This topic tells you about the key features of the VMware Tanzu Operations Manager interface.

Installation Dashboard page

The Installation Dashboard is the central Tanzu Operations Manager interface for managing your deployment. It displays the BOSH Director configuration for your IaaS and product tiles for your deployment.

The following image shows the Tanzu Operations Manager Installation Dashboard. Each section is labeled with a red letter. Click the image to see it at full size.

alt-text=The Tanzu Operations Manager Installation Dashboard: For a description of each labeled section, see the following list.

The following list describes each section that is labeled for the Installation Dashboard:

  • AImport a Product: Click this button to add a new product to Tanzu Operations Manager. You can download Tanzu Operations Manager-compatible product files from VMware Tanzu Network.

    • If you configure a VMware Tanzu Network API token in the Settings section of Tanzu Operations Manager, a list of the latest versions of already imported products appears automatically.
  • BDelete All Unused Products: Click this link to delete any unused products.

  • CInstallation Dashboard: Click this link to return to the Tanzu Operations Manager Installation Dashboard topic from other Tanzu Operations Manager topics.

  • DStemcell Library: Click this link to open the Stemcell Library. In the Stemcell Library you can import stemcells, stage stemcells, and review your stemcell version numbers. For more information, see Importing and Managing Stemcells.

  • EChange Log: Click this link to view and search a log of your previous installations. For more information, see the Change Log Page section of this topic for details.

  • FCertificates: Click this link to view certificates in your installation. For more information, see the Certificates Page section of this topic for details.

  • GUser Account Menu: Click the arrow next to your user name to view the menu. Use this menu to go to your Settings page, view My Account to change your email and password, or log out of the Tanzu Operations Manager Installation Dashboard. For more details about accounts, see My account of this topic for details on account information. For more information, see the Settings page section of this topic for details that are available Tanzu Operations Manager settings.

  • HRevert: Click the revert button to return to the previous successful installation. Any pending changes you have made to the current installation settings are lost.

  • IReview Pending Changes: Click the button to go to the Review Pending Changes page, which organizes pending changes by tile. You can activate or deactivate each tile to selectively deploy individual tiles and their dependencies. For more information, see Reviewing pending product changes.

  • JOrange Bar: Indicates that additional configuration for the product tile is required before deployment. Click the product tile to complete its configuration.

  • KMissing Stemcell Link: If an imported product is missing a required stemcell, a Missing Stemcell link appears on the tile. Click this link to open the stemcell library. For more information about stemcells, see Importing and managing stemcells.

  • LAPI Docs: Click this link to go to the Tanzu Operations Manager API documentation, which details how you can manage Tanzu Operations Manager through the API rather than with the UI. For more information about the Tanzu Operations Manager API, see Using the Tanzu Operations Manager API.

Change Log page

Go to the Change Log page by clicking the corresponding link in the dashboard header. This topic shows the Tanzu Operations Manager’s deployment history, and a record of all of its Apply Changes actions.

The following table lists the following top-level attributes for each deployment:

Label Type Description
STATUS Icon Whether the deployment succeeded or failed
DEPLOYMENT ID Text A sequentially-numbered identifier for the deployment
USER Username The user who initiated the deployment

A LOGS button for each deployment opens the deployment’s full Installation Log.

Within each deployment listing, a table details for the individual products deployed in or deleted from each installation.

The details listed for each product are as follows:

Label Type Description
PRODUCT Text The name of the product
ACTION One of the following labels: ADDED, UPDATED, DELETED, NO CHANGES, FAILED The action, if any, that the deployment took with the product.
STARTED UTC timestamp When Tanzu Operations Manager began deploying the product.
FINISHED UTC timestamp When Tanzu Operations Manager stopped deploying or attempting to deploy the product.
DURATION Time, in minutes How long Tanzu Operations Manager took to deploy or attempt to deploy the product.

A Total row, lists all product totals for the STARTED, FINISHED, AND DURATION text boxes.

Using the Change Log page

Configure the Change Log topic by modifying the following text boxes:

  • Installation Dashboard—Click Installation Dashboard to return to the Tanzu Operations Manager Installation Dashboard. Alternatively, click the Back button in your web browser.

  • Show X entries—Click the number displayed in the Show X entries drop-down menu to choose between 10, 25, 50, and 100 entries.

  • Search—Type in the search box to sort the Change Log page by text or integer matches. As you type, matching entries appear on the screen.

  • Previous / Next—Click Previous, Next, or the number between them to load later or newer entries.

Certificates page

Go to the Certificates topic by clicking the corresponding link in the dashboard header. This topic shows the certificates in your Tanzu Operations Manager installation.

The following image shows the top section of the Certificates topic:

alt-text=The Certificates section shows information in the following columns: Certificate name, Product GUID, Location, Type, Configurable, and Valid until.

The top section of the Certificates topic includes the certificates that the Tanzu Operations Manager API attempts to rotate. This section includes both certificates that the Tanzu Operations Manager API can rotate and certificates that you must rotate manually.

For information about how to rotate these certificates, see Overview of Certificate Rotation.

The following describes the information listed on the Certificates page:

  • Certificate name: the name of the certificate.

  • Product GUID: the product name with its unique identifier.

  • Location: whether CredHub or Tanzu Operations Manager stores and manages the certificate.

  • Type: a certificate authority (CA) or leaf certificate.

  • Configurable: whether or not you can configure the certificate. If a certificate is configurable, you can generate your own and paste it into Tanzu Operations Manager configuration panes.

  • Valid until: the date that the certificate expires.

The following image shows the Excluded certificates section of the Certificates page:

alt-text=The Excluded certificates section includes the following columns: Certificate name, Product GUID, Location, Type, Configurable, and Valid until.

The Excluded certificates section includes the certificates that the Tanzu Operations Manager API does not attempt to rotate, because they either must be rotated using the CredHub Maestro CLI or cannot be rotated safely at all.

The Services TLS CA and its leaf certificates must be rotated using the CredHub Maestro CLI. To rotate the Services TLS CA certificate and its leaf certificates, see Rotate the services TLS CA and the Leaf Certificates in Advanced Certificate Rotation with CredHub Maestro.

For all other certificates listed in Excluded certificates, see the documentation for the product tile associated with the non-rotatable certificate or contact Support.

Settings page

Go to the Settings topic by clicking on your user name and click Settings. On the screen that appears, click Change Decryption Passprase.

alt-text=""

The following sections describes the configuration topics.

If you modify these settings, it does not require you to return to the Installation Dashboard and click Apply Changes. These settings apply to the Tanzu Operations Manager VM. The BOSH Director does not apply them to your deployment.

Change decryption passphrase

To reset your decryption passphrase, enter the details as follows, and click Change Decryption Passphrase.

  • Current Decryption Passphrase
  • New Decryption Passphrase
  • Confirm New Decryption Passphrase

alt-text=""

Internal authentication settings

You can use the Internal Authentication Settings topic to view and update the settings for your internal authentication method.

This pane includes the following text boxes:

  • Current Decryption Passphrase: Update the decryption passphrase for your internal authentication method.

  • Admin Username: Update the user name for the admin user.

  • Admin Password and Admin Password Confirmation: Update the password for the admin user.

SAML settings

To change your Identity Provider (IdP) to SAML, configure the following text boxes:

  • Current Decryption Passphrase: Enter your decryption passphrase.

  • SAML IDP Metadata: Enter the full URL or XML SAML IdP metadata.

  • BOSH IDP Metadata: (Optional) Enter the full URL or XML BOSH IdP metadata. If left blank, the default is the same metadata as the preceding text box.

  • SAML Admin Group: Enter the name of the SAML group that contains all of the Tanzu Operations Manager administrators. This text box is case-sensitive.

  • Groups Attribute: Enter the groups attribute tag name with which you configured the SAML server. This text box is case-sensitive.

  • Provision an admin client in the Bosh UAA: Enable to provision an admin client in the BOSH UAA. For more information, see Provision Admin Client.

LDAP settings

Use this topic to change your IdP to LDAP.

For more information about changing your IdP to SAML or LDAP, view the following instructions for your IaaS configuration:

OIDC settings

To change your Identity Provider (IdP) to OIDC, configure the following text boxes:

  1. In your OIDC provider, create a new client for Tanzu Operations Manager to use for authentication.

    • For “Grant Type”, select “Authorization Code”.
    • Register https://OPS-MAN-FQDN/uaa/login/callback/oidc as a valid redirect_uri for the client.
    • If you plan to use OIDC authentication for the BOSH CLI, register https://BOSH-FQDN-OR-IP:8443/uaa/login/callback/oidc as a valid redirect_uri for the client. If you intend to use the BOSH FQDN, you must configure that later in the BOSH Director configuration.
  2. For Discovery URL, enter your OIDC service provider discovery URL.

  3. For Client ID, enter the “Client ID” created in Step 1.

  4. For Client Secret, enter the “Client Secret” created in Step 1.

  5. For Scopes, enter the scopes to request from the OIDC provider as a comma-separated list. You must include the following scopes.

    • The openid scope
    • A scope that allows access to the group claim
    • Standard email and profile scopes, if you plan to use the claims listed in the next step to populate common fields in UAA
  6. Enter the claims used to populate the UAA user store with data from the OIDC provider.

    • Enter the External Groups Claim to populate associated groups for the user in UAA. Enter the OIDC provider’s token claim that contains the groups to which the user belongs. Only the provided OIDC Admin Group Name and the default group names of opsman.full_control, opsman.restricted_control, opsman.full_view and opsman.restricted_view are mapped to UAA groups.
    • (Optional) Enter the Username Claim to populate the username field in UAA. Tanzu Operations Manager uses this to show the current logged-in user.
  7. For OIDC Admin Group Name, enter the OIDC provider group name that corresponds to users who receive admin access. Users in this OIDC group are granted the opsman.admin scope in UAA.

SSL certificate

You can use the SSL Certificate pane to configure Tanzu Operations Manager to use a custom SSL certificate for all Tanzu Operations Manager traffic both through the UI and API.

This pane includes the following text boxes:

  • Certificate: Enter a custom certificate.
  • Private Key: Enter the private key for the certificate.

If you leave the text boxes blank, Tanzu Operations Manager uses an auto-generated self-signed certificate rather than your own custom certificate and private key. To replace a custom certificate with a self-signed certificate, click Revert to self-signed certificate.

alt-text=""

VMware Tanzu Network settings

Enter your VMware Tanzu Network API token and click Add Token to connect your Installation Dashboard to VMware Tanzu Network.

Proxy settings

If you are using a proxy to connect to Tanzu Operations Manager, update your Proxy Settings by providing a HTTP proxy, HTTPS proxy, or No proxy.

Custom banner

Create a custom text banner to communicate important messages to operators. For UI Banner, enter the text you want to be shown on each page of the Tanzu Operations Manager UI. For SSH Banner, enter the text that appears when an operator logs in to Tanzu Operations Manager.

Export installation settings

Exports the current installation with all of its assets. When you export an installation, the exported file contains references to the base VM images, necessary packages, and configuration settings.

Syslog

Viewable by administrators only. Configure a custom syslog server for Tanzu Operations Manager. When you click Yes and fill the following text boxes, Tanzu Operations Manager produces and sends all syslog entries from the Tanzu Operations Manager VM to the configured syslog endpoint. Tanzu Operations Manager also sends BOSH Director access events to the syslog endpoint.

Tanzu Operations Manager syslog entries are sent in RFC 3164 format.

To configure a custom syslog endpoint for Tanzu Operations Manager logs:

  1. Select Syslog.

  2. (Optional) Select Yes to send Ops Manager system logs to a remote server.

  3. Enter the IP address or DNS name for the remote server in Address.

  4. Enter the port number that the remote server listens on in Port.

  5. Select TCP or UDP from the Transport Protocol dropdown. This selection determines which transport protocol is used to send the logs to the remote server.

  6. (Optional) Select the Enable TLS checkbox to send encrypted logs to remote server with TLS. After you select the checkbox:

    1. Enter either the name or SHA1 fingerprint of the remote peer in Permitted Peer.
    2. Enter the SSL certificate for the remote server in SSL Certificate.

    Note: VMware strongly recommends that you enable TLS encryption when you are forwarding logs. Logs can contain sensitive information, such as cloud provider credentials.

  7. (Optional) Enter a string in Environment identifier. This is a human-readable identifier that is included in each log entry.

  8. (Optional) Enter an integer in Queue Size. This value specifies the number of log messages held in the buffer. The default value is 100,000.

  9. (Optional) Select the checkbox to Forward Debug Logs to an external source. This option is deselected by default. If you select it, you may generate a large amount of log data.

  10. (Optional) Enter configuration details for rsyslog in the Custom rsyslog Configuration field. This field requires the rainerscript syntax.

  11. Click Save.

Pruning settings

Pruning settings are available in Tanzu Operations Manager 3.0.18+LTS-T and later.

You configure the pruning of Change Logs that are created each time you Apply Changes.

If pruning is activated, Change Logs that are older than the configured date are pruned once per day. The most recent Change Log for a tile are pruned even if it’s older than the configured date.

Advanced options

  • Download Activity Data: Downloads a directory that contains the configuration file for the installation, the deployment history, and version information.

  • Download Root CA Cert: Use this to download for the root CA certificate of your deployment as an alternative to curling the Tanzu Operations Manager API.

  • Download Core Consumption Data: Use this option to download the historical core consumption as CSV, instead of using cURL to access the Tanzu Operations Manager API. The CSV download contains an hourly reading of the chargeable cores that are consumed by each product, in the following form:

    timestamp,product_identifier,physical_cores,logical_cores
    

    Products which do not support core counting do not appear in the CSV download.

  • View Diagnostic Report: Displays various types of information about the configuration of your deployment.

  • Delete This Installation: Deletes your Tanzu Operations Manager installation permanently.

My Account page

To change your email and password, go to the My Account page by clicking on your user name located at the upper right corner of the screen and selecting My Account. The Account Settings topic includes the following information and links:

  • Profile: The current email address and obscured password are shown.
  • Third Party Access: Any third-party applications authorized for use are listed here.
  • Change Email
  • Change Password

alt-text=""

Support page

Click Support in the footer of any topic in Tanzu Operations Manager to access the support topic.

The Support topic allows you to download a ZIP file that includes Tanzu Operations Manager logs, deployed manifests and configurations, and BOSH deployment diagnostics.

The contents of the ZIP file help Support quickly address any issues in your deployment.

check-circle-line exclamation-circle-line close-line
Scroll to top icon