If you have ever worked with VMware vShield Manager, you know that deployment and configuration of the virtual appliance is pretty much a manual process. You can automate the deployment of the vShield Manager OVA using the various vSphere SDK's or the ovftool, but the initial IP address configuration for vSM still needs to be configured manually using the remote console for the very first time.

An easy solution to this problem would be for VMware to create the vSM OVA to support IP address configuration out of the box as part of the deployment options (but why make things easy). In any case, I will demonstrate how you can easily automate both the deployment and the initial configuration of vShield Manager to your vSphere environment.

Before I begin, I can not take credit for coming up with the idea of automating vShield Manager deployment, the credit goes to Alan Renouf. Alan recently contacted me and ask if it was possible to automate the IP configuration. The answer is yes and here is a solution.

One of the main challenges in figuring out how to automate the IP address configuration of vShield Manager was due to the vtysh integrated shell daemon for Zebra that launches by default as part of the "admin" user account. This interface is used to manage the kernel routing and management table and made it very difficult to interface with for any type of automation. I decided manually go through a vSM configuration and then using Knoppix LIVE-CD, I was able to mount up the vSM filesystem and look around to get a better understanding of what was going on. After some investigating, it looks like IP address configuration is stored in /common/configs/cli/zebra.conf, here is an example of what the configuration looks like:

Armed with this knowledge, it was pretty straight forward in developing an automated way of deploying and configuring vShield Manager. I created a script called deployvShieldManager.sh which utilizes guestOpsManagement.pl, vCLI and ovftool. It's recommended that you use vMA and install ovftool to quickly get started. At a high level, the script is doing the following:

  1. Deploy vShield Manager OVA using ovftool
  2. PowerOn vSM and wait 2 minutes for VMware Tools to be ready on the system
  3. Create new zebra.conf, backup the old zebra.conf and upload new zebra.conf using the new vSphere 5 VIX integration
  4. PowerOff vSM to force the configurations to be read in upon next bootup
  5. PowerOn vSM and it is now ready for use

At the top of the script, there are several configuration variables that need to be edited by the user to specify the vSM configuration, including vCenter and ESX(i) host to deploy vSM.

Here is a list of variables that need to be configured at the top of the deployvShieldManager.sh script:

Once you are done updating the variables, you are now ready to execute the script. Before the script performs any changes, it will first prompt the summary of configurations you have specified in the script. Once you are satisfiy, you may than proceed by typing "y" or "yes" to start, or if you would like to cancel, type "n" or "no".

Note: The script will perform some basic validation such as existence of the vShield Manager OVA, ovftool, etc. else you will get an error message and the script will exit.

Next, the script will perform the deployment of vSM using ovftool and proceed with the configuration of vSM once it has been deployed.

Note: If it takes longer to poweron vSM in your environment to get it into a ready state, you may want to tweak the sleep period from 120 seconds (2minutes) to something longer.

At this point, you now should see a new vShield Manager VM deployed and if you take a look at the summary page, you should see the new IP address and hostname configurations.

Now all that is left is to point your browser to the vSM address and you should be prompted to login to vShield Manager management interface.

Instead of manually deploying vShield Manager in your environment, you can now automate the initial deployment and configuration for general use or with VMware vCloud Director. For further automation and configuration of vShield manager, once vSM is online and accessible, you can leverage the vShield REST API.

8 thoughts on “How to Automate the Deployment & Configuration of vShield Manager 5

  1. @Virtu-Al,

    np, glad I could help. Looking forward to what you’ve been cooking even though I’ll get lost trying to figure how to run .ps1 script on a Linux system 😉

  2. Hi William, thanks for the script!

    when a run the guestOpsManagement.pl like this:
    ./guestOpsManagement.pl –server –username Hillmans –vm chbaitest –operation ls –guestusername root –filepath_src /var/log

    but i get wrong answer: Can’t locate URI/URL.pm in @INC (@INC contains: /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) at ./guestOpsManagement.pl line 36.
    BEGIN failed–compilation aborted at ./guestOpsManagement.pl line 36.

    do u know the reason. Thanks

  3. hello, i use this command: ./guestOpsManagement.pl –server –username Hillmans –vm 123 –guestusername root –guestpassword password –operation ls –filepath_src /var/log

    but i get wrong answer : Error: Server version unavailable at ‘’

    can u get the reason?

  4. Hi William,
    In my case it looks like authentication is not working for vShield Manager(admin/default), received below error while backing up zebra.conf..please guide.

    [[email protected] vCloud_auto]# ./guestOpsManagement.pl –server 10.x.x.x –username root –password ***** –vm vShieldManager554 –guestusername admin –guestpassword default –operation mv –filepath_src /common/configs/cli/zebra.conf –filepath_dst /common/configs/cli/zebra.conf.bak < /tmp/guestOpsAnswerFile
    Validating guest credentials in vShieldManager554 …
    SOAP Fault:
    Fault string: Failed to authenticate with the guest operating system using the supplied credentials.
    Fault detail: InvalidGuestLoginFault

Thanks for the comment!