Adding SDDC Manager to CloudControl

1. From the Home tab, select Inventory > VCF.

2. On the VMware Cloud Foundation page, select Actions > Add SDDC Manager.

   Note: If there are no SDDC managers in your system, you can also click the Add SDDC Manager link on the VMware Cloud Foundation page.

3. On the About page, specify the following: 

   Field	Value
   IP/FQDN	Enter the SDDC Manager IP address or FQDN.
   Port	Enter the port used for the SDDC Manager, or accept the default.

4. Select Service Account or Managed Credentials Account.

   For a Service Account: 

   Field	Value
   Service Account	The SDDC Manager service account to be used for CloudControl. The user must have administrator privileges.
   Service Account Password	The password for the SDDC Manager service account.

   For a Managed Credentials Account:

   Field	Value
   Account	Select the managed credentials account that you want to use. If you have not yet created a managed credentials account, see Creating a Credential Management Account.
   Secret Name	For Secrets Vault, this is the secret name to be used to access the secret in the format box:secret that be found in the KeyControl webGUI. Where 'box' is the name of the box that contains the secret, and 'secret' is the name of the secret. For example, box1:secret1. For CyberArk, this is the secret ID.

5. Complete the following: 

   Field	Value
   Published IP/FQDN	Enter the Published IP address or FQDN.
   Published Netmask	Enter the Published Netmask.

6. Click Continue.

7. Review the certificate for the SDDC manager and click Approve.

8. On the NSX-T page, you can view the NSX-T Data Centers that were found in the SDDC Manager. The NSX-T Data Center is automatically added, but if you configure the Data Center you will also discover the logical switches and other NSX-T specific objects.

   If you would like to configure the NSX-T Data Centers, click Add to view the Configure NSX-T Data Center window for each NSX-T Data Center and complete the following:

   1. Enter the port used for the NSX-T Data Center, or accept the default.

      Note: The IP/FQDN value is already filled.

   2. Select Service Account or Managed Credentials Account.

      For a Service Account: 

      Field	Value
      Service Account	The NSX-T Data Center service account to be used for CloudControl. The same account must be used across all NSX-T Managers, and it must have administrator privileges.
      Service Account Password	The password for the NSX-T Data Center service account.

      For a Managed Credentials Account:

      Field	Value
      Account	Select the managed credentials account that you want to use. If you have not yet created a managed credentials account, see Creating a Credential Management Account.
      Secret Name	For Secrets Vault, this is the secret name to be used to access the secret in the format box:secret that be found in the KeyControl webGUI. Where 'box' is the name of the box that contains the secret, and 'secret' is the name of the secret. For example, box1:secret1. For CyberArk, this is the secret ID.

   3. Complete the following: 

      Field	Value
      Published IP/FQDN	The IP address or FQDN to use to route all traffic to this NSX-T Data Center.
      Published Netmask	The subnet mask to use to route all traffic to this NSX-T Data Center.

   4. Click Add.

9. Click Continue.

10. On the vCenters page, you can view the Platform Services Controllers (PSC) and vCenters that were found in the SDDC Manager.

    1. View and approve the certificates for the Platform Services Controllers and all vCenters that were discovered. The Approve checkbox must be checked for all certificates before you can add the vCenter.

       • Certificates from a trusted source have the Approve checkbox checked automatically.
       • Click the Certificate link to view the certificate details. Click Approve to populate the approve checkbox for the certificate, or click the x icon to close the window.
       • Certificates without a certificate authority are displayed with a warning icon. Click the link in the tool tip to add a CA. For more information, see Installing a Certificate Authority. You can manually approve these certificates by checking the Approve checkbox.
       • Certificates that are invalid or expired are displayed with an error icon. These certificates cannot be approved.

       All vCenter and PSC certificates are displayed on the Certificate Authorities tab on the Certificates page.

    2. Determine if you want to use a single Published IP for each vCenter or a Published IP Range to be used for all current and future vCenters in this ELM.

       Important: If you plan to use Access Control, you must have a Published IP address or range.

       • For a Published IP, click the Configure link in the Published IP column of the vCenter table, enter the Published IP Address and Netmask, and click Apply.
       • For a Published IP Range, enter the Published IP Address and Netmask in the Published IP Range section.

    3. When all certificates are approved, click Continue. 

       Note: You cannot click Continue until all of the Approve checkboxes are checked.

11. On the Details page, you can monitor the process as all of your SDDC Manager information is collected.

12. On the Onboard Hosts page, you can view the ESXi hosts that were discovered, remove hosts, or add additional hosts to be added to CloudControl. Select the hosts that you want to add and click Onboard Hosts.

    You must add ESXi hosts before you can run Configuration Hardening policies (assessment and remediation) against your hosts.

13. On the Hosts Credentials page, you can add or import the credentials for your ESXi hosts.

    • To add credentials:

      1. Select one or more ESXi hosts that share the same credentials and click the Missing link in the Credentials column.
      2. In the Add Host Credentials window, enter the User Name and Password for the ESXi hosts and click Apply.

         The Credentials column for each host displays the status. This can be one of the following: 

         • Missing
         • Valid
         • Invalid

    • To import credentials, you will need to upload a CSV file in the following format: 

      ESXINAME FQDN, PASSWORD, USERNAME

      1. Select one or more ESXi hosts that share the same credentials and click Import Credentials.
      2. Select the file that you want to import and click Continue.
      3. Review the summary on the Discovered page.
      4. Click Apply.

    Important: If you do not add the credentials, then you cannot run Configuration Hardening policies (assessment and remediation) against your hosts.

14. After you have added the credentials, you can enable Global PIP. Global PIP is disabled by default. For more information, see Enabling and Disabling Global PIP .
15. Click Continue to view the dashboard for the SDDC Manager.

What to Do Next 

• Review your VCF inventory (See Viewing VCF Inventory)
• View the Certificate Authorities that have been imported (See Viewing Certificate Details)