VMware Virtual Center server sensor

The VMware Virtual Center server sensor discovers VMware Virtual Center servers and the elements that are managed by the servers. VMware Virtual Center is now known as VMware vCenter Server.

Sensor name that is used in the GUI and logs

VirtualCenterSensor

Elements discovered by the sensor

The sensor discovers the following elements that are managed by the Virtual Center server:
  • CPU resource pools
  • Data centers in a virtual center
  • Data store extents for VMware vSphere 4
  • Data stores that are created in each data center
  • Distributed virtual switches, uplinks, and port groups in each distributed virtual switch
  • Memory resource pools
  • Serial number of ESX servers
  • Virtual switches and port groups in each virtual switch
  • VMware clusters that are created in each data center
  • VMware ESX servers that are managed by a virtual center
  • IP Addresses for Virtual Machines

VMware ESX servers, which are discovered by the VMware ESX and Virtual Center server sensors, are merged after the discovery.

In the Discovery Management Console, a VM (virtual machine) is represented by a computer system icon that is blue and transparent.

The Virtual Center server sensor uses the VMware API to discover data, and the VMware API collects the following data:
  • Attribute data that is required to match naming rules and to create a valid stand-alone VM instance
  • Certain basic information that the VMware ESX server provides through the vmware-cmd command
  • The attribute primaryMACAddress, which is required to reconcile the shallow virtual instance with any physical instance that can be discovered
  • The attribute vmwareUUID, which is required to reconcile the virtual computer instances that are discovered before and after migrations using VMotion.
There are four user scenarios for a Virtual Center and ESX server discovery:
  • All-inclusive: The discovery scope contains ESX and Virtual Center servers.

    The result displays the ESX and Virtual Center servers. ESX servers that are managed by the Virtual Center servers are displayed in one of the data centers or clusters in the virtual center. All virtual and physical instances, discovered by the Virtual Center and ESX sensors are reconciled. The physical instances have a virtual attribute set to true.

  • ESX server Only: The discovery scope contains ESX servers.

    The result displays the ESX servers that are discovered by the ESX sensor. ESX servers with typical attributes for example, model are displayed. The Virtual Center sensor is not started.

  • Virtual Center Server Only: The discovery scope contains Virtual Center servers.

    The result displays the ESX servers and virtual computers that are discovered by the Virtual Center sensor.

  • Virtual Center and VM: The discovery scope contains Virtual Center servers and all virtual computers.

    The results display all the virtual computers, with all the physical, and virtual attributes set to true. The virtual computers are displayed in the Virtual Systems tab of the respective ESX server.

Prerequisites

The VMware Virtual Center server service is running on the target windows computer. The VMware Virtual Centre server sensor may be started by listening port, by process template match or both. By default, sensor is started by process template match.
Restriction: This prerequisite does not apply to vCSA (Virtual Center Server Appliance). vCSA is based on Linux technology and will be detected by TADDM using standard permissions, without the need for further prerequisites.

Fix Pack
3 For successful discovery of VMware vCenter Server Appliance 6, ports for Web Services communication must be defined. By default, ports 80 and 443 are defined. If your VMware vCenter Server Appliance 6 uses non-standard ports, modify the value of the portList property in the discovery profile. For details, see Configuring the discovery profile.

Support discovery of Virtual Center System Appliance through web ports

This enhancement can allow you to discover VCSA using web interfaces. There is a new configuration option in Port sensor to allow the specification of VCSA listening ports (vcsaListeningPortList) to be used to trigger seeding of VirtualCenterSensor.

Limitations

  • If port mentioned in `vcsaListeningPortList` is opened by some process other than VCSA, the VMware Virtual Center server sensor will show error.

Security issues

To discover the VMware Virtual Center server, you must set read-only permissions for the TADDM service account. The service account must have administrator privileges.

Connection to servers with SSL

The VMware Virtual Center server sensor can connect to servers with SSL in two modes - the default mode and a new mode.
The default mode
The default mode does not fully verify the certificate of a server. This mode allows connection even if the certificate is self-signed, expired or with an invalid host name. It rejects connection when other problems are found, like certificate chaining error. The default mode can be used with the default VMware certificates.
The new mode
The new mode fully verifies the certificate of a server. You can enable this mode by setting the strictCertificateCheck configuration property to true. When this mode is enabled, only valid certificates signed by trusted certificate authorities are accepted.
Importing self-signed certificates to TADDM
By setting the strictCertificateCheck property to true, you can connect with self-signed certificates. You must first import such a certificate to TADDM. Though self-signed certificates are trusted certificates, their validity is still verified.
To import such certificates, complete the following steps:
  1. Open the taddm/dist/osgi/plugins/com.ibm.cdb.discover.sys.vmware.vmwarecommon_* directory, where * is the version number of the sensor.
  2. Run the following command:
    java -cp lib/vmwarecommon.jar com.ibm.cdb.discover.sys.vmware.VmCertificateCollector ip:port
    where ip is the IP address of the VMware Virtual Center server sensor host, and port is the SSL port of that host.

Recommended Configuration

You should select the configuration port logically to avoid any false seeding of the VirtualCenterSensor (VCSA). It works best if these ports are acknowledged to a unique virtual center. If there is a specific list of ports, the listed ports shall specify the same listeners. These ports take account of the configuration changes on instances to avoid the collision.
Example:
  1. Example: 80 TCP vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects request to HTTPS port 443. This redirection is useful if you unintentionally use http://server instead of https://server.
  2. 443 TCP Default port that the vCenter Server system uses to listen for connections from the vSphere Web Client. To enable the vCenter Server system to receive data from the vSphere Web Client, open port 443 in the Firewall.
Ports 80,443 are ubiquitous ports and may appear a bad choice for seeding the VirtualCenterSensor, since they can cause many false positives for sensor invocations. It is recommended to provision more unique port (or lists of that port's possible values in a customer deployment) that shall be used in PortSensors `vcsaListeningPortList`.
  1. 514 TCP/UDP vSphere Syslog Collector port for vCenter Server on Windows and vSphere Syslog Service port for vCenter Server Appliance.
  2. 902 TCP/UDP Default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be blocked by firewalls between the server and the hosts or between hosts.