Now that all nested servers are deployed and have their shared storage, it's time to deploy VMs in this nested environment.
Deploy and Initial Configuration
The first virtual machine to create inside that nested environment is the Domain Controller. Open vSphere Client (or the H5 client) to connect to one of the nested ESXi. Create a new Windows Server virtual machine, and place it in the iSCSI storage. After installation is done, I use the Server Manager to configure multiple settings, which I usually do for all Windows Server virtual machines (install VMware Tools, configure TCP/IP settings, set the time zone and sync to an NTP, disable Internet Explorer Enhanced Security Configuration for Administrators, disable Windows Updates as this is an isolated lab environment, enable Remote Desktop, disable the Windows Firewall, and rename the computer).Active Directory Domain Services and DNS
Next step is to install the AD DS role and reboot the machine. It will automatically install DNS role as well. Open the DNS management console and create new Reverse DNS Zones as necessary. Then create "A" records for all ESXi, vCenter Server Appliance, and any Linux or workgroup-based Windows machines, and don't forget to check the "Create associated pointer (PTR) record".
From Group Policy Management, set "Maximum password age" to "0" in order disable the password expiration of Active Directory User Accounts.
Active Directory Certification Authority
On the same VM, install AD CS role, and choose "Certification Authority" and "Certification Authority Web Enrollment". For the AD CS Configuration part, choose Enterprise CA, and SHA256 for the hash algorithm. Go to http://localhost/certsrv/ and download the Root CA certificate in Base64 format to the domain controller desktop, and rename it something like "Enterprise-Root-CA.crt". Now proceed with creating the two templates as explained in VMware KB2112009.
This has been a short post, but in the next post I'll explain how I deploy vCenter Server using external PSC, and configure the VMware Certification Authority to become a subordinate of the AD CS Certification Authority we just created.
Stay tuned!
Note: I intend to publish more posts that show how to do each step in details.
No comments:
Post a Comment