Category: Aria

Aria, Home Lab

Aria Suite Lifecycle Manager Appliance Custom Certificate Replacement

sargonkhizeran

The Aria Suite Lifecycle Manager is the one-stop shop for managing, configuring, and lifecycling your Aria suite. You can read more on VMware’s site ‘What is VMware Aria Suite Lifecycle

In the homelab I deployed the Aria Suite LCM Easy Installer using the Windows Installer. Once the appliance is up, this is a website accessed using FQDN. I’m going to install a custom CA from an internal Active Directory Certificate Service.

Because Aria LCM helps manage all kinds of settings such as DNS, NTP, Product binaries, repositories, and even certificates. We will begin by accessing ‘Locker’ from the Services menu

You will find that Locker is used to maintain Certificates, Passwords, and Licenses. In our case, we will select Certificates >> ‘Generate CSR’ so that we can generate a certificate request.

Complete the request

Once the certificate request is generated a *.pem file that contains the certificate request along with the private key. I’m using Notepad++ to edit the file so I can have it ready.

The next step will be to access my method of obtaining a certificate from Active Directory Certificate Services

The Certificate Template used is a ‘Web Server’ template that I created. I did follow some VMware KBs to assist with creating templates and even using them for vCenter appliances. KB2112009 & KB2112014

Copy the first part in the *.pem file downloaded from the appliance, select the template, and click ‘Submit’

When you download the certificate from the top link it should download in a *p7b file.

The next step is you can open a new file in a text editor that will allow you to save in certificate format and you will want to copy that entire string first in the file.

The second part of the string will be the root certificate from your CA and finally the last one will be the Private Key which was generated from Aria Suite LCM earlier in the *.pem file.

The following is an example of how it would be laid out. Save the file and next step will be importing it into Aria LCM

Go back to Aria LCM >> Locker >> Certificates and click ‘Import.

Look for the new *.pem file containing all 3 digital signatures and add it, if successful it should populate the 2 fields and give the certificate a unique name as this will be the name it’s saved in the system.

Click Import.

Our Cert is in

Next step will be to update the certificate on the actual appliance, up until now this was all generating and adding the cert to a repository.

From Aria LCM ‘My Services’ select ‘Lifecycle Operations’

From the far-right click ‘Settings’ and then ‘Change Certificate’

Click ‘Replace Certificate’

The ‘Replace Certificate’ wizard will appear, click Next.

From the drop-down menu, you will have the certificate imported earlier. Select that and click ‘Next’

The final step will be a Precheck option, click that and give it a moment to run, once it’s Passed, click Next.

The final step I took, close out of all browsers and access the appliance web interface again and no more warning message, we now have a secure connection to the appliance validating via certificate to our internal AD CA.

Aria Operations, Home Lab

Reclaim Capacity Using VMware Aria Operations 8.14.1 [Video]

sargonkhizeran

When I work with a customer for a health check of their VMware environment we have a set of internal tools we can leverage in our TAM organization. What is a TAM you may ask?, check out VMware Technical Adoption Manager

If a customer has VMware Aria Operations stood up, that is one of the first places I like to start to get an understanding of what we could find to clean up the environment. Think of it as getting rid of clutter so you can obtain a better visual. When I refer to waste, I’m talking about; PoweredOff virtual machines, virtual machines provisioned, left on and were never used for an intended purpose, snapshots! and finally orphaned disks, (aka Zombie VMDKs) as referred to by RVTools.

While Aria Operations is not the only tool that can achieve these tasks, it does make for a nice integration and the ability to track and report against it.

Check out a quick YouTube tutorial on using the ‘Reclaim’ feature in Aria Operations.

Aria, Aria Operations, Uncategorized

Monitoring SQL DB Instance & Services using Aria Operations Telegraf Agents

sargonkhizeran

In another blog I documented how to deploy a Cloud Proxy appliance so that you can monitor Services in an operating system. You can check that out here ‘VMware Aria Operations Cloud Proxy Deployment

For the following post I want to demonstrate monitoring a SQL Server services on a Windows Server virtual machine.

In our test today, I’m running Windows Server 2016 with SQL Server Express LIte as a VM.

From within Aria Operations, I will want to now deploy the Telegraf agent. **Please take a snapshot and take any precautionary backups**

Locate the object you want to deploy the Telegraf agent to, select and from the ‘Actions’ menu select ‘Install’

Select the Monitoring Availability and Cloud Proxy instance below, in my case, I have a single Cloud Proxy deployed. Click Done.

You have a couple of options to ensure authentication to the VMs is taking place. Selecting the top option ‘Common username & password” will allow me to define. Selecting ‘Enter virtual machine credentials‘ will allow you to download a template and populate it with username and passwords to upload back into the appliance.

I’m defining local Administrator permissions for lab and click Next.

Screenshot missing but on the final click ‘Install’ and installation should begin and you may monitor status in Aria Operations

Not too long, you should see a successful installation

With a few minutes, the agent should start reporting in new object data from the Windows Server instance and discover services. If you go to Configure>>Application Services

If you click on the ‘discovered’ in the Microsoft SQL Server service, it should take you to a list of monitoring features.

Now that we have discovered services, we can select what we want to configure and even add from ‘Custom Monitoring’. To ensure we are alarmed if a SQL service was to fail, we will select ‘Microsoft SQL Server’ and select Activate Service

We will select ‘Microsoft SQL Server’ click Confirm

The right-pane will bring up the following configuration menu, fill it out and click ‘Save’

In order to make this work I did have to enable port 1433 on my SQL instance to get the DB Instance to communicate with the collector, please work with your server and dba teams.

Monitor the configuration

Once configuration is successful you should now find the server in inventory deployed with an agent and reporting it in application data.

You can now bring up the object in Aria Operations and find additional data being pulled in from the DB Instance

You may also dive into associated Metrics for the SQL DB instance and start monitoring.

I hope this was found helpful and please ensure you follow best practices by taking snapshots, following associated documentation for your GuestOS and VMware.

Aria, Home Lab

VMware Aria Operations Cloud Proxy Deployment

sargonkhizeran

In the following document I want to demonstrate the steps in deploying a Aria Operations Cloud Proxy. My reason for this deployment is to monitor services on Windows Server Guest VMs and even physical!

While there are many ways to get to Cloud Proxy deployment, all roads eventually lead to the section in Aria Ops. The following is one example.

Click on ‘Configure Cloud Proxy’ and it will take you under ‘Data Sources’ option to the left.

Click ‘Add”

Click the button indicated below to begin OVA download, this will be downloading from the Aria Operations appliance itself and should match the version of Aria Operations you are running in your datacenter.

I will jump over some steps of deploying the OVA template in vSphere assuming folks reading are familiar.

Be sure to review the following settings before you copy your registration key. The key changes if you choose to enable ‘Data Persistence’

Once the appliance has been stood, if successful, the collector should now appear in ‘Cloud Proxies’

You can also now see the 2 accounts which are included by default.

If we go back to review our Telegraft Agents, you can now see there are VMs being recognized which we can push agents out to.

Next article will be deploying the agent onto Windows Server VM or physical servers.

Aria, Home Lab

Configuring ESXi Syslog in Aria Operations for Logs 8.12.0

sargonkhizeran

Shipping logs off to a repository for the benefit of troubleshooting, root cause analysis, post mortem reporting and today with AI (Artificial Intelligence) technologies, particular findings and trendings in logs can be proactively shared to an operator.

For the following article will demonstrate integrating vSphere with Aria Operations for Logs and ensuring your hosts get updated to point to your instance. Keep in mind that my instance is deployed as a ‘Small’ which is primarily targeted for POC environments, in an enterprise you should have a minimum of 3 appliance nodes and should have a VIP assigned. I do have ESXi 8.0 installed and have configured vSAN ESA.

From the vSphere console the following advanced setting for a host will shows Syslog.global.logHost is configured with a blank entry. After we are done, this will be populated.

Access your Aria Operations for Logs instance via Virtual IP or single instance name, if you receive the following prompt, this is generally an indication your instance has never been configured.

Click ‘Configure vSphere Integration’

You will be taken to where you can integrate a vCenter instance, (Do not use a local SSO account, create a service account separately)

If we leave the checkbox highlighted in yellow, this is what will be pushed out to configure ESXi hosts send logs to Aria Logs.

When clicking ‘Advanced option’ it will display and allow you to select specific hosts and even a syslog protocol. Just note, you must click ‘Test Connection’ and Accept thumbprint from the vCenter before it can poll hosts.

For our write up, I will only select esxi01 with UDP. Click ‘Save’ and ESXi hosts will be configured in addition to any vCenter logs. Once completed your vSphere Integration will like this. You can click next vSphere for refresh, VC Collection status is healthy and if you click ‘View Details’ it will show hosts configured and not configured in vCenter.

When you go back to the host and check the Advanced Setting, you will now see it populated with Aria Logs instance

If you want to go back and makes changes to what ESXi hosts and collections, you can go back into the vSphere Integration and then have options, in our case, I will come back and configure my 2 other hosts.

By now you should have logs from hosts and vCenter shipped to Aria Operations for Logs.