VMware discoveries
VMware vSphere discoveries list the resources in a VMware infrastructure through the vSphere API.
There exist in Cyberwatch two kinds of VMware discoveries :
- General vSphere discoveries, listing virtual machines.
- ESXi discoveries, listing hypervisors.
Prerequisites
- Consultation account with read-only access to virtual machines
Configuring the vSphere account
It is recommended to create a read-only account dedicated to Cyberwatch. That account requires at least read permissions on the virtual machines you want to scan. Your may configure the account properties from the vSphere administration interface. On insufficient permissions, the discovery will generate an incomplete or empty list of discovered assets, or even an error.
The authentication credentials for accessing the vSphere API are the same as the login credentials for the web interface, i.e. a username like user@domain
with a password.
To register your vSphere credentials into Cyberwatch:
- Go to Stored credentials, and click Add
- Select type VMware vSphere.
- Fill in the name of the credential set.
- Specify the URL endpoint to the vSphere API, like
https://…/sdk
. This is expected to be the same URL as the web interface, with/ui
replaced by/sdk
. - Fill in the remaining fields and confirm.
Create a virtual machines discovery
- From Discoveries, click Add. Click VMware vSphere in the Local infrastructure category.
- Enter the name of the scan.
- Select optional groups that will be affected to the scan.
- Choose the source of the scan (the Cyberwatch machine that will run the operation).
- Using the Credentials selector, select the vSphere account registered in previous steps.
- Select the discovery mode in order to choose which information will be used to list the discovered assets.
- Choose a recurrence. The default value 0 days means the scan will be launched only once.
- Optional - Select an agentless mode connection credential.
- Click Confirm.
When created, the discovery is immediately started as a background task. You may check state of the task any time from Discoveries.
Create a hypervisors discovery
VMware ESXi discoveries use the vSphere API to list hypervisors by their path in the VMware inventory.
- From Discoveries, click Add. Click VMware ESXi in the Local infrastructure category.
- Enter the name of the scan.
- Select optional groups that will be affected to the scan.
- Choose the source of the scan (the Cyberwatch machine that will run the operation).
- Using the Credentials selector, select the vSphere account registered in previous steps.
- Choose a recurrence. The default value 0 days means the scan will be launched only once.
- Click Confirm.
Register discovered hypervisors
Discovered hypervisors may be registered as agentless connections as follows:
- From menu Discoveries, access to the list of assets discovered by clicking on the corresponding List button on the right of the table.
- Select the hypervisors to register.
- Click on Bulk actions > Scan with agentless connections.
- Select a set of VMware vSphere credentials. This type of connection must be authorized in the Administration > Connectors menu by selecting the VMware vSphere checkbox.
Notes:
- The address field of the agentless connection will be pre-populated with the path of the asset in the used vSphere inventory.
- The connection is made through the vSphere API used by the discovery. Therefore, the credentials used for this connection must be the same as those used by the discovery (not ESXi specific credentials).
- It is also possible to perform the discovery on the ESXi API, especially in a configuration without vCenter.