Home > Blogs > VMware Consulting Blog

Holistic Engagements Lead to Successful Outcomes

Ford DonaldBy Ford Donald, Principal Architect, GTS PSE, VMware

In my last post, I introduced an optimized consulting approach called the SDDC Assess, Design, and Deploy Service. The post focused on the technical blueprint, designed with common core elements, and the flexibility for custom implementation using modular elements. In this post, we’ll explore the process improvements that lead to holistic, mutually beneficial engagements.

The Work Stream Process
The six-step process takes into account both our prescribed starting point—the technical foundation—and the unique needs of the customer, with an eye towards a predictable outcome.

1. Solution Overview. We begin with an overview of the technical foundations and the new approach to help the customer understand the benefits of holistic consultation and the specific solution design. This sets a level discussion between the modeled approach and the pre-conceptions of how things work. Stepping back to review the approach gets us to the assessment phase quickly so we are all on the same page about how we’ll be working together.

2. Assessment Phase. In this phase, we assess what the customer already has in place, and where they would like to be at the end of the project. Some customers have strong opinions of design, others don’t. Defined gaps are where we come in with adaptations to the prescribed design, with layers and snap-ins added as desired.

3. Design Phase. Here, we bring forward the adapted solution, shaped to meet the customer’s needs and requirements, relative to our good starting point with the prescribed solution.

4. Deploy Phase. Given all the up-front work up to this point, deployment should be straightforward. We add what’s missing, modify what’s not right, and bulk up or whittle down to get to the adapted solution. Here we would add in things like Orchestrator if it’s not currently deployed, along with the Orchestration workflow library. These pre-defined, generalized, well-documented workflows are field-tested and designed so that we can easily provide support—this ensure that they are consistent across the board.

5. Knowledge Transfer. I like to call this the cool-down period. Here we take two steps back and let the environment learn, stabilize, and cool off a bit. For example, VCOps does best if it’s given three or four weeks to understand what normal is. This is a great time to train administrative staff on the new implementation and announce any operational or organizational transformations needed. It’s important to take the time to get a feeling for what’s new or changed, from interfaces and APIs to dealing with resources and loading up templates.

6. Solution Validation. In this phase we come together to look back and compare the results to the prescribed beginnings. If we haven’t hit the mark, remediation is required.

The Project Timeline
It’s important to note that each phase of the technical transformation has its own work stream process. No engagement should take on the entire thing as one major project. Rather, it should be a series of engagements that meet the customer’s timeline and adoption capability. The various stages will take place over a lengthy time period.

Traditionally, customer engagements have focused on the assessment or the design and deliver phase. By adding in the Solution Overview, and ensuring we’re all starting from the same point, we lay the foundation for success.


Ford Donald is a Principal Architect and member of Professional Services Engineering (PSE), a part of the Global Technical Solutions (GTS) team, a seven-year veteran of VMware. Prior to PSE, Ford spent three years as a pre-sales cloud computing specialist focusing on very large/complex virtualization deployments, including the VMware sales cloud known as vSEL. Ford also served as coreteam on VMworld Labs and as a field SE.

Working with VMware Just Gets Better

Ford DonaldBy Ford Donald, Principal Architect, GTS PSE, VMware

Imagine someone gives you and a group of friends a box of nuts and bolts and a few pieces of metal and tells you to build a model skyscraper. You might start putting the pieces together and end up with a beautiful model, but it probably won’t be the exact result that any of you imagined at the beginning. Now imagine if someone hands you that same box, along with a blueprint and an illustration of the finished product. In this scenario, you all work together to a prescribed end goal, with few questions or disagreements along the way. Think about this in the context of a large technical engagement, for example a software-defined data center (SDDC) implementation. Is it preferable to make it up as you go along, or to start with a vision for success and achieve it through a systematic approach?

Here at VMware, we’re enhancing the way we engage with customers by providing prescriptive guidance, a foundation for success, and a predictable outcome through the SDDC Assess, Design and Deploy Service. As our product line has matured, our consulting approach is maturing along with it. In the past, we have excelled at the “discovery” approach, where we uncover the solution through discussion, and every customized outcome meets a unique customer need. We’ve built thousands of strong skyscrapers that way, and the skill for discovering the right solution remains critical within every customer engagement. Today we bring a common starting point that can be scaled to any size of organization and adapted up the stack or with snap-ins according to customer preference or need. A core implementation brings a number of benefits to the process, and to the end result.

A modular technical solution

Think of the starting point as a blueprint for the well-done data center. With our approach, the core elements of SDDC come standard, including vSphere, vCenter Operations, vCenter Orchestrator, and software-defined networking thru vCNS. This is the clockwork by which the SDDC from VMware is best established, and it lays the foundation for further maturity evolutions to Infrastructure Service and Application Service. The core “SDDC Ready” layer is the default, providing everything you need to be successful in the data center, regardless of whether you adopt the other layers. Beyond that, to meet the unique needs of customers, we developed “snap-ins” as enhancements or upgrades to the core model, which include many of our desirable, but not necessarily included-by-default, assets such as VSAN and NSX.

The Infrastructure Service layer builds on the SDDC by establishing cloud-based metaphors via vCloud Automation Center and other requirements for cloud readiness, including a service portal, catalog-based consumption, and reduction of administrative overhead. The Application Service layer includes vCloud Application Director and elevates the Infrastructure layer with application deployment, blueprinting and standardization.

From our experience, customers demand flexibility and customization. In order to meet that need, we built a full menu of Snap-ins. These snap-ins allow customers to choose any number of options from software-defined storage, NSX, compliance, business continuity & disaster recovery (BCDR), hybrid cloud capabilities and financial/cost management. Snap-ins are elemental to the solution, and can be added as needed according to the customer’s desired end result.

Operational Transformation Support

Once you’ve adopted a cloud computing model, you may want to consider organizational enhancements that take advantage of the efficiency gained by an SDDC architecture. As we work with our customers in designing the technical elements, we also consult with our customers on the operational processes. Changing from high administrative overhead to low overhead, introducing new roles, defining what type of consumer model you want to implement – our consultants help you plan and design your optimal organization to support the cloud model.

The beauty of this approach shines in its ability to serve both green field and brown field projects. In the green field approach, where a customer wants the consultants to take the reins and implement top to bottom, the approach serves as a blueprint. In a brown field model, where the customer has input and opinions and desires integration and customization, the approach can be adapted to the customer’s environment, relative to the original blueprint.

So whether you’re building your skyscraper from the ground up, or remodeling an existing tower, the new SDDC Assess, Design and Deploy Service provides an adaptable model, with a great starting point that will help you get the best out of your investment.

Stay tuned for an upcoming post that gives you a look under the hood of the work stream process for implementing the technical solution.


Ford Donald is a Principal Architect and member of Professional Services Engineering (PSE), a part of the Global Technical Solutions (GTS) team, a seven-year veteran of VMware. Prior to PSE, Ford spent three years as a pre-sales cloud computing specialist focusing on very large/complex virtualization deployments, including the VMware sales cloud known as vSEL. Ford also served as coreteam on VMworld Labs and as a field SE.

 

VMware Horizon 6 (View) Firewall and Network Ports Visualized

Ray Heffer
By Ray Heffer, VCDX#122, VMware EUC Architect

Back in April 2012, I posted on my blog my original Horizon View network firewall ports diagram. Over the past two years, it’s been used widely both internally at VMware and in the community. Since Horizon 6 just recently released, I thought I’d create a brand new full size diagram to include Cloud Pod Architecture. This updated diagram contains a better layout and a new color theme to boot!  This image is 3767 x 2355 pixels, so simply click it to enlarge then ‘Save Image’ to get the full size HD version.

You’ll notice the addition of VIPA (View inter-pod API) and ADLDS port 22389 which are both used for Cloud Pod Architecture. Bear in mind that between your View Pods, you will still require the usual Active Directory ports.

Horizon 6 Firewall Diagram

Key Firewall Considerations for VMware Horizon 6

  • TCP 8472: View interpod API (Cloud Pod Architecture) – NEW
  • TCP 22389: Global ADLDS (Cloud Pod Architecture) – NEW
  • HTTPS (443): Horizon Client access, authentication and RDP tunnel (HTTPS Secure Gateway)
  • HTTPS (8443): Used by HTML Access (Blast)
  • HTTPS (22443): HTML Access (Blast) to Virtual Desktops
  • TCP 9427: Used by Windows multimedia redirection (MMR)
  • TCP 32111: USB Redirection
  • ESP (Protocol 50) used for Security Server and Connection Server IPSEC communication (requires Windows firewall with Advanced Security to be enabled)
  • UDP 500: IPsec negotiation for Security Server and Connection Server communication and pairing.

For a full list of network ports please refer to the latest Horizon 6 documentation: https://www.vmware.com/support/pubs/view_pubs.html


Ray Heffer is an EUC Architect working at VMware and a double VCDX with both VCDX-DCV (Data Center) and VCDX-DT (Desktop). Previously part of the VMware Professional Services team as a Senior Consultant, Ray now works for the Desktop Technical Product Marketing BU at VMware. Ray joined the IT industry in 1997 as a Unix admin, before focusing on end user computing with Citrix MetaFrame and Terminal Services in the early days. In 2004 Ray joined an ISP providing managed hosting and Linux web applications, but soon discovered VMware ESX 2.5 (and GSX!) and passed his first VCP in 2007. Ray has many years of complex infrastructure design and delivery including the integration of VCE Vblock for both EUC and Cloud, and two highly successful 10,000+ user VMware Horizon View design and implementation engagements. This post originally appeared on Ray’s blog. Follow Ray on Twitter @rayheffer.

Horizon View: RDS PCoIP Design Tips

By Dale Carter, Consulting Architect, End-User Computing

Dale CarterWith the release of VMware Horizon View has come the ability to not only configure virtual desktops but also virtual applications hosted on Windows RDS servers.

In this post, I will cover a couple of things that you should take into consideration when configuring virtual applications and how they might affect the sizing of your View Cluster and the number of connection servers you will need.

There are many different papers and posts on how to configure RDS servers themselves, so I will not be touching on that in this post. I want to discuss the effects of how the PCoIP connections connect to RDS servers and what you should look out for.

Scenario 1
The following diagram shows my first configuration. This includes a virtual desktop cluster and a single RDS farm. RDS Farm A in this example is hosting five applications: Word, Excel, Power Point, Visio and Lync.

Virtual Desktop Scenario 1

In this scenario if a user launches a virtual desktop and then an application, the user would be using a maximum of two PCoIP connections through the Horizon View infrastructure. It’s important to know that when configuring RDS with just one farm, if a user then launches a second application or all five applications, then all these applications will launch using the same PCoIP connection. This means that all five applications for that user would be running on the same RDS host. In this scenario, you need to make sure that each of your RDS hosts can handle all users opening all applications on each of the hosts.

The Horizon View connection servers do load balance a user’s connection when the user first connects to an RDS host. Users will always be sent to the RDS host with the lowest number of connections; however, once they are connected they will always go to the same RDS host until they completely disconnect from all applications.

In this scenario, if you have 300 users and they all launch Word, each RDS server will have 100 connections all running Word. It is also possible in this scenario that Servers A and B will only be running 100 instances of Word; whereas Server C could be running 100 instances of all five of the different software applications. This is why it is critical that the RDS servers are configured correctly.

Scenario 2
In the second configuration, I split the application across RDS host farms. The following diagram shows two RDS farms. The first, Farm A, is hosting Word, Excel and PowerPoint. The second, Farm B, is hosting Visio and Lync.

Virtual Desktop Scenario 2

 

Now in this scenario, if a user launches a virtual desktop and then the applications Word and Visio, we have managed to lighten the load on the RDS servers. By separating the application into different RDS farms, we now know that each RDS server is not going to get as much load when a user opens these applications. However, instead of a user only using two PCoIP connections the user is now using three PCoIP connections.

Conclusion
Given this information, it becomes more important than ever to know your users’ environment and the applications the users are using. When deploying Horizon View into your environment and taking advantage of the new hosted application functionality you need to ask yourself the following questions:

  • How many applications will be installed on each RDS host?
  • What is the hardware configuration of the RDS host?
  • How many RDS farms will be required?
  • How many PCoIP sessions will each user require?

For larger environments, the question might be: Will one or more View deployments be required? As the environments get larger, it might be a better design to have one View deployment for desktop connections and a separate deployment for hosted applications. In this scenario, VMware Workspace can become that central location for users to access all of their desktops and applications. With VMware Workspace 2.0, it is now possible to configure more that one View environment, giving you the option of multiple View environments that are all accessible from the one Workspace front end.


Dale Carter, a VMware Consulting Architect specializing in the EUC space, has worked in IT for more than 20 years. He is also a VCP4-DT, VCP5-DT and VCAP-DTD.

vCAC 5.2 to 6.x Construct Mappings

By Eiad Al-Aqqad

Eiad Al-AqqadThis post originally appeared on Eiad’s Virtualization Team blog.

vCloud Automation Center (vCAC) 5.x admins and architects might get surprised by vCAC 6.x construct naming, thinking VMware has abandoned the constructs vCAC used in the past. After a closer look, you will notice the construct functionalities are still the same as they used to be in 5.x. They were just renamed to fit the wider audience vCAC is currently addressing, and to be better aligned with broader functionality. The main difference is that a new Tenant Construct that did not exist in 5.2 was introduced in vCAC 6.x, as vCAC 5.2 did not support multi-tenancy.

I get asked quite often about the construct mapping between vCAC 5.2 and 6.x. The longer I deliver just vCAC 6.x engagements, the more I forget the construct mapping between vCloud Automation Center 5.2 and 6.x, so I decided to document it as a reference for myself and anyone else who needs it. Below is the best diagram I was able to find that highlights the construct mapping between vCAC 5.2 and vCAC 6.x:

vCAC Construct Mapping

 

Hope this help those of you familiar with vCAC 5.2 jump on 6.x with confidence.


Eiad Al-Aqqad is a Senior Consultant within the SDDC Professional Services practice. He has been an active consultant using VMware technologies since 2006. He is VMware Certified Design Expert (VCDX#89), as well as an expert in VMware vCloud, vSphere, and SRM. Read more from Eiad at his blog, Virtualization Team, and follow him on Twitter @VirtualizationT.

VMware #1 in IDC Worldwide Datacenter Automation Software Vendor Shares

The VMware Company Blog announces that market research firm IDC has named VMware the leading datacenter automation software vendor based on 2013 software revenues.(1)

IDC’s report, “Worldwide Datacenter Automation Software 2013 Vendor Shares,” determined that VMware’s lead in 2013 jumped 65.6 percent over 2012 results and its market share now stands at 24.1 percent, more than 10 percentage points above the second place vendor. Overall, the worldwide market for datacenter automation grew by 22.1 percent to $1.8 billion in 2013. Download full IDC report here.

(1)   IDC, “Worldwide Datacenter Automation Software 2013 Vendor Shares,” by Mary Johnston Turner, May 2014

Quick Tip: Change the Password on the vCNS Edge

By Martijn Baecke, VMware Senior Consultant

Martijn BaeckeDeploying and managing a vCNS Edge device with vCloud Director is a pretty easy task. You just spin up the appliance, integrate it with vCenter and then hook it up to vCloud Director. Piece of vCAC!

I was trying to dig deeper into the structure of how vCNS Edge devices work and wanted to log in to the Edge device itself. The only problem was fact that I couldn’t log into console of the Edge appliance that was deployed by vCNS manager on my virtual infrastructure. Thankfully, the vCNS Manager interface provides you with the possibility to reset the password.

To reset the password and be able to log into the vCNS Edge device:

1. Log into the vCNS web interface.
2. At “View:” in the left corner, select Edges.
3. Select the Edge Gateway you want to log into.
4. Click Actions and select Change CLI Credentials.

This allows you to set the password for the “admin” account. With these credentials you can login to the vCNS Edge device.


Martijn Baecke is a Senior Consultant for VMware Professional Services in Northern EMEA. He has 10+ years experience in advising and consulting with large enterprise companies around IT infrastructure. He is a VMware Certified Design eXpert (VCDX #103) and you can find more insights on his personal blog, Think©Loud.

Cloud Automation Requirements from the Field

By Jung Hwang, Enterprise Solutions Architect, VMware

Jung HwangIT organizations adopt private cloud solutions for two main reasons: to gain agility and to improve efficiency of the services they offer. VMware’s vCloud Automation Center (vCAC) solution offers workload lifecycle capabilities that help IT organizations automate and centrally manage IT tasks that were traditionally done manually. Although vCAC has robust out-of-the-box (OOTB) capabilities that address many of these manual processes, enabling business and IT logic on top of the OOTB capabilities has helped many of our customers to reach their goals and realize the true value of automation. Below we’ll explore three requirements we have seen enabled on top of the vCAC OOTB capabilities.

Generate Custom Host Names
Although this seems to be a straightforward process, maintaining consistent host names can be challenging, especially in the private cloud environment where the virtual machine provisioning is automated without any IT staff’s involvement.

Within vCAC, administrators have some ability to add a prefix and a suffix to host names, but many customers need more custom fields, such as the environment (Prod/Dev/QA), type (Application/Web/DB), location (NA/EMEA), and incremental numbers (00X). (For example, a host name could be PROD-SQL-NA-001.) Every customer has a unique naming standard – because of this, VM host name assignment should be automated in vCAC to further minimize the manual intervention.

Active Directory Organization Unit (OU) Placement
Related to the host names issue, vCAC can integrate with Active Directory and will place VMs in a default computer object container within Active Directory. Our customers often have complex Active Directory Organizational Unit (OU) structures. Based on the host name assigned by vCAC, customers want to place the VM in the specific Active Directory OU. This will minimize unnecessary steps required to associate automatically provisioned VMs by vCAC. Moving VMs from the default computer object container to other containers can be as easy as a drag and drop operation, but when 10s or even 100s of VMs are provisioned via a self-service portal, placing a VM to the right OU based on the host name becomes an important task.

Configuration Management Database (CMDB) Integration and Configuration Item (CI) Management
Another common requirement is integrating vCAC with CMDB. Traditionally, updating and maintaining CIs were manual tasks, but they would be extremely difficult to do manually in a private cloud environment when VMs are provisioned and decommissioned based on the policy. The consumer of the vCAC solution will also be able to make changes with VM specifications so the integration with CMDB is another important area. Since the VMs will be requested via vCAC, vCAC can capture the VM specifications to create and update CIs in CMDB. The integration and automation can be enabled during the provisioning (when VMs are initially deployed), management (when VM specifications are changed by the owner), and decommissioning (when VMs are deleted).

The key to success and further identifying automation opportunities is understanding the customer’s end-to-end processes and translating them to new, private cloud processes. As we listen to our customers we can bring them more of what they need.


Jung I. Hwang is an Enterprise Solutions Architect and a member of VMware’s Services organization. Jung is responsible for creating solution roadmaps and execution plans with VMware’s products and services portfolio to solve customers’ business and technology challenges and initiatives.

Practical Tools from VMware Consultants: Mobility Policy, Horizon + Lync Architecture, and vCOps Dashboard

Our goal on the VMware Consulting blog is to share best practices that have delivered results for our customers, in hopes that they will help others be successful with VMware offerings.  Once in a while we like to highlight past posts that our readers have found particularly valuable. Last month, we published three such pieces — with great, practical advice to help you in your daily work. Just in case you missed them, we hope you find them useful. And if you’re already putting them to use, be sure to leave comments for our consulting authors. Feedback helps us bring you more of what you want to read!

How to Set Up a BYOD/Mobility Policy
By TJ Vatsa, Principal Architect, VMware Americas Professional Services Organization

Architecture Overview: Microsoft Lync with VMware Horizon View
By Ray Heffer, VCDX #122, VMware EUC Architect

Create a vCOps One-Click Cluster Capacity Dashboard, Part 2
By Sunny Dua, Senior Technology Consultant, VMware


vCloud Automation Center 6 Certificates A to Z

By Eiad Al-Aqqad, Senior Consultant, VMware Professional Services

Eiad Al-AqqadWhile working on delivering vCAC 6 engagements, I have noticed that getting all the required certificates in place has always involved jumping across different information sources, from VMware documentation and blogs to other consultants’ work. I have created the following guide to make the process easier. This is the first of three posts that cover the certificates process for a new vCAC 6.x installation from A-Z, beginning with how to install your own CA and continuing through assigning the certificates to each component.

First, I have to give credit where it is due. This document includes information from the following sources:

While I have used a lot of material from the above sources, I have also applied these steps at various customer sites, and carried out the full process in my lab. I hope you will find it useful.

Before You Begin
There are some important recommendations and requirements before you get started.

  1. VMware recommends a domain certificate or a wildcard domain certificate for a distributed installation.
  2. The certificate must be in PFX (for Windows) and PEM (for Appliances and Load Balancer) formats. (See table below.)

Certificates needed

While this post focuses on generating and using certificates for a new vCAC 6 installation, if you have an existing installation and vCAC 6 setup and you want to replace your self-signed certificates with signed certificates, you need to consider the following:

  1. Update components certificates in the following order:
    1. Identity Appliance
    2. vCloud Automation vCenter Appliance
    3. IaaS components

Note: With one exception, changes to later components do not affect earlier ones. For example, if you import a new certificate to a vCloud Automation Center Appliance, you must register this change with the IaaS server, but not with the Identity Appliance. The exception is that an updated certificate for IaaS components must be registered with vCloud Automation Center Appliance.

The table below shows registration requirements when you update a certificate.

Registration requirements

Step 1: Installing Domain CA
This section documents how to create the Domain Certificate Authority that you will later use to generate your certificates.

      1. In the Select Server Roles screen, click to select Install Active Directory Certificate Services.Select Server Roles screen
      2. In the Select Role Services screen, click to select both Certification Authority and Certifications Authority Web Enrollment.
        Select Role Services screen
      3. In the Specify Setup Type screen, click to select Enterprise.
        Specify Setup Type screen
      4. If this is your first CA, in the Specify CA Type screen, click to select Root CA.
        Specify CA Type screen
      5. In the Set Up Private Key screen, click to select Create a new private key.
        Set Up Private Key screen
      6. In the Configure Cryptography for CA screen, make the selections as shown in the below screenshot.
        Configure Cryptography for CA screen
      7. In the Configure CA Name screen, type in the name of your CA.
        Configure CA Name screen
      8. In the Set Validity Period screen, use the drop-down menu to select the appropriate period for the certificate generated by this CA.
        Set Validity Period screen

Step 2: Creating vCAC Certificate Templates
To allow for export of the certificate key, you need to create a non-standard certificate template, which is a modified copy of the standard web server template. In addition, the Microsoft CA will be updated to allow for Subject Alternative Names (SANs) as specified in the attributes.

To create a new, non-standard default template:

      1. Connect to the Root CA server or Subordinate CA server via RDP.
      2. Click Start > Run, type certtmpl.msc, and click OK. The Certificate Template Console opens.
      3. In the middle pane, under Template Display Name, locate Web Server.
      4. Right-click Web Server and click Duplicate Template.
      5. In the Duplicate Template window, select Windows Server 2003 Enterprise for backward compatibility.
      6. Click the General tab.
      7. In the Template Display Name field, enter vCAC Certificate as the name of the new template.
      8. Click the Extensions tab.
      9. Select Key Usage and click Edit.
      10. Select the Signature is proof of origin (nonrepudiation) option.
      11. Select the Allow encryption of user data option.
      12. Click OK.
      13. Select Application Policies and click Edit.
      14. Click Add.
      15. Select Client Authentication.
      16. Click OK.
      17. Click OK again.
      18. Click the Subject Name tab.
      19. Ensure that the Supply in the request option is selected.
      20. Click the Request Handling tab
      21. Ensure that the Allow private key to be exported option is selected
      22. Click OK to save the template.

 

To add a new template to certificate templates:

      1. Connect to the Root CA server or Subordinate CA server via RDP.
        Note: Connect to the CA server in which you intend to perform your certificate generation.
      2. Click Start > Run, type certsrv.msc, and click OK. The Certificate Server console opens.
      3. In the left pane, if collapsed, expand the node by clicking the [+] icon.
      4. Right-click Certificate Templates and click New > Certificate Template to Issue.
      5. Locate vCAC Certificate under the Name column.
      6. Click OK.

A new template option is now created in your Active Directory Certificate Services node. This new template can be used in the place of Web Server for the vSphere 5.x CA certificate.

Step 3: Installing OpenSSL version 0.9.8.
Use the following steps to install OpenSSL, which will be used to request the required certificates.

Important: Ensure that you are using OpenSSL version 0.9.8. If you do not use this version, the SSL implementation will fail.

To set up OpenSSL:

      1. Ensure that the Microsoft Visual C++ 2008 Redistributable Package (x86) is installed on the system on which you want to generate the requests. To download the package, see the Microsoft Download Center.
      2. Download the Shining Light Productions installer for OpenSSL x86 version 0.98r or later at http://www.slproweb.com/products/Win32OpenSSL.html. This software was developed by the OpenSSL Project.
      3. Launch the installer, proceed through the installation, and note the appropriate directory for later use. By default, it is located at c:\OpenSSL-Win32.

This tutorial includes two additional posts, which you can find on my blog at the following links:

Post 2: Generating Certificates for the identity Appliance/vCAC Appliance
Post 3: Generating Certificates for vCAC 6 IaaS Web Server & Manager Service


Eiad Al-Aqqad is a Senior Consultant within the SDDC Professional Services practice. He has been an active consultant using VMware technologies since 2006. He is VMware Certified Design Expert (VCDX#89), as well as an expert in VMware vCloud, vSphere, and SRM. Read more from Eiad at his blog, Virtualization Team, and follow him on Twitter @VirtualizationT.