vCAC 6.0 Virtual Appliance Configuration | Writing about tech and anything else I find interesting

vCAC 6.0 Virtual Appliance Configuration

Note: This guide has been written for vCloud Automation Center 6.0 (vCAC 6.0) using the following software builds:

VMware-vCenter-Server-Appliance-5.5.0.5100-1312297_OVF10.ova

VMware-VMvisor-Installer-5.5.0-1331820.x86_64.iso

VMware-Identity-Appliance-2.0.0.0-1445146_OVF10.ova

VMware-vCAC-Appliance-6.0.0.0-1445145_OVF10.ova

Configuring the vCloud Automation Center 6.0 (vCAC 6.0) Identity Appliance

  1. Login to https://yourvcacidva.fqdn:5480

  2. Navigate past the untrusted certificate.

  3. Enter root as the username, and the password you defined during the OVA deployment.

NewImage

  1. Go to the Admin tab and click on Time Settings.

  2. Change the Time Sync Mode drop down box to “Use Time Server”.

  3. Define your time server(s), remembering that your (soon to be built) IaaS Windows Server will need to be in sync too.

  4. Click Save Settings.

NewImage

  1. Click on the Network tab, and confirm that your Hostname, Default Gateway, IP Address and DNS Server settings are correct.

  2. Click on the SSO tab.

  3. Enter and then re-enter a password to be used by the administrator@vsphere.local account and click the apply button.

  4. Go get a coffee, beer or other beverage and come back in about three minutes.

  5. You should now see “SSO is initialized” in green under “SSO Configuration” and also “SSO Status         RUNNING” under the password fields.

NewImage

  1. Click on the Host Settings tab.

  2. in the SSO Host Name field, append :7444 to the end of your vCACID VA FQDN and click Apply.

NewImage

Note: If you only have the hostname in this field and not the FQDN, change it to the FQDN. This will make life with SSL certificates much easier.

  1. Click on the SSL tab.

Note: This post will take you through the process for generating self signed certificates. If you want to use CA signed certificates, please go to this post

  1. Change the “Choose Option” drop down to “Generate Self Signed Certificate”.

  2. Enter the FQDN of your vCAC Identity Appliance in the Common Name field.

_Note: Ignore the canonical name format that is auto generated. This is leading you down the garden path. As stated above, enter the FQDN of your appliance. This is basically a GUI for a CSR so treat the fields in that way.

_

  1. Enter an Organization value in the Organization field.

  2. Enter and Organization Unit value in the Organization Unit field.

  3. Enter a two digit Country Code in the Country Code field.

  4. Click the Replace Certificate button.

  5. You should now see “SSL Certificate Replaced Successfully” in green under “Replace SSL Certificate”.

NewImage_

Note: do not try to replace the certificate with the same process after a successful certificate generation. This will hose your Identity Appliance._

  1. Click on the Active Directory tab.

  2. Enter a Domain Name, Domain User (no domain detail required) and Password then click on Join AD Domain.

NewImage

  1. You are now able to use Native AD as a connection method when defining vCAC Identity Sources.

_Note: This also enables people to login to the VAMI using their domain credentials. Appropriate steps to prevent domain users from doing this should be taken.

_

  1. Initial setup of the vCAC Identity Appliance is complete.

Configuring the vCloud Automation Center 6.0 (vCAC 6.0) Virtual Appliance

  1. Login to https://yourvcacva.fqdn:5480

  2. Navigate past the untrusted certificate.

  3. Enter root as the username, and the password you defined during the OVA deployment.

NewImage

  1. Go to the Admin tab and click on Time Settings.

  2. Change the Time Sync Mode drop down box to “Use Time Server”.

  3. Define your time server(s), remembering that your (soon to be built) IaaS Windows Server will need to be in sync too.

  4. Click Save Settings.

NewImage

  1. Click on the Network tab, and confirm that your Hostname, Default Gateway, IP Address and DNS Server settings are correct.

  2. Click on the vCAC Settings tab.

  3. Click on the “Resolve Host Name” button. Once this populates with your FQDN, click on the Save Settings button.

NewImage

11. Click on the SSL tab.

Note: This post will take you through the process for generating self signed certificates. If you want to use CA signed certificates, please go to this post

  1. Change the “Choose Option” drop down to “Generate Self Signed Certificate”.

  2. Enter the FQDN of your vCAC Identity Appliance in the Common Name field._

_

  1. Enter an Organization value in the Organization field.

  2. Enter and Organization Unit value in the Organization Unit field.

  3. Enter a two digit Country Code in the Country Code field.

  4. Click the Replace Certificate button.

  5. You should now see “SSL Certificate Replaced Successfully” in green under “Replace SSL Certificate”.

NewImage

  1. Click on the SSO tab.

  2. Enter the FQDN of your vCAC Identity VA followed by :7444

  3. Enter administrator@vsphere.local in the SSO Admin field.

  4. Enter the password you defined during Step 10 of Configuring the vCAC Identity Appliance above.

NewImage

  1. Click the “Save Settings” button.

  2. Regardless of whether you are using self signed certs or not, you will likely see the following message (unless you’re trusting the root CA already):

NewImage

  1. Click “Yes” on the dialog shown above.

  2. Wait for around five minutes. A good time for another coffee.

  3. You should see SSO configuration is updated successfully in green writing underneath SSO Settings (this is not shown in the screenshot above).

  4. Click on the Licensing tab, and enter your vCAC Licence Key.

  5. Click Submit Key.

NewImage

30. Initial setup of the vCAC Appliance is complete.