{"id":1307,"date":"2021-10-26T10:01:15","date_gmt":"2021-10-26T08:01:15","guid":{"rendered":"https:\/\/nine30.info\/?p=1307"},"modified":"2021-10-26T10:01:15","modified_gmt":"2021-10-26T08:01:15","slug":"credential-less-service-discovery-with-vrops","status":"publish","type":"post","link":"https:\/\/nine30.nxt70.com\/index.php\/2021\/10\/26\/credential-less-service-discovery-with-vrops\/","title":{"rendered":"Credential-less Service Discovery with vROps"},"content":{"rendered":"\n<p>vRealize Operations (On-Premise and SaaS) allows you to discover services running in each VM and then builds relationship or dependency between the services from different VMs. In addition to that you are provided with basic metrics and properties for discovered services. \u200bvROps Service Discovery supports some services, but not any service, the supported services are listed <a href=\"https:\/\/docs.vmware.com\/en\/VMware-vRealize-Operations-Cloud\/services\/config-guide\/GUID-4E773B55-DB52-4526-B734-073DB8D81B89.html\">here<\/a>. <\/p>\n\n\n\n<p>To discover applications\/services and their relationships and to access basic metrics\/properties, you can either provide guest operating system credentials with appropriate privileges or use the credential-less approach to discover services. To me the first option, provide <meta charset=\"utf-8\"> guest operating system credentials, is a viable option only when default accounts for guest operating systems are in use and this is a quite rare situation in real life. For this reason I am focusing here on the credential-less approach which requires little efforts and no credentials  for the managed guest operating systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Requirements<\/h2>\n\n\n\n<p>Here I am assuming you have an instance of vROps On-Premise or Cloud already deployed and collecting data from at least vCenter. The screenshots in the rest of this post are taken from vROps Cloud, but the same applies to the On-Prem deployment. You can notice the SaaS version already includes the UI updates introduced with vROps 8.6.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility Matrix<\/h3>\n\n\n\n<p>To leverage credential-less service discovery you need an environment with the followings:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>\u200bvCenter version = 6.7u3g and above <\/li><li>ESXi version = 6.7p2 or 7.0 and above <\/li><li>VM hardware version = 9 or above <\/li><li>Linux VMware Tools version = 11.1.5 or 11.2.0<\/li><li>\u200bWindows VMware Tools version = 11.1.0 or above<\/li><li>vROps SaaS or On-Premise 8.1 or above<\/li><\/ul>\n\n\n\n<p>The requirements above are a bit rounded up, you can access the following KB articles and docs for full details:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>\u200bSee <a href=\"https:\/\/kb.vmware.com\/s\/article\/78216\">KB 78216<\/a> for Credential-less Service Discovery in vROps<\/li><li>See <a href=\"https:\/\/kb.vmware.com\/s\/article\/2143838\">KB 2143838 <\/a>for vCenter version and build numbers <\/li><li>See <a href=\"https:\/\/kb.vmware.com\/s\/article\/2143832?lang=en_US\">KB 2143832<\/a> for ESXi version and build numbers<\/li><li>See <a href=\"https:\/\/docs.vmware.com\/en\/vRealize-Operations\/8.6\/com.vmware.vcom.core.doc\/GUID-81922676-399B-4A05-A3AF-723CC804D197.html\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a> for supported platforms and products<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network Requirements<\/h3>\n\n\n\n<p>Your vROps (Cluster, Remote Collector or Cloud Proxy) in addition to access to vCenter Server on HTTPs\/443 needs to have access on HTTPs\/443 to ESXi nodes that host the VMs where services should be discovered.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">vCenter Account Privileges<\/h3>\n\n\n\n<p>In addition to privileges to manage vSphere environment you need the following specific privileges for credential-less approach to discover services:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Service Configuration -&gt; Manage service configurations<\/li><li>Service Configuration -&gt; Modify service configuration<\/li><li>Service Configuration -&gt; Query service configurations<\/li><li>Service Configuration -&gt; Read service configuration<\/li><\/ul>\n\n\n\n<p>There are few other requirements specific for service discovery and credential-less service discovery such as commands and utilities available on the guest operating systems. They are accessible <a href=\"https:\/\/docs.vmware.com\/en\/vRealize-Operations\/8.6\/com.vmware.vcom.core.doc\/GUID-E02AF39E-748F-406B-9464-84DE826C82AC.html\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>. In my view there is no point into assess these requisites in advance in environments with hundreds or thousands of VMs, to me these are just useful to troubleshoot discovery failure on specific VMs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configure Credential-less Service Discovery<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>From the left menu, click <strong>Data Sources<\/strong> &gt; <strong>Integrations<\/strong><\/li><li>From the&nbsp;<strong>Integrations<\/strong>&nbsp;page, click the&nbsp;vCenter Server&nbsp;instance from the list and then select the&nbsp;<strong>Service Discovery<\/strong>&nbsp;tab <\/li><li>To enable service discovery in this&nbsp;vCenter Server, enable the&nbsp;<strong>Service Discovery<\/strong>&nbsp;option <\/li><li>To enable application discovery in this&nbsp;vCenter Server, select the&nbsp;<strong>Enable Application Discovery<\/strong>&nbsp;check box <\/li><li>Optionally you can also enable grouping of the application, select <strong>Enable Business Application Discovery and Grouping<\/strong> check box<\/li><li>Click <strong>Save<\/strong><\/li><\/ul>\n\n\n\n<p>See the screenshot below as a reference. Please, note that we are NOT providing default username\/password and we are NOT providing alternate credentials.<\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"1334\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/10\/03.configure.discovery-1024x557.png\" alt=\"\" class=\"wp-image-1334\"\/><\/figure>\n<\/figure>\n\n\n\n<p>In order to check that credential-less service discovery is enabled do the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>From the left menu, click <strong>Data Sources<\/strong> &gt; <strong>Integrations<\/strong><\/li><li>From the&nbsp;<strong>Integrations<\/strong>&nbsp;page, click the <strong>&gt;<\/strong> icon close to the&nbsp;vCenter and than <strong>&gt;<\/strong> close to your vCenter Server&nbsp;instance from the list<\/li><li>Click &lt;your cloud account name &gt; &#8211; <strong>Service Discovery<\/strong> (in my case IberiaLab &#8211; Service Discovery see screenshot below)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-2 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"1335\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/10\/05.configured.account.details-1024x557.png\" alt=\"\" class=\"wp-image-1335\"\/><\/figure>\n<\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>In the <strong>Advanced Settings<\/strong> section make sure <strong>Credential-less service discovery<\/strong> is enabled (see screenshot below)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-3 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"1336\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/10\/06.account.discovery.details-1024x557.png\" alt=\"\" class=\"wp-image-1336\"\/><\/figure>\n<\/figure>\n\n\n\n<p>At this stage you just need vROps to collect data and in a matter of few collection cycles you should be able to see discovered services on VMs as well as discovered applications. Discovered services are related to VMs, while applications are groups of services.<\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-4 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"1337\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/10\/03.service.discovery.ad_-1024x557.png\" alt=\"\" class=\"wp-image-1337\"\/><\/figure>\n<\/figure>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-5 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"1338\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/10\/07.search.services.iis_.drilldown-1024x557.png\" alt=\"\" class=\"wp-image-1338\"\/><\/figure>\n<\/figure>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-6 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"1339\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/10\/01.business.app_.details-1024x557.png\" alt=\"\" class=\"wp-image-1339\"\/><\/figure>\n<\/figure>\n\n\n\n<p>For discovred services vRops collects few metrics and properties (see screenshots below) these are NOT intended to provide up\/down monitoring capability or to be used for configuration management purposes. They are intended to provide VI admins a little bit of visibility of what&#8217;s happening within VMs allowing them to improve operations procedure, better infrastructure management and speedup troubleshooting.<\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-7 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"1340\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/10\/08.service.details-1024x557.png\" alt=\"\" class=\"wp-image-1340\"\/><\/figure>\n<\/figure>\n\n\n\n<p>From this you might proceed installing Telegraf agents in order to enable application visibility within VMs and expand service monitoring. Hope this helps!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>vRealize Operations (On-Premise and SaaS) allows you to discover services running in each VM and then builds relationship or dependency between the services from different VMs. In addition to that you are provided with basic metrics and properties for discovered services. \u200bvROps Service Discovery supports some services, but not any service, the supported services are&hellip; <a class=\"more-link\" href=\"https:\/\/nine30.nxt70.com\/index.php\/2021\/10\/26\/credential-less-service-discovery-with-vrops\/\">Continue reading <span class=\"screen-reader-text\">Credential-less Service Discovery with vROps<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":1341,"comment_status":"open","ping_status":"open","sticky":false,"template":"templates\/template-cover.php","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[16,45,56,153,174,175,178,185,187],"class_list":["post-1307","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech","tag-applications","tag-credential-less","tag-discovery","tag-services","tag-virtualmachines","tag-visibility","tag-vmware","tag-vrealize","tag-vrealizeoperations","entry"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/posts\/1307","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/comments?post=1307"}],"version-history":[{"count":0,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/posts\/1307\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/media?parent=1307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/categories?post=1307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/tags?post=1307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}