Share via

Scan VMware vCenter Server Appliance

  • Article

This article describes how to scan VMware vCenter Server Appliance with Movere.

The VMware vCenter Server Appliance runs on SUSE Linux Enterprise (SLES) up to version 6.0. Beginning with version 6.5, runs on VMware’s own Photon operating system.

You can scan VMware vCenter Server Appliance using a couple of methods. Both methods are described in this article.

  • Scan as a Linux device using a scanning bot. This option is recommended.
  • Scan remotely using the Console, or from the command line. This method doesn't use a bot for scanning. It's prone to timeout and we don't recommend using for appliance with more than 500 virtual machines.

Before you begin

  1. Learn about scanning in Movere.
  2. Check that Linux devices are supported for scanning.
  3. Verify internet access. Devices that upload data payloads directly to the Movere cloud need internet access, and must be able to connect to Movere URLs.
  4. Check the permissions needed for scanning Linux devices.
  5. Check the Movere binaries you need to allow on target devices.
  6. Check the ports used for scanning on target devices.
  7. Make sure the Linux account you use for scanning has access to the Linux operating system running the appliance, and has permission to query the Postgres database storing the appliance data.
  8. Make sure the user running the scan has an account stored on the server hosting the appliance, with both SSH and BASH SHELL enabled.
  9. If you can't use a root account for scanning vCSA, follow these instructions to create a non-root account.

Scan as a Linux device

This procedure shows you how to run a inventory scan immediately for Linux devices.

  1. In the Movere console > Getting Started, select First scan, and Linux Devices. Then click Next.

  2. In Domains, leave the default setting (the domain in which the Console machine is located). Then click Next.

  3. In Linux Devices, select Specific devices. Click Add, and enter the name or IP address of the appliance.

  4. In Uploading Scans, select whether to automatically upload scans from the scanned device, or via the Console. Learn more about data upload options.

  5. In Manage Credentials, click Add. In Account type, select Linux. Enter a username and password that has access to the appliance, or validate using an SSH key.

  6. Make sure that all scanning permissions are in place.

  7. In Credential Mapping, leave the default settings. Movere doesn't map Linux credentials.

  8. In Initiate Scan, click Scan to beginning scanning.

  9. Track progress in the progress window.

    • Actions performed during the scan are logged in the Log.service files in the Movere Console/Logs folder.
    • To stop the scan manually, click Stop.
    • When the Windows scan completes, the Movere console will automatically refresh itself to initiate scan window.

Scan remotely

Scan remotely using the Console or command line.

Use the Console

  1. In the Movere console > Getting Started, select First scan, and vCenter Appliances. Then click Next.

  2. In vCenter Appliance, click Add to enter the appliance NetBIOS, FQDN or IP address.

  3. Enter a username and password that has access to the appliance.

  4. In Uploading Scans, select whether to automatically upload scans from the scanned device, or via the Console. Learn more about data upload options.

  5. In Initiate Scan, click Scan to beginning scanning.

  6. Track progress in the progress window.

    • Actions performed during the scan are logged in the Log.service files in the Movere Console/Logs folder.
    • To stop the scan manually, click Stop.
    • When the Windows scan completes, the Movere console will automatically refresh itself to initiate scan window.

Use the command line

  1. In the Movere console > Getting Started, select First scan, and vCenter Appliances. Then click Next.

  2. In vCenter Appliance, click Add to enter the appliance NetBIOS, FQDN or IP address.

  3. Enter a username and password that has access to the appliance.

  4. In Uploading Scans, select whether to automatically upload scans from the scanned device, or via the Console. Learn more about data upload options.

  5. Close the Movere Console.

  6. Open an elevated command prompt.

  7. Navigate to the Movere Console folder. For example: C:\Movere\Console.

  8. Run a scan. Learn about command line options.

    • Movere.service.exe -vcsa:DeviceName -upload -startlistener
    • To disable automatic uploading, remove the -upload flag from the command line argument.

Create a non-root account for scanning vCSA

If you can't use a root account for scanning, then create an account to use, as follows:

  1. Ensure SSH authentication is enabled on all target appliance.

  2. Connect to the appliance as root using SSH: $(ssh root@appliance)

  3. Access the pi shell:

    • For VCSA 6.5 (or newer): ${shell}
    • For prior VCSA versions: ${shell.set --enabled True}

  4. Create the account that Movere will use on the appliance :

    • Create the account: ${useradd -r movere}
    • Assign a strong password to the account: ${passwd movere}. "Let's use $str0ngP@ss.w0rd as the example in this article.
    • Change the default shell of the account to BASH: ${chsh -s /bin/bash movere}

  5. Create the user account in Postgres on the VCSA to be used by Movere:

    • Connect to Postgres: ${/opt/vmware/vpostgres/current/bin/psql -U postgres}

    • Create the account: ${CREATE USER movere;}

    • Assign a strong password to the account: ${ALTER USER movere PASSWORD 'MUST BE EXACTLY THE SAME PWD USED ABOVE';} For example, if the password is to be set to: $str0ngP@ss.w0rd , then enter: {ALTER USER movere PASSWORD '$str0ngP@ss.w0rd';}

    • Important: The account created on the VCSA and the account granted access to Postgres must have identical passwords. If they do not match the scan will fail.

    • Connect to database VCDB: ${\connect VCDB}

    • Grant the movere account read only access to query VCDB:

      ${GRANT USAGE ON SCHEMA vc TO movere;}
      ${GRANT SELECT ON ALL TABLES IN SCHEMA vc TO movere;}

    • Exit Postgres database by inserting the key combination {\q}

    • Exit the pi shell: ${exit}

Remove the non-root account

If you need to remove the non-root account, do that as follows:

  1. Delete the shell account from the VCSA OS: userdel <userid>
  2. Connect to Postgres: /opt/vmware/vpostgres/current/bin/psql -U postgres
  3. Revoke the permissions granted to the user account:
    • REVOKE SELECT ON ALL TABLES IN SCHEMA vc FROM movere
    • REVOKE usage ON SCHEMA vc FROM movere
  4. Delete the created database user: drop user <userid>

Next steps

Learn about scanning in Movere.