There’s a gaggle of changes in vCenter. The tricky thing is working out where to begin.
The Web-Client and Single Sign-on Authentication
As I said in the first part of the blog series the web-client is fully functional replacement for the older C# vSphere Client. One thing you will notice in the UI of the web-client is that there is now no need to specific a vCenter server, or couple the web-service to vCenter as was the case in previous editions. With vSphere5.1 a new authentication service has been introduced that create a “token” based system that authenticates you into a range of different management services. So rather seeing yourself as vCenter user, vCD user and so on – it will be bit more like being “solution user”. One logon checks you in with the token to all the solutions you have rights to.
If you think about it a great many VMware technologies leverage a directory service account to validate your admin credentials. Each one requires a username/password. That’s somewhat disguised with vCenter “Linked Mode” especially if your credentials are the same across multiple vCenter instances. But do you use those same credentials to access SRM or View. The multiple logons has in the past probably encouraged bad practise such as using the same password across multiple system or worst still login in as admin to all system. I know I’ve done both, but I have the excuse of working in my colocation lab.
For me this reminds me of the same sort of single sign-on experience you get with Horizon Application Manager. In fact the single-sign on feature is based on the same open-standards that Horizon Application Manager uses – SAML/WS-TRUST. The other change in standards is the fact the new Authentication Service is aware of more directory services than just Microsoft AD.
The Authentication Service can be installed along side vCenter or separately and you can have multiple instances with a IP based load-balancer in front of them to maximise their availability. It should auto discover the vCenters in your environment, although that only applies to vCenter 5.1 systems – older vCenter 5.0 systems can be adding in using the old method. There is a backend database to the authentication service that supports Microsoft SQL 2012. This database can be replicated around the environment and as it doesn’t change very much the cycle for replication need not be particular frequent as it only really holds the configuration data for the service itself. The Authentication Service comes with it own simple web admin tool that allows you to configure it for its directory service.
The vCenter Inventory Service
This is a service that’s been part of vCenter for sometime. It doesn’t get an awful lot of press that is a kind of shame. It came about to approve the browsing and querying of vCenter objects. Prior to its incarnation much of the browsing and querying process was to the core vCenter (vpxd) service. At that time it would frequently return a lot of information from the system that might not have actually been needed. So the Inventory Service was introduce to speed up query and browsing times. The Inventory Service has had another refresh which should improve its responsiveness even further, as well as the introduction of custom tags. These allow you to tag various object in the inventory, to facilitate custom searches.
The Web-Client Personal Highlights
Wizard Resume
As you can guess I’m a big fan of the web-client not least it might see the end of a very long forum post from Apple Mac users demanding a vSphere Client for the Mac (Not I’m a Mac user, but always felt a solution that didn’t care what the client OS would be much neater).
One of the annoyance of the old C# vSphere Client was the wizards. Once you were in a wizard you were stuck in it. If there was piece of information you need to complete the wizard or some sort of configuration error that needed to be resolved, you found yourself cancelling the wizard – and then restarting it all over again from scratch. Grrrr. With the web-client there’s a new “resume” feature.
Log Browser
The web-client offers a new method to get hold of the ESX server logs. The logs are copied up from the ESXi host to be viewed in the vCenter web-client to be then viewed and searched. They even offer side-by-side comparison of logs for additional troubleshooting.
Multi-Hypervisor Manager (MHM)
As you might know there’s been a “Fling” on the VMware Labs for sometime, that allows you to manage Windows HyperV hosts from vCenter. That fling is going to be discontinued and supported in the web-client. It will be a free component with Standard vCenter and support Windows HyperV 2008, and will support Windows HyperV 2012 when it finally ships. It will have a little bit more functionality that the original fling – it will be able to create new VMs on the Windows HyperV host and will more seamlessly integrate with vCenter. PMHM will ship as service that you add to your environment if you need it.
Plug-in Support
Due to the changes the web-client clearly brings it also means plug-ins will be changing in vCenter as well. This is because a plug-in now needs to be written in the “Flex” format, although there is a workaround for “HTML” style plug-ins that have been developed in the past. The major plug-ins that come with part of products like SRM and vShield should come within the 90-days of the GA. The other third-party plug-ins from the likes of Dell, EMC and NetApp are already underdevelopment.