Keeping track of virtual assets is a challenge for many IT environments. Sectona supports discovery of virtual assets managed by VMware vCenter or ESX/ESXi. The solution can connect to vCenter server directly or ESX/ESXi hosts. This scan uses VMware Vsphere APIs (SDK Version 6.5) to scan ESX/ESXi hosts & other guest operating systems within ESX/ESXi hosts. You must configure your VMware vSphere deployment to communicate through HTTPS. This method requires valid vSphere credentials to be available with the system. Refer Configuring Credentials for more details before executing this discovery scan. Supported vSphere versions include 5.1, 5.5, 6.0 & 6.5.

Requirement

Description

Connectivity / Ports
(Sectona→ VMWare vCentre)

443

Tools

VMware Tools must be available on Windows, Linux and FreeBSD Guest Machines. For more information about installing VMware Tools refer to this Link

Credential

Make sure that the account has permissions at the root server level to ensure all target virtual assets are discoverable. If you assign permissions on a folder in the target environment, you will not see the contained assets unless permissions are also defined on the parent resource pool. As a best practice, it is recommended that the account be given read-only access.

Refer section Configuring Credentials for more details before executing this discovery scan.

Adding a VMware vSphere scan job

Select New Asset Discovery Job as VMware vSphere scan in +Asset Discovery Tab

Attributes 

Description

Job details


Job title

Enter a unique title for your scan job

Server

Enter server's IP Address which may be a jump server or proxy server or an SSH / RDP

Account Name

Provide a username who has unique permissions to discover other resources. This user must be valid user in the vault. Access key and Secret key is taken from the vault

Schedule type

Select a schedule type whether you would like to initiate this job once or recurring job.If you select a recurring job,you can choose days this job must be executed on.

For e.g. You want to schedule job every 2nd day at 5.00 p.m. from 1st Jan 2018 to scan your network, include following details:

Recur every: 2 days
Task Start: 01 Jan 2018
Schedule Start Time: 4:30 pm to 5:15 pm

Task Start

Select the date when the task begins

Schedule Time

You can either choose the "Any" or schedule a proper time from when to start the task and when to end the task

Action


On board assets

To start a scan manually with an option to add assets to specify profiles, click the Onboard asset as 'No'.

If you wish to include assets automatically to existing group and attributes, select option 'Yes'

Asset description(optional)

Added text will be included in every asset description field

Location(optional)

Added location field will be included in every asset location. You can configure system management location Configuring location tagging

Criticality level(optional)

Added critical field will be included in every asset. This is important while structuring reports and notifications

Tags (optional)

You can associate an asset with your desired single or multiple tags like Infosec, Banking Core Server, ATM Switches, etc.

Refer to section Tags for more information about adding context with tags.

Checkout policy

The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available.

Rotation policy

The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available

Reconciliation policy

The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available.

Config value 1

The configuration value can be assigned here.

Config value 2

The configuration value can be assigned here.

Config value 3

The configuration value can be assigned here.

Config value 4

The configuration value can be assigned here.

Exclude from Account Discovery

When ticked, the accounts of this asset will be excluded from the Discovery job.

Owner(optional)

If you have listed owner information of all the assets, please include here