25 Ports in use in VMware vsphere vcenter Application and services Protocol Port Direction SSH TCP 22 Both SMTP TCP 25 Outbound DNS UDP 53 Both HTTP TCP/UDP 80 Inbound Kerberos TCP/UDP 88 Outbound NTP UDP 123 Both LDAP TCP 389 (optional) Outbound Secure LDAP TCP 636 (optional) Outbound Web Access TCP 443 Inbound vsphere Syslog Collector TCP/UDP 514 Both vcenter Server/VMware Infrastructure Client TCP/UDP 902 Inbound vsphere Syslog Collector TLS TCP/UDP 1514 Both Control Interface RPC (SSO) TCP 2012 Both RPC for VMCA TCP 2014 Both Security settings 73

74 Security management Table 25 Ports in use in VMware vsphere vcenter (continued) Application and services Protocol Port Direction DNS Management TCP 2015 Both Authentication Framework Management TCP/UDP 2020 Both Appliance Management Interface TCP 5480 Both ESXi dump collector TCP 6500 Inbound Auto Deploy Service TCP 6501 Outbound Auto Deploy management TCP 6502 Inbound Secure Token Service TCP 7444 Both vsphere Update Manager TCP 8084, 9084, 9087 (not all necessarily used) Inbound vsphere Web Client TCP 9443 Both vcenter Server Appliance - AD TCP 135 (optional) Outbound SNMP UDP 161 (optional) Outbound VMware Syslog collector TCP 8109 (optional) Outbound Migration Assistant Port TCP 9123 (optional) Both vservice Manager TCP 15007, (optional) Outbound vsphere Replication TCP 31031, (optional) Outbound vcenter SSO LDAPS TCP 11711, (optional) Outbound Updating Avamar certificates Install certificates in the Avamar system by copying the certificates to the correct location on each node. Before you begin Ensure that you have arranged a maintenance window with the customer, because this procedure requires that the Avamar server process (mcs) is stopped. Pause all scheduled or running backups until the process is complete. Ensure that OpenSSL is installed on the system that generates the CSR. By default Avamar is installed using self-signed certificates. This procedure updates self-signed Avamar certificates. 74 Dell EMC Extensions for VMware vrealize Automation 1. On each Avamar server, generate a CA-signed certificate: a. Run openssl req -new -newkey rsa:2048 -keyform PEM - keyout avamarfqdnkey.pem -nodes -outform PEM -out avamarfqdnreq.pem. b. Provide the appropriate CSR information at the prompts. c. Connect to CA_Web_Enrollment and submit an advanced certificate request using Base64.

75 Security management d. Open the VMware SSL certificate template. e. Paste the contents of avamarfqdnreq.pem into the encoded section. f. Download the Base64 certificate. g. Rename the CA signed certificate certnew.cer to cert.pem. h. Rename the key file avamarfqdnkey.pem to key.pem. 2. Use SSH to log in: For a single-node server, log in to the server as admin. For a multi-node server, log in to the utility node as admin. 3. Type dpnctl stop gsan to stop the Avamar server. 4. Copy the certificate to the locations specified for the type of Avamar system: Single-node system: Copy the certificate to /data01/home/admin/cert.pem. Copy the certificate to /usr/local/avamar/etc/cert.pem. Multi-node system On each storage node, copy the certificate generated for that node to: / data01/home/admin/cert.pem. On the utility node, copy the certificate generated for that node to: / usr/ local/avamar/etc/cert.pem. 5. Copy the key associated with the certificate to the locations specified for the type of Avamar system: Single-node system Copy the key to: /data01/home/admin/cert.pem. Copy the key to: /usr/local/avamar/etc/cert.pem. Multi-node system On each storage node, copy the key generated for that node to: / data01/home/admin/cert.pem. On the utility node, copy the key generated for that node to: /usr/ local/avamar/etc/cert.pem. 6. Restart the Avamar server by typing gsan dpnctl start. 7. Type avmaint config verifypeer=yes avamaronly to enable client authentication. After you finish If this is the first time the customer has applied CA-signed certificates to their Avamar environment, proceed to Enabling encrypted server authentication on page 75. Enabling encrypted server authentication Configure Avamar to use a CA-signed certificate for encrypted communication if CAsigned certificates have been assigned to the Avamar environment for the first time. 1. Use SSH to log in: Enabling encrypted server authentication 75

76 Security management Single node: Log in to the server as admin. Multi-node: Log in to the utility node as admin. 2. Open /usr/local/avamar/var/mc/server_data/prefs/ mcserver.xml 3. In mcserver.xml, locate the encrypt_server_authenticate preference and change it to encrypt_server_authenticate=true. 4. Save and close the file. 5. Stop and restart the Avamar server. Updating the Avamar Proxy certificate Applying the root certificate of the CA to the Avamar proxy enables authentication of the Avamar server certificate for trusted communication between server and proxy. The Avamar proxy requires an update only if the Root CA certificate has been replaced and the Avamar server certificate has also been updated. Before you begin Ensure that you have arranged a suitable maintenance window with the customer, because a restart is required for each proxy. This process must be completed for each Avamar proxy. 1. Connect to CA_Web_Enrollment 2. Download the CA root certificate in Base64 format. (Root64.cer) 3. Rename the root certificate file to chain.pem. 4. Copy the chain.pem file to the Avamar proxy and place it in the directory /usr/local/avamar/etc/. 5. Reboot the Avamar proxy to re-establish encrypted communications between the Avamar server and the proxy. Updating the Data Protection Advisor certificate By default Data Protection Advisor is installed using self-signed certificates. If the customer has previously replaced the self-signed Data Protection Advisor certificates, the CA-signed certificates must be renewed. 1. Connect to the remote desktop of the Data Protection Advisor virtual machine. 2. Create a copy of the following files: C:\Program Files\EMC\DPA\services\standalone \configuration\apollo.keystore C:\Program Files\EMC\DPA\services\standalone \configuration\standalone.xml 3. Generate a new alias and private key to a temporary keystore: a. Open PowerShell and go to the following directory: C:\Program Files\EMC\DPA\services\_jre\bin\ 76 Dell EMC Extensions for VMware vrealize Automation

77 Security management b. Run the following command:./keytool -genkey -keyalg RSA -alias alias name -keysize keystore C:\new.keystore c. Type the password for the new keystore. d. For the What is your first and last name? prompt, type the FQDN of the Data Protection Advisor server. For example, dpa.domain.local. e. Provide the requested information and type the signing key password. 4. Create a certificate signing request from the alias/temp keystore: a. Open PowerShell and go to the directory C:\Program Files\EMC\DPA \services\_jre\bin\. b. Run the following command:./keytool -certreq -alias alias name -keystore C: \new.keystore -file C:\dpa.csr Use the same alias name as used in step 3b. c. Type the previously set keystore password. 5. Generate a CA-signed certificate: a. Connect to CA Web-Enrollment: certsrv. b. Submit an advanced certificate request using Base64. c. Paste the contents of the applicable CSR into the encoded section. d. Use the following certificate template: VMware SSL. e. Download the Base64 certificate. f. Rename the Base64 certificate to match the applicable solution user. (name.cer). 6. Navigate to the home page of the certificate server and click Download a CA certificate, certificate chain, or CRL, as shown in the following figure. Figure 44 Certificate server home page 7. Select the Base 64 radio button and then click the Download CA certificate chain link, as shown in the following figure. Updating the Data Protection Advisor certificate 77

78 Security management Figure 45 Download a CA certificate, certificate chain, or CRL window 8. Save the file as C:\certs\cachain.p7b. 9. Double-click the C:\certs\cachain.p7b file. The file opens in a certificate manager MMC window. 10. Navigate to the Certificates folder. Right click the root CA certificate, click All tasks, and then click Export. 11. On the Certificate Export Wizard screen, click Next. 12. Select Base-64 encoded X.509 (.CER) and click Next. Figure 46 Export File Format options 13. Save the file as root64.cer in a folder of your choice and click Next. 14. Click Finish. 15. Download PKCS Base64 certificate chain. a. Extract the root and subordinate certificates from the chain into a new file called Root64.cer. 78 Dell EMC Extensions for VMware vrealize Automation

Dell EMC Extensions for VMware vrealize Automation

Dell EMC Extensions for VMware vrealize Automation Dell EMC Extensions for VMware vrealize Automation April 2018 H17047 Reference Architecture Guide Abstract This reference architecture guide provides an introduction to the concepts and architectural options

More information

ENTERPRISE HYBRID CLOUD 4.1.1

ENTERPRISE HYBRID CLOUD 4.1.1 ENTERPRISE HYBRID CLOUD 4.1.1 May 2017 Abstract This guide describes the administration functionality of. Enterprise Hybrid Cloud enables IT organizations to deliver infrastructure, storage, backup, continuous

More information

Migrating vrealize Automation 6.2 to 7.2

Migrating vrealize Automation 6.2 to 7.2 Migrating vrealize Automation 6.2 to 7.2 vrealize Automation 7.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.

More information

EMC ViPR Controller. Create a VM and Provision and RDM with ViPR Controller and VMware vrealize Automation. Version 2.

EMC ViPR Controller. Create a VM and Provision and RDM with ViPR Controller and VMware vrealize Automation. Version 2. EMC ViPR Controller Version 2.3 Create a VM and Provision and RDM with ViPR Controller and VMware vrealize Automation 302-002-205 01 Copyright 2015- EMC Corporation. All rights reserved. Published in USA.

More information

Dell EMC vsan Ready Nodes for VDI

Dell EMC vsan Ready Nodes for VDI Dell EMC vsan Ready Nodes for VDI Integration of VMware Horizon on Dell EMC vsan Ready Nodes April 2018 H17030.1 Deployment Guide Abstract This deployment guide provides instructions for deploying VMware

More information

Copyright 2015 EMC Corporation. All rights reserved. Published in the USA.

Copyright 2015 EMC Corporation. All rights reserved. Published in the USA. This solution guide describes the data protection functionality of the Federation Enterprise Hybrid Cloud for Microsoft applications solution, including automated backup as a service, continuous availability,

More information

VxRack System SDDC Enabling External Services

VxRack System SDDC Enabling External Services VxRack System SDDC Enabling External Services May 2018 H17144 Abstract This document describes how to enable external services for a VxRack System SDDC. Use cases included are Dell EMC Avamar-based backup

More information

Dell EMC Ready Architectures for VDI

Dell EMC Ready Architectures for VDI Dell EMC Ready Architectures for VDI Designs for VMware Horizon 7 on Dell EMC XC Family September 2018 H17387 Deployment Guide Abstract This deployment guide provides instructions for deploying VMware

More information

Migrating vrealize Automation 6.2 to 7.1

Migrating vrealize Automation 6.2 to 7.1 Migrating vrealize Automation 6.2 to 7.1 vrealize Automation 7.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.

More information

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center Introducing VMware Validated Designs for Software-Defined Data Center VMware Validated Design 4.0 VMware Validated Design for Software-Defined Data Center 4.0 You can find the most up-to-date technical

More information

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center Introducing VMware Validated Designs for Software-Defined Data Center VMware Validated Design for Software-Defined Data Center 4.0 This document supports the version of each product listed and supports

More information

IaaS Integration for Multi- Machine Services. vrealize Automation 6.2

IaaS Integration for Multi- Machine Services. vrealize Automation 6.2 IaaS Integration for Multi- Machine Services vrealize Automation 6.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about

More information

Building Automation and Orchestration for Software-Defined Storage with NetApp and VMware

Building Automation and Orchestration for Software-Defined Storage with NetApp and VMware Technical Report Building Automation and Orchestration for Software-Defined Storage with NetApp and VMware Using NetApp OnCommand Workflow Automation, VMware vrealize Automation, and vrealize Orchestration

More information

Dell EMC Ready System for VDI on VxRail

Dell EMC Ready System for VDI on VxRail Dell EMC Ready System for VDI on VxRail Citrix XenDesktop for Dell EMC VxRail Hyperconverged Appliance April 2018 H16968.1 Deployment Guide Abstract This deployment guide provides instructions for deploying

More information

vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017

vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017 vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017 vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017 vrealize Suite Lifecycle Manager 1.0 Installation and Management You can find the most up-to-date technical documentation

More information

CloudLink Key Management for VMware vcenter Server Configuration Guide

CloudLink Key Management for VMware vcenter Server Configuration Guide CloudLink Key Management for VMware vcenter Server Dell EMC CloudLink SecureVM Version 6.0, 6.5, and 6.6 H15988.3 January 2018 This contains procedures to create a trusted connection between CloudLink

More information

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center Introducing VMware Validated Designs for Software-Defined Data Center VMware Validated Design for Software-Defined Data Center 3.0 This document supports the version of each product listed and supports

More information

vrealize Automation Management Pack 2.0 Guide

vrealize Automation Management Pack 2.0 Guide vrealize Automation Management Pack 2.0 Guide This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Dell EMC Ready Architectures for VDI

Dell EMC Ready Architectures for VDI Dell EMC Ready Architectures for VDI Designs for Citrix XenDesktop and XenApp for Dell EMC XC Family September 2018 H17388 Deployment Guide Abstract This deployment guide provides instructions for deploying

More information

Dell EMC Ready System for VDI on XC Series

Dell EMC Ready System for VDI on XC Series Dell EMC Ready System for VDI on XC Series Citrix XenDesktop for Dell EMC XC Series Hyperconverged Appliance March 2018 H16969 Deployment Guide Abstract This deployment guide provides instructions for

More information

Foundations and Concepts

Foundations and Concepts vrealize Automation 7.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

Foundations and Concepts. 04 December 2017 vrealize Automation 7.3

Foundations and Concepts. 04 December 2017 vrealize Automation 7.3 Foundations and Concepts 04 December 2017 vrealize Automation 7.3 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about

More information

IaaS Integration for Multi-Machine Services

IaaS Integration for Multi-Machine Services IaaS Integration for Multi-Machine Services vcloud Automation Center 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

Advanced Service Design. vrealize Automation 6.2

Advanced Service Design. vrealize Automation 6.2 vrealize Automation 6.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to

More information

Foundations and Concepts. 20 September 2018 vrealize Automation 7.5

Foundations and Concepts. 20 September 2018 vrealize Automation 7.5 Foundations and Concepts 20 September 2018 vrealize Automation 7.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about

More information

Using the Horizon vrealize Orchestrator Plug-In

Using the Horizon vrealize Orchestrator Plug-In Using the Horizon vrealize Orchestrator Plug-In VMware Horizon 6 version 6.2.3, VMware Horizon 7 versions 7.0.3 and later Modified on 4 JAN 2018 VMware Horizon 7 7.4 You can find the most up-to-date technical

More information

Foundations and Concepts. vrealize Automation 7.0

Foundations and Concepts. vrealize Automation 7.0 Foundations and Concepts vrealize Automation 7.0 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1 Introducing VMware Validated Design Use Cases Modified on 21 DEC 2017 VMware Validated Design 4.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

EMC vcloud Director Data Protection Extension

EMC vcloud Director Data Protection Extension EMC vcloud Director Data Protection Extension Version 2.0.5 Administration and User Guide 302-001-992 REV 05 Copyright 2014-2016 EMC Corporation All rights reserved. Published December 2016 Dell believes

More information

Using the vrealize Orchestrator OpenStack Plug-In 2.0. Modified on 19 SEP 2017 vrealize Orchestrator 7.0

Using the vrealize Orchestrator OpenStack Plug-In 2.0. Modified on 19 SEP 2017 vrealize Orchestrator 7.0 Using the vrealize Orchestrator OpenStack Plug-In 2.0 Modified on 19 SEP 2017 vrealize Orchestrator 7.0 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

Foundations and Concepts. 12 April 2018 vrealize Automation 7.4

Foundations and Concepts. 12 April 2018 vrealize Automation 7.4 Foundations and Concepts 12 April 2018 vrealize Automation 7.4 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this

More information

Using vrealize Operations Tenant App as a Service Provider

Using vrealize Operations Tenant App as a Service Provider Using vrealize Operations Tenant App as a Service Provider Using vrealize Operations Tenant App as a Service Provider You can find the most up-to-date technical documentation on the VMware Web site at:

More information

Tenant Administration. vrealize Automation 6.2

Tenant Administration. vrealize Automation 6.2 vrealize Automation 6.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to

More information

VMware Validated Design Backup and Restore Guide

VMware Validated Design Backup and Restore Guide VMware Validated Design Backup and Restore Guide VMware Validated Design for Software- Defined Data Center 3.0 This document supports the version of each product listed and supports all subsequent versions

More information

VMware vsphere Data Protection Evaluation Guide REVISED APRIL 2015

VMware vsphere Data Protection Evaluation Guide REVISED APRIL 2015 VMware vsphere Data Protection REVISED APRIL 2015 Table of Contents Introduction.... 3 Features and Benefits of vsphere Data Protection... 3 Requirements.... 4 Evaluation Workflow... 5 Overview.... 5 Evaluation

More information

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center Introducing VMware Validated Designs for Software-Defined Data Center 17 JUL 2018 VMware Validated Design 4.3 VMware Validated Design for Software-Defined Data Center 4.3 You can find the most up-to-date

More information

ENTERPRISE HYBRID CLOUD 4.1.2

ENTERPRISE HYBRID CLOUD 4.1.2 ENTERPRISE HYBRID CLOUD 4.1.2 September 2017 Abstract This solution guide provides an introduction to the concepts and architectural options available within Enterprise Hybrid Cloud. It should be used

More information

IaaS Configuration for Cloud Platforms. vrealize Automation 6.2

IaaS Configuration for Cloud Platforms. vrealize Automation 6.2 IaaS Configuration for Cloud Platforms vrealize Automation 6.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this

More information

Dell EMC Integrated Data Protection Appliance

Dell EMC Integrated Data Protection Appliance Dell EMC Integrated Data Protection Appliance Version 2.2 Getting Started 302-004-953 A01 Copyright 2018 Dell Inc. or its subsidiaries. All rights reserved. Published June 2018 Dell believes the information

More information

ENTERPRISE HYBRID CLOUD 4.1.1

ENTERPRISE HYBRID CLOUD 4.1.1 ENTERPRISE HYBRID CLOUD 4.1.1 September 2017 Abstract This solution guide provides an introduction to the concepts and architectural options available within Enterprise Hybrid Cloud. It should be used

More information

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3 Deploying VMware Identity Manager in the DMZ SEPT 2018 VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have

More information

Copyright 2015 EMC Corporation. All rights reserved. Published in the USA.

Copyright 2015 EMC Corporation. All rights reserved. Published in the USA. This Reference Architecture Guide describes, in summary, a solution that enables IT organizations to quickly and effectively provision and manage Oracle Database as a Service (DBaaS) on Federation Enterprise

More information

Reconfiguring VMware vsphere Update Manager. 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

Reconfiguring VMware vsphere Update Manager. 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7 Reconfiguring VMware vsphere Update Manager 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline Collector 2.0 VMware Skyline Collector Installation and Configuration Guide VMware Skyline Collector 2.0 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If

More information

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4 VMware Skyline Collector Installation and Configuration Guide VMware Skyline 1.4 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have

More information

Installation and Configuration

Installation and Configuration vrealize Code Stream 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

Introducing VMware Validated Design Use Cases

Introducing VMware Validated Design Use Cases Introducing VMware Validated Design Use Cases VMware Validated Designs 4.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

VMware Horizon Cloud Service on Microsoft Azure Administration Guide

VMware Horizon Cloud Service on Microsoft Azure Administration Guide VMware Horizon Cloud Service on Microsoft Azure Administration Guide VMware Horizon Cloud Service VMware Horizon Cloud Service on Microsoft Azure 1.4 You can find the most up-to-date technical documentation

More information

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2 Deploying VMware Identity Manager in the DMZ JULY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have

More information

Using the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5

Using the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5 Using the vrealize Orchestrator Operations Client vrealize Orchestrator 7.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments

More information

VMware Validated Design Site Protection and Recovery Guide

VMware Validated Design Site Protection and Recovery Guide VMware Validated Design Site Protection and Recovery Guide VMware Validated Design for Software- Defined Data Center 3.0 This document supports the version of each product listed and supports all subsequent

More information

CloudLink SecureVM. Administration Guide. Version 4.0 P/N REV 01

CloudLink SecureVM. Administration Guide. Version 4.0 P/N REV 01 CloudLink SecureVM Version 4.0 Administration Guide P/N 302-002-056 REV 01 Copyright 2015 EMC Corporation. All rights reserved. Published June 2015 EMC believes the information in this publication is accurate

More information

Dell EMC Avamar. vsphere Web Client Administration Guide. Version REV 01

Dell EMC Avamar. vsphere Web Client Administration Guide. Version REV 01 Dell EMC Avamar Version 18.2 vsphere Web Client Administration Guide 302-005-122 REV 01 Copyright 2001-2018 Dell Inc. or its subsidiaries. All rights reserved. Published December 2018 Dell believes the

More information

vcenter Support Assistant User's Guide

vcenter Support Assistant User's Guide vcenter Support Assistant 6.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

OpenManage Integration for VMware vcenter Quick Installation Guide for vsphere Web Client Version 3.2

OpenManage Integration for VMware vcenter Quick Installation Guide for vsphere Web Client Version 3.2 OpenManage Integration for VMware vcenter Quick Installation Guide for vsphere Web Client Version 3.2 Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better

More information

vcenter Support Assistant User's Guide

vcenter Support Assistant User's Guide vcenter Support Assistant 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

efolder BDR for Veeam VMware Continuity Cloud Guide

efolder BDR for Veeam VMware Continuity Cloud Guide efolder BDR for Veeam VMware Continuity Cloud Guide Setup Continuity Cloud Import Backup Copy Job Restore Your VM Accessing the Continuity Cloud Host uh6 efolder BDR Guide for Veeam Page 1 of 36 INTRODUCTION

More information

EMC VSI for VMware vsphere Web Client

EMC VSI for VMware vsphere Web Client EMC VSI for VMware vsphere Web Client Version 6.9.2 Product Guide 302-000-051 REV 13 Copyright 2013-2016 EMC Corporation. All rights reserved. Published in the USA. Published June 2016 EMC believes the

More information

Tenant Administration

Tenant Administration vcloud Automation Center 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

Installing and Configuring vrealize Automation for the Rainpole Scenario. 12 April 2018 vrealize Automation 7.4

Installing and Configuring vrealize Automation for the Rainpole Scenario. 12 April 2018 vrealize Automation 7.4 Installing and Configuring vrealize Automation for the Rainpole Scenario 12 April 2018 vrealize Automation 7.4 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

vsphere Replication for Disaster Recovery to Cloud

vsphere Replication for Disaster Recovery to Cloud vsphere Replication for Disaster Recovery to Cloud vsphere Replication 5.6 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators

VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators Product version 1.4.1 running on vsphere 6.0 VMware Adapter for SAP Landscape Management

More information

Administering vrealize Log Insight. 05-SEP-2017 vrealize Log Insight 4.3

Administering vrealize Log Insight. 05-SEP-2017 vrealize Log Insight 4.3 Administering vrealize Log Insight 05-SEP-2017 4.3 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,

More information

EMC Storage Monitoring and Reporting

EMC Storage Monitoring and Reporting EMC Storage Monitoring and Reporting Version 4.1 Upgrading to ViPR SRM P/N 302-003-744 REV 01 Copyright 2017 Dell Inc. or its subsidiaries All rights reserved. Published July 2017 Dell believes the information

More information

Tenant Administration

Tenant Administration vcloud Automation Center 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

vrealize Suite Lifecycle Manager 1.2 Installation, Upgrade, and Management vrealize Suite 2017

vrealize Suite Lifecycle Manager 1.2 Installation, Upgrade, and Management vrealize Suite 2017 vrealize Suite Lifecycle Manager 1.2 Installation, Upgrade, and Management vrealize Suite 2017 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

Installation and Configuration. vrealize Code Stream 2.1

Installation and Configuration. vrealize Code Stream 2.1 Installation and Configuration vrealize Code Stream 2.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,

More information

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4 vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4 vrealize Operations Manager Customization and Administration Guide You can find the most up-to-date technical

More information

Dell Storage Manager 2016 R3 Installation Guide

Dell Storage Manager 2016 R3 Installation Guide Dell Storage Manager 2016 R3 Installation Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either

More information

Dell Storage Compellent Integration Tools for VMware

Dell Storage Compellent Integration Tools for VMware Dell Storage Compellent Integration Tools for VMware Version 4.0 Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your

More information

VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators

VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators Product version 1.4.1 running on vsphere 5.5 VMware Adapter for SAP Landscape Management

More information

Remove complexity in protecting your virtual infrastructure with. IBM Spectrum Protect Plus. Data availability made easy. Overview

Remove complexity in protecting your virtual infrastructure with. IBM Spectrum Protect Plus. Data availability made easy. Overview Overview Challenge In your organization, backup management is too complex and consumes too much time and too many IT resources. Solution IBM Spectrum Protect Plus dramatically simplifies data protection

More information

Reconfiguring VMware vsphere Update Manager. Update 1 VMware vsphere 6.5 vsphere Update Manager 6.5

Reconfiguring VMware vsphere Update Manager. Update 1 VMware vsphere 6.5 vsphere Update Manager 6.5 Reconfiguring VMware vsphere Update Manager Update 1 VMware vsphere 6.5 vsphere Update Manager 6.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

Using the vrealize Orchestrator Plug-In for vrealize Automation 7.0. vrealize Orchestrator 7.0

Using the vrealize Orchestrator Plug-In for vrealize Automation 7.0. vrealize Orchestrator 7.0 Using the vrealize Orchestrator Plug-In for vrealize Automation 7.0 vrealize Orchestrator 7.0 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

Tintri Cloud Connector

Tintri Cloud Connector TECHNICAL WHITE PAPER Tintri Cloud Connector Technology Primer & Deployment Guide www.tintri.com Revision History Version Date Description Author 1.0 12/15/2017 Initial Release Bill Roth Table 1 - Revision

More information

IaaS Configuration for Cloud Platforms

IaaS Configuration for Cloud Platforms vcloud Automation Center 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

Lifecycle Manager User's Guide

Lifecycle Manager User's Guide vcenter Lifecycle Manager 1.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center Introducing VMware Validated Designs for Software-Defined Data Center 13 FEB 2018 VMware Validated Design 4.2 VMware Validated Design for Software-Defined Data Center 4.2 You can find the most up-to-date

More information

Administering vrealize Log Insight. 12-OCT-2017 vrealize Log Insight 4.5

Administering vrealize Log Insight. 12-OCT-2017 vrealize Log Insight 4.5 Administering vrealize Log Insight 12-OCT-2017 4.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,

More information

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7 Administering vrealize Log Insight September 20, 2018 4.7 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,

More information

vrealize Automation, Orchestration and Extensibility

vrealize Automation, Orchestration and Extensibility vrealize Automation, Orchestration and Extensibility 7-2 Out of the Box Functionality vrealize Automation IaaS enables you to rapidly model and provision servers and desktops across virtual and physical,

More information

VMware Horizon Cloud Service on Microsoft Azure Administration Guide

VMware Horizon Cloud Service on Microsoft Azure Administration Guide VMware Horizon Cloud Service on Microsoft Azure Administration Guide Modified on 03 APR 2018 VMware Horizon Cloud Service VMware Horizon Cloud Service on Microsoft Azure 1.5 You can find the most up-to-date

More information

Configuring ApplicationHA in VMware SRM 5.1 environment

Configuring ApplicationHA in VMware SRM 5.1 environment Configuring ApplicationHA in VMware SRM 5.1 environment Windows Server 2003 and 2003 R2, Windows Server 2008 and 2008 R2 6.0 September 2013 Contents Chapter 1 About the ApplicationHA support for VMware

More information

Storage Manager 2018 R1. Installation Guide

Storage Manager 2018 R1. Installation Guide Storage Manager 2018 R1 Installation Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either

More information

VMware vrealize Operations Federation Management Pack 1.0. vrealize Operations Manager

VMware vrealize Operations Federation Management Pack 1.0. vrealize Operations Manager VMware vrealize Operations Federation Management Pack 1.0 vrealize Operations Manager VMware vrealize Operations Federation Management Pack 1.0 You can find the most up-to-date technical documentation

More information

EMC SourceOne Management Pack for Microsoft System Center Operations Manager

EMC SourceOne Management Pack for Microsoft System Center Operations Manager EMC SourceOne Management Pack for Microsoft System Center Operations Manager Version 7.2 Installation and User Guide 302-000-955 REV 01 Copyright 2005-2015. All rights reserved. Published in USA. Published

More information

KYOCERA Net Admin User Guide

KYOCERA Net Admin User Guide KYOCERA Net Admin User Guide Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable

More information

ForeScout Extended Module for VMware AirWatch MDM

ForeScout Extended Module for VMware AirWatch MDM ForeScout Extended Module for VMware AirWatch MDM Version 1.7.2 Table of Contents About the AirWatch MDM Integration... 4 Additional AirWatch Documentation... 4 About this Module... 4 How it Works... 5

More information

Installing and Configuring vrealize Code Stream. 28 JULY 2017 vrealize Code Stream 2.3

Installing and Configuring vrealize Code Stream. 28 JULY 2017 vrealize Code Stream 2.3 Installing and Configuring vrealize Code Stream 28 JULY 2017 vrealize Code Stream 2.3 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you

More information

VMware Cloud Foundation Planning and Preparation Guide. VMware Cloud Foundation 3.0

VMware Cloud Foundation Planning and Preparation Guide. VMware Cloud Foundation 3.0 VMware Cloud Foundation Planning and Preparation Guide VMware Cloud Foundation 3.0 You can find the most up-to-date techni documentation on the VMware website at: https://docs.vmware.com/ If you have comments

More information

vcloud Usage Meter 3.6 User's Guide vcloud Usage Meter 3.6

vcloud Usage Meter 3.6 User's Guide vcloud Usage Meter 3.6 vcloud Usage Meter 3.6 You can find the most up-to-date technical documentation on the VMware Web site at: https://docs.vmware.com/ The VMware Web site also provides the latest product updates. If you

More information

NETWRIX GROUP POLICY CHANGE REPORTER

NETWRIX GROUP POLICY CHANGE REPORTER NETWRIX GROUP POLICY CHANGE REPORTER ADMINISTRATOR S GUIDE Product Version: 7.2 November 2012. Legal Notice The information in this publication is furnished for information use only, and does not constitute

More information

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until

More information

Isilon OneFS CloudPools

Isilon OneFS CloudPools Isilon OneFS CloudPools Version 8.1.0 Administration Guide Copyright 2017 Dell Inc. or its subsidiaries. All rights reserved. Published May 2017 Dell believes the information in this publication is accurate

More information

VMware vsphere Replication Installation and Configuration. vsphere Replication 6.5

VMware vsphere Replication Installation and Configuration. vsphere Replication 6.5 VMware vsphere Replication Installation and Configuration vsphere Replication 6.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have

More information

Using the vrealize Orchestrator Plug-In for vrealize Automation 7.0. vrealize Orchestrator 7.0 vrealize Automation 7.0 vrealize Automation 7.

Using the vrealize Orchestrator Plug-In for vrealize Automation 7.0. vrealize Orchestrator 7.0 vrealize Automation 7.0 vrealize Automation 7. Using the vrealize Orchestrator Plug-In for vrealize Automation 7.0 vrealize Orchestrator 7.0 vrealize Automation 7.0 vrealize Automation 7.0 You can find the most up-to-date technical documentation on

More information

2V Vmware. VMware Certified Professional 7 - Cloud Management and Automation

2V Vmware. VMware Certified Professional 7 - Cloud Management and Automation Vmware 2V0-731 VMware Certified Professional 7 - Cloud Management and Automation Download Full version : https://killexams.com/pass4sure/exam-detail/2v0-731 QUESTION: 74 How would an administrator allow

More information