VMware vCenter Server Appliance (VCSA) Monitoring
IN THIS ARTICLE:
Introduction to VMware VCSA Monitoring
The vCenter Server Appliance (VCSA) is a preconfigured Linux virtual machine, which is optimized for running VMware vCenter Server and the associated services on Linux. Using LogicMonitor's VMware VCSA package, you can monitor CPU usage, file system capacity, disk performance, memory, and much more.
A majority of the DataSources included in the VCSA API package are compatible with vCenter Server Appliance (VCSA) version 6.5 or greater. However, there are several DataSources that require the appliance be at least version 6.7 before they can be executed. It is recommended that you use the latest version of either VCSA build (6.5 or 6.7) as VMware has identified and corrected several bugs with the API that existed in earlier iterations. Visit VMware’s Knowledge Base for additional information regarding current and past versions of VCSA.
DataSources Requiring VCSA 6.5 (or Greater)
DataSources Requiring VCSA 6.7 (or Greater)
Determining Your VCSA vCenter Server Version
The vCenter Server build version for the VCSA can be determined using one of the following methods:
- Execute the command vpxd -v from the VCSA Secure Shell (SSH) Bash console.
- Identify the version at the top of the login prompt when initially accessing the device through either SSH or the Web Console text accessed through vSphere.
Note: VCSA version information (including release dates and build numbers) can be identified in the Build numbers and versions of VMware vCenter Server article found in the VMware Knowledge Base.
In order for LogicMonitor's VCSA API DataSources to query data, LogicMonitor must provide the appropriate credentials when establishing a connection with the API. As outlined in the following sections, these credentials must belong to a user included in the "SystemConfiguration.Administrators" group. Additionally, these credentials must be set as properties on the VCSA device in LogicMonitor.
Creating a VCSA User
- Create the user under the appropriate SSO domain for the VCSA; do not use "localos".
- Remember the username and password assigned to the new user; these will need to be added into LogicMonitor as properties.
Adding the New VCSA User to the SystemConfiguration.Administrators Group
Once the new VCSA user account is created, it must be added to the "SystemConfiguration.Administrators" group. Even if the new VCSA user account is assigned administrative access, it will not be authorized to pull API information without the privileges provided by this particular group.
Storing the User Credentials as Properties in LogicMonitor
The username, including the SSO domain (i.e. [email protected]), and the password must be established in the esx.user and esx.pass custom property fields for the VCSA device in LogicMonitor. This allows the Groovy scripts to provide the appropriate credentials when establishing a connection with the API.
- esx.user - the value for this property must represent the full username for the user account, including the SSO domain name. For example, if the account is named test-account and the SSO domain is vsphere.local, the full username would be "[email protected]".
- esx.pass - the value for this property represents the password for the user account.
For more information on setting properties for devices, see Resource and Instance Properties.
Each VCSA DataSource is written to handle certain exception errors that might occur during execution. The script will output the error that occurred to the "scriptOutput" row for each DataSource (viewed from the Resources page under Raw Data| Poll Now). If you are seeing "No Data" or unexpected results, start by checking the returned values listed here.
User Access Issues
Some of the common errors that have been identified are related to user access and permissions. If you receive an HTTP response status of 401 (UNAUTHORIZED), it is an indication that the user does not have access to the API. Start by checking whether the user exists in the VCSA vSphere Web Client Users & Groups Section. Also confirm that you have input the correct credentials for the device's esx.user and esx.pass properties.
If you receive an HTTP response of 403 (FORBIDDEN), it is generally an indication that the user exists and has access to the API, but is attempting to query endpoints that are restricted. This is likely because the user is not associated with the "SystemConfiguration.Administrators" group which is required to query monitoring data from the API.
Invalid or No Data
Outside of access issues, sometimes you may receive error messages similar to ERROR: Data from ‘<DEVICE>’ is not a valid format and cannot be processed followed by the data that the server returned. Generally, this occurs when collecting data such as disk latency when disks are inactive (i.e. zero read/write activity) or backup/backup instance information when backups are not scheduled and have never occurred. Check the VCSA to ensure that these activities are taking place (i.e. disks are processing data and backups are enabled/occurring).