NetWrix VMware Change Reporter Version 3.0 Enterprise Edition Administrator s Guide
Table of Contents NetWrix VMware Change Reporter Concepts... 1 Product Editions... 1 How It Works... 2 Deploying Product... 3 System Requirements... 3 Operating System and Disk Space... 3 Additional Software... 3 VMware Infrastructure... 3 Planning... 4 Installing Product... 4 Default Installation Folders and Startup Shortcuts... 5 Page ii
Configuring Product... 6 Global Settings... 6 Settings Specific to CRVM... 12 Using Product... 16 Collecting Data... 16 Viewing Advanced Reports... 17 Viewing HTML Reports... 18 Contacting NetWrix Support If you have any questions please feel free to contact the NetWrix support team. NetWrix provides unlimited phone and email support for customers who purchase the commercial version (including evaluation). In addition, on the NetWrix Support Forum, a limited support is provided for customers who use the freeware version. Disclaimer The information in this publication is furnished for information use only, does not constitute a commitment from NetWrix Corporation of any features or functions discussed and is subject to change without notice. NetWrix Corporation assumes no responsibility or liability for any errors or inaccuracies that may appear in this publication. NetWrix is a registered trademark of NetWrix Corporation. The NetWrix logo and all other NetWrix product or service names and slogans are registered trademarks or trademarks of NetWrix Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and registered trademarks are property of their respective owners. 2011 NetWrix Corporation. All rights reserved. www.netwrix.com Page iii
Concepts VMware Change Reporter (also known as CRVM) is an easy-to-deploy application that allows you to audit the virtual environment in your organization and helps you limit unauthorized changes and errors in VMware Infrastructure. With CRVM you can do the following: Get reports on changes made to your VMWare Infrastructure environment on daily basis to improve internal IT management. Prepare reports for your IT compliance auditors, such as SOX, HIPPA, GLBA, and others. Audit the creation of new virtual machines to prevent uncontrolled virtual machine sprawl. Audit all changes made to ESX servers, folders, clusters, resource pools, virtual machines, and their hardware. For detailed information on the CRVM features and benefits, see the product datasheet. This document is intended to assist you to deploy and use the product. This guide applies to Enterprise Edition of CRVM. Some features may not be available in the product Freeware Edition. For details, see Product Editions later in this guide. Product Editions The product is available in the Freeware and Enterprise editions. The Freeware edition never expires, but it has certain limitations. The Enterprise edition has no limitations, and it can be evaluated free of charge for 20 days. For more information about NetWrix product editions, see http://www.netwrix.com/netwrix_product_editions.html. To compare the CRVM features available in various editions, refer to the VMWare Change Reporter Product Editions page at http://www.netwrix.com/change_reporter_for_vmware_infrastructure_3.html. Page 1
How It Works NetWrix VMware Change Reporter The product collects the VMware infrastructure settings daily and stores the VI4 inventory as configuration snapshots. This allows the product to generate the following daily reports that can be sent to specific recipients: Report on changes made to the VI4 inventory between two recent snapshots. Report on the current VI4 inventory configuration. In addition, the product provides tools that allow you to view reports on changes made to the VI4 inventory between any snapshots taken at specific time (see Viewing Advanced Reports and Viewing HTML Reports later in this guide). For detailed information about object classes and attributes monitored by CRVM, see NetWrix technical article: http://www.netwrix.com/download/documents/netwrix_vmware_change_reporter_monitor ed_objects.pdf The following flow diagram illustrates the product workflow: Page 2
Deploying Product The process of deploying CRVM includes the following steps: Considering system requirements Planning Installing Configuring System Requirements NetWrix VMware Change Reporter This section summarizes system requirements that your environment must meet to install and properly configure CRVM. Operating System and Disk Space You can install CRVM on any network computer running Windows XP SP3 or later that has enough disk space to store snapshots of virtual machines in your VMware Infrastructure (hereafter VI4). The required disk space is calculated using the following expression: Number_of_VMs x 50 (K). For example, to store a daily snapshot of the VI4 configuration that contains 100 virtual machines, you need at least: 100 x 50= 5000 K. To store monthly archive of this VM environment, you need 5000 x 30 = 150,000 K (about 150 M) of free disk space. Additional Software You must install and configure the following additional software:.net Framework 2.0 or higher Windows Installer 3.1 or higher Microsoft SQL Server 2005 or 2008 with Reporting services, including Express Editions, is required to use the Advanced Reporting feature. VMware Infrastructure The product supports the following types of VMware environments with Windows 2000 Server or later domain controllers: Platforms: vsphere 4.0 5.1 VMware 3.5 Hosts: ESXi 3.5 5.1 ESX 3.0 4.1 SW: vcenter Server 4.0-5.1 Virtual Center 2.5 Page 3
Planning The following checklist will help you get ready for a smooth and trouble-free deployment of CRVM. Item Computer Management Console account Scheduled Task account Mail Server Description and Notes It is not recommended to install the product on standalone computers or domain controllers. When installing the product, If you have already installed NetWrix products integrated in NetWrix Management Console, you must specify a user account used to update the Console configuration For the product to work properly, this account must be a member of the Administrators local group. When configuring the product, you must specify user account(s) under which the NetWrix Management Console - VMware Infrastructure 3 Changes %Virtual Server URL% scheduled tasks will run. These tasks will collect data and generate reports on changes in your VMI environment. The Email reporting feature requires SMTP server. Ensure that you have all information you need to configure access to it. Installing Product To install CRVM, perform the following steps: 1. Run the installation package crvmfull_setup.msi. The NetWrix VMware Change Reporter Setup wizard starts. 2. On the Welcome page, click Next, and follow the on-screen instructions to proceed with the wizard. 3. If you have already installed NetWrix products integrated in NetWrix Management Console, you will be prompted to specify a user account used to update the Console configuration. This account must be a member of the Administrators local group. 4. On the Completion page, select one of the following options, and click Finish: Launch full featured configurator: Starts NetWrix Management Console. Launch basic configurator: Opens standard configuration tool. Configure later: Select this option to configure the product later. Page 4
Default Installation Folders and Startup Shortcuts The product and related components are installed in the following folder: %ProgramFiles%\NetWrix\ Change Reporter for VI3 Full Version. Commonly, the default value of %ProgramFiles% is set to C:\Program Files on 32-bit systems, and to C:\Program Files (x86) on 64-bit systems. The product installation adds the following shortcuts to the Start menu on the computer where the product is installed: Start > All Programs > NetWrix > VMware Change Reporter > Configurator (Basic Mode) Starts the CRVM standard configuration tool. Start > All Programs > NetWrix > VMware Change Reporter > Configurator (Full Featured Mode) Starts NetWrix Management Console. Start > All Programs > NetWrix > VMware Change Reporter > Advanced Tools > DB Importer Starts NetWrix Change Reporter DB Importer. Page 5
Configuring Product NetWrix VMware Change Reporter This section explains how you can configure the product using the NetWrix Management Console (hereafter Management Console). Management Console is installed when you deploy the CRVM Enterprise Edition, or any other NetWrix product integrated in Management Console. To start Management Console Use the Start > All Programs > NetWrix > VMware Change Reporter > Configurator (Full Featured Mode) startup shortcut. There are two types of settings: global settings that affect all products integrated in Management Console, and settings specific to CRVM. Global Settings Global settings are configured under Settings in the console tree: This section applies to NetWrix Enterprise Management Console v 1.2. In earlier versions, under Settings, the License node is not available and the Audit Archive node is referred to as Repository. This section explains how to configure global settings for: Reporting E-Mail Audit Archive Scheduled Tasks License If you have installed other NetWrix products integrated in Management Console, such as Active Directory Change Reporter, File Server Change Reporter, etc., you may use default global settings configured when installing those products. Page 6
Reporting Settings The product provides advanced reports on changes to the VMI environment based on Microsoft SQL Server Reporting Services (SSRS) technologies. These settings define parameters for connection to SQL Server used by SSRS. You may use default settings or optionally change them. To change the Reporting settings 1. Start Management Console. 2. In the console tree, expand the Settings node and click Reporting. 3. In the details pane, under SQL Reporting Settings, click Configure, and then complete the Configure Advanced Reporting dialog box: For more information about SQL Server Reporting Services, refer to: http://msdn.microsoft.com/en-us/library/ms159106.aspx Page 7
E-Mail Settings These settings contain the SMTP information that the Management Console uses to send e-mail reports to specified recipients (see Step 6 of the procedure in Adding New Managed Object). To change E-Mail settings 1. Start Management Console. 2. In the console tree, expand the Settings node and click E-mail Settings. 3. In the details pane, click Configure, and complete the Configure SMTP Settings dialog box: For information on SMTP server at your organization (such as the SMTP server name, port, authentication type, etc.) contact your IT administrator. Page 8
Audit Archive Settings These settings allow you to manage the audit archive policy. You can enable or disable archiving, define a folder where to store the audit data and specify the archive retention policy. To change Audit Archive settings 1. Start Management Console. 2. In the console tree, expand the Settings node and click Audit Archive. 3. In the details pane, do the following, and click Apply: In Store data in, specify the audit archive folder or click Default to use default folder. To enable archiving, select the Enable long-term audit archiving for check box, and then specify the retention period (in months). Minimum duration of the retention period is 2 months. If you decrease the current retention period, all audit data older than that period will be lost. In Session retention, specify the retention period (in days) for sessions displayed under the All Sessions node in the console tree. The Management Console does not display sessions older than that period. Page 9
Scheduled Task Settings These settings specify the reports generation schedule and default account used to run the NetWrix Management Console - <managed object name> scheduled tasks (such as NetWrix Management Console - VMware Infrastructure 3 Changes - %Virtual Server URL%, etc.). By default, Management Console sends reports daily, at 3:00 AM. Optionally, you can change these settings using the following procedure: 1. Start Management Console. 2. In the console tree, expand the Settings node and click Schedule. 3. In the details pane, do the following: To change the reports generation schedule, under Data Processing and Report Generation Schedule, click Change, and then click on the Schedule tab of the dialog box that opens, specify new schedule. To change the default account under which the NetWrix Management Console - <report name> scheduled tasks will run, under Gathered Data Processing and Report Generation Parameters, click Change, and then specify new account in the Default Data Processing Account dialog box. This account must belong to the Administrators local group on the machine running Management Console. Page 10
License Information To use CRVM Standard Edition and other NetWrix programs integrated in Management Console, you need to obtain and install appropriate licenses from NetWrix. The License node is available only in Enterprise Management Console v 1.2. To view installed licenses and add new licenses 1. Start Management Console. 2. In the console tree, expand the Settings node and click License. List of installed licenses is displayed under License Management: 3. To add new licenses, click Add/Update, and then complete the following dialog box that opens: This dialog box provides the following elements: Company name: Specifies your company name. License count: Specifies the license count for each license to install. License codes: In this area, enter comma- or semicolon-separated list of license keys to install. You can install simultaneously multiple licenses only if they have the same license count. Otherwise, install them separately. Page 11
Settings Specific to CRVM This section explains how to configure settings that affect only CRVM and do not affect other installed NetWrix products, if any. These settings can be configured using Management Console and Windows Task Scheduler. The following subjects are covered: Adding New Managed Object Changing Management Account Changing List of Report Recipients Changing Reporting Settings Changing Report Delivery Schedule Adding New Managed Object To start using the product you have to add at least one managed object of the VMware Virtual Center type. Management Console provides the New Managed Object wizard that allows you to add new managed objects. To add a VMWare Virtual Center to manage with CRVM, start Management Console and perform these steps: 1. In the console tree, select Managed Objects, and on the Action menu, click New Managed Object. The New Managed Object wizard starts. 2. On the Select Managed Object Type page, select VMWare Virtual Center, and click Next. 3. On the Specify VMWare Virtual Center name page, specify the VMWare Center URL and an account (referred to as management account later in this paper) used to access this managed object. To proceed, click Next. Management account must have permissions to monitor your VMI environment. To get this account, contact your IT administrator. 4. On the Enable Features page, ensure that the VMWare Change Reporter check box is selected, and click Next. 5. On the Advanced Reporting Settings page, to use the Advanced Reporting feature, select Enable advanced reporting check box, and click Next. For instructions on how to change the Advanced Reporting settings, see Changing Reporting Settings later in this paper. Page 12
6. On the Recipients of VMWare Change Reporter E-Mail Reports page, do the following and then click Next: Using the Add and Remove buttons, create list of the reports recipients. For instructions on how to specify SMTP settings used to send Email reports, see E- Mail Settings. For information on how to change the list of reports recipients, see Changing List of Reports Recipients. Under VMWare Credentials, specify a user name and password for the account that the product will use to access the managed VMWare Center. 7. On the Completion page, click Finish to complete the wizard. Changing Management Account When adding new managed object, you specify management account used to monitor your VMWare Virtual center (see Step 3 of the procedure in Adding New Managed Object). If necessary, you can change this account by performing the following steps: 1. Start Management Console, and expand the Managed Objects node. 2. Under your managed VMWare Virtual center, click VMWare Change Reporter, and in the details pane, click Change: 3. In the Default Data Processing Account dialog box that opens, specify the management account login and password, and click OK. Page 13
Changing List of Reports Recipients When adding new managed object, you specify a list of recipients for CRVM reports (see Step 6 of the procedure in Adding New Managed Object). If necessary, you can change that list using the following steps: 1. Start Management Console, and expand the Managed Objects node. 2. Under your managed VMWare Virtual center, click VMWare Change Reporter, and in the details pane, modify list of the reports recipients using the Add and Remove buttons (see the screenshot on page 13). Changing Reporting Settings By default, for the Advanced Reporting feature, the product uses global settings configured for all NetWrix products integrated in Management Console (see Reporting Settings earlier in this paper). If necessary, you can specify settings only specific to CRVM using the following procedure: 1. Start Management Console, and expand the Managed Objects node. 2. Under your managed VMWare Virtual center, click Advanced Reports, and in the details pane, open the Settings tab: 3. Click Customize, and specify appropriate settings under SQL Server. When finished, click Apply. Page 14
Importing Data to SQL Database All data used to generate advanced reports is stored in SQL database specified when configuring Advanced Reporting settings (see Changing Reporting Settings). If you use the product without configuring the Advanced Reporting feature, it does not use SQL Server. Thus, if you configured that feature later or changed the SQL database, you may add lost data to the appropriate SQL database using the provided NetWrix Change Reporter DB Importer tool (hereafter DB Importer). To import data to SQL database 1. Start DB Importer using the startup shortcut: Start > All Programs > NetWrix > VMware Change Reporter > Advanced Tools > DB Importer 2. In the NetWrix VMware Change Reporter DB Importer dialog box, do the following, and click Import: 1) In Virtual Center or ESX Server, specify URL of the managed VMWare Center or ESX server. 2) Using First snapshot and Last snapshot, specify the time period for which you want to import data. 3) Click Configure, and then specify the SQL Server and SQL database to which to import data. Changing Report Delivery Schedule The CRVM installation adds the NetWrix Management Console - VMware Infrastructure 3 Changes scheduled task that gathers information on the CRVM reports and delivers them to the specified recipients. By default, this scheduled task uses global default settings for all NetWrix products integrated in Managed Console (see Scheduled Task Settings earlier in this paper). To set individual settings for the NetWrix Management Console - VMware Infrastructure 3 Changes scheduled task (such as the task schedule and user account under which this task runs), use Windows Task Scheduler. For more information, refer to Windows Task Scheduler Help. Page 15
Using Product NetWrix VMware Change Reporter CRVM starts working immediately after its configuration is completed. The product automatically delivers reports on changes to the VMI environment and reports on the VMI configuration to specified recipients according to schedule. However, you can manually generate and view advanced CRVM reports at any time. This section covers the following subjects: Collecting Data Viewing Advanced Reports Viewing HTML Reports Collecting Data After configuring the product and when you want to manually generate the CRVM reports, you have to run the VMI data collection task. To run data collection, start Management Console and perform the following steps: 1. In the console tree, select your managed object of the VMWare Center type. 2. In the details pane, click Run. After collecting the data, Management Console will send reports on changes to the VMWare environment and on current VMWare Inventory snapshot to specified recipients. Page 16
Viewing Advanced Reports NetWrix VMware Change Reporter The product provides the Advanced Reporting feature that allows you to generate change reports managed by Microsoft SQL Server Reporting Services (SSRS). With this feature, you can use benefits of the SSRS-based reporting, namely: Stay compliant with standards and regulations (such as SOX, HIPAA, PCI, GLBA, SAS70, and others). Tune the data view according to your needs. Produce reports in the PDF, XLS, etc. formats. Apply filters for grouping and sorting report data. To view advanced reports, start Management Console and complete the following steps: 1. To ensure, that reports will include data on latest changes, start the data collection task (see Collecting Data earlier in this paper). 2. In the console tree, expand the node for the managed object of interest, expand the VMWare Change Reporter/Advanced Reports node, and then select the report to generate: 3. In the details pane, under Specify data filters for selected report, configure the report filter settings, and then click View Report. Page 17
Viewing HTML Reports NetWrix VMware Change Reporter CRVM provides reports in HTML format generated on the base of data stored in the product Audit Archive. This feature does not require SQL Server, and you can view HTML reports even if the Advanced Reporting function is not configured. Generation of HTML reports for large scale databases may result in a poor performance. When possible, use Advanced Reporting instead. To view HTML reports, perform the following steps: 1. Start Management Console. 2. In the console tree, expand the node for the managed object of interest, expand the VMWare Change Reporter node, and click Ad-hoc Reports: 3. In the details pane, using From and To, specify the time period for which you want to get the report. 4. Click Run, and let the product generate the report. 5. To view reports, use the View change report and View inventory snapshot links. Page 18