One of the bits of information I took out of my VMware vSphere: Manage and Design for Security course was setting up vMA for Remote logging of the syslog files from your virtual centre server and ESX hosts. I have played with vMA bit before but over the past week I’ve made a concerted effort to try better my skills as it is something i really need to strengthen before the next realise of vSphere which has no ESX included and therefore I need to know how to do my daily role through vMA and PowerCLI (everyone recommended I learn both as each has it’s pro’s and con’s).
I’m not going to get too in-depth with the process as some top bloggers have already done such a great job of it I would only be re-covering what they have already said. If you haven’t used vMA before then I would recommend a document created by William Lam of virtuallyghetto.com fame all about Getting Started with the vMA and there is even a VMware KB TV video all about vMA here
- To setup my vMA for remote logging I used my course lab notes but Simon Long has written a great posting covering pretty much everything that was in my course lab guide for setting up your vMA to retrieve your syslog files and store them in the VMA.
- Next I secured my credentials in vMA by following the knowledge base article here. This is something I learnt on the course and maybe it’s overkill as someone would have to take the VMDK files of my vMA and reverse-engineer the encryption algorithm and decrypt the passwords but it’s always good practice to try secure your passwords as best you can so I did it
- Having changed my keyboard layout from US to UK(EN) I noticed that due to this my vi-admin password wasn’t what i wanted it to be so after looking around and asking on twitter I was pointed to logging into my vMA using single-user mode and resetting my vi-admin password that way. I used this Red Hat FAQ to show me how to make this change.
- Next I configured my vMa for Active Directory Authentication as recommended and detailed in the vSphere Management Assistant Guide on page 14. Also William Lam did a great posting detailing in a bit more of a user friendly fashion.
Now my vMa is remote logging,secured and using Active Directory Authentication.
Gregg
November 25, 2010 at 5:47 pm
Nice article…was exactly what I was looking for. Seems a bit crazy you can’t change the vi-admin password easier though.
November 26, 2010 at 8:32 am
Thanks =0) Glad it helped you. Yeah I thought the same as if i know the vi-admin password why can’t i run a command to reset it while logged in? Rather than reboot into single user mode and reset it..Guess it’s also a great security reason to make sure your managmenet network is secure and only trusted users can see your consoles