Virtualization Server Access

VMware vSphere Access

Access is provided through the use of VMware vSphere PowerCLI. The VMware ESX Product Adapter communicates with the vSphere Installation using the vSphere Web API, and the Simple Object Access Protocol (SOAP) via the PowerCLI Client. This will need to be installed on the scanning server prior to the scan operations being started.
See Section 4.1 for the vSphere credential type that is required.
The vSphere access is used as the primary source of information for VMware virtual machines and the relationships established between VM guest and ESX hosts. If an ESXi/vSphere Hypervisor is not scanned, associated virtual machines will be identified by direct scanning of targets but virtualization/clustering information related to the connections will not be available.
Commands that are issued:

  • FindEntityViews:<object name> - returns the object list
  • FindEntityViews:VirtualMachine - list of virtual machines
  • FindEntityViews:Datacenter - list of datacenters
  • FindEntityViews:Datastore - list of datastores
  • FindEntityViews:HostSystem - list of hosts (servers)

In addition, credentials need to be identified that will allow access to the console through which the scanning server will login. The credential that is used to log into vSphere requires 'Read-Only' permissions (on DataCenters).

In order to scan vSphere licenses, a role with permissions for 'Global – Licenses' is needed.
Access to the vSphere PowerCLI is provided through the installation of downloadable software.
Latest release:
vSphere PowerCLI 5.5 Release 1 [Released September 22, 2013]

 

VMware-PowerCLI-5.5.0-1295336.exe - 193 MB

 

 

Installation Instructions are included within the zip file. 

 

 

 

All versions are available from VMware at:
https://www.VMware.com/support/developer/PowerCLI/
Select the correct version from the drop down list.
Note: these downloads require the use of an VMware login

HMC and PowerVM Access

To enable scanning of IBM PowerVM™ virtualization environments, it is required SSH or Telnet access to the Hardware Management Console (HMC) used to manage the systems.
If scanning the IBM HMC, the HMC user must have a minimum setting of hmcviewer role.
Read-only access to the following commands is required to allow the scan engine to generate Oracle reports for this hardware type:

  • VIOS (all)
  • ioslevel (VIOS server code level)
  • lparstat (VIOS servers own LPAR config)
  • lsdev (Devices defined to VIOS)
  • lstcpip (IP addresses of VIOS servers)