Notifications

2156 views

vCenter Discovery Process

After classifying vCenter, Discovery launches the VMware - vCenter Datacenters probe, which in turn launches specific probes that return information about ESX machines, virtual machines, and other vCenter objects. The vmapp port probe is also configured to launch the VMware - vCenter Datacenters probe. Thus, the VMware - vCenter Datacenters can be triggered by either:

  • Process classified when discovering the vCenter application host, see Out Of Box (OOB) process classifier "vCenter". Process classifiers are found under Discovery Definition > CI Classification > Processes.
  • Port probe vmapp in the Shazzam phase of discovery detects the default vCenter port open. Port probes are found under Discovery Definition > Port Probes.

Note: See Configure an alternate port for vCenter if the vCenter to be discovered does not use the standard port.

Discovery Flow

Probes

The VMware - vCenter probe that discovered all vCenter objects in previous releases is deprecated in the Istanbul release and replaced by multiple probes as seen next:


Probes Diagram


For a list vCenter probes probe parameters available see Available vCenter probes and probe parameters. Each vCenter discovery probe has a matching mid server script include, the code actually executed. The probe's "ECC Queue Name" will match the name of the MID Server script include. MID Server script includes are found under "MID Server > Script Includes". The vCenter probes utilize the VMWare Java API.

Probe list:

NameImplemented on script includeDescription
VMWare - vCenter DatacentersVMWarevCenterDatacentersProbeProbe to get information about a vCenter's datacenters. The sensor will fire a probe for each type of vCenter object in each datacenter: VMs, clusters, datastores, and networks.
VMWare - vCenter VMsVMWarevCenterVMsProbeExplore VMs.
VMWare - vCenter NetworksVMWarevCenterNetworksProbeExplore virtual networks.
VMWare - vCenter DatastoresVMWarevCenterDatacentersProbeExplore datastores, datastore hostmounts and datastore disks.
VMWare - vCenter ClustersVMWarevCenterClustersProbeExplore clusters and resource pools. Relate each cluster to its resource pools, ESX hosts and its containing folder or datacenter. The sensor will trigger the "ESX Hosts" probe to explore ESX hosts.
VMWare - vCenter VM NICsVMWarevCenterVMNICsProbeExplore NICs installed in virtual machines.
VMWare - vCenter VM TagsVMWarevCenterVMTagsProbeExplore Tags for the VMs discovered.
VMWare - vCenter ESX HostsVMWarevCenterESXHostsProbeExplore ESX servers and host mounts. The sensor will trigger the "ESX Hosts Storage" probe to explore ESX hardware (disks and SAN disks, NICs).
VMWare - vCenter ESX Hosts StorageVMWarevCenterESXHostsStorageProbeExplore ESX host hardware: network adapters, disks, HBAs, FC ports, iSCSI and FC disks.
VMWare - vCenter ESX Hosts LicenseVMWarevCenterESXHostsLicenseProbeExplore ESX host licenses.

Note: If Software Asset Management is active, Discovery also triggers VMWare - vCenter ESX Hosts License probe, see vCenter discovery with Software Asset Management.

Data Collected and Relationships Created

See Data collected for VMware vCenter Server for more information. From the previous link, the following relationships are created:

Relationships

Note: The "Virtualizes::Virtualized by" and "Instantiates::Instantiated by" relationships created from ESX Server and VM Instance to the Guest are created by business rule "Virtual Computer Check". The guest machine needs to be discovered after the VCenter is discovered in order to trigger the business rule and create such relationships. The "Virtual Computer Check" business rule:

  1. Checks for the serial number on cmdb_ci_vmware_instance, it tries to find a record with field correlation_id which is a match for the guest device discovered (not the hypervisor). End business rule if not found.
  2. Creates an "Instantiates::Instatiated by" relationship between server and virtual machine instance record, if no relationship already exists.
  3. Searches for virtualization server via findVMWareByImage() call, where it looks for "Registered on::Has registered" relationship for the virtual machine instance and hypervisor.
  4. Creates relationship between server record and hypervisor, "Virtualized by::Virtualizes".

Credentials

To successfully collect data from vCenter a discovery_credential of type VMware must be created. The VMware credentials must have read-only role and License Admin privilege in vCenter.. The "Read-only" role allows a user limited read access to the system without any other privileges. The role allows ServiceNow users to run Discovery and view resources. The credential must be given "Read-Only" defined at "Global", if the credential is defined only at "This Object" discovery will not be able to collect the hosts and continue. 

For more information on VMware type credentials see VMware credentials.

Troubleshooting

Probe "VMWare - vCenter Datacenters" not triggered

  1. Confirm the port the vCenter is using. See Configure an alternate port for vCenter if the vCenter to be discovered does not use the standard port.
  2. Review input from Shazzam probe and check the result for the ports defined in the vmapp port probe. If the ports are not open, further troubleshooting may be necessary between the teams managing the network and the vCenter. From the MID server, telnet can be used to confirm whether or not the socket is reachable from the MID.

Probe "VMWare - vCenter Datacenters" fails with "Unable to establish connection to https://<ip>/sdk"

This error means the user either could not establish a connection to the vCenter sdk page or the user could not authenticate.

A. Confirm the MOB page authentication pop up can be loaded from the MID server:

  1. Log into the MID server
  2. Open up a browser and navigate to "https://<V-Center_IP_Address>/mob", replace the address with the IP address of the VCenter server
    VCenter MOB Authentication
  3. If the page does not load, contact your vCenter admin and network team for further troubleshooting

B. Confirm the account configured in the credentials table to discover the vCenter can log into the VCenter target:

  1. Log into the MID server host
  2. Open up a browser and navigate to "https://<V-Center_IP_Address>/mob", replace the address with the IP address of the VCenter server
  3. An authentication page will pop up as seen in previous screenshot
  4. Make sure to use the same exact username/password combination, and the same format as seen in the credentials table record
  5. Click "Sign in" and following page should display
    MOB page
  6. If the test fails have your vmware team further troubleshoot or provide access to the credential. The credential must be given "Read-Only" defined at "Global"

From VMware documentation, the "Managed Object Browser is a Web site, available on both individual ESX hosts and VirtualCenter, that lets you examine server objects, properties, and values." 

Note: The MOB could be disabled. If so, please see https://kb.vmware.com/s/article/2108405.

Probe "VMWare - vCenter Datacenters" does not have errors, however subsequent probes are not triggered

This would happen if there was not enough information returned in the datacenters probe input. This could be due to user "Read-Only" permission not set at the global level, thus the user is able to log into the vCenter and only collects partial data.

  1. In vCenter, review the user roles/permissions.

Virtualizes::Virtualized by relationship created between server to incorrect hypervisor

This may happen if there are "Registered on::Has registered" relationships from the virtual machine instance to older/retired hypervisor.

  1. Delete incorrect "Registered on::Has registered" relationships

Records created by vCenter discovery do not reflect identification rules configuration for the classes

VCenter discovery does not use the identification rules. Each sensor calls a script include to process the payload. The script include will contain a schema for the table where records will be inserted. In the schema there is an "index". The "index" contains the fields used to identify the CI.

The following is an example for cmdb_ci_vmware_instance.

cmdb_ci_vmware_instance: {
index: [ [ 'object_id', 'vcenter_uuid' ], [ 'vm_instance_uuid', 'vcenter_uuid' ], [ 'vm_instance_uuid' ] ],
fixup: fixupVM,
preWrite: preWriteVm,
preWriteRels: preWriteVmRels,
parentOf: {
cmdb_ci_esx_server: 'Registered on::Has registered',
cmdb_ci_vcenter_network: 'Connected by::Connects',
cmdb_ci_vcenter_dvs: 'Connected by::Connects',
cmdb_ci_vcenter_dv_port_group: 'Connected by::Connects',
hostedOn: 'Hosted on::Hosts'
},
childOf: {
cmdb_ci_vcenter_datacenter: 'Contains::Contained by',
cmdb_ci_vcenter_folder: 'Contains::Contained by',
cmdb_ci_vcenter_datastore: 'Provides storage for::Stored on',
cmdb_ci_esx_resource_pool: 'Members::Member of'
}
}

From the above we see index as:

index: [ [ 'object_id', 'vcenter_uuid' ], [ 'vm_instance_uuid', 'vcenter_uuid' ], [ 'vm_instance_uuid' ] ],

Therefore, for cmdb_ci_vmware_instance fields object_id and vcenter_uuid are used for identification.

Article Information

Last Updated:2020-08-25 05:05:52
Published:2020-08-25