Specific permissions are required for each account used to add products to the Skyline Collector.

There are two types of data collection with Skyline.

  1. Product Usage Data - Used to notify you of potential issues, security vulnerabilities, impacts to usability, and configuration recommendations. This information is presented to you as Findings within Skyline.

  2. Diagnostic Data - Used to assist in troubleshooting a VMware Support Request. This type of data is usually referred to as support bundles, or log bundles.

The following provides details for the minimum required privileges for each product to collect product usage data, and support bundles.

Important:

For some products, the required privileges to collect product usage data, and support bundles, may be different.

VMware Aria Operations (Optional)

You can add VMware Aria Operations to the Skyline Collector.

Note:

Skyline Log Assist does not support the transferring of support bundles to VMware GSS. Any VMware Aria Operations instances added to a Skyline Collector will not appear within Log Assist page of Skyline Advisor.

To add VMware Aria Operations to the Skyline Collector, follow these steps:

Prerequisites

The following permission is required for the account to add VMware Aria Operations to the Skyline Collector.

  • VMware Aria Operations Read-Only Role

  • Clone or Edit Read-Only role and add the Administration --> Licensing --> Licensing Page permission.

This permission is sufficient for collecting licensing and product usage data.

Important:

You must assign the required role to a user account. Assigning the required role to a group, and using a user account within that group to add VMware Aria Operations to the Skyline Collector will fail the privileges check within Skyline Advisor.

Procedure

  1. Enter the FQDN/IP Address of the VMware Aria Operations.
  2. Enter a Account Username.

    • user - local user to VMware Aria Operations.

    • user@WorkspaceONE - user external to VMware Aria Operations, with authSource "WorkspaceONE" defined in any of the authentication types (VC, OPEN_LDAP, ACTIVE_DIRECTORY, VIDM)

    • user@WorkspaceONE@@VIDM - user external to VMware Aria Operations, with authSource "WorkspaceONE" defined in VIDM authType, where the same authSource exists in another authType.

  3. Enter the User Account Password.
  4. To complete adding the VMware Aria Operations to the Skyline Collector, click Add.

Results

VMware Aria Operations has been added to the Skyline Collector.

Horizon View (Optional)

You can add Horizon View to the Skyline Collector.

Important:

If you are using a Horizon Cloud POD architecture, only add a single Horizon Connection Server to the Skyline Collector. Adding multiple Horizon Connection Servers to the Skyline Collector will result in duplicate Horizon Connection Server entries within Skyline Advisor, in Inventory, Findings & Recommendations, and Log Assist.

Note: If the Horizon Connection Server added to the Skyline Collector is unavailable, Log Assist will not be available for any of the remaining Horizon Connection Servers within the Cloud POD architecture. In this situation, please use My VMware, or SFTP, to transfer support bundles to VMware for the remaining Horizon Connection Servers in the Cloud POD architecture.

Note: If the Horizon Connection Server added to the Skyline Collector is unavailable, product usage data for the remaining Horizon Connection Servers within the Cloud POD architecture will not be collected. Findings, and Affected Objects, will not be updated accurately within Skyline Advisor until the Horizon Connection Server added to the Skyline Collector is available again to Skyline.

To add Horizon to the Skyline Collector, follow these steps:

Prerequisites

The following permissions are required for the account used to add the Horizon Connection Server to the Skyline Collector. These permissions are sufficient for both collecting product usage data, and transferring support bundles with Log Assist.

  • Administrator (read-only) Role

  • Collect Operation Logs

Important:

Horizon version 7.10, or above, is required to transfer support bundles to VMware, using Skyline Log Assist.

If you are using Skyline Collector version 2.3, or below, you must create a new role for Horizon View with the Collect Operations Logs permission. The role must be named LogCollector.

If the role is not name LogCollector:

On the Collector Details page, the Status of Horizon is:Insufficient Privileges.

On the Initiate Log Transfer page, the Privileges check for Horizon fails.

You cannot transfer support bundles to VMware GSS using Skyline Log Assist. This role name requirement is removed in Skyline Collector version 2.4, and above.

For detailed instructions for how to create a user account with the given permissions, see Knowledge Base Article 59661.

Procedure

  1. Enter the FQDN/IP Address of the Horizon Connection Server.
  2. Enter a Account Username.
  3. Enter the Account Password.
  4. To complete adding the Horizon Connection Server to the Skyline Collector, click Add.

Results

Horizon has been added to the Skyline Collector.

NSX-V (Optional)

You can add NSX-V to the Skyline Collector.

Prerequisites

For NSX-V version 6.4.5 and below, the NSX Auditor role does not have sufficient privileges to generate and collect support bundles from NSX-V objects. To generate and collect support bundles from NSX-V objects, a user account with the NSX Administrator role is required. Therfore, you have two options for adding NSX-V version 6.4.5 to a Skyline Collector.

For the collection of product usage data only:

  • NSX Auditor

Important:

If an account with the NSX Auditor role is used to add NSX-V, the following is displayed within Skyline Advisor:

  • On the Collector Details page, the Status of NSX-V is: Insufficient Privileges.

  • On the Initiate Log Transfer page, the Privileges check for NSX-V, and all NSX-V components fail.

If using an account with the NSX Auditor role, you cannot transfer support bundles to VMware GSS using Skyline Log Assist.

For the collection of both product usage data, and transferring support bundles with Log Assist:

  • NSX Administrator

For NSX-V version 6.4.6, and above:

The NSX Auditor role in NSX-V version 6.4.6 supports the ability to transfer NSX Edge support bundles. This capability was not available in NSX-V versions previous to 6.4.6. Therefore, a user account assigned the NSX Auditor role can be used for product usage data collection, and for the transferring of support bundles using Log Assist.

For the collection of both product usage data, and transferring support bundles with Log Assist:

  • NSX Administrator

Important:

You must assign the required permission to a user account. Assigning the required permission to a group, and using a user account within that group to add NSX-V to the Skyline Collector will fail the privileges check within Skyline Advisor.

For detailed instructions for how to create a user account with the given permissions, see Knowledge Base Article 59661.

To add NSX-V to the Skyline Collector, follow these steps:

Procedure

  1. Enter the FQDN/IP Address of the NSX-V Manager.
  2. Enter a Account Username.
  3. Enter the Account Password.
  4. To complete adding NSX-V to the Skyline Collector, click Add.

Results

NSX-V has been added to the Skyline Collector.

NSX-T (Optional)

You can add NSX-T to the Skyline Collector.

Attention:

Skyline supports adding local managers to Collector as part of federated setup and standard functionality will be enabled; adding global managers is not available for NSX-T.

Please note the following:

  • Skyline Collector does not support adding global managers

  • Skyline Collector does not update the inventory view for NSX-T to depict federated setup

  • Skyline Collector does not collect data regarding federated setup

To add NSX-T to the Skyline Collector, follow these steps:

Prerequisites

For NSX-T, the NSX Auditor role does not have sufficient permissions to generate and collect support bundles from NSX-T objects. To generate and collect support bundles from NSX-T objects, a user account with the NSX Administrator role is required. For NSX-T version 3.2 and above, you can use NSX-T Support Bundle Collector role to generate and collect support bundles. Therefore, you have two options for adding NSX-T to a Skyline Collector.

For the collection of product usage data only:

  • NSX Auditor

Important:

If an account with the NSX Auditor role is used to add NSX-T, the following is displayed within Skyline Advisor:

  • On the Collector Details page, the Status of NSX-T is: Insufficient Privileges.

  • On the Initiate Log Transfer page, the privileges check for NSX-T fails.

If using an account with the NSX Auditor role, you cannot transfer support bundles to VMware GSS using Skyline Log Assist.

For the collection of both product usage data and transferring support bundles with Log Assist:

  • NSX Enterprise Administrator

  • NSX Auditor + NSX-T Support Bundle Collector

Note:

The combination of NSX Auditor + NSX-T Support Bundle Collector role is only available in NSX-T versions 3.2 and later.

Important:

You must assign the required permission to a user account. Assigning the required permission to a group, and using a user account within that group to add NSX-T to the Skyline Collector fails the privileges check within the Skyline Advisor.

For detailed instructions for how to create a user account with the given permissions, see Knowledge Base Article 59661.

Procedure

  1. Enter the FQDN/IP Address of the NSX-T Manager nodes cluster virtual IP address (VIP). See Configure a Virtual IP Address for a Cluster (NSX-T Data Center documentation) for more details.
  2. Enter a Account Username.
  3. Enter the Account Password.
  4. To complete adding the NSX-T to the Skyline Collector, click Add.

Results

The NSX-T Manager has been added to the Skyline Collector.

VMware Cloud Foundation (Optional)

You can add VMware Cloud Foundation to the Skyline Collector.

To add VMware Cloud Foundation to the Skyline Collector, follow these steps:

Prerequisites

The following permissions are required for the account used to add SDDC Manager to the Skyline Collector. These permissions are sufficient for collecting product usage data.

  • SDDC Manager VIEWER Role: This role is sufficient for collecting product usage data

  • SDDC Manager ADMIN or OPERATOR Role: This role is sufficient for log assist

Note:

Log Assist is supported for VMware Cloud Foundation version 4.3.1 or higher.

Important:

You must assign the required permissions to the user account. Assigning the required permissions to a group, and using a user account within that group to add SDDC Manager to the Skyline Collector fails the privileges check within Skyline Advisor.

Procedure

  1. Enter the FQDN/IP Address of the SDDC Manager.
  2. Enter a Account Username for connecting to the SDDC Manager. This account must have the minimum required permissions.
  3. Enter the Account Password.
  4. To complete adding the SDDC Manager to the Skyline Collector, click Add.

Results

VMware Cloud Foundation has been added to the Skyline Collector.

What to do next

If you did not add the VMware Cloud Foundation components, such as NSX-T, or vRealize Operations to the Skyline Collector, please do so now. Skyline will not be able to provide VMware Cloud Foundation Findings unless all components of VMware Cloud Foundation have been added to the Skyline Collector.

You can add NSX-T, and vRealize Operations, to the Skyline Collector after completing the initial configuration of the Skyline Collector. After completing the initial configuration, login to the Skyline Collector, click Configuration, and the product to add to the Skyline Collector.

VMware Aria Suite Lifecycle (Optional)

You can add VMware Aria Suite Lifecycle to the Skyline Collector.

To add VMware Aria Suite Lifecycle to the Skyline Collector, follow these steps:

Prerequisites

There are no specific permissions required to add VMware Aria Suite Lifecycle to the Skyline Collector.

You can add VMware Aria Suite Lifecycle to Skyline Collector using local VMware Aria Suite Lifecycle user (such as admin@local).

To get a list of VMware Aria Automation Organizations associated with a VMware Aria Automation instance in Skyline Advisor, add VMware Aria Suite Lifecycle to Skyline Collector.

You must add VMware Aria Suite Lifecycle to Skyline Collector to enable Log Assist for VMware Aria Automation instances.

Important:

You must assign the required role to a user account. Assigning the required role to a group, and using a user account within that group to add VMware Aria Suite Lifecycle to the Skyline Collector will fail the privileges check within Skyline Advisor.

Procedure

  1. Enter the FQDN/IP Address of the VMware Aria Suite Lifecycle.
  2. Enter a Account Username for connecting to the VMware Aria Suite Lifecycle. This account must have the minimum required permissions.
  3. Enter the Account Password.
  4. Click Add.

Results

VMware Aria Suite Lifecycle has been added to the Skyline Collector. VMware Aria Automation instance gets automatically added when you add VMware Aria Suite Lifecycle.

VMware Aria Automation (Optional)

You can add VMware Aria Automation to the Skyline Collector.

To add VMware Aria Automation Organization to the Skyline Collector, follow these steps:

Prerequisites

The following permission is required for the account to add VMware Aria Automation Organization to the Skyline Collector.

  • Assembler Viewer (formerly Cloud Assembly Viewer)

  • Assembler Administrator (required for license usage)

This permission is sufficient for collecting product usage data.

Important:

  • You must add VMware Aria Suite Lifecycle to Skyline Collector to access proactive findings and enable Log Assist for VMware Aria Automation Instances.

  • Linking the VMware Aria Suite Lifecycle and VMware Aria Automation enables you to access the proactive findings for the VMware Aria Automation Organizations associated with VMware Aria Automation instances.

  • For VMware Aria Automation versions 8.12 and above, upgrade your Skyline collector to 3.5.0.1 to start collecting license usage data.

  • Licensing usage will not be collected without proper permissions.

Procedure

  1. Enter the FQDN/IP Address of the VMware Aria Automation Organization.
  2. Enter a Account Username for connecting to the VMware Aria Automation Organization. This account must have the minimum required permissions.
  3. Enter the Account Password.
  4. Click Add.

Results

VMware Aria Automation Organization has been added to the Skyline Collector.

VMware Aria Operations for Logs (Optional)

You can add VMware Aria Operations for Logs to the Skyline Collector.

To add VMware Aria Operations for Logs to the Skyline Collector, follow these steps:

Prerequisites

The following role is recommended for the account to add the VMware Aria Operations for Logs to the Skyline Collector.

  • View Only Admin

This pre-defined role contains all the permissions required by Skyline.

Alternatively, the following are the minimum permissions required to add VMware Aria Operations for Logs to the Skyline Collector:

  • VIEW_CLUSTER: Management -> Cluster -> View

  • VIEW_LICENSE: Management - > License -> View

  • VIEW_VSPHERE_INTEGRATION: Integrations -> vSphere Integration -> View

  • EDIT_INTERACTIVE_ANALYSIS: Explore Logs -> Edit

The VMware Aria Operations for Logs requires the following role to discover VMware Aria Operations endpoints.

  • VIEW_VROPS_INTEGRATION

Note:

Skyline Collector 3.3 only supports local user authentication for VMware Aria Operations for Logs.

Procedure

  1. Enter the FQDN/IP Address of the VMware Aria Operations for Logs.
  2. Enter a Account Username for connecting to the VMware Aria Operations for Logs. This account must have the minimum required permissions.

    • user - Local user to VMware Aria Operations for Logs.

    • user@domain@@vIDM - User with vIDM authentication type.

    • user@domain@@ActiveDirectory - User with ActiveDirectory authentication type.

  3. Enter the Account Password.
  4. Click Add.

Results

VMware Aria Operations for Logs is added to the Skyline Collector.