- About vSphere Management Assistant
- What's New
- Hardware and Software Requirements
- Installing vSphere Management Assistant
- Earlier Releases of vSphere Management Assistant
- Known Issues
Note: The topics in which this documentation uses the
product name "ESXi" are applicable to all supported releases of ESX and
ESXi.
About vSphere Management Assistant
vSphere Management Assistant is a Linux-based virtual machine that is pre-installed using a
command-line interface and select third-party agents needed to manage your
vSphere infrastructure. Administrators and developers can use vSphere Management Assistant to run scripts and agents to manage ESXi 5.0 and later systems, including ESXi 6.0. vSphere Management Assistant includes the vSphere SDK for Perl and
the vSphere Command-Line Interface (vSphere CLI). vSphere Management Assistant also includes an
authentication component named vi-fastpass. You can use vi-fastpass to directly
connect to the established target servers. vSphere Management Assistant 6.0 also includes DCLI commands which allow you to manage services that are new in vSphere 6.0 and are presented by the vCloud Suite SDK interface.
For information about vSphere CLI, refer to the vSphere Command-Line Interface Documentation.
What's New
-
Base Operating System is updated to SUSE Linux Enterprise Server 11 SP3 version dated 3/20/2016.
-
The glibc getaddrinfo package is updated to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2015-7547 to this issue.
-
The Oracle (Sun) JRE is updated to version 1.7.0_95.
Feature and Support Notice (New):
The esxcfg- and vicfg- commands, and vSphere Management Assistant (vMA) will be deprecated in a future release. In ESXi 6.0 Update 1, the legacy commands used in versions 5.x and 6.0 remain functional. To ensure the best possible compatibility, use ESXCLI equivalents of legacy commands where applicable, as legacy commands are going to be deprecated in a future release.
Hardware and Software Requirements
To set up vSphere Management Assistant, you need the hardware listed in the following table.
Hardware |
Description |
ESXi host |
Because vSphere Management Assistant runs a 64-bit operating system, the ESXi host on
which vSphere Management Assistant is to be deployed must support 64-bit virtual
machines. |
CPU |
AMD Opteron Rev E or later. AMD-V hardware virtualization is not
required.
VT enabled Intel processors with EM64T support. |
Note: Opteron 64-bit processors
earlier than Rev E and Intel processors that have EM64T support but
not VT support enabled, do not support a 64-bit guest operating
system. For detailed hardware requirements, see the Hardware
Compatibility List on the VMware Web site. |
By default, vSphere Management Assistant uses one virtual processor, and requires 3 GB of storage
space for the vSphere Management Assistant virtual disk. The recommended memory for vSphere Management Assistant is
600 MB.
You must have the following software to deploy vSphere Management Assistant.
Software |
Description |
vSphere 5.0 and later |
You can deploy vSphere Management Assistant to an ESXi host by using a vSphere Client connected directly to the
ESXi host or using a vSphere Client connected to a vCenter Server system. |
vSphere Client |
You need a vSphere Client to deploy vSphere Management Assistant. |
You can use vSphere Management Assistant to target ESXi 5.0 and later systems, including ESXi 6.0.0.1.
For information about setting up vSphere Management Assistant for a non-English keyboard, see KB 1007551.
Installing vSphere Management Assistant
You can deploy the vSphere Management Assistant OVF from your vSphere Client connected to a
vCenter Server system or ESXi host, as described in the vSphere Management
Assistant Guide.
Important: You cannot upgrade from an earlier version of vSphere Management Assistant to
vSphere Management Assistant 6.0.0.1. You need to perform a fresh installation of vSphere Management Assistant 6.0.
Download and unzip the vSphere Management Assistant ZIP archive.
In the vSphere Client, select File > Deploy OVF
Template.
When prompted by the wizard, click Deploy from a file or URL,
select the OVF in the folder to which you have extracted the ZIP
file, and follow the instructions in the wizard.
When you start vSphere Management Assistant, perform the following steps:
Select an option from the menu and configure the selected network
setting.
When prompted, specify a password for the vi-admin user for logging
in to vSphere Management Assistant. The password must conform to the vSphere Management Assistant password policy. The
password must have at least the following attributes:
- Nine characters
- One upper case character
- One lower case character
- One numeral character
- One symbol such as #, $
The vi-admin user has root
privileges on vSphere Management Assistant. The root user is disabled.
Note: If the
password contains any blank spaces, then logging in to vSphere Management Assistant through the
Web UI fails.
Earlier Releases of vSphere Management Assistant
Features and known issues from earlier releases of vSphere Management Assistant 6.0 are described
in the release notes for each release. To view release notes for earlier
releases of vSphere Management Assistant, go to the following links:
Known Issues
Other than the known issues reported in the vSphere Management Assistant 6.0 release, this
release includes the following known issues.
-
New vSphere Management Assistant supports SSLv3 and DHE cipher by default on port 5480
Support for SSLv3 protocol is enabled by default for vSphere Management Assistant (vMA) on port 5480. You can disable SSLv3 by changing light-httpd server configuration.
Workaround:Perform the following steps:
- Log in to vMA console as vi-admin.
- Run the following command and edit the
/opt/vmware/etc/lighttpd/lighttpd.conf
file:
sudo vi /opt/vmware/etc/lighttpd/lighttpd.conf
- Find the following lines:
VMware ssl
ssl.engine = "enable"
ssl.pemfile = "/opt/vmware/etc/lighttpd/server.pem"
ssl.cipher-list = "TLSv1+HIGH: !SSLv2: !aNULL: !eNULL: !3DES: @STRENGTH"
- Edit the ssl.cipher-list attribute by adding !DH to disable weak DH cipher.
For Example:
ssl.cipher-list = "TLSv1+HIGH: !SSLv2: !aNULL: !eNULL: !DH: !3DES: @STRENGTH"
Add following line to disable sslv3:
ssl.use-sslv3 = "disable"
- Save the lighttpd.conf file.
- Run the following command to restart the light-httpd server:
sudo service vami-lighttp restart
New vSphere Management Assistant Certificate Signature algorithm uses SHA-1 certificate instead of SHA-256 on port 5480
vSphere Management Assistant (vMA) Certificate Signature algorithm still uses SHA-1 certificate even after upgrading to SHA-256 certificate on port 5480.
Workaround: By default the vMA SSL certificate and private key are stored in a PEM file, which is located at the following location:
/opt/vmware/etc/lighttpd/server.pem
Follow these steps to regenerate certificate with SHA-256:
- Log in to vMA console as vi-admin.
- Run the following command to create a backup copy of the SSL certificate and private key and certificate generation tool:
cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem.orig
cp /opt/vmware/share/lighttpd/genSslCert.sh /opt/vmware/share/lighttpd/genSslCert.sh.orig
- Run the following command to edit the /opt/vmware/share/lighttpd/genSslCert.sh file:
sudo vi /opt/vmware/share/lighttpd/genSslCert.sh
- Search the following line:
-nodes -config $OPENSSL_CONF \
- Add -sha256 to the line (mentioned in step 4) as following:
-nodes -config $OPENSSL_CONF -sha256 \
- Run following command to regenerate certificate for port 5480:
sudo /opt/vmware/share/lighttpd/genSslCert.sh /opt/vmware/etc/lighttpd
- Run following command to restart the light-httpd server:
sudo service vami-lighttp restart
vSphere Management Assistant fails to operate Windows based vCenter Server 6.0 with Active Directory authentication
After adding Windows based vCenter Server into an Active Directory domain as a target of vSphere Management Assistant, you cannot log in to Windows based vCenter Server with Active Directory domain credentials.
Workaround:Use the less privileged vi-user account, navigate to su active directory/user, and then login to active directory/user to perform all your management tasks.
vSphere Management Assistant cannnot add ESXi host as target by using Active Directory mode with IPv6 address
vSphere Management Assistant cannot add ESXi host as target by using Active Directory mode with IPv6 address because ESXi host cannot join the domain.
Workaround: Perform the following steps:
- Add the ESXi host to a vCenter Server instance.
- Join vCenter Server to the Active Directory domain.
- Add the vCenter Server target by using fastpass mode with the Active Directory account.
- Use the ESXi host through the vCenter Server.
vSphere Management Assistant configured with IPv6 prompts for credentials for targets that have both IPv4 and IPv6 configuration enabled
When vSphere Management Assistant is configured with IPv6 only, it prompts for credentials for targets that have both IPv4 and IPv6 configuration enabled.
Workaround: Configure targets with only IPv6 enabled and then add the targets to vSphere Management Assistant. It will not prompt for credentials.
DCLI command is not set in the default path in vSphere Management Assistant
DCLI is not part of the path in vSphere Management Assistant and you must run it with the full path. Navigate to the path and execute DCLI or add the location to the appliance path.
DCLI is available at /usr/lib/vmware-vcli/bin/vmware-dcli/.
Workaround: Navigate to the dcli directory and then run the /usr/lib/vmware-vcli/bin/vmware-dcli/dcli command. OR
Set the dcli to the vSphere Management Assistant appliance path and then run the export PATH=$PATH:/usr/lib/vmware-vcli/bin/vmware-dcli/ command directly.