Summary of Contents for VMware VCENTER APPLICATION DISCOVERY MANAGER 6.1
Page 1
Application Discovery Manager User’s Guide vCenter Application Discovery Manager 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Page 2
VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Aging 20 Deleting Aging Logs 21 Users 21 Role‐Based Access Control 21 System 22 Licensing 22 Groups 25 Overview 25 Requirements 26 Built‐In Groups 26 User‐Defined Groups 26 Importing and Exporting Group Definitions 29 Discovery 31 Discovery Types 31 Discovery Plans 32 Passive Discovery 32 Policies 32 Plans 32 IP Discovery 32 VMware, Inc.
Page 4
Detail Discovery Protocols 37 SSH 38 SNMP 39 WMI 40 Telnet 43 VI‐SDK 45 Discovering Dependencies with Detail Discovery 46 ADM Dependency Discovery Methods 46 Choosing a Method of Dependency Discovery 47 Discovery Strategy for Using Only Detail Discovery for Dependencies 48 VMware Discovery 49 VMware Terminology Overview 49 VMware Discovery in ADM 49 Use Case 50 Using VI‐SDK for Detail Discovery 52 Capabilities 52 Application Patterns 55 Overview 55 Application Pattern Definitions 55 Node Rules 56 Connectivity Rules 56...
Page 5
Contents Complete Synchronize 68 Displaying ADM data in SAM 68 Custom Reports 70 Solver 71 Overview 71 Reports in the Solver Tab 71 Index 73 VMware, Inc.
About This Book The VMware vCenter™ Application Discovery Manager (ADM) User’s Guide describes the user interface of the ADM. It also provides information that the customers need, to manage the ADM. Intended Audience This document is part of the VMware vCenter Application Discovery Manager documentation set, and is intended for use by corporate information technology (IT) personnel who needs to monitor enterprise applications and resources and make decisions about acquiring, allocating, and modifying these resources. VMware Technical Publications Glossary ® VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For definitions of terms as they are used in VMware technical documentation go to http://www.vmware.com/support/pubs. Document Feedback VMware welcomes your suggestions for improving our documentation. If you have comments, send your feedback to docfeedback@vmware.com. Technical Support and Education Resources The following sections describe the technical support resources available to you. To access the current version of this book and other books, go to http://www.vmware.com/support/pubs. Online and Telephone Support To use online support to submit technical support requests, view your product and contract information, and register your products, go to http://www.vmware.com/support. Customers with appropriate support contracts should use telephone support for the fastest response on priority 1 issues. Go to http://www.vmware.com/support/phone_support. Support Offerings To find out how VMware support offerings can help meet your business needs, go to ...
Page 8
ADM User’s Guide VMware Professional Services VMware Education Services courses offer extensive hands‐on labs, case study examples, and course materials designed to be used as on‐the‐job reference tools. Courses are available onsite, in the classroom, and live online. For onsite pilot programs and implementation best practices, VMware Consulting Services provides offerings to help you assess, plan, build, and manage your virtual environment. To access information about education classes, certification programs, and consulting services, go to http://www.vmware.com/services. VMware, Inc.
“What Does ADM Do?” on page 9 “Essential Concepts” on page 10 “ADM Components” on page 10 “Architecture Solutions” on page 11 What Does ADM Do? ADM performs the following high‐level functions: ADM discovers Configuration Items (CIs). It also discovers the relationships and dependencies between these instances in real time. The discovery data is stored in the Management Data Repository. The map feature in the User Interface (UI) provides a graphical representation of the relationships and dependencies between all the CIs. ADM provides both known and unknown information about an infrastructure. It tells you what you know, and what you do not know. For example, you might think that no laptops are communicating with a database server. Using the map, you can see the hosts that you know are in your infrastructure. However, you might also see that there are hosts or laptops communicating with the database server. ADM determines the baseline of usage for these configuration items. Further, the ADM detects inconsistencies from the norm. Baseline is the first 24 hours of activity of a configuration item. ADM provides impact and predictive reporting and helps you troubleshoot errors. ADM helps to accurately answer the following questions: What hosts, applications, and connections do I have? How are CIs used? What are the dependencies among them? VMware, Inc.
Where are the hidden optimization opportunities and how can I capitalize on them? How will these application changes impact my business? What are the risks? What are the problems and how can I solve them? Essential Concepts Table 1‐1 defines essential concepts of ADM. Table 1-1. Essential Concepts Concept Definition Configuration Item (CI) A CI is a host (this can also include network devices such as switches or routers), an application (also known as a service), or a network connection. For example, a Linux host, Cisco router, or VMware ® ESX™ Server are all host CIs. Oracle is an application CI. HTTP and SSH are network connection CIs. Discovery Discovery is a continuous process that creates and maintains a detailed model of your application environment. ADM discovers CIs. Chapter 5 contains more information about discovery. Management Data The MDR is the database of ADM. When configuration item information is Repository (MDR) discovered, it is stored in the MDR after reconciliation. Groups A group is a built‐in or user‐defined collection of one or more CIs. The admin users can create groups so that they can easily view, analyze, and track the specific subset of data. Group creation allows the admin user to classify CIs into logical sets or collections so that actions such as creating reports, policies, or viewing the inventory is applied to specific groups, instead of the entire database of CIs. Chapter 4 contains ...
Passively observes the network traffic by performing a deep‐packet analysis to discover applications and component relationships in physical and virtual environments. Passive discovery also allows you to do the following: Map dependencies. Count the activity of these dependencies. Identify services. Aggregator Receives data from the discovery components and reconciles the data before transferring it to the database component. The aggregator also provides the user interface for using ADM and is the integration point for various integrations, for example, ERDB. Database An Oracle RDBMS used to store discovered data and ADM configuration. Active Probe The active probe is the ADM process used for both Detail and IP discovery. Active probe responds to the policies defined through the management component, discovers the items assigned through the policies, and returns the data to the management component. This data is reconciled, stored, and presented in the console. To configure the active probe Assign discovery items to a specific Collector. Define the protocols that are supported for discovery. Connect the management component (Aggregator) to the discovery component (Collector). The VMware vCenter Application Discovery Manager Administration Guide includes the steps for configuring the active probe for Detail and IP discovery. Architecture Solutions ADM provides a Single‐box setup and Distributed setup to meet the needs of different environments. The following sections contain more information about the architecture solutions. Single-box Setup In a Single‐box setup, all the ADM modes are enabled on a single appliance as shown in Figure 1‐1. VMware, Inc.
If you are using a Single‐box setup, you need to perform the steps described in VMware vCenter Application Discovery Manager Administration Guide, after completing the installation instructions provided in the VMware vCenter Application Discovery Manager Appliance Platform Installation Quick Reference Guide. VMware vCenter Application Discovery Manager Administration Guide also describes how to move an existing Single‐box setup to a Distributed setup or Distributed with remote database setup. Distributed Appliance Solutions A Distributed appliance solution has the following two options: Distributed setup Distributed with remote database setup Distributed Setup The Distributed setup has at least one designated appliance enabled as a Collector, and another appliance enabled as an Aggregator and Database as shown in Figure 1‐2. Figure 1-2. Distributed Setup Architecture Aggregator Database Database Management Discovery Discovery passive passive detail discovery discovery discovery Collector vCollector Passive and Detail Discovery can run on single or multiple Collectors. VMware, Inc.
Page 13
Distributed Appliance with Remote Database Solution In a Distributed with remote database setup, there is a designated appliance to host the database as shown in Figure 1‐3. Figure 1-3. Distributed with Remote Database (Split) Aggregator Database Database Management Discovery Discovery Discovery passive passive passive detail detail discovery discovery discovery discovery discovery Collector Collector vCollector Passive and Detail Discovery can run on single or multiple Collectors. The steps to configure distributed setup and distributed with remote database setup are described in VMware vCenter Application Discovery Manager Administration Guide. VMware, Inc.
“Accessing the ADM Console” on page 15 “Log In to the ADM Console” on page 15 Accessing the ADM Console The ADM Console is the Graphical User Interface (GUI) to access and manage the appliance processes. You connect to the ADM console using a browser. Before running the ADM Console, verify that the Microsoft Windows client meets the system requirements outlined in the VMware vCenter Application Discovery Manager Appliance Platform Installation Quick Reference Guide. Log In to the ADM Console To log in to the system using the ADM Console Open Microsoft Internet Explorer Type the IP address of the management appliance into the URL and click Go. The Welcome screen appears. In the Username field, type your user name. In the Password field, type your password. Click Login. The admin user can log in by typing admin in the Username field and 123456 in the Password field. VMware, Inc.
“Application Patterns” on page 18 “Changes” on page 18 “Fingerprints” on page 19 “Aging” on page 20 “Users” on page 21 “System” on page 22 The Manage tab is visible only to admin user. Groups The Manage tab opens to the Groups tab by default. A group is a built‐in or user‐defined collection of one or more CIs. ADM provides with the ability to create groups so that you can easily view, analyze, and track the specific subset of data. Group creation allows you to classify CIs into logical sets or collections so that actions such as creating reports, policies, or viewing the inventory is applied to specific groups, instead of the entire database of CIs. The VMware vCenter Application Discovery Manager Online Help provides step‐by‐step instructions on how to perform these actions. Only admin users can create groups from Manage > Groups. Chapter 4 provides more MPORTANT information on ADM groups. Discovery Discovery is a continuous process that creates and maintains a detailed model of your application environment. ADM discovers CIs. In ADM, there are three types of discovery: Passive Discovery, IP Discovery, and Detail Discovery. The VMware vCenter Application Discovery Manager Online Help provides step‐by‐step instructions on how to perform discovery. Chapter 5 provides more information on discovery. VMware, Inc.
Table 3-1. Change Tracking Policies List Column Description Active This box has a green flag for an active policy and a grey flag for an inactive policy. An active policy generates change notifications. Name Name assigned to the change tracking policy when you created it. Description Change tracking policy description. Created By User name of the person who created this change tracking policy. Creation Date Date this change tracking policy was originally created on the ADM appliance where this change tracking policy is defined. Updated By User name of the person who last modified this change tracking policy. Update Date Date this policy was last modified. The date is for the ADM appliance where this policy is defined. Click on the top of the column to sort the list by that column. To view changes in the environment, navigate to Change Tracking > Changes. The changes that are defined in the Manage > Changes tab are actually displayed in the Change Tracking > Changes tab. Changes are also displayed in the Dashboard > Changes pane. You can perform the following actions that are accessed from the Actions menu on the left side of the screen: Add Policy — Creates a new change tracking policy. Copy Policy — Makes a copy of an existing change tracking policy. Edit Policy — Modifies an existing change tracking policy. Delete Policy — Removes a change tracking policy. VMware, Inc.
Invokes other programs installed on the appliance. The VMware vCenter Application Discovery Manager Online Help provides step‐by‐step instructions on how to set up a script to automate a change response. Fingerprints Fingerprints are the core of the ADM business application discovery. They uniquely identify both packaged and custom developed in‐house applications. Identifying Application by Ports Fingerprints enable you to identify custom applications by the ports they use. When a custom service or connection that matches a defined fingerprint is discovered, it appears with the service/connection name that you supplied, instead of an unclassified service or connection. When you navigate to Manage > Fingerprints, a list of all defined fingerprints appears. The fingerprints list contains the information for each fingerprint, as shown in Table 3‐2. Table 3-2. Fingerprints List Column Description Port Port that this service/connection uses. Transport Method of transport that the port could use, either TCP or the User Datagram Protocol (UDP). Protocol Communications protocol your service/connection uses. Service Name of the service that you created to use this port. You can perform the following actions from the Actions pane on the left side of the screen: Add Fingerprint — Creates a new fingerprint. Edit Fingerprint — Modifies an existing fingerprint. VMware, Inc.
ADM User’s Guide Delete Fingerprint — Removes a fingerprint. The VMware vCenter Application Discovery Manager Online Help provides step‐by‐step instructions on how to perform these actions. Aging ADM allows you to create entity aging policies. Aging is the removal of an inactive entity and its owned entities from ADM. An inactive entity is a network element, service, or dependency, and any of their derived elements, such as a J2EE or database instance that have not been verified as live for some predefined amount of time. For example, a service running in your network is populated in the MDR, and is therefore visible to you through the ADM console. If this service is uninstalled at a later time, it should no longer be shown as a running service in the ADM console. Creating an entity aging policy allows you to view the most updated state of your network, since it is a constantly changing environment. Aging is performed through aging policies. When you create a new aging policy, the default time limit is seven days. You can change this default as described in the VMware vCenter Application Discovery Manager Online Help The Aging Policies list contains general information about existing aging policies. To access the Aging Policies list, select Manage > Aging. The Aging Policies list is shown below. Click on the top of a column on the Aging Policies list to sort the list by that column. You can perform the following actions with aging policies: Add Policy — Creates a new aging policy. Copy Policy — Makes a copy of an existing aging policy. Edit Policy — Modifies an existing aging policy. Delete Policy — Removes an aging policy. Enable Policy — Enables an aging policy. Disable Policy — Disables an aging policy. The VMware vCenter Application Discovery Manager Online Help provides step‐by‐step instructions on how to perform these actions. Table 3‐3 lists and describes the aging policy information in the Aging Policies list. VMware, Inc.
Users In ADM, there are two types of users: administrators and operators. If you log in as an operator, you do not have access to the Manage, Detail Discovery, and Connectors tabs. If you log in as an administrator, you have access to all the tabs. On the Discover > Inventory page, only an administrator can perform the following actions: Delete — Removes a selected item entirely. Add to Group — Adds a selected item to a group. Remove from Group — Removes a selected item from a group. Selected items consist of hosts, services, and devices. Only administrators can add, copy, edit, delete, enable, and disable authorized system users. Navigate to Manage > Users to perform these actions: Add User — Creates a new user definition. Copy User — Makes a copy of an existing user definition. Edit User — Modifies an existing user definition. Delete User — Deletes a user definition. Enable User — Enables a user definition. Disable User — Disables a user definition. The VMware vCenter Application Discovery Manager Online Help provides step‐by‐step instructions on how to perform these actions. Role-Based Access Control ADM provides role‐based access control. This allows you to assign permission to a role instead of directly assigning permission to a user. ADM roles define the basic permission level for operations that users assigned to the role can perform. When there is a large amount of data in your environment, role‐based access control helps to discover just the information that you might be interested in. You specify role‐based access control when you add a user. You must select the operator role, select the Enable Role Based Access Control check box, and select one or more existing groups. This ensures that the operator account has access only to certain groups. Only those groups are displayed for the operator in ADM. VMware, Inc.
Mail Configuration — Sets your mail server and address. Active Probes Configuration — Configures active probes. VMware vCenter Application Discovery Manager Administration Guide provides information about adding and configuring an active probe. Advanced Configuration — Sets parsing of configuration files. Use only when an IT Compliance Analyzer‐ Application Edition (ITCA‐AE) appliance is connected to ADM. Update — Updates to be done through the command line interface using the ADM Appliance Platform. The VMware vCenter Application Discovery Manager Administration Guide provides more information about updating ADM using ADM Appliance Platform. Restart Discovery — Restarts discovery. Licensing — Displays license information and allows you to upload a new license. The VMware vCenter Application Discovery Manager Online Help provides step‐by‐step instructions on how to perform these actions. Licensing You must have an ADM license to initiate discovery process. Only the Administrator can view and upload the license from the Manage tab. MPORTANT To view existing licenses From the ADM console, navigate to Manage > System. In the Actions left pane, click Licensing to display the License properties page. The following details are displayed for existing licenses: License Feature — The type of license. Amount Licensed — The number of servers registered in the license. Amount Used — The number of servers already discovered. Expiration Date — The date on which the license is scheduled to expire. Serial Number — The 25 digit serial number string. VMware, Inc.
Page 23
Chapter 3 Managing ADM If the number of discovered servers exceed the number of servers registered in the license, the following notification appears in the Discover > Inventory page: Maximum discovered Servers exceeded! Discovery may be incomplete. Please obtain additional licenses from your VMware sales representative. Upload a License A newly installed ADM setup is not licensed by default. Before you begin, obtain the license from the VMware sales representative. To upload a license From the ADM console, navigate to Manage > System. In the Actions left pane, click Licensing to display the License properties page. Click Upload a new license. Type the serial number provided by VMware in the text box and click Apply. If the serial number string is invalid, an error message is displayed immediately. Viewing License Details After you upload a license, you can view the license details, including the license feature, the amount licensed, the amount used, the expiration date, and the serial number from the License properties page. To view license details From the ADM console, navigate to Manage > System. In the Actions left pane, click Licensing to display the License properties page. VMware, Inc.
“User‐Defined Groups” on page 26 “Importing and Exporting Group Definitions” on page 29 Overview ADM is capable of discovering thousands of configuration items on a single appliance. The admin user can create groups so that they can easily view, analyze, and track the specific subset of data. Group creation lets the admin user classify configuration items into logical sets or collections so that actions such as creating reports or policies, or viewing the inventory are applied to specific groups, instead of the entire database of configuration items. A group is a built‐in or user‐defined collection of one or more hosts, services, J2EE applications, database instances, hypervisors, or virtual hosts. There are three types of groups: View, Business Application, and Cluster. ADM administrators can perform the following actions in this tab: Add Group — Adds a new group. Copy Group — Opens a dialog box to copy the selected group. Edit Group — Opens a dialog box to modify the selected group. Delete Group — Deletes the selected group (after confirming). Refresh Groups — Refreshes the selected group against the ADM database. An automatic nightly refresh process synchronizes existing groups with information in the ADM database. Import — Imports the group (previously saved or exported as an XML file). If a group with the same name already appears in the Groups List the words Copy of is appended to the beginning of the group name. Export — Exports group as an XML file. The VMware vCenter Application Discovery Manager Online Help provides step‐by‐step instructions on how to perform these actions. Only admin users can create groups from the Manage > Groups page. The Manage tab is visible MPORTANT only to admin users. VMware, Inc.
IIS servers VMware ESX Servers Jboss servers VMware virtual machines Routers Sybase databases Oracle databases Switches WebLogic servers Hosts running Windows Apache servers Websphere servers Tomcat servers DB2 databases Hosts running Linux User-Defined Groups Navigate to Manage > Groups and click Add Group to view the Group Definition screen and create a group. An ADM group is shown in Figure 4‐1. To create a group, select a primary object and then define one or more rules that apply to that primary object. A primary object is a host, service, J2EE application, J2EE module, or database instance. Based on the primary object you select, the fields for defining the rules change. Table 4‐1 lists these options. VMware, Inc.
Page 27
A group consists of one or more primary objects. Each primary object has one or more rules, which specify more details about the primary objects that compose your group. Individual rules can be included or excluded from the group definition. Since you have to select a primary object to create a rule, you can create rules for different primary objects and thus create a group that consists of multiple CIs. For example, you can create a group that consists of both Linux hosts and Oracle databases. VMware, Inc.
Page 28
with incoming protocols connection with outgoing protocols connection being accessed by URL running on host having configuration Extensions: with its connected clients with its connected servers with its virtualized virtual machines with its hypervisors J2EE application Basic: all J2EE applications running on services where services running on hosts in scope with incoming protocols connection with outgoing protocols connection Extensions: with its connected clients with its connected servers with its virtualized virtual machines with its hypervisors VMware, Inc.
with its virtualized virtual machines with its hypervisors DB instance Basic: all DB instances running on services where services running on hosts in scope with incoming protocols connection with outgoing protocols connection having DB tables Extensions: with its connected clients with its connected servers with its virtualized virtual machines with its hypervisors When you select a parameter, it appears in the Rule Editor and becomes a hyperlink. When you click the hyperlink, you can define the parameter. The VMware vCenter Application Discovery Manager Online Help contains information on using the Group Definition screen. Importing and Exporting Group Definitions You can import or export group definitions as XML files from Manage > Groups. To import a group definition, click Import. To export a group, select it from the list of groups and click Export. VMware, Inc.
“Passive Discovery” on page 32 “IP Discovery” on page 32 “Detail Discovery” on page 33 “Deploying Detail Discovery” on page 36 “Detail Discovery Protocols” on page 37 “Discovering Dependencies with Detail Discovery” on page 46 “VMware Discovery” on page 49 Discovery Types Discovery is the process of populating ADMʹs management data repository with CIs and identifying the relationships between them. In ADM, there are three types of discovery: Passive Discovery, IP Discovery, and Detail Discovery. Table 5‐1 defines each discovery type. Table 5-1. Types of Discovery Discovery Types Definition Passive Discovery Passive Discovery is the process in which network traffic is listened to passively. Passive Discovery is a non‐intrusive process where you can specify an IP range to search for hosts and applications. IP Discovery IP Discovery is the process that detects hosts or other devices with a specific IP address ...
Start Passive Discovery after creating a Passive Discovery policy in which you specify an IP address range to search for traffic and hosts. Navigate to Manage > Passive Discovery to view the Passive Discovery Policy Definition screen and create a policy. The online help contains procedural information for Passive Discovery tasks. Plans You can create a Passive Discovery plan from the Plan tab within the Passive Discovery Policy Definition screen. To create a Passive Discovery plan Select the discovery plan rules. You have an option to discover, not to discover and ignore the following: Services Protocols Ports Service categories Select or clear Discover behavior option. Click Update. Passive Discovery plans are useful when you want to include or exclude the passive discovery of certain hosts, services, or connections. This will also improve performance. Scenarios in which you might want to create a Passive Discovery plan are as follows: The SSH protocol is noisy and clutters the MDR without providing any value. Since you are not interested in discovering the SSH protocol passively, you can specify this in the Passive Discovery plan. For licensing control, you want to include or exclude only certain discovery services such as BEA OEM. IP Discovery IP Discovery is a method for detecting hosts or other configuration items with a specific IP address when passive discovery fails to find them. For example, if a host is powered down or if it is outside the specified IP range, passive discovery fails to find it. In this case, you can use IP discovery with a TCP or ICMP connection to find CIs. IP discovery policies are created from the Manage > IP Discovery page. VMware, Inc.
Chapter 5 Discovery Policies To create IP Discovery policy Click Add Policy on the IP Discovery Policies page. Type the name of the plan in the Name field. Type the description. Select or clear the different options available on the three tabs ‐ General, Scheduling, and Scope. Type the information required in these screens. Click Create. VMware vCenter Application Discovery Manager Online Help provides the detailed steps for creating an IP Discovery policy. Detail Discovery Detail Discovery is a method to find more granular details, such as hardware and software configuration information that are not available with passive discovery. Detail Discovery extends the information obtained using ADM’s Passive Discovery technology and uses common network protocols to remotely query servers in the managed network. Using these protocols, you can obtain supplementary information about network hosts and add it to the MDR. You can view the additional configuration information found by detail discovery in the properties screen for any host, service, or device through the Discover > Inventory page. All other detail discovery information and administrative tasks, such as creating detail discovery policies, are done through the Detail Discovery tab as shown below. Detail Discovery Tab Dashboard The Detail Discovery > Dashboard page displays two graphs and three tables. Dashboard is a visual tool that lets you understand detail discovery status, process, and problems to be resolved. You can see the system state and detail discovery policies. Dashboard summarizes the detail discovery status of the system and enables you to analyze detail discovery status (success, failure, and so on) in different views. The following graphs and tables are available: Detail Discovery Hosts/Devices Coverage Summary Detail Discovery Distribution by Results VMware, Inc.
Page 34
Detail Discovery Distribution by Policy The Detail Discovery tab is visible only to the admin user. MPORTANT Plans You can create Detail Discovery plans from the Detail Discovery > Plans page. This page displays a list of detail discovery plans, including three built‐in plans: Shallow — Discovers operating systems and network configuration. Medium — Discovers everything (OS, hardware, software) except services and network connections. Deep — Discovers everything, except network connections. Detail discovery plans are useful when you want to include or exclude the detail discovery of certain hosts, services, or connections. Navigate to Detail Discovery > Plans > Add Discovery Plan to create your own plan. Scenarios in which you might want to create a detail discovery plan are as follows: The software in your environment changes frequently and the hardware hardly changes. For Detail Discovery, you want software discovered daily, but hardware information is discovered only once a week. You want to exclude the Detail Discovery of hosts with specific host names or operating systems. Every Detail Discovery policy has a plan associated with it. Deep is the default discovery plan for Detail Discovery policies. Changes to a discovery plan are effective the next time the CIs within the policy scope are discovered. The Discovery Plan Definition screen is shown below. Policies You can initiate Detail Discovery after creating a Detail Discovery Policy from the Detail Discovery > Policies page. To maximize security and minimize the risk of impact on the managed network, only admin users control the setup and scheduling of detail discovery policies. Detail Discovery policies describe a query that runs periodically to collect network information. Each policy defines the following parameters: The protocol to use (SNMP, SSH, Telnet, WMI, or VI‐SDK), as well as the authentication parameters required for the specified protocol A schedule for running the policy The scope (a named group or IP address range) of hosts to query VMware, Inc.
Page 35
The default Oracle installation on UNIX is located at /opt/oracle, but in your environment, Oracle is installed on a different location such as /opt/applications/oracle. You need to add /opt/applications/oracle as a discovery directory and can do so through the Detail Discovery > Discovery Directories page. Timeouts The Detail Discovery > Timeouts page lets you configure the timeout values for different protocol methods. Each protocol used for discovery (that is, SNMP, SSH, Telnet, WMI, or VI‐SDK) uses a different method (such as running a remote command in an SSH session or executing a remote query with WMI) in order to acquire information. A timeout is enforced on the execution of each protocol method. This page allows you to modify the timeout values. Typically, this is for advanced users. The following is an example in which you would configure the timeout values: You perform a discovery and receive a timeout error in the Discovery Results tab of the report card. Following error message is displayed: Method “running remote shell command” has timed out. Current timeout is 10 minutes. Click the resolution link that redirects you to the Detail Discovery Timeouts table in the Detail Discovery > Timeouts tab. Change the timeout for “Run a shell command” from 10 minutes to 20 minutes. Troubleshooting Knowledgebase Navigate to Detail Discovery > Troubleshooting Knowledgebase page for troubleshooting scenarios. The following is an example in which you would use this tab: You encounter detail discovery problems or errors. Your Customer Support Representative cannot resolve the problem. Engineering requires more information and creates a specialized knowledge base file in order to debug the problem. VMware, Inc.
How Do Active Probe Configurations Affect Detail Discovery Policies? For Detail Discovery to be successful in a Distributed setup, the hosts to be discovered, needs to be included in both a Detail Discovery policy and an Active Probe configuration. The Detail Discovery policy includes a list of items to include in the Detail Discovery, while the Active Probe configuration assigns the specific hosts on which each Collector can perform Detail Discovery. Detail Discovery is not be performed on a host that is included in a Detail Discovery policy if it is not included in an Active Probe configuration. However, the host is still recognized through Passive Discovery and will appear as Orphaned in the Detail Discovery dashboard because the Active Probe configuration has no correlation with Passive Discovery. Detail Discovery Policies Detail Discovery is controlled and configured through user‐defined Detail Discovery policies. There can be many policies, each describing a query that is running periodically and collecting network information. For each policy, the following parameters are defined: The discovery scope, that is, the set of network hosts that is queried for information. The protocol being used, which is one of the following: SNMP, SSH, Telnet, WMI, or VI‐SDK. Protocol‐specific authentication and communication parameters, such as usernames and passwords to use for authentication. Scheduling information — How often to access the network hosts covered by the policy. The scheduling scheme lets ADM users control and balance two conflicting factors: the need to have the most updated picture, and the need to avoid overloading the network with too many Detail Discovery queries. Discovery plan — A discovery plan allows you to define exactly what will be discovered, and therefore improve performance. You can create passive or Detail Discovery plans that can include or exclude the discovery of specific hosts, services, and connections. VMware, Inc.
For Telnet, TCP/22 for SSH and TCP/23 For WMI access, “WMI Deployment Recommendations” on page 41 and “Firewall Settings ” on page 41 include details on firewall settings. For VI‐SDK, TCP/443 for HTTPS Deploy another Collector appliance on the other side of the firewall. This extra device communicates with the Aggregator appliance. This communication uses standard HTTPS (port 443) or HTTP (port 80) and has to be open in the firewall for connections initiated by the Collector into the Aggregator. The default is HTTPS on port 443. There might be multiple Collectors installed at various locations in the network. Checking for Results After Detail Discovery policies have been defined, check the Detail Discovery dashboard for the discovery status of each policy and each host. Click Detail Discovery to view the dashboard. Detail Discovery Protocols This section describes the network protocols used for Detail Discovery: SNMP, SSH, Telnet, WMI, and VI‐SDK. The VMware vCenter Application Discovery Manager Discovery Coverage Spreadsheet contains a list of systems on which ADM has been tested. ADM supports the systems that are listed in this document. Discovery data obtained from more than one protocol is reconciled according to the priority order below. More information on detail discovery protocols is provided for: “SSH” on page 38 “SNMP” on page 39 “WMI” on page 40 “Telnet” on page 43 “VI‐SDK” on page 45 Listener (passive) IP Discovery (passive) VMware, Inc.
ADM uses SSH to access hosts that run SSH servers, and to obtain information about the operating system, hardware, and software installed on the server host. Both SSH versions 1 and 2 are supported automatically with no user interaction. Authentication is based on specifying a user name and password to use when accessing the managed hosts; these are stored by ADM internally in an encrypted form. SSH Server Deployment Recommendations Firewall Settings SSH queries are normally performed on TCP port 22 on the server. If a firewall exists between the ADM appliance and the monitored network, this port needs to be open for connections initiated by the ADM appliance. SSH Server Settings Discovery with SSH of servers running the OpenSSH server (sshd) requires that the ʺPasswordAuthenticationʺ field contain the value “yes” in the server settings file (often, /etc/ssh/sshd_config). In some operating systems, such as SuSE, the default is “no” and needs to be changed for the SSH discovery to complete. Credentials Detail discovery with SSH is based on accessing the managed host with a predefined user name and password. For more information on necessary privileges, download the document discovery_coverage.xls from: http://downloads.vmware.com/Application Discovery Manager It is not recommended to use the user “root” for security reasons. MPORTANT If ADM is used to discover configuration of services such as application servers, databases, and web servers, this user might need more read privileges if the configuration files of these services are not accessible by ordinary users. For example, in some sites, the Oracle database server is installed and run with a special “oracle” user belonging to a special “oracle” group. The configuration files for the server might only be readable by users in the “oracle” group. Having ADM use a user in this group would allow it to access these files and retrieve valuable and detailed configuration information that is otherwise unavailable. A similar scenario might also occur with other types of servers, depending on how they are installed. However, often this is not an issue: for example, in the default installation of the Apache web server under Red Hat Linux, all configuration information is stored in a location that is readable by the general public (under the /etc branch of the file system). In such cases, no group memberships are required for ADM to be able to read this detailed configuration. VMware, Inc.
ADM can act as an SNMP manager and collect information from any host that has an SNMP agent running on it. All versions of the SNMP protocol are fully supported. For versions 1 and 2, community strings are used. For version 3, you can select the authentication and privacy modes in compliance with this newer standard. SNMP Agent Deployment Recommendations Firewall Settings By default, SNMP queries are performed on UDP port 161 of the agent, although this can be changed if desired. If there is a firewall between the ADM appliance and the monitored network, this port needs to be open for connections that are initiated by the ADM appliance. Linux and Net-SNMP The SNMP agent that is built into Linux distributions is Net‐SNMP (http://net‐snmp.sourceforge.net). This agent runs as a service called “snmpd” and is located in the services directory /etc/init.d/. The default Net‐SNMP configuration allows the use of the public community string with SNMP version 2, to query the SNMP agent for particular system configuration items. However, this default configuration only allows access to a portion of the standard MIB‐2 information base. Specifically, it does not allow querying the list of network interfaces, which is a very important piece of information. To allow Net‐SNMP to also report this missing information, it is recommended that you modify the Net‐SNMP configuration file in /etc/snmp/snmpd.conf. Add the following line to the section of the file that has lines starting with “view”: view systemview included .1.3.6.1.2.1.2 Windows Windows 2000 is usually installed with its own SNMP agent. If it is not, it is quickly installed by selecting: Control Panel > Add/Remove Programs > Add/Remove Windows Components > Management and Monitoring Tools > Details > Simple Network Management Protocol. By default, this server supports the “public” community string for querying system information. Solaris and HP-UX Solaris and HP‐UX systems do not include built‐in SNMP agents. You can download and install Net‐SNMP from http://net‐snmp.sourceforge.net and configure it as in Linux. VMware, Inc.
Restart the application server. If there is another SNMP agent running on the same machine, such as the native agent of the operating system, it is recommended to change the port used by the WebLogic agent. In the same location in the management console, set the port to the desired port. Windows Management Instrumentation (WMI) is a proprietary Microsoft technology for modeling, querying, and managing the configuration of Windows hosts. WMI follows a public modeling and management standard known as Common Information Model (CIM), as well as another related standard called Web‐Based Enterprise Management (WBEM). The WMI software component is built into all Server editions of the Windows operating system since the Windows 2000 Server. It might or might not be installed by default as part of Windows XP, but it is easily installed there as an add‐on. WMI is modular and extendable: common information about the host is obtained with the basic built‐in WMI module. Additional components called WMI providers is installed to model and query in detail the configuration of services such as IIS Server, Active Directory, BizTalk server, and so on. The WMI component in Windows is based on Microsoft Component Object Model (COM) technology, and is queried both locally and remotely. Remote queries are through RPC access to the WMI component, using the remote access flavor of the COM technology known as Distributed Component Object Model (DCOM). Detail Discovery with WMI ADM can perform Detail Discovery using the WMI protocol. When creating a WMI Detail Discovery policy, you need to specify a user name, password, and domain name. These are used by the WMI component to authenticate and authorize access to the host information. When using a non domain user to perform WMI discovery, specify “WORKGROUP” in the domain field. WMI discovery is used for discovering machines that run the following operating systems: Windows 2000 Server, Windows Server 2003, Windows 2008, and Windows XP SP2. The following steps are new to ADM 6.0 and later versions as it discovers more information MPORTANT compared to 5.3. If you have already set up your servers for WMI discovery using ADM 5.3, you need to perform the additional steps listed under “Setting Execute Permissions for Used Executables” on page 43. The permissions required to complete the same WMI operations might vary between different MPORTANT versions of Windows and different Service Packs installed. Some windows versions such as Windows 2003 Server with SP2 require an account with local administrator permissions in order to successfully complete all queries performed by ADM. VMware, Inc.
Page 41
Configure the managed hosts to use a narrow range of dynamic ports for their RPC. The following URLs provide further information: http://msdn2.microsoft.com/en-us/library/ms809327 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomfirewal l.asp In the firewall settings, open TCP port 135 (the RPC Service Control Manager port), in addition to the full range of RPC ports specified in Step 1, for access by the Detail Discovery, Collector appliance. Disabling Internal Firewall for Windows XP Service Pack 2 Windows XP with Service Pack 2 has a built‐in internal firewall that might block incoming MPORTANT RPC/DCOM requests. The internal firewall should be turned off or partially disabled to allow direct connection to the local network. To change the firewall configuration Go to Control Panel > Security Center > Windows Firewall. To fully disable the firewall, in the General tab, select Off. If you want to leave the firewall enabled but still allow RPC/DCOM communication, select On in the General tab, and in the Advanced tab, clear local network. Setting DCOM Privileges In the following steps, it is assumed that the domain name is MYDOMAIN and that the user used for WMI Detail Discovery and that domain is named DOMAINUSER. Since WMI access to a Windows host involves DCOM technology, the DOMAINUSER needs to be allowed to perform DCOM operations on each managed host. This is already the default setting in most Windows servers (Windows 2000 and 2003 server families), but not in Windows XP or in servers that had their defaults changed. VMware, Inc.
Page 42
From the Permissions for Administrators list, select Remote Launch and Remote Activation. 10 Clear all other checkboxes and click OK to return to the My Computer Properties window. 11 Click Apply to save your changes and click OK. Setting WMI Privileges After WMI requests pass through the DCOM communication layer, Windows runs another authorization check, for specific user permissions at the level of the WMI service. Therefore, to allow the domain user to run WMI queries, the WMI service needs to be configured for every managed host. This is done either locally on that host or remotely. To configure WMI access on the managed hosts If you are configuring a remote machine, use a domain administrative account. A local administrative account will not work. Log in as admin user (either local or remote administrator) to the target host. Click Start menu, select Run and type wmimgmt.msc. The Windows Management Infrastructure (WMI) window appears. Right‐click WMI Control (Local) in the left pane and click Properties. WMI Control (Local) Properties window appears. If you are configuring remote settings for WMI privileges, right‐click WMI Control (Local) and select Connect to another computer. Type the name of the remote host and click OK. From this point, configuration changes will be applied to the selected host instead of the local host. Click Security tab and navigate to Root > Security in the namespace tree. Security for Root window appears. By selecting the Security option in Root, you are allowing WMI queries to all available WMI providers. In case Root cannot be used, CIMV2 should be used; this option is not recommended. Giving the ADM user security permissions to Root provides little to no risk that queries will be nonintrusive. Click Add. The Select Users or Groups window appears. Type the user name in the following format: Domain name\user name VMware, Inc.
Setting Execute Permissions for Used Executables ADM 6.0 and later versions discover more information than previous versions. To discover this additional information, for each managed server, on each of these files (cmd.exe, cscript.exe, and netstat.exe located in the system32 folder where Windows is installed), perform the following steps: Right‐click the file and click Properties.The Properties dialog box appears. Select the Security tab. From the Group or user names list, select the user who will be performing the Detail Discovery. Select Read & Execute and Read from the Permissions for user list, to grant the necessary permissions. Click OK to confirm. Telnet The Telnet protocol is one of the oldest and most common protocols for remote shell access. However, in recent years it is replaced in many cases with the SSH protocol, which encrypts its network traffic and is considered more secure. Still, some network devices, such as network routers and switches, support remote access through Telnet exclusively. Additionally, Microsoft Windows has a built‐in Telnet server, and does not have a similar SSH server. Therefore, Telnet is used by ADM for Detail Discovery, similarly to the use of SSH. Detail Discovery with Telnet In general, Detail Discovery with Telnet is supported by any machine running a Telnet server that: Supports the terminal type known as dumb. Either allows simple command‐line authentication or accepts NTLM authentication. Telnet Server Deployment Recommendations This section includes Telnet recommendations for deployment. Firewall Settings Telnet queries are normally performed to TCP port 23 of the target device. If there is a firewall between the ADM appliance and the monitored network, this port needs to be open for connections initiated by the ADM appliance. Specifically, in Windows XP Pro SP2, the internal firewall must be turned off for Telnet discovery to take place. VMware, Inc.
Page 44
Creating a Local TelnetClients Group If you want to add a user to the local TelnetClients group, but no such group exists yet, you can simply create a new group by this name. This operation is automated using VBScript or Jscript. Use the following commands: computer = "COMPUTER" user="USER" domain="DOMAIN" Set objGroup = GetObject("WinNT://" & strComputer & "/TelnetClients") Set objUser = GetObject("WinNT:// " & domain & "/" & user) objGroup.Add(objUser.ADsPath) In some editions, particularly XP Pro SP1 and later, remote access by local users is always treated MPORTANT as if the “guest” user is involved. This extra security measure might cause Telnet (and also WMI) to fail with local users, but it has no effect on domain users. VMware, Inc.
Type to turn off password‐based authentication. tlntadmn config sec=-passwd VI-SDK VI‐SDK is a VMware proprietary API used by third‐party applications to query VMware’s model, control the virtual infrastructure’s behavior, and receive notifications on changes in the virtual infrastructure environment. VI‐SDK also allows you to discover, configure, and monitor all aspects of VMware ESX servers and Virtual Center. VI‐SDK on Virtual Center accesses information about the entire Virtual Infrastructure deployment, whereas VI‐SDK on an ESX only access information about that ESX. VI‐SDK is implemented by standard web services with a published WSDL and runs over HTTPS by default. A VI‐SDK URL is the URL of the VI‐SDK server on the target host. This URL is used on all hosts in the policies scope so it does not contain the server part of the URL. For example, if the URL is /sdk:925 and discovery is done against host 1.2.3.4, the actual URL used to connect to the host is https://1.2.3.4/sdk:925. By default, the URL field is initialized to /sdk, which is the default VI‐SDK URL. The VI‐SDK reports the IP address of a virtual machine only if VM‐tools is running on the virtual machine’s guest OS. Detail Discovery with VI-SDK ADM uses VI‐SDK to access a Virtual Center to obtain information about ESX Server and the virtual machines that are installed on them. VI-SDK Deployment Recommendations For VI‐SDK to work properly, the Web Access Option must be enabled in the Virtual Center. VMware recommends that you assign read‐only permission to the user account that is created for Detail Discovery. Firewall Settings VI‐SDK queries are performed over HTTPS. If a firewall exists between the ADM appliance and the monitored network, TCP port 443 must be open for connections that are initiated by the ADM appliance. VMware, Inc.
Discovery only, without relying on Passive Discovery. The Process of Dependency Discovery Using Only Detail Discovery To discover dependencies using Detail Discovery, ADM must leverage the capabilities exposed to it by the protocol it uses to connect remotely to the interrogated host. ADM uses a cross‐platform and widely supported program called netstat for remote shell protocols (for example, SSH and Telnet) and WMI. Since WMI does not expose any port‐related information, netstat is used to run commands on the target Windows machine. With SNMP, ADM interrogates a standard MIB2 table that exposes information about open TCP connections and ports used by applications and services running on the interrogated host. ADM then uses heuristics to guess the protocols used by those connections. ADM uses heuristics to guess the protocols only for ports that are lower than 512. Table 5‐2 describes what ADM discovers about dependencies and how. Table 5-2. Dependency Discovering Methodology What Discover the open connections that the By querying the services exposed by the ADM protocol, as described interrogated host has to other hosts on the previously. network (much like passive). For each of those open connections, discover ADM finds the process ID (PID) of the services running on the host, and the service that is using the connections. matches up that PID with the PID of each open connection. Note: There is a limitation with some major OS platforms (SunOS, AIX, and HP‐UX) for which netstat is unable to retrieve PID information. On these platforms, this capability is disabled. VMware, Inc.
Protocol identification is by far more accurate with Passive Discovery. This of course, results from Passive Discoveryʹs specialization in protocol analysis. Passive Discovery is weak in discovering the source of a connection for reasons explained in “ADM Dependency Discovery Methods” on page 46. Passive Discovery cannot discover the ports on which a service is listening unless a client sent a packet to it. Detail Discovery discovers connections that are active at the time of discovery, whereas Passive Discovery samples all communication traffic on the network. This means that ephemeral connections have less of a chance to be discovered through Detail Discovery. Note: However the connections that are active and representing an interaction with a live business application are not likely to be ephemeral. Only Detail Discovery discovers documented dependencies that are dependencies discovered by looking at the configuration of service, such as in the files and registry. Note the following when you are using Passive or Detail Discovery for discovering dependencies: If the same connection is discovered through both Passive and Detail Discovery, the connection is reconciled to appear as a single connection; for example, if Passive Discovery discovers the protocol, activity and the server‐side service, and Detail Discovery discovers the client‐side service, the two discoveries would be reconciled to include all the information collected by both discovery types, without redundancy. The process of reconciling hosts might take some time. ADM uses the same Passive Discovery scope IP filters to filter remote hosts (hosts connected to the interrogated host) discovered during Detail Discovery. This feature avoids the problem of Detail Discovery overriding the IP ranges that were excluded as part of the Passive Discovery scope. By default, Detail Discovery policies do not discover network dependencies due to issues surrounding performance. The discovery of network dependencies substantially increases the amount of time it takes to reconcile the discovered results, and since the default deployment of ADM includes Passive Discovery, this default configuration still provides a full view of the network, including network dependencies. vCollector support Passive Discovery only. VMware, Inc.
Here is one suggested strategy to use when creating a Detail Discovery plan for discovering dependencies: Ensure that you set up the Passive Discovery scope with the IP ranges of the hosts with the dependencies you want included or excluded from discovery. Create a Detail Discovery policy (or set of policies, depending on the discovery protocol) with a Shallow plan that will run frequently (for example, all hosts once a day) to quickly scan the network for minimal OS and networking information. Create a Detail Discovery policy (or set of policies, depending on the discovery protocol) with a Deep plan that will run less frequently (for example, discover a host once every few days) than the policy created in Step 1. Once the policies in Step 2 and Step 3 have discovered a substantial part of the network, and the rate of new discovery decreases: Create a custom discovery plan that has the only Network Connections enabled. The only Network Connections option is disabled by default. Create a new Detail Discovery policy that runs frequently and apply the custom discovery plan created in the previous step to it. The frequent SHALLOW scan, in Step 2, serves two purposes. First, hosts with more than one IP are merged to appear as a single host. Second, Detail Discovery policies will be tailored to match the discovery protocol with the OS of the hosts in their scope. This less frequent, DEEP policy, created in Step 3, is used to retrieve deep configuration information of the environment. The Network Connections policy, defined in Step 4, will discover only network connections, and do so after the new discovery rates have decreased. This is important because Network Connection plans can have a performance penalty, which is the reason that discovery of network dependencies is excluded from the DEEP discovery plan by default. This phased approach creates a delay of a few days to discover network dependencies, because option 3 is enabled only after the discovery rate decreases. This approach is used to avoid the performance penalty caused by using Detail Discovery to discover dependencies (which is the reason that discovery of network dependencies is excluded from the DEEP discovery plan by default). By starting to discover network dependencies only after much of the environment has been discovered by Detail Discovery, the performance penalty is minimized. Alternatively, if there is an immediate need to see network dependencies sooner rather than later, there is the option of creating a custom discovery plan that includes network dependencies and running it immediately. VMware, Inc.
A Virtual Center host is the physical machine on which the virtual machines are running. All virtual machines within the VMware Infrastructure environment are physically on ESX Server hosts. The term “host” in this Help system refers to the ESX Server host that has virtual machines on it. Resources — Selected resources belonging to the host and assigned to the virtual machines that are resident on that host. The managed resources are CPU, memory, disk space, and I/O. Virtual Center uses the resources to provide, through the VMware DRS components, various options for monitoring the status of the resources and adjusting or suggesting adjustments to the virtual machines. Virtual Infrastructure Client (VIC) — The UI used to connect to the Virtual Center Server. VMware Discovery in ADM ADM can discover VMware environment, track changes in the environment, and find dependencies within that environment. ADM can discover the VMware components and CIs in Table 5‐4. Table 5-4. Discovered VMware Components and CIs Component (CI type) Discovery Method Virtual Center Product, vendor, and version. Telnet, WMI, (service) VI‐SDK Documented dependencies to all ESX servers attached to that VirtualCenter (only with VI‐SDK). Virtual Infrastructure Product, vendor, and version.
ADM User’s Guide Table 5-4. Discovered VMware Components and CIs (Continued) Component (CI type) Discovery Method Player (service) Product, vendor, and version. Telnet, SSH, WMI VM‐Tools (installed Product, vendor, and version. Telnet, SSH, WMI software) Note: VM‐Tools is an attribute of the guest OS, not the virtual machine configuration. Use Case The following use case describes the typical flow for passive and detail discovery of a VMware environment. Assumptions Assumptions for both passive and detail VMware Infrastructure discovery are as follows: The VMware Infrastructure components (VMware Infrastructure 3 or higher, VMware Virtual Center and VMware ESX Server) are properly configured and operational. VMware Virtual Center is used for management. A web interface or Virtual Infrastructure Client (VIC) is used for interfacing with VMware Virtual Center. (A VIC is a front‐end UI client used to administer Virtual Center. It is either a Windows application or a web application.) One of the following protocols is allowed in the VMware Infrastructure environment: ...
Page 51
Chapter 5 Discovery VMware Infrastructure Discovery Flow Table 5‐5 describes the typical flow for VMware Infrastructure discovery. Table 5-5. VMware Infrastructure Discovery Flow Step Description Results Passive discovery A passive discovery policy is created from the Since the VMware Infrastructure is discovered (not mandatory) Manage > Passive Discovery page. passively, this will be only a partial discovery. You will be able to view the following information: The VMware Infrastructure environment as a whole—the ESX Servers and services (VirtualCenter, Virtual Infrastructure Client). Connections between ESX Servers and VirtualCenter. The clients that are managing VirtualCenter (that is, Virtual Infrastructure Client, web browser). Connections between Virtual ...
ADM User’s Guide Using VI-SDK for Detail Discovery ADM includes the VI‐SDK protocol as an option when creating Detail Discovery policies. VI‐SDK is a VMware proprietary API used by third‐party applications to query a VMware model, control VMware Infrastructure’s behavior, and receive notifications of changes in the VMware Infrastructure environment. It also allows its user to discover, configure, and monitor all aspects of VMware ESX Server and Virtual Center. The VI‐SDK option is shown below. Capabilities Once a VMware environment is discovered, you can perform several functions. Viewing Virtualization Dependencies You can view dependencies in your VMware Infrastructure environment by selecting the relevant items from the Discover > Inventory page and clicking Virtualization in the Dependencies panel. This option allows you to view dependencies for the selected object. For example, you can select a virtual machine from the inventory and then click Virtualization to view its containers. You can also view dependencies in the map. Virtualization-Related Search After discovering your VMware Infrastructure environment, you can perform searches on it. For example, you can search for virtual machines or VMware ESX Server. To perform a search, go to the Discover > Inventory page and click Search. This option is shown below. VMware, Inc.
Page 53
Chapter 5 Discovery Finding Dependencies Between a VMware Infrastructure and Virtualized Business Applications Assumptions You have completed active discovery of the VMware Infrastructure environment at least once, and discovery of the virtual machines in the VMware Infrastructure at least once. Goal After detecting VMware Infrastructure environment instances in your network, you want to find out which business applications (for example, PeopleSoft) are on these instances. Flow 1: Foundation to Virtualized Environment To view your VMware environment Create a group that contains the VMware ESX Server, Virtual Center, and the Virtual Infrastructure Clients. To view all the virtual machines in the VMware Infrastructure environment, do either of the following: Extend the VMware Infrastructure environment group to include the environment. View the environment through the map (Discover > Map) or the inventory (Discover > Inventory). Chapter 4 contains more information on groups. Flow 2: Virtualized Environment to Foundation To view your VMware environment Create a group that contains all the virtual machines in the VMware Infrastructure environment.
“Application Pattern Instances” on page 58 “Viewing Application Pattern Definitions and Instances” on page 58 “Application Discovery Process” on page 60 Overview Data centers run business applications that handle the core business and operational data of the organization. These business applications typically consist of several hosts running databases, application servers, file servers, and various other components. ADM provides application patterns that allows you to identify and group together entities that comprise the various instances of a business application. Creating application patterns helps you to easily follow any changes in a specific business application. The instance is updated automatically if there are server changes or a change in services in the application, thus relieving you from having to manually track changes. Application Pattern Definitions To use Application Patterns, you must first create an Application Pattern definition. An Application Pattern definition is a topology defined by a set of endpoints (such as hosts, services, and databases) and the relations (connections) between them. Figure 6‐1 demonstrates an example of an application pattern that is a Jboss Server, connected to an Oracle database through a Java Database Connectivity (JDBC) connection. Figure 6-1. Application Pattern Example JDBC Oracle Jboss database server ADM provides the following types of rules for identifying Application Patterns: Node rules Connectivity rules VMware, Inc.
Apache Jboss database server server This application pattern definition requires three node rules to identify each endpoint. Connectivity Rules Connectivity rules identify the connections between the endpoints and are used to assign an endpoint as a source or target of the application pattern. Figure 6‐3 demonstrates a connectivity rule that includes JDBC and HTTP connections, as well as assigns the Apache Server as a source to the Jboss Server (target) and the Jboss Server as a source to the Oracle database (target). Figure 6-3. Connections Between Endpoints JDBC HTTP Oracle Jboss Apache database server server Mandatory Node Rules Application pattern definitions also require that you define a node rule either as: Mandatory Optional Mandatory elements must exist in the environment to be identified as an instance. They are core elements of the application pattern definition. Optional elements are not core and, if they exist, they are included in the discovered instance. VMware, Inc.
Figure 6-4. Mandatory and Optional Elements in an Application Pattern Definition Gateway Oracle Application (optional) database server (mandatory) Unifying Node Rules The endpoints of an application pattern instance might be shared by other entities. Unification allows you to identify all entities that share a resource as a single application pattern instance. To help identify all similar instances that share the same components, you can specify a node‐based rule as a unification rule. When the rule is applied, it results in one instance being detected, instead of several that contain all the same components. For example, you might not know how many ADM Collector components exist in an instance of an ADM application. You could end up with multiple instances instead of just one, as shown in Figure 6‐5. Figure 6-5. Multiple Instances Sharing the Same Components Identified Without Unification server client client client When you specify a node rule as a unification rule, the application pattern definition unites all aggregator‐collector instances that share the same ADM aggregator into one instance as shown in Figure 6‐6. VMware, Inc.
Figure 6-6. Similar Instances Are Identified as One Instance With Unification server client client client Application Pattern Instances ADM analyzes newly created application pattern definition and discovers instances of the application pattern. An application pattern instance is a set of components (hosts, services, and so on) and their relations that answer an application pattern definition. This definition is applied against the repository thus resulting in a display of all application pattern instances that match that definition. Viewing Application Pattern Definitions and Instances The application pattern definitions and instances are viewed and managed through the Manage tab. The VMware vCenter Application Discovery Manager Online Help contains field descriptions and information about using the interface. Application Pattern Definitions The Application Patterns List contains general information about existing application pattern definitions. To access the Application Patterns List, navigate to Manage > Application Pattern Definitions. The Application Patterns List is shown below. Table 6‐1 describes the columns that appear in the Application Patterns List. VMware, Inc.
If the Automatically discover option is selected in the definition, the ADM will automatically search for new instances once a day and update the existing instances. Created By User name of the person who created this Application Pattern Definition. Creation Date Date the Application Pattern Definition was created. The date is for the ADM appliance where this definition is defined. Updated By User name of the person who last modified the Application Pattern Definition. Update Date Date the Application Pattern Definition was last modified. The date is for the ADM appliance where this definition is defined. Click the column heading to sort the list by that column. You can perform the following actions with Application Pattern Definitions: Add Application Pattern — Creates a new definition. Copy Application Pattern — Makes a copy of an existing definition. Edit Application Pattern — Modifies an existing definition. Delete Application Pattern — Removes an existing definition. You cannot delete an Application Pattern Definition if it is built‐in or if one or more Application Pattern Instances reference that definition. Discover New Instances — Discovers new instances of an application pattern definition. Import — Imports application pattern definitions from other ADMs. Export — Exports application pattern definitions from other ADMs. The VMware vCenter Application Discovery Manager Online Help provides procedures on how to perform these actions. Application Pattern Instances The Application Pattern Instances List contains the application pattern instance created as a result of discovery of instances of associated application pattern definitions. VMware, Inc.
Valid A green check mark means the application pattern instance was valid as of the last Refresh. Name The name of the Application Pattern Instance. ADM provides a default name, but you can provide a custom name using the Edit action. Description The instance description is an optional field and might not have been defined. Use the Edit action to enter a description for the instance. Last Refreshed The last time the ADM database was checked for application pattern instance validity. Created By User name of the person who created this application pattern definition. Creation Date The time this application pattern definition was originally created on the ADM appliance where this pattern was defined. Updated By User name of the person who last modified the name or description of this application pattern instance. Update Date The time this application pattern definition was last modified on the ADM appliance where this pattern was defined. Click the top of a column to sort the list by that column. You can perform the following actions on Application Pattern Instances: Edit Instance — Modifies Name or Description of an existing instance. Delete Instance — Removes an existing instance. You cannot delete an Application Pattern Instance if the instance is part of the scope of either Active probing or Aging policies, or part of a userʹs configuration. The VMware vCenter Application Discovery Manager Online Help provides step‐by‐step instructions on how to perform these actions. Application Discovery Process Figure 6‐7 shows a high‐level overview of the process to create application patterns and view the results in the ADM console. The callouts correspond to the “Use Case: Creating Definitions and Viewing the Resulting Instances” on page 61. VMware, Inc.
Use Case: Creating Definitions and Viewing the Resulting Instances This use case provides an overview on how to create an application pattern definition and view the resulting instances. The VMware vCenter Application Discovery Manager Online Help describes the fields in the display. Step 1: Create an application pattern definition To create an application pattern definition Navigate to Manage > Application Pattern Definitions. Click Add Application Pattern from the Actions pane on the left side of the screen. Create the node rules for each endpoint of the application pattern from the Node Rules tab. At least one node rule is mandatory. MPORTANT Use the Connectivity Rules tab to define the type of connections to include in the instance and to define the nodes as a source or target of the application pattern instance. Step 2: Discover All Instances That Match the Definition The discovery process runs the first time an application pattern definition is created. ADM searches the database for the CIs that meet the criteria specified in the application pattern definition. If the criteria is met, then an application pattern instance is created. VMware, Inc.
Page 62
In the Last Discovery column, click click here to view the application pattern instances that were discovered. Step 3: Viewing All Discovered Instances After completing “Step 2: Discover All Instances That Match the Definition” on page 61, the Discovered Application Pattern Instances page appears displaying the scope of these instances. Select the application pattern instances that you would like to store and click Create. Step 4: Storing Selected Instances as Groups The application pattern instances are stored as groups and are viewed and managed from the Manage > Application Pattern Instances tab. Step 5: Discovering New Instances Automatically You have an option to enable or disable the automatic discovery of new instances. If the option Automatically discover new instances once a day is selected in the Application Pattern Definition, the ADM database is searched for new Application Pattern instances. Newly discovered instances are displayed and are saved manually as shown in “Step 3: Viewing All Discovered Instances” on page 62. If the option is not selected, no new instances are discovered but a nightly refresh process synchronizes existing instances with information in the ADM database. If changes in the Application Pattern Instance (for example, relevant CIs were no longer discovered) render that instance irrelevant, the green check mark disappears in the Valid column. You can delete such an instance manually, provided the instance is not part of the scope of either Active Probing or Aging policies, nor part of a userʹs configuration. VMware, Inc.
Least Used Services Report Most Used Connections Report Least Used Connections Report Most Active Application Users Report Most Active Service Users Report Host Demand Trend Service Demand Trend Host Activity Breakdown Report Current Changes Report Configuration reports Configuration reports show either hosts with Group Report few or no connections, or a list of alerts. Change Policy Report Exporting and Printing Reports Once a report is generated, you can export and print it. The export choices are as follows: Excel format — Enables you to download the report through your browser as a Microsoft Excel spreadsheet. Rich Text Format (RTF) — Enables you to save the report in RTF that is opened in Microsoft Word. Portable Document Format (PDF) — Enables you to save the report in PDF. Print — Opens the standard Print dialog box and allows you to print the report. VMware, Inc.
This chapter describes the Connectors tab that enables you to integrate ADM with other applications. Topics include: “Connectors Overview” on page 65 “EMC Smarts Integration” on page 65 “Custom Reports” on page 70 The integration software requires a license to work with ADM. Contact your Customer Sales Representative for information on purchasing a license. Connectors Overview The Connectors tab enables you to integrate ADM with other applications, if you have them installed. You must also have a license for them. Integration between ADM and other applications allows detailed information to be discovered and populated into the other application. Information about hosts, routers, switches, services, and connections are transferred between applications. For example, you might want to use the network devices from EMC Smarts Service Assurance Manager (SAM) with the applications from ADM. Information about ADM could be collected and displayed in the SAM. To view the integration screen from the ADM Console, click Connectors tab. Depending on the applications you have installed and licensed, you see the following tabs: EMC Smarts Reports The VMware vCenter Application Discovery Manager Online Help provides specific details and steps. EMC Smarts Integration Integration between the ADM and the SAM allows the detailed information collected by the ADM to be populated into the SAM. Before ADM data can appear in SAM, you must verify that the ics.conf file has been edited to specify that the data is to flow from the SAM Adapter Platform to the SAM. The section “Defining Domain Parameters” in the EMC Smarts Service Assurance Manager Configuration Guide provides detailed information on editing the ics.conf file. Once all integration steps are complete, the ADM data is viewed using the Smarts, Launch in Context feature. VMware, Inc.
Unregister ADM Complete Synchronize These menu items are described in the following sections. Status Table 8‐1 describes the various fields of the ADM‐Smarts Integration Status screen. Table 8-1. ADM-Smarts Integration Status Screen Information Field Description Last Sync. Time Displays the time of the last successful ADM‐SAM synchronization. Registration Status Displays the current status of the ADM registration in the SAM. Available values include: Not configured — The integration has not been configured. Unregistered — The ADM device is not registered in the SAM. Registered — The ADM device is registered in the SAM. Synchronization Status Displays the current status of the ADM device and the SAM synchronization. Available values include: Idle — Indicates that no synchronization between the ADM device and the SAM is occurring. Complete in Progress — A complete synchronization is currently in progress. Incremental in Progress — An incremental synchronization is currently in progress. VMware, Inc.
Scheduling — Configures automatic scheduling of the integration. When scheduling an integration, the schedule becomes active at 12:00 A.M. the next day. Scope — Defines the entities that are populated to the SAM. To configure the EMC Smarts Connector Configure the SAM server connecting to the ADM device. Schedule the synchronization between the ADM device and the SAM. The following synchronization options are available: Incremental — The incremental update option populates all objects that were created or modified since the last synchronization. Since the Incremental update option transfers deltas of data between two points in time, it is used more frequently. Complete — The complete update option populates all objects that are included in the configured ADM to the SAM scope. Since this option populates all objects, do not use it frequently. It is recommended that you perform a complete update to correct any synchronization issues that have occurred over time. Define the resources that are populated from the ADM device to the SAM. The Scope tab defines the resources that are populated from the ADM to the SAM. Since the ADM discovery process can result in a relatively large set of server and client resources, you must carefully plan on the scope of integration. The scope of integration should be limited to resources that are of interest within the SAM context. A broad scope can result in slow synchronization and a large set of entities in the SAM. Register the ADM in the SAM. Before transferring any information from the ADM device to the SAM, ADM needs to be registered in the SAM. Only one ADM device is registered in the SAM at any given time. If you register a new ADM device by supplying a different name in the ADM Name field, the existing ADM device is unregistered. If you register a new ADM device with a name similar to an existing ADM device, the integration assumes that this is a replacement ADM device and attempts to synchronize the data of the ADM device and the SAM. The VMware vCenter Application Discovery Manager Online Help provides the complete procedures for these steps. VMware, Inc.
Unregistering an ADM device when the SAM is not available displays a Force Unregister message. Click Yes to unregister the ADM device from the SAM without notifying the SAM. You must manually unregister the ADM device from the SAM using the SAM console. Complete Synchronize After you have configured the ADM and SAM integration, the system must be synchronized for the SAM to retrieve the data. The following two options are available for synchronizing: Schedule the synchronization between the ADM device and the SAM. Perform a complete synchronization now — To perform a synchronization now, click Complete Synchronization in the Actions left pane. A complete synchronization is performed anytime after the two systems have been configured for integration. The VMware vCenter Application Discovery Manager Online Help provides instructions for synchronizing the integration. Displaying ADM data in SAM Before ADM data can appear in SAM, you must verify that the ics.conf file has been edited to specify that the data is to flow from the SAM Adapter Platform to the SAM. The Defining Domain Parameters section in the EMC Smarts Service Assurance Manager Configuration Guide provides detailed information on editing the ics.conf file. To display discovered and populated ADM data in the SAM: From the Notification Log Console, navigate to InCharge Manager > Attach. This displays the Attach InCharge Manager dialog box. Select INCHARGE‐SA from the InCharge Manager list box. Navigate to File > New > Map Console. The Map Console appears. VMware, Inc.
Page 69
Chapter 8 Connectors From the left pane of the Map Console open the ADMSoftwareRequest folder. Select an item. The graphical representation of the software request with the related software services appears in the right pane of the console as shown below. Launch in Context To open an ADM console in context using the Smarts Launch in Context functionality, right‐click an object and navigate to Client Tools > Launch ADM Web Console as shown below. As a result of integration, the ADM Console displays detailed information about the selected object populated into the SAM. On a host running Solaris 9 or 10, for the Smarts Launch in context functionality to open the ADM Console in context, you must edit the AMDLIC.sh file to configure the location of your Mozilla browser. VMware, Inc.
# --------------------------------------- ### Required: # Some typical browser locations # /usr/dt/bin/netscape (Solaris) # /opt/netscape/netscape (HPUX) # /usr/bin/mozilla (Linux) BROWSER=/usr/sfw/bin/mozilla # -------------------- # =====================| End Customizations |====================== # ---------------------- Edit the path for the browser running on a Solaris host. For example, BROWSER=/usr/sfw/bin/mozilla Save the file to the BASEDIR/smarts/actions/client/ADM directory. Custom Reports In addition to standard reports, ADM provides functionality for creating custom reports. To create custom reports, an external database must be installed and configured. Once the external database is synchronized with the ADM database, you can create custom queries to collect data and generate custom reports. The VMware vCenter Application Discovery Manager Repository Reference Guide provides information about setting up and configuring the ADM external database. To help you with the custom reports, it also provides examples of reports that can be generated from the ADM external database. VMware, Inc.
Application Before upgrading your Create a short list of hosts that are upgrade candidates. upgrade applications, use this Create a short list of services that are upgrade candidates. solution to identify List all hosts that are heavily used and could be upgraded. applications, hosts, and List all services that are heavily used and could be upgraded. services that are heavily utilized and are excellent Create a short list of the most active service clients for services candidates for upgrading. that are upgrade candidates. This helps you improve Create a short list of the most active application clients for your application applications that are upgrade candidates. performance and service Determine the impact of hosts that are upgrade candidates on levels. other hosts and services. Graph the demand placed on hosts that are upgrade candidates over a specified time. Graph the demand placed on the services that are upgrade candidates over a specified time. Determine the impact of applications that are upgrade candidates on other hosts and services. VMware, Inc.
Page 72
Determine the impact of applications that are upgrade solution to audit your candidates on other hosts and services. disaster recovery plans, ensuring your business will continue without interruption. SOX Section 404 of the Show the list of hosts that support your critical financial compliancy Sarbanes‐Oxley Act applications. audit requires you to document Show the list of services that support your critical financial your key financial applications. applications, amongst other Show the list of hosts that depend on other hosts that support things. This solution your critical financial applications. provides you with the Graph the demand placed on hosts that support your critical necessary information financial applications. required for Sarbanes‐Oxley compliance Graph the demand placed on services that support your critical readiness. financial applications. VMware, Inc.