Posted by: Beth Pariseau
VMware has released a software update to vCenter Server and a new package of documentation meant to address widespread problems with single sign on and SSL certificates uncovered by users of vSphere 5.1.
However, since the patch was released last Thursday, VMware bloggers who have gone over the release notes with a fine-toothed comb have pointed out some ‘gotchas’ and open questions pertaining to the purported fix.
Earlier this month, VMware shops were up in arms over problems with the vSphere 5.1 Single Sign-On feature, which is now a required part of vCenter Server 5.1 installation. Problems included failed vCenter services on startup and an inability to login to vCenter Server.
Various failure scenarios and the login issue are resolved issues in vCenter Server 5.1.0a.
But there are also new issues brought up in the release notes that hadn’t been publicly documented before, according to a blog post by Maish Saidel-Keesing, a virtualization architect for an Israeli technology company.
These issues include added overhead to the installation process – VMware recommends using an independent installer at this point rather than a simple installer, for example, and requires manually created database users rather than an automatically created ones.
“It is good to see that VMware have fixed some problems with the installation process,” wrote Saidel-Keesing. But he’s still left asking, “Was the release rushed out – so that these issues were not addressed beforehand?”
Michael Webster, a VMware Certified Design Expert and director of IT Solutions 2000 Ltd., a VMware consultancy based in Auckland, New Zealand, noted in a blog post that there’s still a ‘gotcha’ with SSL certificates in a certain scenario:
when vCenter system is an all in one configuration with everything on the same VM and using a local [Microsoft] SQL Server database. Update Manager will not be able to log into or register with vCenter when the SSL certificates have been changed. This prevents you from updating the SSL certs for Update Manager and Update Manager may no longer work. This does not appear to occur when the MS SQL Server database is remote.
For that reason, Webster says he is recommending that clients place vCenter Server and the SQL Server database on separate VMs, even in small environments.
In the meantime, Webster is building his own utility for SSL certificate management, called vCert Manager, which will allow completely automated management of SSL certificates in a vSphere environment.