Categories
Tech

Credential-less Service Discovery with vROps

vRealize Operations (On-Premise and SaaS) allows you to discover services running in each VM and then builds relationship or dependency between the services from different VMs. In addition to that you are provided with basic metrics and properties for discovered services. ​vROps Service Discovery supports some services, but not any service, the supported services are listed here.

To discover applications/services and their relationships and to access basic metrics/properties, you can either provide guest operating system credentials with appropriate privileges or use the credential-less approach to discover services. To me the first option, provide guest operating system credentials, is a viable option only when default accounts for guest operating systems are in use and this is a quite rare situation in real life. For this reason I am focusing here on the credential-less approach which requires little efforts and no credentials for the managed guest operating systems.

Requirements

Here I am assuming you have an instance of vROps On-Premise or Cloud already deployed and collecting data from at least vCenter. The screenshots in the rest of this post are taken from vROps Cloud, but the same applies to the On-Prem deployment. You can notice the SaaS version already includes the UI updates introduced with vROps 8.6.

Compatibility Matrix

To leverage credential-less service discovery you need an environment with the followings:

  • ​vCenter version = 6.7u3g and above
  • ESXi version = 6.7p2 or 7.0 and above
  • VM hardware version = 9 or above
  • Linux VMware Tools version = 11.1.5 or 11.2.0
  • ​Windows VMware Tools version = 11.1.0 or above
  • vROps SaaS or On-Premise 8.1 or above

The requirements above are a bit rounded up, you can access the following KB articles and docs for full details:

  • ​See KB 78216 for Credential-less Service Discovery in vROps
  • See KB 2143838 for vCenter version and build numbers
  • See KB 2143832 for ESXi version and build numbers
  • See here for supported platforms and products

Network Requirements

Your vROps (Cluster, Remote Collector or Cloud Proxy) in addition to access to vCenter Server on HTTPs/443 needs to have access on HTTPs/443 to ESXi nodes that host the VMs where services should be discovered.

vCenter Account Privileges

In addition to privileges to manage vSphere environment you need the following specific privileges for credential-less approach to discover services:

  • Service Configuration -> Manage service configurations
  • Service Configuration -> Modify service configuration
  • Service Configuration -> Query service configurations
  • Service Configuration -> Read service configuration

There are few other requirements specific for service discovery and credential-less service discovery such as commands and utilities available on the guest operating systems. They are accessible here. In my view there is no point into assess these requisites in advance in environments with hundreds or thousands of VMs, to me these are just useful to troubleshoot discovery failure on specific VMs.

Configure Credential-less Service Discovery

  • From the left menu, click Data Sources > Integrations
  • From the Integrations page, click the vCenter Server instance from the list and then select the Service Discovery tab
  • To enable service discovery in this vCenter Server, enable the Service Discovery option
  • To enable application discovery in this vCenter Server, select the Enable Application Discovery check box
  • Optionally you can also enable grouping of the application, select Enable Business Application Discovery and Grouping check box
  • Click Save

See the screenshot below as a reference. Please, note that we are NOT providing default username/password and we are NOT providing alternate credentials.

In order to check that credential-less service discovery is enabled do the following:

  • From the left menu, click Data Sources > Integrations
  • From the Integrations page, click the > icon close to the vCenter and than > close to your vCenter Server instance from the list
  • Click <your cloud account name > – Service Discovery (in my case IberiaLab – Service Discovery see screenshot below)
  • In the Advanced Settings section make sure Credential-less service discovery is enabled (see screenshot below)

At this stage you just need vROps to collect data and in a matter of few collection cycles you should be able to see discovered services on VMs as well as discovered applications. Discovered services are related to VMs, while applications are groups of services.

For discovred services vRops collects few metrics and properties (see screenshots below) these are NOT intended to provide up/down monitoring capability or to be used for configuration management purposes. They are intended to provide VI admins a little bit of visibility of what’s happening within VMs allowing them to improve operations procedure, better infrastructure management and speedup troubleshooting.

From this you might proceed installing Telegraf agents in order to enable application visibility within VMs and expand service monitoring. Hope this helps!