To discover applications and services and their relationships and to access basic monitoring, you can either provide guest operating system credentials with appropriate privileges or use the credential-less approach to discover services.

Prerequisites

  • You must have a vCenter Adapter instance configured and monitoring the same vCenter Server that is used to discover services.

    For credential-based service discovery, the configured vCenter Server user must have the following privileges:

    • key: VirtualMachine.GuestOperations.ModifyAliases, Localization: Guest operations -> Guest operation alias modification
    • key: VirtualMachine.GuestOperations.QueryAliases, Localization: Guest operations -> Guest operation alias query
    • key: VirtualMachine.GuestOperations.Modify, Localization: Guest operations -> Guest operation modifications
    • key: VirtualMachine.GuestOperations.Execute, Localization: Guest operations -> Guest operation program execution
    • key: VirtualMachine.GuestOperations.Query, Localization: Guest operations -> Guest operation queries
    For credential-less service discovery, the configured vCenter Server user must have the following privileges:
    • key: VirtualMachine.Namespace.Management, Localization: Service Configuration -> Manage service configurations
    • key: VirtualMachine.Namespace.ModifyContent, Localization: Service Configuration -> Modify service configuration
    • key: VirtualMachine.Namespace.Query, Localization: Service Configuration -> Query service configurations
    • key: VirtualMachine.Namespace.ReadContent, Localization: Service Configuration -> Read service configuration
  • The ESXi instance that hosts the VMs where services should be discovered, must have HTTPS access to port 443 from the collector node on which the service discovery adapter instance is configured.
  • Verify that the following types of commands and utilities are used:
    Type Commands and Utilities
    UNIX Operating Systems
    Service Discovery ps, ss, and top
    Performance Metrics Collection : awk, csh, ps, pgrep, and procfs (file system)
    Windows Operating Systems
    Service Discovery wmic, netstat, findstr, reg, net, and sort
    Performance Metrics Collection wmic, typeperf, and tasklist
  • User Access Restrictions
    • For Linux operating systems, ensure that the user is a root or member of the sudo users group.
      Note: For non-root users, the NOPASSWD option must be enabled in /etc/sudoers file to avoid the metrics collector scripts from waiting for the interactive password input.

      Steps to enable the NOPASSWD option for a particular sudo user:

      1. Login to the specific VM as a root user.
      2. Run the sudo visudo command that opens an editor.
      3. In the command section, add username ALL=(ALL) NOPASSWD:<ss path>, <awk path>, <netstat path>. The username must be replaced with an existing user name for which this option is enabled. Example: vmware ALL=(ALL) NOPASSWD: /usr/sbin/ss, /usr/bin/netstat, /user/bin/awk.

        When you perform the Execute Script action and you need to use command/utilities, for those commands that need a sudo user password provision, the full path of command/utility must be added to the NOPASSWD commands list.

      4. Save the file and close it. It is automatically reloaded.
    • To discover services on Windows, the local administrator account must be configured.
      Note: Services will not be discovered for administrator group members that are different from the administrator account itself if the policy setting User Account Control: Run all administrators in Admin Approval Mode is turned on. As a workaround, you can turn off this policy setting to discover services. However, if you turn the policy setting off, the security of the operating system is reduced.
    • To discover services on Windows Active Directory, the domain administrator account must be configured.
  • The system clock must be synchronized between the vRealize Operations nodes, the vCenter Server, and the VM if service discovery is working in credential-based mode and guest alias mapping is used for authentication.
  • The configured user must have read and write privileges to the temp directory (execute privilege is also required on this directory in Linux systems). For Windows systems, the path can be taken from the environment variable TEMP. For Linux systems, it is /tmp and/or /var/tmp.
  • The SSO Server URL must be reachable from the vRealize Operations node on which the service discovery adapter is located.
  • For more information about supported platforms and versions, see Supported Platforms and Products for Service Discovery.
Note: If more than one vRealize Operations instance is monitoring the same vCenter Server and service discovery is enabled for those vRealize Operations instances, then service discovery might be unstable, which is a known VMware Tools problem. As a result, guest operations might fail to execute.

Procedure

  1. From the left menu, click Configure > Application Discovery.
  2. From the Application Discovery page, click the Configure Service Discovery option.
  3. From the Integrations page, click the vCenter Server instance from the list and then select the Service Discovery tab.
  4. To enable service discovery in this vCenter Server, enable the Service Discovery option.
  5. To enable application discovery in this vCenter Server, select the Enable Application Discovery check box.
  6. You can choose to add credentials by selecting the Use alternate credentials check box.
    1. Click the plus sign and enter the details in the Manage Credentials dialog box, which include a credential name and a vCenter user name and password. In addition, enter the user name and password for Windows, Linux, and SRM and click OK.
  7. Alternatively, if you are using the default user name and password, enter a default user name and password for Windows, Linux, and SRM.
  8. Enter a password for the guest user mapping.
  9. You can also enable grouping of the application, creation of a business application, and enable application discovery.
  10. Click Save.
    Note: If you specify a non-root user for Linux, services are not discovered unless you enable the option Use Sudo (Linux Non-root user) while editing the associated Service Discovery adapter instance after you create the vCenter Cloud Account. This option is disabled by default, which means the root user is expected by default when you configure the vCenter Cloud Account.
  11. Edit the cloud account created for service discovery.
  12. In the Advanced Settings section, enable the Application Discovery field to discover predefined and custom applications.
  13. In the Advanced Settings section, to configure credential-less service discovery, select Enabled from the Credential-less service discovery status field.

What to do next

You can manage services supported by vRealize Operations on specific VMs.