This post will walk through implementing a process allowing a vRA portal user to specify a user account to be added to the local administrators group on a Windows server provisioned by vRA. There are plenty of posts out there, including a kb article, on adding the virtual machine requester (owner) to the administrators group if that is what you need to do. Before beginning I am assuming you have a fully working vRA installation (I’m using v7.2), and Windows templates with the vRealize Automation Guest Agent installed. Some blueprints would also be handy, but you can create those after.
We’ll need a script on the template Windows machine, in this example I’ve created a Scripts sub-folder within the VRMGuestAgent folder, and a new text file which I’ve saved as AdminUser.cmd. The full path therefore is C:\VRMGuestAgent\Scripts\AdminUser.cmd.
Copy and paste the following line into the batch file: Net localgroup administrators /add %1.
Log in to the vRA portal, for example https://*loadbalancer*/vcac/org/*tenant*. Open the Administration tab and select Property Dictionary. We need to provide the user with a field in the virtual machine request process for them to specify an account to be added as a local administrator. Click Property Definitions and New.
Enter a name, it is best practice to use the tenant name, a dot, and then the name of the proeprty definition, for example YourTenant.AdminUser.
Enter a useful description, this text will be displayed when the user points to the help symbol next to the field we’re adding in the virtual machine request.
Change the Data type to String, and select whether you want the field to be mandatory.
From the Display as drop-down menu select Textbox. Click Ok to save.
Next click Property Groups. If your blueprints are using an existing property group then click the property group. If you need to create a new property group click New and enter a name. The following lines need adding to the property group that is used, or will be used, by a blueprint.
Name: VirtualMachine.Software0.Name
Value: AdminUser
Replace the value with an appropriate name for the property, I have used the same name as the script but it doesn’t have to match up.
Replace the value with the location of the script on the template OS and include the squiggly brackets; with the name of the property definition we created earlier inside.
Name: YourTenant.AdminUser
Value:
Show in Request: Yes
Enter the name of the property definition we created earlier and leave the value blank (this will be entered by the user). Ensure Show in Request is ticked.
If you are already using VirtualMachine.Software0 for something else, such as adding the virtual machine owner to the local administrators group, then you can amend to VirtualMachine.Software1 and so on. When you’re done the entries should look something like this, click Ok.
If you haven’t yet assigned a property group to your blueprint then click the Design tab and Blueprints. Click the blueprint to edit, select the vSphere_Machine and click the Properties tab, from the Property Groups tab click Add.
Select the property group we recently created or changed and click Ok. Click Save and Finish. The values in the property group will now be applied to any virtual machines deployed from this blueprint, repeat as required for any other vSphere_Machines or blueprints.
Assuming your blueprint is published and has the necessary entitlements; click the Catalog tab. Locate the catalog item linked to the blueprint and click Request. Select the vSphere_Machine component and you’ll see the new field for the requester to enter the domain\user or user@domain account to be added to the Windows local Administrator group. If you opted to make data input mandatory you’ll see an asterisk next to the new field.
VMware vSphere 6.0 reached end of general support 12 March 2020, with vSphere 6.5 scheduled for 15 October 2022, both referenced in the VMware Lifecycle Matrix. See also How to Install vSphere 7.0. Upgrade to vSphere 7 can be achieved directly from vSphere 6.5.0 and above, whereas vSphere 6.0 requires an intermediate upgrade to 6.5 or 6.7 first. For more information see the VMware Upgrade Matrix. Finally, the Windows vCenter Server and external PSC deployment models are now depreciated and not available with vSphere 7.0.
VMware vCenter Server pools ESXi host resources to provide a rich feature set delivering high availability and fault tolerance to virtual machines. The vCenter Server is a centralised management application and can be deployed as a virtual appliance or Windows machine. This post gives a walk through of upgrading a Windows based vCenter Server from v6.0 to v6.5, you may also want to consider Migrating Windows vCenter Server to VCSA 6.5.
Software Considerations
The vCenter must be running v5.5 or v6.0 to upgrade to v6.5.
All ESXi hosts connected must also be running version v5.5 or v6.0, vCenter 6.5 cannot mange ESXi v5.1 hosts or earlier. For other VMware products see the Update Sequence Table.
The operating system should be 64 bit and Windows Server 2008 SP2 or above.
An external database should be Microsoft SQL Server 2008 R2 SP2 or above, or Oracle 11g or 12c. You can review a full list of compatible versions at the Database Interoperability Matrix.
You must check compatibility of any third party products and plugins that might be used for backups, anti-virus, monitoring, etc. as these may need upgrading for vSphere 6.5 compatibility.
From vSphere 6 onwards the Platform Services Controller (PSC) was introduced to the vSphere architecture. The PSC contains infrastructure services such as Single Sign On, Certificate Authority, licensing, etc. The PSC is deployed internally with vCenter Server or as an external component. Read more about the PSC in this kb.
When implementing a new vSphere 6.5 environment you should plan your topology in accordance with the VMware vCenter Server and PSC Deployment Types. Larger environments may require an external PSC.
The upgrade supports different deployment topologies but does not, and can not, make changes to the topology and SSO domain configuration.
When upgrading vCenter 6.0 the deployment model already in place will be migrated. When upgrading vCenter 5.5 the following will apply:
If SSO was installed on a different machine from vCenter Server then the machines running SSO will become external Platform Services Controllers.
If SSO was installed on the same machine as vCenter Server then this becomes vCenter Server with embedded Platform Services Controller.
In this post we will be upgrading a Windows vCenter 6.0 using the embedded deployment model. If you are using an external deployment model the PSC must be upgraded before the vCenter.
Hardware Considerations
Windows vCenter Server with embedded PSC requires the following hardware resources:
Small (up to 100 hosts, 1000 VMs) – 4 CPUs, 16 GB RAM.
Medium (up to 400 hosts, 4000 VMs) – 8 CPUs, 24 GB RAM.
Large (up to 1000 hosts, 10,000 VMs) – 16 CPUs, 32 GB RAM.
X-Large (up to 2000 hosts, 35,000 VMs) – 24 CPUs, 48 GB RAM – new to v6.5.
Where the PSC is deployed on a separate machine this requires 2 CPUs, 4 GB RAM.
Environments with ESXi host(s) with more than 512 LUNs and 2048 paths should be sized large or x-large.
The Windows vCenter Server requires the following free disk space for installation: (the first 2 may not necessarily be the system drive depending on installation location) Program Files 6 GB, Program Data 8 GB, System folder 3 GB. The PSC machine requires; Program Files 1 GB, Program Data 2 GB, System folder 1 GB.
Other Considerations
Ensure you have a good backup of the vCenter Server and the database.
It may be necessary to temporarily stop any third party software which could interfere with the installer, such as anti-virus scanner (see post vCenter 6 Upgrade Internal Error).
You will need the password for the SSO administrator.
If the vCenter Server services are running as a user other than the Local System account then log in to the server with this account to run the upgrade.
The user must also be a member of the administrators group and have the following permissions; log on as a service, act as part of the operating system (if a domain user).
The account used for external database authentication requires Oracle DBA role, or SQL sysadmin server role, or db_owner fixed database role. For a full list of explicit DB permissions see the Database Permission Requirements document.
All vSphere components should be configured to use an NTP server.
FQDN resolution should be in place when deploying vCenter Server.
Download the VMware vCenter Server and Modules for Windows ISO from VMware downloads: v6.5.0 | v6.5.0 U1.
Mount the ISO and right click autorun.exe, select Run as administrator. The VMware vCenter Installer will open. Ensure vCenter Server for Windows is selected and click Install.
The vCenter Server 6.5 Installer will open in a separate window, the existing installation is auto-detected, click Next.
Accept the end user license agreement and click Next.
Enter the SSO administrator password, if you removed this account from the vCenter administrators enter the credentials of a vCenter administrator. Click Next.
The installer will now run pre-upgrade checks.
Accept the default port configuration and click Next.
Select the type of data to migrate during the upgrade, click Next.
Select the installation directories. Note the data export location, you will need to remove this folder after verifying the upgrade is successful. Click Next.
Tick or untick the VMware Customer Experience Improvement Program as appropriate and click Next.
Check the configuration on the review page, check the box to confirm you have backed up the vCenter Server, click Upgrade to begin the installation process.
A progress bar will be displayed.
Once complete click Finish.
Post-Installation
Connect to the vCenter post install using the IP or FQDN of the vCenter. Access vSphere by clicking either the vSphere Web Client (Flash) or the vSphere Client (HTML5). Connect to the vSphere Web Client to manage your system, the thick client (Windows) is no longer supported.
Log in to the vSphere Web Client using the SSO administrator login. Verify the installed version is correct under the Summary tab when selecting the vCenter, you can also go to Help > About.
You must apply a new vCenter license key within 60 days. From the Hosts and Clusters view select the vCenter Server. Click Actions and Assign License. Select a license or use the green plus button to add a new license and click Ok.
You can obtain a 60 day trial license for vCenter Server here. If you have purchased vCenter Server then log into your licensing portal here. If the license key does not appear then check with your VMware account manager.
When you are satisfied the vCenter is working as it should be and backups have completed; remove the temporary data – the default location was C:\ProgramData\VMware\vCenterServer\export.
Consider upgrading any other products you may use, such as Update Manager.
VMware vSphere 6.5 is scheduled to reach end of general support 15 October 2022, referenced in the VMware Lifecycle Matrix. See also How to Install vSphere 7.0. Upgrade to vSphere 7 can be achieved directly from vSphere 6.5.0 and above, whereas vSphere 6.0 requires an intermediate upgrade to 6.5 or 6.7 first. For more information see the VMware Upgrade Matrix. Finally, the Windows vCenter Server is now depreciated and not available with vSphere 7.0.
VMware vCenter Server pools ESXi host resources to provide a rich feature set delivering high availability and fault tolerance to virtual machines. The vCenter Server is a centralised management application and can be deployed as a virtual appliance or Windows machine. This post gives a walk through on migrating from a Windows based vCenter Server (VCS) 5.5 or 6.0 to the Photon OS based vCenter Server Appliance (VCSA) 6.5.
About VCSA
The VCSA is a pre-configured virtual appliance; as of v6.5 the operating environment is built on Project Photon OS 1.0. Since the OS has been developed by VMware it benefits from enhanced performance and boot times over the previous Linux based appliance. Furthermore the embedded Postgre database means VMware have full control of the software stack, resulting in significant optimisation for vSphere environments and quicker release of security patches and bug fixes. The VCSA scales up to 2000 hosts and 35,000 virtual machines.
In vSphere 6.0 the VCSA reached feature parity with its Windows counterpart, 6.5 begins to pave the way for VCSA to become the preferred deployment method for vCenter Server. One key addition is the inclusion of Update Manager bundled into the VCSA, as well as vCenter High Availability, Backup and Restore, and other features. The appliance also saves operating system license costs and is quicker and easier to deploy and patch.
Migrating to VCSA involves the deployment of a new appliance and migration of all configuration (including distributed switches) and historical data using the upgrade installer. The VCSA uses a temporary IP address during migration before switching to the IP and host name of the VCS, the Windows box is then powered off. Last year there was a fling for migrating to VCSA which had limited capability and support. If you have used or read about the fling then re-review any limitations as a lot of this has been lifted now that VMware have released the migration tool as an official product. Furthermore in vSphere 6.5 the migration tool is not built into the single installation package alongside install, upgrade, and restore.
Software Considerations
The Windows VCS must be v5.5 or v6.0 (any build / patch) to migrate to VCSA 6.5. If the VCS is v5.0 or 5.1 upgrade to 5.5 first and then migrate. Both physical and virtual vCenter Server installations are compatible.
Any database, internal or external, supported by VCS 5.5 can be migrated to the embedded Postgre database within the target VCSA.
The ESXi host where VCSA will be deployed must be v5.5 or above, as must all other hosts in the vCenter.
The Windows server is powered off once the VCSA is brought online, this means any other components, VMware or third party, need to be migrated off the Windows server in advance or they will no longer work (don’t forget to move and update any scripts that may live on the Windows server).
If you are using Update Manager the VCSA now includes an embedded Update Manager instance from v6.5.
You must check compatibility of any third party products and plugins that might be used for backups, anti-virus, monitoring, etc. as these may also need upgrading for use with vSphere 6.5.
Small (up to 100 hosts, 1000 VMs) – 4 CPUs, 16 GB RAM.
Medium (up to 400 hosts, 4000 VMs) – 8 CPUs, 24 GB RAM.
Large (up to 1000 hosts, 10,000 VMs) – 16 CPUs, 32 GB RAM.
X-Large (up to 2000 hosts, 35,000 VMs) – 24 CPUs, 48 GB RAM – new to v6.5.
Storage requirements for the smallest environments start at 250 GB and increase depending on your specific database requirements. See the Storage Requirements document for further details.
Where the PSC is deployed as a separate appliance this requires 2 CPUs, 4 GB RAM, 60 GB disk.
Environments with ESXi host(s) with more than 512 LUNs and 2048 paths should be sized large or x-large.
To help with selecting the appropriate storage size for the appliance calculate the size of your existing VCS database here.
Architectural Considerations
From vSphere 6 onwards the Platform Services Controller (PSC) was introduced to the vSphere architecture. The PSC contains infrastructure services such as Single Sign On, Certificate Authority, licensing, etc. The PSC is deployed internally with vCenter Server or as an external component.
When implementing a new vSphere 6.5 environment you should plan your topology in accordance with the VMware vCenter Server and PSC Deployment Types. Larger environments may require an external PSC.
The migration tool supports different deployment topologies but does not, and can not, make changes to the topology and SSO domain configuration.
If SSO was installed on the same machine as vCenter Server then services are migrated to vCenter Server Appliance 6.5 with embedded Platform Services Controller.
If SSO was installed on a different machine from vCenter Server then the Windows VCS server will be migrated to the vCenter Server Appliance 6.5 with external Platform Services Contoller, and the Windows SSO server will be migrated to the Platform Services Controller 6.5 Appliance.
In this post we will be migrating a Windows vCenter using the embedded deployment model.
Variables such as FQDN resolution, database permissions and access to the licensing portal should all be in place since we are upgrading an existing vCenter solution.
All vSphere components should be configured to use an NTP server. The installation can fail or the vCenter Server Appliance vpxd service may not be able to start if the clocks are unsynchronized.
The ESXi host on which you deploy the VCSA should not be in lockdown or maintenance mode.
You will need the SSO administrator login details and if the Windows VCS service runs as a service account then the account must have replace a process level token permission.
Local Windows users that have vSphere permissions are not migrated since they are specific to the Windows server, all SSO users and permissions are migrated.
If there are any firewalls between vSphere components then review the list of required ports here., e.g. data migration from the VCS to the VCSA uses SSH so port 22 must be open.
The upgrade can be easily rolled back by following this KB.
Migration of vCenter using DHCP, or services with custom ports, is not supported. The settings of only one physical network adapter are migrated.
Downtime varies depending on the amount of data you are migrating, but can be calculated using this KB.
Ensure you have a good backup of the vCenter Server and the database.
Before we begin if your existing Windows vCenter is virtual it may be beneficial to rename the vCenter virtual machine name in the vSphere inventory to include -old or equivalent. While the hostname and IP are migrated the vSphere inventory name of the VM cannot be a duplicate. The old server is powered down but not deleted so that we have a back out.
Download the VMware vCenter Server Appliance 6.5 ISO from VMware downloads: v6.5.0 | v6.5.0 U1. Unlike the Windows vCenter installer, which hasn’t changed much in v6.5; the VCSA installer has had a complete overhaul. You’ll notice straight away that the GUI is much cleaner, and multiple deployment options (install, upgrade, migrate, restore) are now bundled into one installer.
Mount the ISO on your computer. The VCSA 6.5 installer is compatible with Mac, Linux, and Windows. Copy the migration-assistant folder to the Windows vCenter Server (and SSO server if separate). If SSO is running on a different Windows server then you must run the Migration Assistant on the SSO server first and migrate following the instructions below, then complete the same process on the Windows vCenter Server.
Start the VMware-Migration-Assistant and enter the SSO Administrator credentials to start running pre-checks.
If all checks complete successfully the Migration Assistant will finish at ‘waiting for migration to start’.
On a different machine from your Windows vCenter and SSO server(s) open the vcsa-ui-installer folder file located on the root of the ISO. Browse to the corresponding directory for your operating system, e.g. \vcsa-ui-installer\win32. Right click Installer and select Run as administrator. The vCenter Server Appliance Installer will open, click Migrate.
The migration is split into 2 stages; stage 1 deploys the new appliance with temporary network settings, there is no outage to the Windows vCenter. Stage 2 migrates data and network settings over to the new appliance and shuts down the Windows server. We begin with deploying the appliance. Click Next.
Accept the license terms and click Next.
Enter the details of the vCenter Server to migrate, then click Next.
Enter the FQDN or IP address of the host, or vCenter upon which you wish to deploy the new VCSA. Enter the credentials of an administrative or root user and click Next. The installer will validate access, if prompted with an untrusted SSL certificate message click Yes to continue. Tip – connect to the vCenter for visibility of any networks using a distributed switch, connecting to the host direct will only pull back networks using a standard switch.
Enter the virtual appliance name, this is the name that appears in the vSphere inventory as mentioned earlier. The host name of the vCenter Server will automatically be migrated. Click Next.
Select the appropriate deployment size for your environment and click Next.
Select the datastore to locate the virtual appliance and click Next. Configure the temporary network settings for the appliance. These will only be used during migration of the data, once complete the temporary settings are discarded and the VCSA assumes the identity, including IP settings, of the Windows vCenter Server. Click Next.
Review the settings on the summary page and click Finish. The VCSA will now be deployed.
Once complete click Continue to being the second stage of the migration.
Click Next to begin the migration wizard.
The source vCenter details are imported from stage 1.
Select the data to migrate and click Next.
Select whether or not to join the VMware Customer Experience Improvement Program and click Next.
Review the summary page and click Finish. Data will now be migrated to the VCSA, once complete the Windows vCenter Server will be powered off and the network settings transferred to the VCSA. If you urgently need to power back on the Windows server to retrieve files or such like, then do so with the vNICs disconnected, otherwise you will cause an IP/host name conflict on the network.
Post-Installation
Connect to the vCenter post install using the IP or FQDN of the vCenter. Access vSphere by clicking either the vSphere Web Client (Flash) or the vSphere Client (HTML5). Connect to the vSphere Web Client to manage your system, the thick client (Windows) is no longer supported.
Log in to the vSphere Web Client using the SSO administrator login. Verify the installed version is correct under the Summary tab when selecting the vCenter, you can also go to Help > About.
You must apply a new vCenter license key within 60 days. From the Hosts and Clusters view select the vCenter Server. Click Actions and Assign License. Select a license or use the green plus button to add a new license and click Ok.
You can obtain a 60 day trial license for vCenter Server here. If you have purchased vCenter Server then log into your licensing portal here. If the license key does not appear then check with your VMware account manager.
esxsi.com 