Home > Blogs > VMware TAM Blog

VMware Named 2016 STAR Award Winner for Innovation in Enabling Customer Outcomes

VMware’s global Professional Services organization has played an important role in enabling customer successes. Over the last five years, as VMwaretsia-award-2-233x300 has evolved from a single product company to a multi-product solutions provider, the maturation, innovation and transformation of its professional services business has driven new and higher levels of business success and customer satisfaction.

The Technology Services Industry Association (TSIA) announced the 2016 STAR Award winners at the Technology Services World Conference held in Las Vegas. VMware Professional Services was named the 2016 STAR Award winner for Innovation in Enabling Customer Outcomes.

Now in its 26th year, the STAR Awards have become one of the highest honors in the technology services industry. The selection process is rigorous, consisting of a thorough evaluation followed by a vote by TSIA’s service discipline advisory board members.

Read the full article on the VMware Radius Blog.

Certificates for Dummies – Part One: VCSA and PSC Certificates’ Overview and Configuring PSC with Intermediate VMware Certificate Authority (VMCA)

jean_oliveira

 

By Jean Oliveira

My name is Jean Oliveira, and I’m a Technical Account Manager in Brazil. In this role, I am often asked to assist in areas where I am not an expert, which involves research. For example, I have a customer who planned to replace VMware vCenter Server and VMware vSphere hosts’ self-signed certificates with internal signed certificates. To complete this task, he wanted to use the VMware Certificate Authority service as an Intermediate CA. My goal for this post is to help others work through this same issue in their environments.

This blog is organized into two parts:

  • Part One: VCSA (vCenter Virtual Server Appliance) and Platform Services Controller (PSC) Certificates Overview and Configuring PSC with Intermediate VMware Certificate Authority (VMCA)
  • Part Two: Replacing vCenter Server Certificates with VMCA (VMware Certificate Authority)

Before entering any command or accessing a KB, I first had to understand the new architecture behind vCenter 6.x. In the previous version of vCenter Server, each component had its own certificate:

joliveira_vcenter-components

In the new VMware architecture, there are only four certificates, with each one responsible for a set of components. The Platform Services Controller is responsible for signing and storing certificates in this new architecture.

joliveira_vcenter-architecture

In the PSC, each active certificate must be unique. A certificate is composed of the following: Common Name (CN), Organization (O), Organizational Unit (OU), Locality (L), State/Province (ST), and Country (C).

Initially, I had assigned the name “Web-Client” for all certificates generated for the Web Client service, which crashed my PSC. Based on my experience, I learned that each certificate’s Subject Name must be unique!

joliveira_certificate-details

Keeping this in mind, I used the following naming conventions:

Common Name (CN): Server FQDN
Organization (O): My organization’s name
Organizational Unit (OU): I used the “certificate service name”; for example, VPXD, VPXD-Ext, Web-Client, Machine, and so on
State/Province (ST): Sao Paulo
Country (C): BR

The next step is to join the PSC to the Active Directory domain. In the Manage/Settings/Active directory, click the Join button and enter the proper authentication as shown in the following screen.

joliveira_active-directory

Be sure to restart your PSC to apply the change.

Then, prepare the Microsoft Root Certificate Server. In my lab, I used a Windows Server 2003 R2 as a Root Certification Authority, so I had to configure it using “Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0 (2112009)”.

My next step was to replace the PSC SSL root certificate with the certificate signed by my Microsoft Root Certificate authority, and then replace all machine and solution certificates.

To do this, I connected to my PSC through SSH. If you have trouble enabling the Bash shell, please follow “Toggling the vCenter Server Appliance 6.x default shell (2100508)”.

I located the folder, /usr/lib/vmware-vmca/bin, and ran the command, ./certificate-manager, selecting Option 2, “Replace VMCA Root certificate with Custom Signing Certificate and replace all Certificates”. You can review the following choices I made, and replace them with the correct values for your environment.

  • Do you wish to generate all certificates using configuration file: Option[Y/N] ?: Y Select Y.
  • Please provide valid SSO and VC privileged user credential to perform certificate operations.
  • Enter username [Administrator@vsphere.local]:  Enter your administrator username.
  • Enter password:  Enter the password.
  • MACHINE_SSL_CERT.cfg file exists, Do you wish to reconfigure: Option[Y/N] ?: Y Select Y to reconfigure the answer file.
  • Enter proper value for ‘Country’ [Previous value: US]: BR
  • Enter proper value for ‘Name’ [Previous value: CA]: psc-01a.corp.lab I used the PSC server FQDN.
  • Enter proper value for ‘Organization’ [Previous value: VMware]: Corporate Lab
  • Enter proper value for ‘OrgUnit’ [Previous value: VMware]: Machine-SSL I used the Service Name.
  • Enter proper value for ‘State’ [Previous value: California]: Sao Paulo
  • Enter proper value for ‘Locality’ [Previous value: Palo Alto]: Sao Paulo
  • Enter proper value for ‘IPAddress’ [optional]:
  • Enter proper value for ‘Email’ [Previous value: email@acme.com]: administrator@corp.lab
  • Enter proper value for ‘Hostname’ [Enter valid Fully Qualified Domain Name (FQDN), For Example: example.domain.com]: psc-01a.corp.lab
  • Please configure machine.cfg with proper values before proceeding to next step.
  • Enter proper value for ‘Country’ [Previous value: US]: BR
  • Enter proper value for ‘Name’ [Default value: CA]: psc-01a.corp.lab I used the PSC server FQDN.
  • Enter proper value for ‘Organization’ [Default value: VMware]: Corporate Lab
  • Enter proper value for ‘OrgUnit’ [Default value: VMware]: Machine I used the Service Name.
  • Enter proper value for ‘State’ [Default value: California]: Sao Paulo
  • Enter proper value for ‘Locality’ [Default value: Palo Alto]: Sao Paulo
  • Enter proper value for ‘IPAddress’ [optional]:
  • Enter proper value for ‘Email’ [Default value: email@acme.com]: administrator@corp.lab
  • Enter proper value for ‘Hostname’ [Enter valid Fully Qualified Domain Name (FQDN), For Example: example.domain.com]: psc-01a.corp.lab
  • Please configure vsphere-webclient.cfg with proper values before proceeding to next step.
  • Enter proper value for ‘Country’ [Default value: US]: BR
  • Enter proper value for ‘Name’ [Default value: CA]: psc-01a.corp.lab I used the PSC server FQDN.
  • Enter proper value for ‘Organization’ [Default value: VMware]: Corporate Lab
  • Enter proper value for ‘OrgUnit’ [Default value: VMware]: vsphere-webclient I used the Service Name
  • Enter proper value for ‘State’ [Default value: California]: Sao Paulo
  • Enter proper value for ‘Locality’ [Default value: Palo Alto]: Sao Paulo
  • Enter proper value for ‘IPAddress’ [optional]:
  • Enter proper value for ‘Email’ [Default value: email@acme.com]: administrator@corp.lab
  • Enter proper value for ‘Hostname’ [Enter valid Fully Qualified Domain Name (FQDN), For Example: example.domain.com]: psc-01a.corp.lab
    • Generate Certificate Signing Request(s) and Key(s) for VMCA Root Signing certificate
    • Import custom certificate(s) and key(s) to replace existing VMCA Root Signing certificate
  • Option [1 or 2]: 1 Select Option 1 to generate the certificate request for the Root Certificate Server.
  • Please provide a directory location to write the CSR(s) and PrivateKey(s) to:
  • Output directory path: /tmp/ca
  • Please configure certool.cfg with proper values before proceeding to next step.
  • Enter proper value for ‘Country’ [Default value: US]: BR
  • Enter proper value for ‘Name’ [Default value: CA]: psc-01a.corp.lab I used the PSC server FQDN.
  • Enter proper value for ‘Organization’ [Default value: VMware]: Corporate Lab
  • Enter proper value for ‘OrgUnit’ [Default value: VMware]: certtool I used the Service Name.
  • Enter proper value for ‘State’ [Default value: California]: Sao Paulo
  • Enter proper value for ‘Locality’ [Default value: Palo Alto]: Sao Paulo
  • Enter proper value for ‘IPAddress’ [optional]:
  • Enter proper value for ‘Email’ [Default value: email@acme.com]: administrator@corp.lab
  • Enter proper value for ‘Hostname’ [Enter valid Fully Qualified Domain Name (FQDN), For Example: example.domain.com]: psc-01a.corp.lab
  • CSR generated at: /tmp/ca/vmca_issued_csr.csr Save this path and name!

I used WinSCP to copy the file vmca_issued_csr.csr from my PSC Server to my Windows Root Certification Authority Server, C:\Users\Administrator\Desktop.

As stated earlier, in my lab I used a Windows 2003 R2 Root Certification Authority server and, in this Windows version, V3 certificate templates are NOT visible in the Certificate Web Server. Therefore, I had to use the command line to issue the certificates. If you are using Windows 2008 and later, this is not a problem. If you are using Windows 2003 as I was, let me save you some research time! Below are the command line steps to issue the certificates.

Before submitting the request, I had to find the vSphere 6.0 VMCA template name. To find a list of all templates, open a command prompt in the Root Certificate Server, and type:

C:\Users\Administrator\Desktop>certutil –CATemplates

After locating the vSphere 6.0 VMCA name, “vSphere6.0VMCA,” I entered the following command to request the VMCA certificate:

C:\Users\Administrator\Desktop>certreq -attrib “CertificateTemplate:vSphere6.0VMCA” -submit vmca_issued_csr.csr

I saved the certificate file as vmca_issued_cert.cer.

The next step was to create the certificate chain, which included the VMCA Certificate (generated in the previous step), and the Domain Root certificate. To complete this step, I did the following:

  • Created a new empty file, server-root.cer
  • Opened the vmca_issued_cert.cer in Notepad and copied all information to the file, server-root.cer
  • Opened the certenew.cer in Notepad and copied all information to the file, server-root.cer
  • Saved the file server-root.cer

Now I had a full chain certificate file that I copied it to my PSC Server, folder /tmp/ca.

Moving on, I returned to the SSH session and chose option 1 below:

  • CSR generated at: /tmp/ca/vmca_issued_csr.csr
    • Continue to importing Custom certificate(s) and key(s) for VMCA Root Signing certificate
    • Exit certificate-manager
  • Please provide valid custom certificate for Root.
  • File: /tmp/ca/server-root.cer Enter the full path and name to the file, server-root.cer.
  • Please provide valid custom key for Root.
  • Please provide valid custom certificate for Root.
  • File: /tmp/ca/root_signing_cert.cer The path is the same as above, and the file name is default.
  • Please provide valid custom key for Root.
  • File: /tmp/ca/vmca_issued_key.key The path is the same as above, and the file name is default.
  • You are going to replace Root Certificate with custom certificate and regenerate all other certificates
  • Continue operation: Option[Y/N] ?: Y Select Y.
  • Get site nameCompleted [Replacing Machine SSL Cert…]
  • default-site
  • Updated 9 service(s)
  • Status: 100% Completed [All tasks completed successfully]

When it finished, I restarted all services by running service-control –stop –all, and then service-control –start –all.

To verify everything was working, I looked in the certificate store.

VMware has also a good KB you can use as a guide, “Configuring VMware vSphere 6.0 VMware Certificate Authority as a subordinate Certificate Authority (2112016)”.

Stay tuned for Part Two, when I will walk you through the process for replacing vCenter certificates with VMCA signed certificates. Talk to you then!


Jean Oliveira is a Technical Account Manager for VMware based in São Paulo, Brazil. For the last +5 years he is helping their customers in the hybrid-cloud journey, saving money and achieving a higher IT maturity. When not working, he loves to be with his wife Shirley. You can connect with Jean on LinkedIn.

VMworld 2016 for TAMs: What to Know Before You Go

Joining us at VMworld this week in Las Vegas? We’re excited to see you! Here on the ground as we set up, time seems to be moving extra slowly. The party’s about to start and the guests are on their way—but for now, we have to wait. (Talk to us Thursday as we wonder where all the time went!)

For our TAM customers, we’ve made sure there’s no limit to the opportunities to learn more about the latest in IT. Whether it’s your first, second, or tenth VMworld, you’re in for a whirlwind week. There’s a lot going on the next few days—plan wisely.

A TAM Customer with a Plan

Here’s a rundown of key VMworld moments:

  • VMworld: Sunday, August 28–Thursday, September 1 at the Mandalay Bay Hotel and Convention Center, Las Vegas
  • TAM Customer Day: Sunday, August 28
  • TAM Lounge: Monday, August 29–Thursday, September 1
  • TAM Customer Central: Monday, August 29–Thursday, September 1

Now, you may have already registered for VMworld. But have you checked in with your TAM? We’ve got countless breakout sessions, deep dives, and panels planned, and your TAM can help orient you toward those events most relevant to your business.

This year, we’re continuing the VMworld tradition of TAM Customer Day. We’ll talk through your issues, work collaboratively to find resolutions, and introduce you to experts on VMware best practices. This year’s TAM Customer Day falls on Sunday, August 28, the day before VMworld starts.

Something for Everyone

This year, we’re bringing in VMware thought leaders for Office Hours at TAM Customer Central (TCC) Headquarters. Stop by, chat, and ask questions—we’re all ears. There really is something for everyone:

In the TAM Lounge and TCC:

  • Monday
    • Troubleshooting Storage Performance in vSphere: Walk through the vSphere storage stack, configuration suggestions, and diagnostic advice.
    • CLEAR Insights: Get a sneak preview of the CLEAR report, detailing the progress and challenges of mature TAM customers.
    • Overview of Virtual Technical Advisor Service: Join us for a journey through the VTA Service with real-world examples.
    • TCC Office Hours: Chat with Nisha Rai, VMware Tools Product Manager.
  • Tuesday
    • Real-World Maturity Analytics Trends and Discussion: This session highlights key findings and broad analyses from the TAM CLEAR report.
    • Premier Support Services: Learn the differences between Mission Critical and Business Critical offerings in Premier Support, VMware’s top technical assistance solution.
    • Introduction to TAM Services: New to the VMware TAM ecosystem? Drop in for the low-down on all things technical.
    • TCC Office Hours: Chat with Yiting Jin, vSphere Senior Product Manager.
  • Wednesday
    • A Customer’s Perspective on Driving IT Transformation: Take a look at real-world IT transformation challenges—from the customer perspective.
    • TAM Family Program Analytics: Want to learn how TAM Family customers use our team’s analytics? See how TAMs help set up their customers for success.
    • Production is Down—So Are My Tools: Explore a production outage use-case to see VMware solutions in action.
    • TCC Office Hours: Chat with Amanda Blevins, Director of Technology, Office of the CTO.
  • Thursday
    • Overview of Virtual Technical Advisor Service: See Monday’s description.

… That’s Not All, Folks

Get social! Throughout the event you can find us on Twitter and Facebook. Follow along for updates from the TAM Lounge, or join the conversation with #VMwareTAM.

And of course, remember to keep some extra space open in your luggage. How else will you cart home all your fantastic VMware swag? We’ve got two daily prizes up for grabs—one slick VMworld aviator jacket and a voucher good for any VCP exam. You could be one of our lucky, random winners.

That’s all for now. We look forward to seeing faces both familiar and new at VMworld. Until Sunday!

It’s the Most Wonderful Time of the Year

Cheryl_EaganBy Cheryl Eagan

Late August into early September—my favorite time of the year. Why? Because it’s time for VMworld, which means it’s also time for TAM Customer Day and TAM Customer Central.

I know people laugh when I call this my favorite time of year, but it’s true. TAM events at VMworld are some of the most rewarding things I work on, and have been ever since I joined VMware over nine years ago.

The reason I find it so rewarding is that it’s a great opportunity our TAM customers cannot get anywhere else. They gain so much value in such a short time. They get to have in-depth conversations with VMware business leaders, interact with their peers, and network with people within their industry or who have similar challenges and use cases in their business. It’s a time when our customers feel like they are really being heard.

The other reason why I love this time of year so much is that I get to see the value and the joy that it provides my fellow TAMs. They work so hard all year to advocate for our TAM customers, this is the time it all comes together.  VMworld is our most important annual event and it gives us the chance to meet face to face with our customers. We get to talk about issues, and line up meetings and discussions for our customers with the people who can listen and help. This one week drives much of what we do all year long.

What’s planned for this year?

VMworld begins Sunday, August 28 and runs through Thursday, September 1. The event is at vmworld-2016the Mandalay Bay Hotel and Conference Center in Las Vegas. If you haven’t already planned to attend VMworld, you should register now. TAM Customer Day will be held August 28. The day starts with an invitation-only VIP breakfast for our full-time TAM customers.  Every year we feature industry expert speakers on a variety of topics addressing our customers’ top priorities.

The General Session will start in the main conference hall and will include a welcome by VMware CTO Ray O’Farrell. Next, there will be five breakout sessions centered on discussing key customer challenges. There is a lunch and award session, during which we award customers who have done creative, unique things with our solutions and provided incredible value to their companies.

We then have “Ask the Experts” breakout sessions. In these sessions, over 100 VMware subject matter experts make themselves available to answer the specific concerns of our customers.

The final session of the day is a CTO panel, during which customers can participate in Q&A. After this, there will be a session close and reception.

What has changed since last year?

After last year’s event, we received feedback that our customers wanted more technical-level sessions, as well as smaller groups for more focused attention. In response to that, we’ve focused breakout sessions around some of our key customer challenges such as management automation, the vSphere platform, and mobility. These sessions are hosted by product teams, business unit leaders, and technical marketers. We’ve increased the time set aside for these sessions so our customers can make the most of them.

We’ve also expanded our “Ask the Experts” sessions because these sessions have been the most popular amongst our customers. There will be over 100 tables at this event and more time set aside for participation in these sessions, as well. During “Ask the Experts”, customers can focus on very specific technical aspects of VMware products and tools.

The CTO panel is a new addition to TAM Customer Day and is also in response to our customers’ desire to include more technical content in the event. At the end of the panel, customers will be able to ask questions of our CTOs and thought leaders. They’ll get a peek into what they can look forward to from VMware, and provide input to the people who actually drive VMware’s vision and strategy.

Beyond TAM Customer Day, what other TAM activities are happening at VMworld?

TAM Customer Day became so large that we decided to extend this exclusive experience throughout the entire week of VMworld. Five years ago, we started TAM Customer Central, which quickly became popular. In our first year, we had a couple hundred attendees. Last year, there were 1,700 customer visits.

TAM Customer Central runs Monday through Thursday, and provides a great experience to TAM customers. During these sessions, you participate in intimate, highly interactive discussions that pertain specifically to your business. If you are unable to attend TAM Customer Day, work with your TAM to make use of Customer Central. Your TAM can help you plan the week to be sure you engage in activities that are the most critical and most important to you and your business.

What should I do now to get ready for VMworld and TAM Customer Central?

First, if you haven’t already, you should register. Next, work with your TAM to plan your time at VMworld. This is your chance to discuss your challenges, ask questions, and gain insight into VMware strategy and future solutions. These opportunities are simply not available anywhere else but VMworld. During our exclusive TAM events, you get to provide input, discuss your specific needs, and speak in person with people who can take your input and influence future VMware products.

The VMworld Schedule Builder opens July 19, and only TAM customers will be able to register for the deep dive sessions available through TAM Customer Central. If you need more information or want to confirm your registration, talk to your TAM Keep in mind these sessions fill quickly.

I hope to see you at VMworld, and I especially hope to see you at our various TAM events during the week. Like me, maybe you, too, will come to think of this as the most wonderful time of year.


Cheryl Eagan is a Principal Technical Account Manager for VMware based in Georgia.