vCenter Operations – How to monitor a subset of your vCenter VMs legally

Many of my customers have asked me how they can license and monitor a subset of their entire virtual environment.  This process is laid out in KB 1036195.   Click that link to open a new window or just read the details below.

 

Selecting a subset of the vCenter Server inventory to monitor in vCenter Operations Standard 1.0.x or Manager 5.x

Details

Depending on your license, you can monitor up to 1500 virtual machines with vCenter Operations Standard or vCenter Operations Manager. If the inventory of the vCenter Server system that you want to monitor has more virtual machines than your license allows, you must buy more licenses. In certain cases, you might be able to reduce the number of objects that you want to monitor.

Solution

vCenter Operations Standard and vCenter Operations Manager monitor all the virtual machines that the collection user has read access to. To comply with the licensing terms and monitor a supported number of objects rather than the entire vCenter Server inventory, you can limit the permissions of the collection user to the set of virtual machines and other objects in one or more datacenters or clusters.
VMware supports providing access to all of the objects in a datacenter, cluster, or standalone host. You cannot provide access to individual virtual machines because selecting a subset of virtual machines that share the same underlying physical layer results in a mismatch of metric values. For example, if a host has two virtual machines and you provide access to only one of the virtual machines, the host workload does not match the sum of the virtual machine workload because the sum accounts for only one virtual machine. VMware recommends providing the collection user access to all of the datastores and networks that are visible to the selected datacenters, clusters, and standalone hosts. Do not share these datastores and networks with datacenters, clusters, or standalone hosts that the collection user does not have access to.
As a best practice before you assign a collection user, verify that the user has read access to the objects that you want to monitor. As a security precaution, do not assign the vSphere Administrator user as the collection user.

To provide access to a cluster:

  1. Use the vSphere Client to connect to the vCenter Server system that you want to monitor.
  2. Select Home > Inventory > Hosts and Clusters.
  3. Right-click the cluster and select Add Permission.
  4. Click Add to identify the user or group to assign a role and click OK.
  5. In the Assigned Role drop-down menu, select Read-only.
  6. Select the Propagate to Child Objects check box.
  7. Click OK to close the Assign Permissions dialog box.
  8. Select Home > Inventory > Datastores.
  9. On the Permissions tab for the datastores that are associated with the clusters to monitor, right-click the same user and select Properties.
  10. Select Read-only as the role and click OK.
  11. In the vCenter Operations Standard Administration page, assign the user with the Read-only role as the collection user and proceed to register vCenter Operations Standard with the vCenter Server system.
The URL format of the Administration page is https://<IP>/adminMain.action, where <IP> is the IP address or fully qualified host name of the vCenter Operations Standard virtual appliance.
The URL format of the Administration page for vCenter Operations Manager is  https://<IP>/admin/, where <IP> is the IP address or fully qualified host name of the vCenter Operations Manager virtual appliance.

You can follow a similar process to provide access to a datacenter. Granting access to a datacenter provides access to any datastores referenced by hosts within the datacenter. Note that the permission must be applied at the datacenter level and propagated to any child views (such as networking objects), as in the preceding procedure.

Advertisements

One thought on “vCenter Operations – How to monitor a subset of your vCenter VMs legally

  1. Pingback: Using vCenter Operations v5 – Introduction and deployment (1/3) | www.vExperienced.co.uk

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s