vCloud Automation Center Part 2 – Preparing the Installation

Installing vCloud Automation Center (vCAC) requires some preparation. Although you can potentially install all components including the database on one single server, this isn’t an approach that’s suitable for production use. I would recommend installing all components on one single server for quick product evaluation purpose only. If you are planning to test-drive the product for production implementation, then I would recommend installing the product more production-like and separating duties on multiple boxes.

My recommendation for production-like testing includes at least the following three boxes:

  • Database server
    In a typical production scenario you’ll probably have dedicated database servers. Therefore I always recommend a dedicated database server for testing purposes as well. This will not get you into remote database problems on the production install, but will reveal early problems regarding the use of a remote database.
  • Web server
    For scalability reasons you might want to test webserver scalability using external load balancers. Installing the web components on a separate server allows you to do so during testing phase.
  • vCAC server
    For scalability reasons you might want to test installing a 2nd vCAC manager service and external load balancers. This server will also contain the Distributed Execution Manager (DEM) Orchestrator, DEM worker and required Agents. If you’re looking into scaling it out a bit more, you might want to install the DEM worker and agents on a separate box as well.

Preparing the Database Server

According to the VMware Product Interoperability Matrix, Only certain versions of Microsoft SQL Server 2008 and 2012 are supported. Make sure that you use a supported version of Microsoft SQL Server for your installation.

The database server has the following requirements:

  • TCP/IP protocol enabled for MSSQL Database Instance
    In order to connect to the database remotely, TCP/IP needs to be enabled as protocol for the SQL Server database instance hosting the vCAC database:
    • Open SQL Server Configuration Manager under Microsoft SQL Server –> Configuration Tools
    • In the tree pane, click SQL Server Network Configuration –> Protocols for MyInstanceName
    • In the results pane, verify that, under the Status column, Enabled appears next to the name of the TCP/IP protocol
    • In the tree pane, click SQL Native Client Configuration –> Client Protocols
    • In the results pane, verify that, under the Status column, Enabled appears next to the name of the TCP/IP protocol
    • In the tree pane, click SQL Server Services
    • In the results pane, right-click SQL Server (MyInstanceName), and then click Restart
  • Microsoft Distributed Transaction Coordinator Service (MS DTC) enabled
    This service is responsible for coordinating transactions that span multiple systems. To enable this service use the following procedure:
    • Open Component Services from Administrative Tools
    • In the tree pane, click Component Services –> Computers –> My Computer –> Distributed Transaction Coordinator
    • In the results pane, right click on Local DTC and select Properties
    • Select the Security tab
    • Select Network DTC Access, Allow Remote Clients, Allow Remote Administration, Allow InBound, and Allow OutBound (Leave everything else as is)
    • Select OK
  • No firewalls between Database Server and the Web server or vCAC Server, or ports opened as described in Firewall Configuration
    Both the Web Server and the vCAC Server need communication to the database. Besides opening the firewall for SQL server traffic (by default port 1433), you must also enable Microsoft Distributed Transaction Coordinator Service (MS DTC) communication between all servers in the deployment. More detailed instructions for enabling DTC through a firewall can be found in KB 250367
    Apart from 3rd party firewalls, don’t forget the Windows Firewall on the server. You need to disable or configure that as well ;-)
    • If you’re using SQL Server Express, the SQL Server Browser service must be running
      Make sure that you set the startup option for the SQL Server Browser service to automatic and start the service

    If you want to install the SQL Server Management Studio, you’ll also need to add the .Net Framework 3.5.1 feature using Server Manager.

    Preparing the Web Server

    The web server has the following requirements:

    • Microsoft .NET Framework 4.5 needs to be installed
      .Net Framework is available at http://msdn.microsoft.com/en-us/vstudio/aa496123
      Make sure that you install .Net framework before installing IIS. If you fail to do so, .Net is not registered properly with IIS. To fix that use the following procedure:
      • Open a command line on the server as administrator
      • Change directories into your .Net 4.5 directory (most likely C:\Windows\Microsoft.NET\Framework\v4.0.30319)
      • Type aspnet_regiis.exe -i and press enter
      • Type iisreset and press enter
    • IIS Server Role installed
      Currently only Microsoft Internet Information Services (IIS) 7.5 is supported. IIS Server role must be installed with the following Role Services using Server Manager (More information on installing IIS can be found here):
      • Static Content
      • Default Document
      • HTTP Redirection (required for vCAC Self-Service Portal)
      • ASP.NET
      • ISAPI Extensions
      • ISAPI Filter
      • Windows Authentication
    • IIS Authentication configuration
      After installing IIS, you’ll need to do some configuration within IIS:
      • Open Internet Information Services (IIS) Manager
      • In the tree pane, expand the <machine name>, Sites, to reach the Default Web Site
      • In the results pane, double click on Authentication
      • Disable Anonymous Authentication
      • Enable Windows Authentication
      • Highlight Windows Authentication and click on Providers under Actions on the right hand side
        • Remove Negotiate from the Enabled Providers list
        • Add Negotiate back into the list, making sure it is the first provider in the list. (This is necessary due to a bug in IIS)
        • Both Negotiate and NTLM providers should be enabled
      • Open Advanced Settings (above Providers)
        • In the drop down box for Extended Protection change it to Accept and then change it back to Off again
        • Kernel-Mode Authentication should be enabled
        • Click OK. (This is necessary due to a bug in IIS)
    • Windows Process Activation Service installed
      the following procedure to add the Windows Process Activation Service feature:
      • Open Server Manager
      • Expand the Windows Process Activation Service feature
        • Select Process Model, .Net Environment, Configuration APIs
      • Expand the .Net Framework 3.5.1 Features
        • Select both .Net Framework 3.5.1 and WCF Activation
        • Make sure that both HTTP Activation and Non-HTTP Activation is selected
      • Complete the installation of the Windows Features
    • Microsoft Distributed Transaction Coordinator Service (MS DTC) enabled
      This service is responsible for coordinating transactions that span multiple systems. For detailed instructions on enabling MS DTC see the Database Server section previously
    • No firewalls between Database Server and the Web server or vCAC Server, or ports opened as described in Firewall Configuration
      Besides opening the firewall for SQL server traffic (by default port 1433), you must also enable Microsoft Distributed Transaction Coordinator Service (MS DTC) communication. For more details see the Database Server section previously
    • Log on as a batch job right
      This right is required for the domain user that you are planning to use as the IIS application pool identity for the Model Manager Web Service. I would recommend using a separate service account. To add the Log on as a batch job right:
      • Open Local Security Policy from Administrative Tools
      • In the tree pane, expand Local Policies, then select User Rights Assignment
      • Double-click Log on as a batch job
      • Click Add User or Group
      • Add the user that will be used to run the IIS Application pool identity for the Model Manager Web Service
      • Click OK
    • Log on as a service right
      The domain user that you are planning to use as the IIS application pool identity for the Model Manager Web Service requires the Log on as a service right
      • Open Local Security Policy from Administrative Tools
      • In the tree pane, expand Local Policies, then select User Rights Assignment
      • Double-click Log on as a service
      • Click Add User or Group
      • Add the user that will be used to run the IIS Application pool identity for the Model Manager Web Service
      • Click OK

    Preparing the vCAC Server

    In my installation setup, the vCAC server will be hosting both the vCAC manager service as well as the DEM Orchestrator service. See the vCAC installation guide for specific server requirements if you want to separate those services on different boxes. The vCAC server has the following requirements:

    • Must be installed on Windows Server 2008 R2 SP1
      Currently only Windows Server 2008 R2 SP1 is supported for vCAC installations
    • Windows PowerShell Version 2.0
      PowerShell 2.0 gets automatically installed with Windows 2008 R2
    • Server should be joined to a domain to allow for use of active directory users
    • Microsoft .NET Framework 4.5 needs to be installed
      .Net Framework is available at http://msdn.microsoft.com/en-us/vstudio/aa496123
      If you’re installing all components on a single box, make sure that you install .Net framework before installing IIS. For more information see the Web Server section previously
    • IIS Server Role installed
      IIS Server role must be installed prior to installing the Manager Service as it uses IIS to present itself. IIS can be installed with the default options
    • Secondary Logon service needs to be running
      Open Services.msc and start the Secondary Logon service. This only needs to be running during the installation process
      Make sure that you also set the startup type of the Secondary Logon service to Automatic to keep it running persistently across reboots
    • Microsoft Distributed Transaction Coordinator Service (MS DTC) enabled
      This service is responsible for coordinating transactions that span multiple systems. For detailed instructions on enabling MS DTC see the Database Server section previously
    • No firewalls between Database Server and the Web server or vCAC Server, or ports opened as described in Firewall Configuration
      Besides opening the firewall for SQL server traffic (by default port 1433), you must also enable Microsoft Distributed Transaction Coordinator Service (MS DTC) communication. For more details see the Database Server section previously
    • Manager Service’s time should match the database’s time
      As with many other VMware products Time is very crucial. Therefore make sure that you configure all servers using the same single time source

    To ensure that you have satisfied all prerequisites, run the vCAC Prerequisite Checker tool before installing any of the vCAC components. Installing the vCAC components will be discussed in the next Part.

    Related posts:

    1. vCloud Automation Center Part 1 – Components Overview Tweet Last year VMware acquired DynamicOps and their product called DynamicOps Cloud Automation Center (DCAC). DynamicOps originally started as part of the Credit Suisse’s Global Research and Development Group in...
    2. Moving your Virtual Center SQL database – Beware! Tweet I ran into an issue with a vCenter database recently, where I couldn’t see historical performance data anymore in the past week-, month- and year-view. When investigating it, it...
    3. Move/Replace vCloud Director NFS Transfer Server Storage Tweet In a multi-cell vCloud Director installation, all cells need access to a shared spooling area, also known as NFS transfer server storage. When you need to move or replace...
    4. vCenter Orchestrator Configuration Element Attribute Values Missing After Import. Tweet When importing a package on a vCenter Orchestrator (vCO) server in my lab I noticed that the values of the attributes inside the Configuration Elements (CE) were missing. At...
    5. Installing ESX 4.0 on VMware Fusion Tweet If you love VMware you have to love Apple and if you love ESX4.0 you have to love a Mac. Well, at least I know I do. Both companies...

    1 Comment on “vCloud Automation Center Part 2 – Preparing the Installation”

    1. #1 vCAC 6.0 Resources | TheSaffaGeek
      on Feb 12th, 2014 at 1:45 pm

    Leave a Comment