Getting Started with vFabric Hyperic v.5.7 - VMware

More documents

Recommendations

Info

About vFabric Hyperic Agent and SSLIf you want to use SSL for agent-to-server communication, install the vFabric Hyperic Agent'skeystore prior to first startup. You must configure the keystore path and password (and also itsalias, if you configure unidirectional agent-server communication) in theAgentHome/conf/agent.properties file before starting the agent the first time. The agentproperties related to SSL are:agent.keystore.aliasagent.keystore.passwordagent.keystore.pathagent.setup.camSecureIf you do not configure the keystore information in agent.properties before first startup, theagent will create a keystore with a self-signed certificate. If you choose to run with vFabricHyperic-generated keystores, update the password for each vFabric Hyperic-generatedkeystore; edit agent.keystore.password in the agent.properties file, and restart theagent.In vFabric Hyperic 4.6 and later vFabric Hyperic plugins that connect to managed products overSSL are updated to support certificate verification. To enable management of such products bya 4.6.x agent, it may be necessary to manually import the target server's certificate into theagent keystore if the server's certificate is not trusted. For more information see ManagedProducts and SSL.vFabric Hyperic Certificate ProcessingThe first time a vFabric Hyperic Agent initiates a connection to the vFabric Hyperic Server (thefirst time you start the agent after installation), the server presents its SSL certificate to theagent. If the agent trusts the certificate that the server presented, the agent imports the server'scertificate into its own keystore.How the Agent Decides to Trust the Server's CertificateThe agent trusts a server certificate: if that certificate already exists in the agent's keystore, or if the certificate has the same CA as the agent's certificate.By default, if the agent does not trust the certificate presented by the server, the agent issues awarning — you can terminate the configuration process, do the SSL setup. If you wish, you cancontinue the config process, in which case the agent will import the untrusted certificatepresented by the vFabric Hyperic Server.10
By default, the vFabric Hyperic Server and the vFabric Hyperic Agent do not import untrustedcertificates unless you explicitly respond "yes" to the warning prompt described above. Note,however that both components can be configured to accept untrusted certificates automatically,with no warning. For security reasons, this practice is strongly discouraged. Check the values ofagent.setup.acceptUnverifiedCertificate (inAgentHome/conf/agent.properties) and accept.unverified.certificates inServerHome/conf/hq-server.conf.SSL Between a 5.0 Server and Pre-4.6 AgentsTo ensure backwards compatibility with pre-4.6 vFabric Hyperic Agents, the vFabric HypericServer upgrade procedure does not provide a mechanism for configuring the server to access auser-managed keystore.When a newly-upgraded vFabric Hyperic 4.6.x Server starts up, it generates a self-signed SSLcertificate.When a pre-4.6 vFabric Hyperic Agent first connects to a newly-upgraded vFabric Hyperic 4.6.xserver, its self-signed certificate is imported into the server's keystore.SSL and vFabric Hyperic Product PluginsvFabric Hyperic plugins that connect to managed products over SSL are updated to supportcertificate verification. To enable management of such products, it may be necessary tomanually import the target server's certificate into the agent keystore if the server's certificate isnot trusted. Affected plugins include:vSphereRabbitMQImport of the managed server's certificate is necessary only if the vFabric Hyperic Agent cannotverify the certificate. If the agent's keystore contains a CA cert and the managed server'scertificate has been signed by that CA, the agent will be able verify the certificate. Otherwise,you should import the certificate of the signing CA, which is preferable to simply importing themanaged server's certificate. If you are not sure of all of the CAs for signed certificates, youmight consider importing the certificates in your JRE cacert file, which contains certificates for avariety of common CAs.11
Page 1 and 2: Getting Started with vFabricHyperic
Page 3 and 4: ContentsAbout Getting Started with
Page 5 and 6: About Getting Started with vFabric
Page 7 and 8: Key Facts for vFabric Hyperic Insta
Page 9: About SSL in vFabric HypericAbout t
Page 13 and 14: You can also ensure that you do not
Page 15 and 16: o The vFabric Hyperic Server saves
Page 17 and 18: Unidirectional Communication via a
Page 19 and 20: Propertyserver.java.optstomcat.maxt
Page 21 and 22: vFabric Hyperic Installation and St
Page 23 and 24: 3. Start the vFabric Hyperic Server
Page 25 and 26: d. Open firewall port if necessary.
Page 27 and 28: 6. Import discovered resources.o Af
Page 29 and 30: Step-by-Step ProceduresSelect and D
Page 31 and 32: About vFabric Hyperic JREsBoth vFab
Page 33 and 34: Password Requirement for vFabric Hy
Page 35 and 36: About the vFabric Hyperic vAppA vir
Page 37 and 38: vFabric Hyperic Server vApp Adminis
Page 39 and 40: Prerequisites and RequirementsThese
Page 41: 5. Click the Custom Properties tab.
Page 44 and 45: checkpoint_segments — Set the val
Page 46 and 47: Stop PostgreSQLStop PostgreSQL with
Page 48 and 49: o On Windows platforms, enter:PathT
Page 50 and 51: 17. What port should HQ's built-in
Page 52 and 53: 3. On the Administrator User Inform
Page 54 and 55: After installing the agent, proceed
Page 56 and 57: 3. Entering the following command i
Page 58 and 59: Install vFabric Hyperic Server:1. O
Page 60 and 61:
For information and required and op
Page 62 and 63:
About vFabric Hyperic Agent RPMThe
Page 64 and 65:
o On Windows platforms, install the
Page 66 and 67:
Set Up Agent in Properties FileAbou
Page 68 and 69:
About Password EncryptionThe first
Page 70 and 71:
About Where the Agent Finds Server
Page 72 and 73:
agent.setup.camPortDescriptionYou c
Page 74 and 75:
agent.setup.agentIPDescriptionThis
Page 76 and 77:
agent.keystore.pathDescriptionThis
Page 78 and 79:
About unidirectional communicationI
Page 80 and 81:
If the properties file does not alr
Page 82 and 83:
Two-Step Migration ProcedureIn this
Page 84 and 85:
One-Step Migration ProcedureNote: I
Page 86 and 87:
Command Required Optionalhq-exporth
Page 88 and 89:
Argument Description Default Behavi
Page 90 and 91:
Parameter Description DefaultqueryT
Page 92 and 93:
hq-install.log — this file contai
Page 94 and 95:
Create a Custom Agent Upgrade Bundl
Page 96 and 97:
The installer installs a new versio
Page 98 and 99:
Change vFabric Hyperic Server Sizin
Page 100 and 101:
Changing from Unidirectional to Bid
Page 102 and 103:
Configure vCenter Operations Manage
Page 104 and 105:
Depending on your environment, you
Page 106 and 107:
For example:$ telnet 192.168.1.114
Page 108 and 109:
To resolve this problem, you must r
Page 110 and 111:
Java Service Wrapper TimeoutUnder h
Page 112 and 113:
Overloaded BackendIf the vFabric Hy
show all

Getting Started with vFabric Hyperic v.5.7 - VMware

Create successful ePaper yourself

Delete template?

Save as template?