A few days ago I was required to obtain some audit logs from our SIEM system (Sumologic) and from vCenter and I noticed that our vCenter logs weren’t going in to Sumologic and that the log files required for SSO auditing or the VPXD log (where, among other things, stipulates what client was used by who to connect) were rotating every 7 days. This was not good. So I decided what better time than now to forward vCenter syslogs to Sumologic.
It was a little more complex than just enabling syslog through appliance management as by default, this does not collect the SSO logs, like:
- /var/log/vmware/sso/ssoAdminServer.log – Auditing SSO logins
- /var/log/vmware/sso/vmware-identity-sts.log – Auditing SSO user changes
I found this out by scouring the internet and piecing little pieces together and eventually, creating a rock solid syslog source for our vCenter Servers.
Please note: This is not an officially supported configuration by VMware and for larger environments, this could potentially have an impact on the vCenter Server service, so please take caution in the logs you decide to forward. And as always, test this in a lab first.
I also want to mention that this needs to be done on each VCSA instance, i.e. if you have a vCenter with an External PSC, this would need to be done on both servers, in order to collect all the logs.
So, lets begin:
Continue reading Forward vCenter Server Appliance Log Files to Remote Syslog Server
Murphy’s Law, just as I upgrade to 6.5u1, 6.7 gets released. So, I am going to do an upgrade in my lab so I can start playing around with all the cool new features.
Before moving on, it is HIGHLY recommended you read through the following VMware articles:
Also, as a prerequisite, and mentioned in the 6.0u3 to 6.5u1 upgrade, I recommend moving all systems to a single host, disabling DRS (or setting it to manual) and performing a snapshot of the VMs.
The upgrade path also seems identical in the sense that you need to do ALL PSCs FIRST then do the vCenter. But you might have additional VMware systems, so please follow the Update sequence for vSphere 6.7 and its compatible VMware products (53710) article.
Continue reading Upgrading VCSA 6.5u1 to 6.7
After about 6 months of planning and preparing for our VCSA upgrade, we had to completely revamp our upgrade path. In our environment, we use Netapp, and along with Netapp comes some extension like Virtual Storage Console (VSC) and now, the new Netapp Snapcenter.
I spent a lot of my time planning the deployment for an upgrade of our environment which included a upgrade of VSC from 6.2.1 to 7.0 and the install of SnapCenter 3.0, not wait, 3.1, no wait 4.0.
Yes, that’s right, SnapCenter released 2 version in the time of my upgrade planning and it still couldn’t to what needed it to do, mainly cross-domain authentication, so, we had a little shout at our account manager who confirmed cross-domain authentication will be available in August 2018, so lets see what happens. So, this process is still required, however, this made the upgrade a lot easier.
Continue reading Upgrading VCSA from 6.0u3 to 6.5u1
Recently the company I work for has upgraded all their VMware ESXi licenses to Enterprise Plus and with great licenses come great configurations. So, I’ve decided to install a fresh install of vCenter 6.5 in a lab with a couple of ESXi hosts attached so I can start configuring the awesomeness like distributed switches (which will be documented too). I’ve always wanted to play with this, but licensing was an issue.
This is for a new install of vCenter, using the UI. I included a very brief CLI deployment too. I will also include an upgrade vCenter post to show the upgrade procedure from 6.0 to 6.5 (and the issues faced with that).
Continue reading Installing vCenter with External Platform Services Controller
So, its been quite some time since my last post, dealing with personal issues and the festive season and and and, so, here I am, back in 2017 and hopefully bringing awesome content.
So, lets kick it off with resetting the vSphere password. This works on the vCenter, an external Platform Service controller or an AIO system.
The reason behind me doing this is due to the password expiring and someone resetting it and not recording it in our password management software.
A Live boot ISO – I used this one: ADRIANE-KNOPPIX_V7.2.0gCD-2013-07-28-EN
Console access to the VM you want to reset.
Be sure to have ESXi host access to the host where these VMs reside as the VMs WILL require a reboot, meaning your entire vCenter will be offline for the during of this password reset.
I assume you have some basic ESXi / vSphere knowledge so I will not go in to how to do simple things like mount the ISO – I will continue from the boot process.
Boot from the ISO, till you reach
Continue reading Resetting vSphere 6.0 Password
So, today I stumbled across an option to be able to give users a disclaimer to read and accept before logging on to your virtual environment.
This needs to be configured from the Platform Service Controller, using an administrative account (domain based or locally authenticated).
Login to your Platform Service Controller (https://ip_or_hostname_of_psc/psc) This can either be your external or embedded PSC IP or hostname.
Continue reading Login Disclaimer for vSphere Web Client Update 2