VMware
runZero Platform supports synchronization of VMware vCenter and ESXi virtual machine inventories.
Setting up VMware credentials
Unlike other APIs, the VMware synchronization process is configured as part of your regular runZero Explorer scans. The first step is to set up a set of VMware credentials.
On the Credentials page, click Add Credential and choose a credential type of VMware vCenter/ESXi Username and Password, and enter the appropriate username and password. The correct username syntax in most cases is user@domain.com
. The VMware account used requires at least read-only access.
The CIDR allow list field can be used to limit which addresses the credentials should be sent to. This helps ensure that they are not passed to unexpected VMware systems that the runZero Explorer encounters on the network.
If runZero has previously found VMware API endpoints, the optional VMware thumbprints field will list their IP addresses and TLS fingerprints. You can edit this list to remove any systems you do not want to trust with your VMware credentials. Alternatively, if you do not want to limit authentication to the set list of IP addresses and TLS certificates, you can set VMware insecure to Yes
to approve authenticating with untrusted endpoints.
The organization access for the credentials can be set as for any other stored credentials; see Credentials.
Performing VMware synchronization
Once you have defined a set of VMware credentials, the second step is to enable VMware synchronization as part of a scan task. Any task which includes scanning the VMware host systems can be used to synchronize VMware VM data.
The Probes tab of the scan setup has a section for enabling and disabling the VMware probe. The probe must be enabled for VMware synchronization to work; it is enabled by default.
On the Credentials tab of the scan setup, use the toggle switch to enable the appropriate set of VMware vCenter/ESXi credentials.
When the scan runs, the Explorer will use the credentials to authenticate with any VMware ESXi or vCenter hosts it finds that the credentials are configured to trust. Data about assets which are VMware VMs will be imported into runZero automatically, and merged with the other information runZero finds by scanning.
Troubleshooting
If you are having trouble using this integration, the questions and answers below may assist in your troubleshooting.
Why is the VMware integration unable to connect?
- Are you getting any data from the VMware integration?
- Make sure to query the inventory rather than look at the task details to review all the data available from this integration.
- In some cases, integrations have a configuration set that limits the amount of data that comes into the runZero console.
- Some integrations require very specific actions that are easy to overlook. If a step is missed when setting up the intergration, it may not work correctly. Please review this documentation and follow the steps exactly.
- If the VMware integration is unable to connect be sure to check the task log for errors. Some common errors include:
- 500 - server error, unable to connect to the endpoint
- 404 - hitting an unknown endpoint on the server
- 403 - not authorized, likely a credential issue
- Verify you are running the integration task from an Explorer with access to the VMware host if it is on-premises.