Configuring VMware Data Services Manager in the vSphere Client

When configuring VMware Data Services Manager, a vSphere administrator sets up vSphere resources for databases, providing DSM administrators and users with access to these resources. During this configuration, the vSphere administrator creates infrastructure policies that establish limits, or guardrails, on the quality and quantity of resources DSM users can consume from vSphere clusters.

When creating databases, DSM users can rely on predefined infrastructure policies and availability and performance standards they provide. DSM users do not need to have in-depth understanding of the underlying hardware details of the infrastructure.

At the same time, the vSphere administrators have visibility into the usage of the infrastructure, and can view and monitor the database workloads running in their infrastructure.

Use the vSphere Client to configure VMware Data Services Manager.

Step 1: Satisfy the Prerequisites
Step 2: Configure IP pools
Step 3: Create VM classes
Step 4: Choose the user identity source, and assign a user role
Step 5: Configure infrastructure policies

Audience

The procedures in this topic are performed by a vSphere administrator.

Step 1: Prerequisites

Before you begin configuring VMware Data Services Manager, ensure that:

You have deployed the VMware Data Services Manager plugin in the vSphere Client and followed all hardware and software requirements.
Make sure that the VMware Data Services Manager plugin appears in your vSphere UI environment. In the vSphere Client menu, click Administration > Solutions > Client Plugins to verify.
You have appropriate DSM permissions to configure infrastructure policies.

You perform these tasks using the vSphere Client.

Step 2: Configuring IP Pools

IP pools are a collection of available IP addresses used for dynamic IP assignment for databases. They facilitate efficient distribution and management of IP resources. A vSphere administrator is responsible for regulating database IP assignment.

As an vSphere administrator, use the vSphere Client to create IP pools.

Procedure

In the vSphere Client, navigate to vCenter server, click the Configure tab, and click IP Pools under VMware Data Services Manager.

This action displays the IP Pools view that you use to create and manage the IP pools.
Click Create.

The Create IP Pool form opens.

Enter appropriate parameters.

Property Name	Value
IP Pool Name	The name of the IP Pool.
IP Ranges	Comma separated IP ranges and addresses. IP addresses can be specified as individual IPs (10.10.10.10, 10.10.10.11, 10.10.10.12) or a range (10.10.10.10-10.10.10.12). Note: You cannot add a range of IP addresses that use a different gateway or subnet mask.
Subnet Prefix	CIDR prefix for this IP Pool.
Gateway	Gateway address for this IP Pool.

Click Create.

The new IP pool appears on the list of available IP pools. You can see its details by expanding it.

You can later edit or delete an IP pool. When editing or deleting the IP pool, follow these guidelines:

You can edit or delete the IP pool that is not associated with any infrastructure policies.
If the IP pool is associated with the infrastructure policy, but is not used by a database, you can edit the IP pool, but you cannot delete it.
When the IP pool is associated with the infrastructure policy and is used by the database, you can only add new IP ranges to the pool, but you cannot change any other parameters. You cannot delete this type of IP pool.

Step 3: Defining a VM Class

A VM class specifies the compute and memory resources allotted to a provisioned database VM. Default VM classes are available, but you can also configure custom VM classes.

When you configure a VM class, you provide a name, a number of vCPUs, and a memory amount in GiBs.

Procedure

Perform the following procedure to define a new VM class:

In the vSphere Client, navigate to vCenter server, click the Configure tab, and click VM Classes under VMware Data Services Manager.

This action displays the VM Classes view. You can view and manage available default VM classes or create new.
To create a new VM class, click Create.

This action opens the Create VM Class form.

Set the appropriate resource configuration properties:

Property Name	Value
VM Class Name	The name of the VM class.
vCPU	The number of vCPU cores to assign to a provisioned database VM.
Memory	The amount of memory (in Gi) to allocate to a provisioned database VM.

Click Create.

The new VM class is added to the table.

You can later edit or delete a VM class. When editing or deleting the VM class, follow these guidelines:

You can edit any VM class that is not associated with an infrastructure policy. You can also delete the classes you created, however, this option doesn't apply to the default VM classes.
When the VM class is associated with the infrastructure policy and is used by the database, you cannot edit or delete this VM class.

Step 4: Choosing the User Identity Source and Configuring Permissions

A vSphere administrator assigns DSM Admin and DSM User roles to users so that they can access Data Services Manager (DSM).

VMware Data Services Manager user accounts can originate from two different identity sources: the DSM local database (Local user) and a configured LDAP server (LDAP user). VMware Data Services Manager manages Local users and LDAP users independently and differently.

You can choose to use one, or both, identity sources in your VMware Data Services Manager installation.

If you choose to use a Local identity source, create a Local DSM user.
If you choose to use an LDAP identity source, you must both configure an LDAP server and import users from LDAP.

Creating a Local DSM User

As a vSphere administrator, use the vSphere Client to create a local user, specifying the user's role, email address, and password.

Procedure

In the vSphere Client, navigate to vCenter server, click the Configure tab, and click Permissions under VMware Data Services Manager.

This action displays the Permissions view that you use to create and manage the users.
Click LOCAL DSM USERS.

This action displays a table that lists the configured users.
Click Create.

The Create Permission form opens.

Set the following properties for this new Local DSM user:

Property Name	Value
Role	The user's role in the organization. You can select one of the following options: DSM Admin - Super user that is able to watch and help maintain all of the data services created. DSM User - Creates and maintains individual databases for their application or other purpose.
Email	The email address of the user. This is the user's login username in the VMware Data Services Manager console.
Password	The password for the user. For the password, use minimum 8 and Maximum 20 characters, at least one uppercase letter, one lowercase letter, one number and one special character(?!@#$%^&*).This is the user's login password in the VMware Data Services Manager console.

Click CREATE

The new Local user is added to the table.

You can later edit users and change their role assignments, or delete a user.

Configuring an LDAP Server

You can integrate VMware Data Services Manager with an external identity provider. The integration with Lightweight Directory Access Protocol (LDAP) enables you to use an existing LDAP service as a user source for VMware Data Services Manager.

To take advantage of this LDAP integration, the vSphere administrator must first configure an LDAP server for the VMware Data Services Manager installation. This server becomes the single LDAP user source for VMware Data Services Manager.

Prerequisites

Before you configure an LDAP server, ensure that you can identify the server host address, domain, and the user name and password of a read-only service user.

The LDAP endpoint must be resolvable by the DNS server specified at the time of VMware Data Services Manager deployment.

Procedure

As a vSphere administrator, perform the following procedure to configure an LDAP server:

In the vSphere Client, navigate to vCenter server, click the Configure tab, and click LDAP Settings under VMware Data Services Manager.

This action displays the LDAP Settings view that you use to configure and manage LDAP.
Click CONFIGURE LDAP.

This action displays the Configure LDAP form.

Set the LDAP properties:

Property Name	Value	Required?
Host Address	The hostname or IP address of the LDAP server.	Required
Port	The port number on which the LDAP server is listening. For LDAP, the default port number is 389. For LDAPS, the default port number is 636.
Username	The ID of a read-only user in the domain.	Required
Password	The password of the user who is specified by Username.	Required
Domain	The FQDN of the domain.	Required
Base Dn	The base distinguished name identifies the location in the LDAP directory from which to start user searches. The default behaviour is for search to start from the root DN.
Search Filter	The filter that defines the criteria to restrict access. The default value is `(&(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(userPrincipalName=$username))` to filter from enabled users.
Login Attribute	The LDAP attribute to map to the VMware Data Services Manager Email Id. The default value is `userPrincipalName`.
CA Certificate PEM Format	The file with the .pem extension to upload.
Enable TLS	Switch this toggle if your server is using LDAPS.	Required

Click CONFIGURE or UPDATE to apply the LDAP settings.

Note: It may take a few minutes for VMware Data Services Manager to synchronize with LDAP.

Importing Users from LDAP

You can import users from a previously-configured LDAP identity provider and assign them the DSM Admin and DSM User roles in VMware Data Services Manager.

Procedure

Perform the following procedure to import users from LDAP and assign them an appropriate role:

In the vSphere Client, navigate to vCenter server, click the Configure tab, and click Permissions under VMware Data Services Manager.

This action displays the Permissions view that you use to create and manage the users.
Click LDAP GROUPS.

This action displays a table that lists the configured users.
Click Create.

The Create Permission form opens.

Specify the LDAP group to the role mapping:

Property Name	Value
Role	The user's role in the organization. You can select one of the following options: DSM Admin - Super user that is able to watch and help maintain all of the data services created. DSM User - Creates and maintains individual databases for their application or other purpose.
LDAP Group	The LDAP groups whose users you want VMware Data Services Manager to assign the specified role.

Click CREATE

The LDAP user group is added to the table.

Note: Users that belong to this group can access the DSM console. After they perform this operation, their name appears on the list of local DSM users with LDAP as a user type. Unlike regular local DSM users, the imported LDAP users cannot be deleted from this list.

You can later change the role assignment for the user group, or delete the group.

Step 5: Creating Infrastructure Policies

When you define infrastructure policies, you create guardrails that restrict the quality and quantity of resources the DSM users can consume from vSphere clusters, while having full visibility into how this infrastructure is getting used.

Prerequisites

Compute Resources. You must create or use existing clusters or resource pools on which the database VMs will be created. Clusters or resource pools must have one or more storage policies in common.
Storage Policies. You must create or use existing storage policies for the compute resources that will determine the datastore placement of the database VMs.
Network Port Groups. You must create or use existing network port groups for the compute resources on which the database VMs will be created. DSM supports vSphere Distributed Switch (VDS). DSM also works with NSX virtual switches.
IP Pools. You create these data IP pools specifically for Data Services Manager. You can create IP pools while defining infrastructure policies or create them in advance. See Configure IP Pools.
VM Folders. Optionally create or use existing VM folders.
VM Classes. You create these VM classes specifically for Data Services Manager. The system provides default VM classes, but you can create more while defining infrastructure policies or create them separately in advance. See Create VM Classes.

Note: Multiple vSphere clusters can be added as compute resources in the same infrastructure policy. You can also have multiple resource pools in the same infrastructure policy, but they cannot be from the same vSphere cluster. If you want to add multiple resource pools to the same infrastructure policy, each resource pool must be in its own vSphere cluster.

Procedure

In the vSphere Client, navigate to vCenter server, click the Configure tab, and click Infrastructure Policies under VMware Data Services Manager.

This action displays the Infrastructure Policies view that you use to create and manage the policies.
Click Create.

The Create Infrastructure Policy form opens.
On the Policy Details pane, enter a name and the description of the infrastructure policy.

You cannot change the policy name once the policy is created.
Enable the policy to make it available for consumption in DSM, and click NEXT.

Only enabled infrastructure policies will be availalbe for the database consumption. You might keep the policy disabled if it's not yet ready to be used by the database.

On the Compute Resources pane, select one of the following, and then click NEXT.

The compute resources you select must share the same storage policies.

Property Name	Value
SELECT CLUSTERS	Select the vSphere cluster for the database VMs.
SELECT RESOURCE POOLS (Optional)	Select the resource pool for the database VMs.

On the Storage Policies pane, select one or more storage policies for the database VMs, and then click NEXT.

The Storage Policies pane lists only those storage policies that are compatible with the compute resource you specified.
On the Network Port Groups pane, select one or more network port groups for each compute resource in this policy, and click NEXT.
On the IP Pools pane, select one or more IP pools for each network port group in this policy, and click NEXT.

If you haven't configured IP pools, you can create them now.
For each compute resource in this policy, select the VM folder from the drop-down list, and click NEXT.

This step is optional.
On the VM Classes pane, select one or more preconfigured VM classes, and click NEXT.

If needed, create a new VM class.
Review your infrastructure policy, and click CREATE POLICY.

The policy appears on the list of infrastructure policies.

If you need to edit or delete the infrastructure policy, follow these guidelines:

If the policy is not used by a database, you can later change any policy settings.
If the policy is used, you cannot change exiting settings, but you can add a new compute resource and specify corresponding parameters for this compute resource.
You can delete only the policy that is not used by the database.
If you disable an infrastructure policy, you cannot delete database clusters that use this policy. Delete the database clusters before disabling the infrastructure policy.

Next Steps

You have completed the required minimal configuration of the DSM. Next:

Provide the following information to the DSM users:
- The VMware Data Services Manager URL (i.e. the DSM VM IP address).
- The Local user's login credentials to the VMware Data Services Manager console, or instruct the user to log in with their LDAP creds.
For information about the tasks that the DSM administrator performs, see Administering VMware Data Services Manager.
If you created a DSM user role for yourself, you can log in to VMware Data Services Manager and access the DSM console to begin monitoring and managing the environment.