Change vCAC Deployment to Use SSL and HTTPS
When you initially install the the vCloud Automation Center (vCAC) solution you have the option to install with communication on either HTTP or HTTPS. Since the install with HTTP is easier because you don’t need to generate SSL Certificates for IIS, this is often the route that is taken in lab or test environments. While not easy, you do have the option of converting your installation over to HTTPS by making the following changes to the vCAC server components.
Note: The lines below <!–HTTP–> designate the HTTP version of the line and the lines below <!–HTTPS–> designate the HTTPS version. Only one of the lines is necessary and the <!–HTTP–> / <!–HTTPS–> sections should not be included in the configuration files.
- Stop all vCAC Services (manager service, DEMs, Agents)
- Import SSL Certificate to the Model Manager and Web Portal IIS Servers
- Set Bindings for HTTPS (443) and Select the newly imported SSL Certificate
- Modify the web.config file located in C:\Program Files (x86)\DynamicOps\Self-Service Portal:
<appSettings> ... <!--HTTP--> <add key="repositoryAddress" value="http://VCAC-DEMO:80/repository/"/> <!--HTTPS--> <add key="repositoryAddress" value="https://VCAC-DEMO:443/repository/"/> ... </appSettings> |
<client> ... <!--HTTP--> <endpoint address="VCAC-DEMO:9003/VMPS" binding="basicHttpBinding" contract="DynamicOps.VMPS.Contracts.IProvision" name="ProvisionProxy" bindingConfiguration="basicHttp" behaviorConfiguration="ProvisionServiceBehavior"/> <endpoint address="http://VCAC-DEMO:9003/VMPS/MachineEvents" binding="basicHttpBinding" contract="DynamicOps.VMPS.Contracts.IMachineEvents" name=""/> <endpoint address="http://VCAC-DEMO:9003/VMPS/Administration" binding="basicHttpBinding" contract="DynamicOps.VMPS.Contracts.IAdministration" name=""/> <!--HTTPS--> <endpoint address="https://VCAC-DEMO:443/VMPS" binding="basicHttpBinding" contract="DynamicOps.VMPS.Contracts.IProvision" name="ProvisionProxy" bindingConfiguration="basicHttp" behaviorConfiguration="ProvisionServiceBehavior"/> <endpoint address="https://VCAC-DEMO:443/VMPS/MachineEvents" binding="basicHttpBinding" contract="DynamicOps.VMPS.Contracts.IMachineEvents" name=""/> <endpoint address="https://VCAC-DEMO:443/VMPS/Administration" binding="basicHttpBinding" contract="DynamicOps.VMPS.Contracts.IAdministration" name=""/> ... </client> |
- Modify the web.config file located in C:\Program Files (x86)\DynamicOps\DCAC Server\Website\
<appSettings> ... <!--HTTP--> <add key="repositoryAddress" value="http://VCAC-DEMO:80/repository/"/> <!--HTTPS--> <add key="repositoryAddress" value="https://VCAC-DEMO:443/repository/"/> ... </appSettings> |
- Modify the web.config file located in C:\Program Files (x86)\DynamicOps\DCAC Server\Report.Website\
<appSettings> ... <!--HTTP--> <add key="repositoryAddress" value="http://VCAC-DEMO:80/repository/"/> <!--HTTPS--> <add key="repositoryAddress" value="https://VCAC-DEMO:443/repository/"/> ... </appSettings> |
- Modify the managerservice.exe.config file located in C:\Program Files (x86)\DynamicOps\DCAC Server
<appSettings> ... <!--HTTP--> <add key="repositoryAddress" value="http://VCAC-DEMO:80/repository/"/> <!--HTTPS--> <add key="repositoryAddress" value="https://VCAC-DEMO:443/repository/"/> ... </appSettings> ... <!--HTTP--> <serviceConfiguration serviceUri="http://VCAC-DEMO:9003/VMPS" websiteUri="" authorizationStore="mssql://Driver={SQL Server};server=VCAC-DEMO\sqlexpress;/DCAC/Repository" authorizationStoreCacheRefreshInterval="00:00:00" connectionString="Data Source=VCAC-DEMO\sqlexpress;Initial Catalog=DCAC;Integrated Security=True;MultipleActiveResultSets=True;Connect Timeout=200; pooling=True; Max Pool Size=200" connectionStringConfig="Data Source=VCAC-DEMO\sqlexpress;Initial Catalog=DCAC;Integrated Security=True;MultipleActiveResultSets=True" workflowRuntimeSection="WorkflowRuntime" emailProvider="DynamicOps.VRM.ActiveDirectoryEmailPlugin.ActiveDirectoryEmailPlugin, DynamicOps.VRM.ActiveDirectoryEmailPlugin" VmpsMasterControl="false" EnterpriseAdminHasGroupAdminRights="true" attachmentFileShare="" licenseFilePath="lic.xml"/> <!--HTTPS--> <serviceConfiguration serviceUri="https://VCAC-DEMO:443/VMPS" websiteUri="" authorizationStore="mssql://Driver={SQL Server};server=VCAC-DEMO\sqlexpress;/DCAC/Repository" authorizationStoreCacheRefreshInterval="00:00:00" connectionString="Data Source=VCAC-DEMO\sqlexpress;Initial Catalog=DCAC;Integrated Security=True;MultipleActiveResultSets=True;Connect Timeout=200; pooling=True; Max Pool Size=200" connectionStringConfig="Data Source=VCAC-DEMO\sqlexpress;Initial Catalog=DCAC;Integrated Security=True;MultipleActiveResultSets=True" workflowRuntimeSection="WorkflowRuntime" emailProvider="DynamicOps.VRM.ActiveDirectoryEmailPlugin.ActiveDirectoryEmailPlugin, DynamicOps.VRM.ActiveDirectoryEmailPlugin" VmpsMasterControl="false" EnterpriseAdminHasGroupAdminRights="true" attachmentFileShare="" licenseFilePath="lic.xml"/> ... |
NOTE: In the next section, please be aware of the change from mexHttpBinding to mexHttpsBinding and the change from httpGetUrl to httpsGetUrl and httpGetEnabled to httpsGetEnabled
<system.serviceModel> <services> ... <service name="DynamicOps.VMPS.Service.ProxyAgentService" behaviorConfiguration="ProxyAgentServiceBehavior"> ... <!--HTTP--> <endpoint address="http://VCAC-DEMO/VMPS2" bindingConfiguration="ProxyAgentBinding" binding="basicHttpBinding" contract="DynamicOps.VMPS.Contracts.IVMPSProxyAgent"/> <endpoint address="http://VCAC-DEMO:9001/VMPS2/mex" binding="mexHttpBinding" contract="IMetadataExchange"/> <!--HTTPS--> <endpoint address="https://VCAC-DEMO:443/VMPS2" bindingConfiguration="ProxyAgentBinding" binding="basicHttpBinding" contract="DynamicOps.VMPS.Contracts.IVMPSProxyAgent"/> <endpoint address="https://VCAC-DEMO:443/VMPS2/mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> ... </service> ... <service name="DynamicOps.Common.Tasks.TaskDispatcherServiceHost"> ... <!--HTTP--> <endpoint binding="basicHttpBinding" contract="DynamicOps.Common.Tasks.ITaskDispatcher"/> <!--HTTPS--> <endpoint binding="basicHttpBinding" contract="DynamicOps.Common.Tasks.ITaskDispatcher" bindingConfiguration="TaskDispatcherBinding"/> ... </service> ... </services> ... <bindings> <basicHttpBinding> <binding name="ProxyAgentBinding" maxReceivedMessageSize="6553600"> <readerQuotas maxStringContentLength="6553600"/> <!--Add Security Section For HTTPS--> <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> <binding name="ProvisionServiceBinding" maxReceivedMessageSize="6553600"> <readerQuotas maxStringContentLength="6553600" maxArrayLength="104857600"/> <!--Add Security SectionFor HTTPS--> <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> <binding name="VrmApprovalServiceBinding" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"> </binding> <binding name="VrmApprovalServiceEndPoint" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/> <security mode="None"> <transport clientCredentialType="None" proxyCredentialType="None" realm=""/> <message clientCredentialType="UserName" algorithmSuite="Default"/> </security> </binding> <!--Add Binding Section For HTTPS--> <binding name="TaskDispatcherBinding"> <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> </basicHttpBinding> <netTcpBinding> <binding name="ServiceBinding"/> </netTcpBinding> </bindings> <behaviors> <serviceBehaviors> ... <behavior name="ProxyAgentServiceBehavior"> <!--HTTP--> <serviceMetadata httpGetUrl="http://VCAC-DEMO/VMPS2" httpGetEnabled="true"/> <!--HTTPS--> <serviceMetadata httpsGetUrl="https://VCAC-DEMO:443/VMPS2" httpsGetEnabled="true"/> </behavior> ... </serviceBehaviors> </behaviors> </system.serviceModel> |
- Modify the DynamicOps.DEM.exe.config in C:\Program Files (x86)\DynamicOps\Distributed Execution Manager\<DEM_Name>\
<appSettings> ... <!--HTTP--> <add key="repositoryAddress" value="http://VCAC-DEMO:80/repository/"/> <!--HTTPS--> <add key="repositoryAddress" value="https://VCAC-DEMO:443/repository/"/> ... </appSettings> |
<system.serviceModel> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_Provision" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:04:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/> <!--Add Security Section For HTTPS--> <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> </basicHttpBinding> </bindings> ... <client> <!--HTTP--> <endpoint address="http://VCAC-DEMO:9003/VMPS" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Provision" contract="Provision" name="BasicHttpBinding_Provision"/> <!--HTTPS--> <endpoint address="https://VCAC-DEMO:443/VMPS" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Provision" contract="Provision" name="BasicHttpBinding_Provision"/> </client> </system.serviceModel> |
- Modify the VRMAgent.exe.config file located in C:\Program Files (x86)\DynamicOps\DCAC Agents\<Agent_Name>\
<appSettings> ... <!--HTTP--> <add key="repositoryAddress" value="http://VCAC-DEMO/repository/"/> <!--HTTPS--> <add key="repositoryAddress" value="https://VCAC-DEMO:443/repository/"/> ... </appSettings> |
<!--HTTP--> <serviceConfiguration workitemTimerInterval="00:00:02" agentName="Test" stateTimerInterval="00:01:00" pingTimerInterval="00:01:00" workitemThreadCount="50" workitemRetrievalCount="500" vrmUrl="http://VCAC-DEMO/VMPS2" activeQueueSize="500" executeState="false" executePing="true" executeWorkitemRetrieval="true" WorkItemCacheFile="C:\Program Files (x86)\DynamicOps\DCAC Agents\Test\temp\WorkItems.bin"/> <!--HTTPS--> <serviceConfiguration workitemTimerInterval="00:00:02" agentName="Test" stateTimerInterval="00:01:00" pingTimerInterval="00:01:00" workitemThreadCount="50" workitemRetrievalCount="500" vrmUrl="https://VCAC-DEMO:443/VMPS2" activeQueueSize="500" executeState="false" executePing="true" executeWorkitemRetrieval="true" WorkItemCacheFile="C:\Program Files (x86)\DynamicOps\DCAC Agents\Test\temp\WorkItems.bin"/> |
<applicationSettings> <DynamicOps.Vrm.Agent.Core.Properties.Settings> <setting name="DynamicOps_Vmps_Agent_Core_VMPSAgentService_ProxyAgentService" serializeAs="String"> <!--HTTP--> <value>http://VCAC-DEMO/VMPS2</value> <!--HTTPS--> <value>https://VCAC-DEMO:443/VMPS2</value></setting> </DynamicOps.Vrm.Agent.Core.Properties.Settings> </applicationSettings> |
<system.serviceModel> <client> <!--HTTP--> <endpoint name="Tasks" binding="basicHttpBinding" contract="DynamicOps.Common.Tasks.ITaskDispatcherClient"/> <!--HTTPS--> <endpoint name="Tasks" binding="basicHttpBinding" contract="DynamicOps.Common.Tasks.ITaskDispatcherClient" bindingConfiguration="AgentBinding"/> </client> ... <!--Add Bindings Section For HTTPS--> <bindings> <basicHttpBinding> <binding name="AgentBinding"> <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> </basicHttpBinding> </bindings> </system.serviceModel> |
- (If Necessary) Modify the CloudUtil.exe.config file for Design Center installations
<appSettings> ... <!--HTTP--> <add key="repositoryAddress" value="http://localhost:80/repository/"/> <!--HTTPS--> <add key="repositoryAddress" value="https://localhost:443/repository/"/> ... </appSettings> |
- Run IISReset on all web component servers
- Restart the vCAC Manager Service
- Restart the vCAC DEMs





