March 2016 - Virtually Boring

Deploying VMware Update Manager 6.0 Update 2

March 23, 2016 by Daniel

With the release of vSphere 6.0 Update 2 I needed to update my hosts! VMware Update Manager [VUM] makes updating and patching your environment very easy. It can also be used to upgrade VMTools and VMHardware versions on your virtual machines. In this post I will be installing VUM on Windows Server 2012 R2 VM using the SQL Express database and attaching it to my VCSA 6.0 U2 appliance. Once installed then I will use VUM to update my environment!

Requirements:

Must have a vCenter.
Software: .NET Framework 3.5 needs to be installed on the VUM server. For two install methods click here and here.
Hardware: 2 GB of RAM if separated from vCenter. 8 GB of RAM if installed on a Windows vCenter.
Storage: VMware recommends at least 120 GB of free space for the patching repository. Sizing Estimator for vSphere Update Manager 6.0.
Database:
- SQL Express: If you have a small environment (VMware says 5 hosts and 50 virtual machines or less) then the embedded SQL Express database is just fine.
- External: If you have a larger environment then you will want to use a external database. Click here and here to read more about having a external database.
For a full of requirements check out the VMware Update Manager 6.0 Update 2 Release Notes.
Click here for all VMware Update Manager documentation.

Updating vCenter Server Appliance 6.0 to Update 2

March 22, 2016 by Daniel

In this post i’ll go through how to upgrade the vCenter Server Appliance [VCSA] 6 to Update 2. To read about all the new features Update 2 adds check out my post VMware vSphere 6.0 Update 2 is available!

There are two sets of instructions, one if you already upgraded your VCSA to Update 1 and the other is if you are still running the initial 6.0.0 release. When scrolling down I made each upgrade type a super large header so you shouldn’t miss it!

In my environment I have the Platform Services Controller [PSC] embedded with the VCSA. If you deployed an external PSC separately from vCenter then this post will still work for you! The upgrade procedure is the exact same on both the vCenter and PSC just upgrade the PSC first before vCenter. To upgrade the PSC scroll down and use the second update method.

How to Upgrade if you are on VCSA 6 Update 1 or 1b:

If you already have your VCSA updated to 6.0 Update 1 then the upgrade is super simple! Log into the appliance Management User Interface [MUI] by opening a web browser and entering the following:

<strong>HTTPS://</strong><em>&lt;fqdn or ip&gt;</em><strong>:5480</strong>

1	<strong>HTTPS://</strong><em><fqdn or ip></em><strong>:5480</strong>

VMware vSphere 6.0 Update 2 is available!

March 21, 2016 by Daniel

It’s finally here! VMware vSphere Update 2 released on March 16th, 2016 and is available for download. With it comes many new features and of course bug fixes.

What’s New with vCenter 6.0 U2:

Download VMware vCenter Server 6.0 U2

Two-factor authentication for vSphere Web Client: Protect the vSphere Web Client using the following form of authentication:
- RSA SecurID
- Smart card (That is the UPN based Common Access Card)
Support to change vSphere ESX Agent Manager logging level: This release supports dynamic increase or decrease of vSphere ESX Agent Manager (EAM) logging levels without restarting EAM.
vSphere Web Client support: vSphere Web Client now supports Microsoft Windows 10 OS.
vCenter Server database support: vCenter Server now supports the following external databases:
- Microsoft SQL Server 2012 Service Pack 3
- Microsoft SQL Server 2014 Service Pack 1
Resolved Issues: This release of vCenter Server 6.0 Update 2 addresses issues that have been documented in the Resolved Issues section.
Read the full release notes here.

How to setup Microsoft Active Directory Certificate Services [AD CS]

March 15, 2016March 15, 2016 by Daniel

Microsoft Active Directory Certificate Services [AD CS] provides a platform for issuing and managing public key infrastructure [PKI] certificates. On top of securing application and HTTP traffic the certificates that AD CS provides can be used for authentication of computer, user, or device accounts on a network.

In this post I will be setting up a single AD CS server on my domain and configuring group policy to auto enroll my servers. For an enterprise environment you will deploy subordinate CA’s and shut down your root CA for security. For more information about this setup click here: PKI Design Options

Installing the AD CS Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

Click Next:

How to setup Microsoft Web Application Proxy

March 6, 2016 by Daniel

Microsoft Web Application Proxy [WAP] is a new service added in Windows Server 2012 R2 that allows you to access web applications from outside your network. WAP functions as a reverse proxy and an Active Directory Federation Services [AD FS] proxy to pre-authenticate user access.

vBoring Blog Series:

Requirements:

The only hard requirement of WAP is having an AD FS server. Refer to step 1 for setting that up.
WAP cannot be installed on a server that AD FS is installed on. They must be separate servers.

Installing the Web Application Proxy Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

How to setup Microsoft Active Directory Federation Services [AD FS]

August 7, 2017March 2, 2016 by Daniel

In this post I will be installing and configuring the Active Directory Federation Services [AD FS] server role. AD FS is able to provide Single-Sign-On [SSO] capabilities to multiple web application using a single Active Directory account.

vBoring Blog Series:

Install the AD FS Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

Click Next:

Share this, be sociable!!

How to Upgrade if you are on VCSA 6 Update 1 or 1b:

Share this, be sociable!!

What’s New with vCenter 6.0 U2:

Share this, be sociable!!

Installing the AD CS Server Role:

Share this, be sociable!!

Requirements:

Installing the Web Application Proxy Server Role:

Share this, be sociable!!

Install the AD FS Server Role:

Share this, be sociable!!