vCenter Operations 5.x vApp LDAP Configuration

Summary:
I happened to see someone searching for this and coming across my previous post on it’s wonkiness, so I figured I’d make a post showing how I went about configuring it w/ an Active Directory domain.  This only applies to the vcops-custom page.  The standard vCops-vsphere page uses vCenter’s authentication via role permissions.
Details:
  1. Log into your vcops-custom page as an admin. (example http://yourvCOPsUIvmIP/vcops-custom)
  2. Select Admin –> Security
    • Admin-Security
  3. Select the Import from LDAP button
    • ImportfromLDAP
  4. Select the add button
    • ImportUsersDialog
  5. Now see the screenshot below to see how to fill out the configuration screen:
    • ManageLDAPHost
  6. Below details how the auto-sync works:
    • ManageLDAPHost-2
  7. You’re pretty much done @ this point.
Auto Sync occurs once every hour, so once you configure it, it’ll take approx. an hour before users are granted access.  The other caveat is that nested groups are not supported.  Users must be direct members of the security group you setup w/ Auto Sync.
Feel free to ask questions in the comments.  I’m always keeping an eye on those.

Symantec and vExpert event

Many moons ago back in April, I and several other vExperts were invited to Symantec HQ for an executive briefing.  What I thought was just going to be a sales pitch, turned into a deep discussion around virtualization philosophy and technical discussion around Symantec’s many products.  Hit the link to read more if you are interested in my experience.

Uninstall HA agent manually

This is something you’ll likely have to do on a rare occasion.  In case you do though, here is the info need to do so.

  1. Disable HA on cluster.
  2. SSH into ESX/ESXi box

Run the following:

# Stops management services

/sbin/services.sh stop

# Runs uninstaller script

/opt/vmware/uninstallers/VMware-aam-ha-uninstall.sh

# Sometimes has problems removing the below directory, so we help it.

rm -rf /opt/vmware/aam

# Restarts management services

/sbin/services.sh start

RSA and VMware View iPad App

One of the nifty things about the current VMware View iPad App is it's ability to import a RSA token.  Unfortunately, the documentation on how to do this is a bit scarce.  These steps may work for Android too, but I don't have an Android tablet to test with.

PreReqs:

  1. RSA Server 7.1 SP4 <-- This is what I tested against.
  2. View 4.5+ w/ RSA enabled.
  3. VMware View iPad application
Simply go to your RSA self-service page and request a new token.  If it's enabled you should have an option like this:
You'll want to select "I need a specific software token" then select "RSA SecurID Token for iPhone and iPAD/iPOD"

Once you or your RSA admin approve your request, you should get a link and activation code that looks something like this:

Joe, your new or additional software token request has been approved with the following comments from your administrator:
RSAAdmin: approved
Please ensure that the RSA SecurID application is installed on your device before attempting to import your software token.
Download the SecurID Application: com.rsa.securid://ctkip?url=https://yourRSAServer:7004/ctkip/services/CtkipService

How To Import Your Software Token ( true ) Please follow the instructions provided by your administrator to import a token using the following information:
Link: https://yourRSAServer:7004/ctkip/services/CtkipService
Activation Code: 0000000000000

To import the software token into your iPad View app, you can copy the simply change the link that is prefixed w/ com.rsa.securid to viewclient-securid.  So the link would look something like this instead:

When you type/copy/paste this link into safari, it should open up the view ipad client and ask for you activation code.

Once done, you will be able to simply type your PIN for RSA credentials.

vExpert Gift!

Pretty sweet gift from @VMWare.

Photo Apr 02, 1 56 21 PM