Thursday, March 4, 2010

VMware Lab Manager Install Notes and LDAP Import

Setting up Lab Manager can be a little complex.  It isn't as straight forward as some of the other VMware products so I wanted to provide some tips and tricks to get it all up and running.

Things you will need prior to Lab Manager Installation
  • In vCenter, create the datastores, virtual switches, and Resource Pools that you will need.  The Lab Manager (LM) install will detect them at install and this will make configuration MUCH easier
  • Create all groups and users that you will need in either Active Directory or LDAP
  • If you will be using ip pools, define a block of static ip's ahead of time!
  • The Lab Manager server is currently a Windows 2003 based server. It can be virtual and on the same ESX hosts that it will be controlling.  If you do this, DON'T name it lab-manager.  If you do, you will get an error during installation because the install tries to create a folder in vCenter called lab-manger.  You will have to rename your virtual machine to proceed.  Also, you will need to change the speed of the vmxnet3 NIC per Jason's article here.
  • Make sure both forward and reverse DNS lookup work between the vCenter server, LM server, and all vSphere servers
  • The LM Server requires IIS 6.0 and .NET 2.0 to be installed.  IIS MUST be installed before .NET 2.0
  • DON'T put the LM Server into the AD Domain.  VMware recommends against this even if you are importing users and groups from AD into the LM Server.  I asked why at Partner Exchange and I was told because it isn't needed and changes to AD could mess up the LM server.
LDAP/AD Integration

Integration with Active Directory or LDAP is the key to Lab Manager.  Lab Manager allows you to create single users on the box but NOT groups.  This makes security and configuration VERY difficult.  At the same time, the LDAP integration leaves a little to be desired in the implementation.  Here's how to do it:

  • From the Lab Manager Interface, On the left hand side choose Settings and click the LDAP tab:
  •  Once that is complete, you are ready to import groups.  Click the Import Groups Button.
  •  Here's the magic.  Because the group and users have already been created in Active Directory, you can choose the group and assign it to the users role (the default role is read only so be sure to change it).  All users in this group are now Lab Manager Users

A few interesting notes about this import process.  If you look at the group once it is imported and no one in the group has logged in yet, the group appears blank!  This threw me for a little bit.  I expected it to populate with the users at creation time.  Instead the list populates at each USER's FIRST LOGIN!  My group has three users in it total.  As users log in, they will populate the group and also appear on the Lab Manager's Users list.  Here are a few screenshots as I logged in my test users.

Lab Manager Group with only first test user logged in:

Lab Manager Users Pane with two users created from login:

 Look for more articles as I get everything set up!


Anonymous said...

Good work.

I was also in the PEX 2010 Lab Manager presentation where we spent lots time discussing Fencing. I would appreciate if you could share your experience with the "Host Spanning" in fenced network. Basically, is it possible to span "virtual" network (that has no physical NIC) across hosts using Host Spanning transport network?

Aaron Delp said...

That is a very good question. Most of my experience until now with fencing has been version 3 which limited the fenced config to the host. I will be loading up virtual switches and test this feature out. I believe what you are saying will work but I will test it and post in the future. Thank You!