Posting last known good backup to vCenter Custom Attribute (NBU 7.5)

Thought this was kind of a cool function of Netbackup 7.5.  It has the ability to post last good backup date to a vCenter custom attribute.  Here is the article:
http://www.symantec.com/business/support/index?page=content&id=HOWTO71014

The short of it is to simply add the extensions (Register extension, Unregister extension, Update extension) permissions to your NBU role on top of those perms listed here:
http://tech.zsoldier.com/2011/06/netbackup-perms-and-vsphere-4x.html
and
configuring vmware advanced attributes in netbackup 7.5+.
http://www.symantec.com/business/support/index?page=content&id=HOWTO70998#v62458854
<-- Pointed out by Michael in comments. Cause I forgot to add it.  -->



WinRM, https, Kerberos, and vCO Powershell Plugin 1.0.1

Summary:
Pain in my arse.  I was able to make it work this way, whether this is the correct way to do it is most definitely up for debate.  I started writing this on w/ vCO PS Plugin 1.0, so some things might need work.  I welcome corrections.

Details:
  1. WinRM by default only allows users that are members of the administrators.
    • See here how to add additional users
    • The only way I’ve been able to make this work in Orchestrator is if the service account I’m using is a member of the administrators group on the powershell remote host.
    • It works via standard WinRM or Powershell so a bit puzzled as to why I get access denied errors from vCO.  Still researching...  :-/
  2. Setup IIS
  3. Generate CSR from IIS
  4. Import CA generated CSR
  5. IIS Website -> SSL Settings -> Edit Bindings -> https://  -> Select imported SSL cert.
  6. Command Prompt (not powershell):
    • winrm quickconfig -transport:https
    • winrm set winrm/config/client @{TrustedHosts=”NameorIP of VCO host”}
    • winrm set winrm/config/service/auth @{Kerberos=”True”}
  7. Assuming you are using the vCenter Orchestrator virtual appliance:
    1. Log into vCenter Orchestrator local console as root
      • Default password for root is “vmware”
      • SSH is disabled by default, so it you must login via local console.
    2. You need to create a krb5.conf file in the following directory:
      • /opt/vmo/jre/lib/security
      • vi krb5.conf
      • Sample krb5.conf:
        • [libdefaults]    
            default_realm = SOMEDOMAIN.COM    
            udp_preference_limit = 1
          [realms]    
            SOMEDOMAIN.COM = {       
            kdc = kdc1.somedomain.com       
            default_domain = somedomain.com    
          }
          [domain_realms]
            .somedomain.com=SOMEDOMAIN.COM
            somedomain.com=SOMEDOMAIN.COM
        • You can enter multiple kdc servers (in Active Directory, usually the same as a domain controller)
          • kdc = kdc1.somedomain.com
          • kdc = kdc2.somedomain.com
        • krb5.conf is CASE SeNSITIVE!
        • If you use the [domain_realms] section, your domain names will translate into UPPERCASE if using the format above.
      • Once you’re done editing, hit “ESC”, “:”, “wq”, Enter
      • Change ownership/perms on krb5.conf file:
        • chown vco:vco krb5.conf
        • chmod 640 krb5.conf
    3. Restart vCenter Orchestrator Appliance.
      • You can probably restart a specific service, but I’m unsure as to which one.
Other helpful links: