Configuring Multiple ACE Management Servers VMware ACE 2.0



Similar documents
ACE Management Server Deployment Guide VMware ACE 2.0

VMware Virtual Desktop Manager User Authentication Guide

Active Directory Solution 1.0 Guide

ACE Management Server Administrator s Manual VMware ACE 2.6

Reconfiguration of VMware vcenter Update Manager

Integration with Active Directory

Reconfiguring VMware vsphere Update Manager

Obtaining SSL Certificates for VMware Horizon View Servers

Obtaining SSL Certificates for VMware View Servers

Installing and Configuring vcenter Support Assistant

Replacing VirtualCenter Server Certificates VMware Infrastructure 3

Upgrading VMware Identity Manager Connector

Scenarios for Setting Up SSL Certificates for View

VMware vcenter Support Assistant 5.1.1

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

VMware vcenter Log Insight Getting Started Guide

W H I T E P A P E R. Best Practices for Building Virtual Appliances

ThinPrint GPO Configuration for Location-Based Printing

Migrating a Windows PC to Run in VMware Fusion VMware Fusion 2.0

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Installing and Configuring vcenter Multi-Hypervisor Manager

Upgrading Horizon Workspace

Reconfiguring VMware vsphere Update Manager

VMware Identity Manager Connector Installation and Configuration

Using the vcenter Orchestrator Plug-In for Microsoft Active Directory

vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3

App Orchestration 2.5

Installing and Configuring vcloud Connector

VMware vsphere 5.0 Evaluation Guide

VMware Identity Manager Administration

Running VirtualCenter in a Virtual Machine

VirtualCenter Database Maintenance VirtualCenter 2.0.x and Microsoft SQL Server

Managing Multi-Hypervisor Environments with vcenter Server

VMware Identity Manager Integration with Active Directory Federation Services 2.0

Zimbra Import Wizard for Microsoft Outlook

Virtual Machine Encryption Basics

Using the vcenter Orchestrator Plug-In for vsphere Auto Deploy 1.0

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Managing Remote Access

Setting Up Resources in VMware Identity Manager

Use Enterprise SSO as the Credential Server for Protected Sites

VMware Identity Manager Administration

SNMP Adapter Installation and Configuration Guide

Using Internet or Windows Explorer to Upload Your Site

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

VMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.4.1

Legacy Host Licensing with vcenter Server 4.x ESX 3.x/ESXi 3.5 and vcenter Server 4.x

vcenter Chargeback User s Guide

VMware vcenter Discovered Machines Import Tool User's Guide Version for vcenter Configuration Manager 5.3

Getting Started with ESXi Embedded

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

vcenter Operations Manager for Horizon Supplement

VMware vcenter Log Insight Security Guide

Replacing vcenter Server 4.0 Certificates VMware vsphere 4.0

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

VMware Auto Deploy GUI. VMware Auto Deploy Gui 5.0 Practical guide

Offline Data Transfer to VMWare vcloud Hybrid Service

Remote Printing VMware ACE 2

Exchange 2010 PKI Configuration Guide

Installing and Administering VMware vsphere Update Manager

Installing and Configuring vcloud Connector

Using VMware ESX Server with IBM System Storage SAN Volume Controller ESX Server 3.0.2

vcloud Automation Center Self-Service Portal Guide

App Orchestration 2.0

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Using VMware vcenter SSO 5.5 with VMware vcloud Automation Center 6.1

VMware vcenter Log Insight Getting Started Guide

VMware Mirage Web Manager Guide

vsphere App HA Installation and Configuration Guide

vsphere Replication for Disaster Recovery to Cloud

Integrated Virtual Debugger for Visual Studio Developer s Guide VMware Workstation 8.0

Entrust Managed Services PKI

vcenter Support Assistant User's Guide

vcenter Chargeback User s Guide vcenter Chargeback 1.0 EN

Security Guide vcenter Operations Manager for Horizon View 1.5 TECHNICAL WHITE PAPER

StoneGate SSL VPN Technical Note Adding Bundled Certificates

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Enabling NetFlow on Virtual Switches ESX Server 3.5

CA Unified Infrastructure Management Server

vsphere Host Profiles

VMware vcenter Server 5.5 Deployment Guide TECHNICAL MARKETING DOCUMENTATION V 1.0/NOVEMBER 2013/JUSTIN KING

vsphere Replication for Disaster Recovery to Cloud

Web Services for Management Perl Library VMware ESX Server 3.5, VMware ESX Server 3i version 3.5, and VMware VirtualCenter 2.5

VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014

Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3)

Deployment Guide. Deploying F5 BIG-IP Global Traffic Manager on VMware vcloud Hybrid Service

Generating SSH Keys and SSL Certificates for ROS and ROX Using Windows AN22

SOA Software API Gateway Appliance 7.1.x Administration Guide

VMware vsphere Data Protection Evaluation Guide REVISED APRIL 2015


Configuration Maximums VMware Infrastructure 3

VMware vcenter Operations Manager Administration Guide

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Using Microsoft Expression Web to Upload Your Site

VMware vcenter Configuration Manager and VMware vcenter Application Discovery Manager Integration Guide

VMware vcenter Operations Manager for Horizon Supplement

Command-Line Tool for View Manager View Manager 4.0

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services

Transcription:

Technical Note Configuring Multiple ACE Management Servers VMware ACE 2.0 This technical note describes how to configure multiple VMware ACE Management Servers to work together. VMware recommends this configuration for scaling ACE Management Server service for thousands of clients. See Figure 1. Figure 1. Two ACE Management Servers Configured to Work Together Active Directory domain controller LDAP Kerberos ACE Management Server 1 ODBC LDAP Kerberos load balancer (optional) database server ODBC ACE Management Server 2 A single ACE Management Server can handle a preset number of clients, but you can add more servers to your ACE Management Server infrastructure by using load balancing. When you add more servers to the load balancing group, the number of clients that you can serve will scale in a linear fashion. For example, if you can serve 2,000 clients with one server, using two load balanced servers will allow you to serve 4,000 clients. This technical note assumes that you are familiar with the installation and configuration of a standalone ACE Management Server with external database support. It also describes how to set up two or more servers and the extra steps that are necessary to use the load balance feature. This technical note contains the following sections: Requirements on page 2 Installation of Services on page 2 Load Balancing on page 4 Copyright 2007 VMware, Inc. All rights reserved. 1

Verification on page 4 Final Notes on page 5 Requirements To use the information in this technical note, you will need the following: Two or more machines (or Virtual Machines) to host the ACE Management Server processes An external database to host the ACE Management Server data A load balancing solution to manage traffic Installation of Services Install the ACE Management Server package on two or more machines (or virtual machines). Configure each one separately to access the same external database. You must use an external database to configure multiple ACE Management Servers. Both ACE Management Server installations must be able to identify the same data store so either installation can field queries for clients and scale the number of clients that can be served. You can verify that both ACE Management Servers are working properly by starting Workstation ACE Edition and connecting to each ACE Management Server directly (by IP or hostname). You should see the same data in the Instance View window. If you create a test ACE and preview it, you see the preview instance on both servers. Using the Same SSL Certificate on All Servers The following procedure describes how to copy the SSL certificate and key from one ACE Management Server to another. To copy the SSL certificate and key from one ACE Management Server to another 1 Log into ACE Management Server 1. 2 Locate both the SSL certificate and key directory files. On Windows machines, the files are located at C:\Program Files\VMware\VMware ACE Management Server\ssl. On Linux machines, the files are located at \var\lib\vmware\acesc\ssl. The certificate file is server.crt. The key file is server.key. 3 Use scp (secure copy) to copy the following files if you are using the Virtual Appliance of the ACE Management Server by performing the following steps: a Enter scp user@<host>:<file> user@<host>:<file>. You can also enable shared folders (if you are using VMware Workstation to run the Virtual Appliance), and copy the files out of the virtual machine through the shared folders feature. b Open a browser, and load the configuration page for ACE Management Server 2. c d e f g Click the Custom SSL Certificates tab. Specify the key file in the Server Private Key field. Specify the certificate file in the Server Public Certificate field. Click Upload certificates. Click Apply. 4 Restart ACE Management Server 2. Copyright 2007 VMware, Inc. All rights reserved. 2

Creating New SSL Certificates and Keys for Each Server If you do not want to use the same SSL certificate and key for each ACE Management Server, you must create new SSL certificates and keys for each server. The following steps guide you through the process of creating new SSL certificates and keys and installing them on your ACE Management Server. To create new SSL certificates and keys 1 Create as many SSL certificate and key pairs as you need (one for each server in your server farm). The procedure for doing this varies depending on the tools you use. See the documentation for your platform to determine how to create these certificates and keys. Each certificate must have a unique common name and a unique serial number. 2 If your certificates require a certificate chain to be verified, create a certificate chain file. The certificate chain file is a text file that contains every certificate (in PEM format) needed in order to verify the leaf certificate (including the root certificate of the chain). a b c Download the verification chain from your certificate authority. Each certificate must be in PEM format prior to creating the certificate chain file. To format, use the open SSL tools available online. Create the certificate chain file by concatenating each PEM encoded certificate into one file. You now have a certificate chain file for every new certificate that you have created. For example, if you are using two ACE Management Servers you would have two certificate chain files. 3 Join all of these certificate chain files into one large file. If you can, eliminate the duplicate entries. 4 Convert the server s SSL certificates to PEM format. 5 Add the server s SSL certificates in PEM format to the certificate chain file. You have three files that need to be uploaded to every ACE Management Server in your farm: SSL certificate file SSL key file Certificate chain file Complete this procedure for every ACE Management Server in your farm to upload files to each ACE Management Server. To upload the files to the servers in your server farm 1 Open a browser and load the configuration page for your ACE Management Server. 2 Click the Custom SSL Certficates tab. 3 Specify the key file in the Server Private Key field. 4 Specify the certificate file in the Server Public Certificate field. 5 Specify the certificate chain file in the Server Public Certificate Authentication Chain field. 6 Click Upload certificates. 7 Click Apply. 8 Restart the ACE Management Server. Copyright 2007 VMware, Inc. All rights reserved. 3

Figure 2. Creating the Certificate Chain File certificate verification chain Root SSL Certificate Certificate Chain File [Root SSL Certificate in PEM format] [Intermediary SSL Certificate in PEM format] [AMS #1 SSL Certificate in PEM format] [AMS #1 SSL Certificate in PEM format] Intermediary SSL Certificate Server SSL Certificates i ACE Management Server #1 SSL Certificate ACE Management Server #2 SSL Certificate Load Balancing ACE Management Server uses to communicate with its clients. Any load balancing solution that supports should work with ACE Management Server. Install your load balancer and configure port 443 (HTTP over SSL) for load balancing. Do not configure port 8080 or 8000 for load balancing. These two ports are used for configuration. Port 8080 is the virtual appliance configuration port and 8000 is the ACE Management Server configuration port. Verification Restart your Workstation ACE Edition client before verification. This is required so that Workstation ACE Edition re downloads the SSL Certificate when a connection to the ACE Management Server is established. You should be able to connect to your ACE Management Server using the address of the load balancer. Create a test ACE instance and preview it. The preview instance should run and regardless of which ACE Management Servers its requests, you can test this in the following way: To test your ACE instance 1 Create a test ACE template. 2 Open the policy editor. 3 Select Policy Update Frequency. 4 Select Disable Offline Usage. 5 Click OK. 6 Remove the first ACE Management Server from your load balancing configuration (all traffic will go to the second ACE Management Server). Copyright 2007 VMware, Inc. All rights reserved. 4

7 Preview the test ACE. This will create an instance on the ACE Management Server. 8 Close the ACE Player. 9 Remove the second ACE Management Server from the load balancing configuration and add the first ACE Management Server back into the configuration. All traffic will go to the first ACE Management Server now. 10 Preview the same ACE template again, when prompted whether to re instantiate or re use the instance, select Use Existing Instance. Final Notes The instance should start successfully. If the instance starts successfully, both servers are using the same SSL certificate. It is also possible to configure multiple ACE Management Servers using different certificates, (self signed or with a verification chain). The steps for this procedure are similar. You must create new certificates and keys (or download them from your Certificate Authority). Upload them to each server. An extra step is required when using separate certificates. Create a certificate chain file. The certificate chain file is a file that contains multiple certificates concatenated together (in PEM format). If both of your certificates are self signed, your certificate chain file should be a file that contains both certificates concatenated. If you received your certificates from the same certificate authority, the chain file must contain only the verification chain for these certificates (which should be the same). If the certificates come from different certificate authorities, the chain file must contain both certificate verification chains. Upload the certificate chain file at the same time that you upload the certificate and key file to the server. VMware, Inc. 3401 Hillview Ave., Palo Alto, CA 94304 www.vmware.com 2007 VMware, Inc. All rights reserved. Protected by one or more of U.S. Patent Nos. 6,397,242, 6,496,847, 6,704,925, 6,711,672, 6,725,289, 6,735,601, 6,785,886, 6,789,156, 6,795,966, 6,880,022, 6,944,699, 6,961,806, 6,961,941, 7,069,413, 7,082,598, 7,089,377, 7,111,086, 7,111,145, 7,117,481, 7,149, 843, 7,155,558, 7,222,221, 7,260,815, 7,260,820, and 7,269,683; patents pending. VMware, the VMware boxes logo and design, Virtual SMP and VMotion are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Revision 20070919 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information