To discover applications and services and their relationships and to access basic monitoring, you can either provide guest operating system credentials with appropriate privileges or use the credential-less approach to discover services.

Prerequisites

  • You must have a vCenter Adapter instance configured and monitoring the same vCenter Server that is used to discover services.

    For credential-based service discovery, the configured vCenter Server user must have the following privileges:

    • key: VirtualMachine.GuestOperations.ModifyAliases, Localization: Guest operations -> Guest operation alias modification
    • key: VirtualMachine.GuestOperations.QueryAliases, Localization: Guest operations -> Guest operation alias query
    • key: VirtualMachine.GuestOperations.Modify, Localization: Guest operations -> Guest operation modifications
    • key: VirtualMachine.GuestOperations.Execute, Localization: Guest operations -> Guest operation program execution
    • key: VirtualMachine.GuestOperations.Query, Localization: Guest operations -> Guest operation queries
    For credential-less service discovery, the configured vCenter Server user must have the following privileges:
    • key: VirtualMachine.Namespace.Management, Localization: Service Configuration -> Manage service configurations
    • key: VirtualMachine.Namespace.ModifyContent, Localization: Service Configuration -> Modify service configuration
    • key: VirtualMachine.Namespace.Query, Localization: Service Configuration -> Query service configurations
    • key: VirtualMachine.Namespace.ReadContent, Localization: Service Configuration -> Read service configuration
  • The ESXi instance that hosts the VMs where services should be discovered, must have HTTPS access to port 443 from the cloud proxy on which the service discovery adapter instance is configured.
  • Verify that the following types of commands and utilities are used:
    Type Commands and Utilities
    UNIX Operating Systems
    Service Discovery ps, ss, and top
    Performance Metrics Collection : awk, csh, ps, pgrep, and procfs (file system)
    Windows Operating Systems
    Service Discovery wmic, netstat, findstr, net, reg, and sort
    Note: PowerShell Scripts are now used instead of batch scripts in case of credential-less discovery starting with VMware Tools version 12.3.0 or above. See Deprecated Features for Windows Client for more details.
    Note: If you are using credential-less discovery and VMware Tools version 12.3.0 and above on a Windows VM, ensure that the following modules are installed on the OS::
    • Microsoft.PowerShell.Core (default)
    • Microsoft.PowerShell.Utility
    • Microsoft.PowerShell.Management
    • SmbShare (for net share)
    • netstat utility

    Also, ensure that the version of the OS is Windows Server 2008R2 SP2 and above.
    Performance Metrics Collection wmic, typeperf, and tasklist
  • User Access Restrictions
    • For Linux operating systems, ensure that the user is a root or member of the sudo users group.
      Note: For non-root users, the NOPASSWD option must be activated in /etc/sudoers file to avoid the metrics collector scripts from waiting for the interactive password input.

      Steps to activate the NOPASSWD option for a particular sudo user:

      1. Login to the specific VM as a root user.
      2. Run the sudo visudo command that opens an editor.
      3. In the command section, add username ALL=(ALL) NOPASSWD:<ss path>, <awk path>, <netstat path>. The username must be replaced with an existing user name for which this option is activated. Example: vmware ALL=(ALL) NOPASSWD: /usr/sbin/ss, /usr/bin/netstat, /user/bin/awk.

        When you perform the Execute Script action and you need to use command/utilities, for those commands that need a sudo user password provision, the full path of command/utility must be added to the NOPASSWD commands list.

      4. Save the file and close it. It is automatically reloaded.
    • To discover services on Windows, the local administrator account must be configured.
      Note: Services will not be discovered for administrator group members that are different from the administrator account itself if the policy setting User Account Control: Run all administrators in Admin Approval Mode is turned on. As a workaround, you can turn off this policy setting to discover services. However, if you turn the policy setting off, the security of the operating system is reduced.
    • To discover services on Windows Active Directory, the domain administrator account must be configured.
  • The system clock must be synchronized between the VMware Aria Operations nodes, the vCenter Server, and the VM if service discovery is working in credential-based mode and guest alias mapping is used for authentication.
  • The configured user must have read and write privileges to the temp directory (execute privilege is also required on this directory in Linux systems). For Windows systems, the path can be taken from the environment variable TEMP. For Linux systems, it is /tmp and/or /var/tmp.
  • The SSO Server URL must be reachable from the VMware Aria Operations node on which the service discovery adapter is located.
  • For more information about supported platforms and versions, see Supported Platforms and Products for Service Discovery.
Note: If more than one VMware Aria Operations instance is monitoring the same vCenter Server and service discovery is activated for those VMware Aria Operations instances, then service discovery might be unstable, which is a known VMware Tools problem. As a result, guest operations might fail to execute.

Procedure

  1. From the left menu, click Configure > Applications and Services, and then from the right panel, click the Service Discovery tile.
  2. From the Service Discovery page, click the Configure Service Discovery option.
  3. From the Integrations page, click the vCenter Server instance from the list and then select the Service Discovery tab.
  4. To activate service discovery in this vCenter Server, activate the Service Discovery option.
  5. To activate application discovery in this vCenter Server, select the Enable Application Discovery check box.
  6. You can choose to add credentials by selecting the Use alternate credentials check box.
    1. Click the plus sign and enter the details in the Manage Credentials dialog box, which include a credential name and a vCenter user name and password. In addition, enter the user name and password for Windows, Linux, and SRM and click OK.
  7. Alternatively, if you are using the default user name and password, enter a default user name and password for Windows, Linux, and SRM.
  8. Enter a password for the guest user mapping.
  9. Click Save.
    Note: If you specify a non-root user for Linux, services are not discovered unless you activate the option Use Sudo (Linux Non-root user) while editing the associated Service Discovery adapter instance after you create the vCenter Cloud Account. This option is deactivated by default, which means the root user is expected by default when you configure the vCenter Cloud Account.
  10. Edit the cloud account created for service discovery.
  11. In the Advanced Settings section, activate the Application Discovery field to discover predefined and custom applications.
  12. In the Advanced Settings section, to configure credential-less service discovery, select Activated from the Credential-less service discovery status field.
  13. Click Save.

What to do next

You can manage services supported by VMware Aria Operations on specific VMs.