Wednesday, October 25, 2017

[How-to] Install vCSA into VMware Workstation - Part 3

This article is the Part 3 continuation of the [How-to] Install vCSA into VMware Workstation series.

This How-to has multiple parts

It assumed you are following this guide in order, if you don't you are probably going to have a bad time.

Before we get started

This post is based off VMware Workstation 14 Pro, vCSA 6.5, and ESXi 6.5u1 - but the concepts should be pretty similar across other versions.

This guide assumes basic understanding of VMware ESXi, Unix, networking services, and the like, and as usual these instructions are provided as-is, no support or warranty is provided or implied. Consider thyself warned.

What do I need?

To begin you will need the following:
  1. VMware Workstation (ver. 8+) fully installed.
    This should also work with Fusion (ver. 4+) for you MacOS fans.
  2. vCSA iso (download from my.vmware.com)
  3. Enough Resources - vCSA will require:
    • 1 CPU / 1 Core (2/1 recommended)
    • 10gb of RAM (temp during build, can lower after first power up to 1gb)
    • Up to 230gb Disk (a fresh install takes up ~16gb of disk running at first boot, then about ~7gb assuming you've moved memory to 1gb and ~6gb when powered off)
  4. An ESX host to configure our vCSA to manage - [How-to] Installing ESXi in VMware Workstation.
  5. DNS entries, vCSA requires forward and reverse DNS entries for your appliance - if you don't have the infrastructure setup yet you can follow this guide - [How-to] Install your own HoL-like Control Center Server in VMware Workstation
  6. Licenses to make this all work (free trial or download from VMware)

Configure the Platform Services Controller (PSC)

The PSC is the new master service for everything SSO and Certificates in 6.x let us get it configured to use Active Directory. You will want to complete these next steps from your jump box browser (a browser than can access both your AD DC and the vCSA appliance with the AD DNS). If you want to operate in Expert Mode you can add host entries for your AD domain into your host file on your system that is running Workstation and all should be good if you don't want to use a jump box.

1. Make your life much easier, install the local PSC root certificate into your system to save time from errors with an invalid certificate - open https://IPorName/ - scroll to the bottom and click the Download trusted root CA certificates link, unzip the file and open the certificate file to install it to trusted roots. See this MS article if you need more help.

2. Launch the vCenter URL: https://IPorName/vsphere-client in your Flash Only Browser, login with administrator@vsphere.local and the password you set during appliance deployment, click Login.
3. Click the Home button or press (Ctrl-Alt-1).
4. In the Home tab scroll to the middle and click System Configuration.
5. In System Configuration:

  • Click Nodes under Navigator
  • click on your vCSA appliance (vcsa01a.lab.local) Node under it
  • in the middle screen click the Manage tab 
  • click Settings
  • click Active Directory
  • click Join...

6. In the Join Active Directory screen enter the following:
  • Domain: FQDN domain (lab.local
  • Organizational Unit: is optional (by default the appliance will go into the Computers OU)
  • User name: needs to be in UPN format (administrator@lab.local)
  • Password: enter your password
Click OK. This screen will just go away (no error, no success).
7. Click the Reboot Appliance button near the top (red and green arrow circle), give your reason, click OK.
8. Click the Home button, then click Administration.
9. Under Navigator > Single Sign-On
  • click Configuration
  • in the middle pane click Identity Services
  • click the Green +
  • in the wizard select Active Directory (Integrated Windows Authentication)
  • click Next 
10. On Configure identity source:

  • Domain name: your FQDN (lab.local)
  • Select Use machine account
  • click Next
11. On Ready to Complete, click Finish.
12. Under Navigator > Access Control

  • click Global Permissions
  • in the middle pane click Manage
  • click the Green +
13. Click the Add... Button at bottom of Users and Groups.

14. Add your domain users/groups as you see fit, such as Lab.Local\Administrators, click OK.
15. Back on the Add Permission screen:

  • select the Assigned Role from the drop down - such as Administrator
  • check the Propagate to children box 
  • then either Add... additional users/groups OR click OK when done


You should now be able to login to your vCSA with your domain credentials.

Next we move to the Licensing your lab steps - Continue to Part 4: Licensing your Lab

No comments:

Post a Comment