Follow

Provision vSensor using VCLI

vSensors on vSphere/ESXi v6.5 may fail to deploy

Note: VMWare have removed key functionality from standalone ESX/vSphere hosts which prevents OVA deployment through the VMWare web UI from working.  See the Help Center article here for more information.  Vectra is unable to work around this restriction and, instead, offers a CLI OVA deployment to permit customers to deploy vSensors to these hosts.

The CLI tool is an easy and convenient way to deploy on on vCenter and ESXi Embedded Host Client.

Steps to deploy a vSensor using VCLI

  1. Ensure the capture portgroup and management port groups are already created
  2. Ensure the firewall allows the brain to connect to the vCenter server (if applicable) and the ESX/vSphere server on port 443 (or alternate port if configured)
  3. Login to VCLI on the brain using the vectra user
  4. Run provision vmwware vsensor command using the appropriate options. Once successfully deployed the new vSensor can be powered on and should automatically pair to the brain given Automatic Pairing is enabled under Settings - Sensors

The Vectra provision command uses ovftool along with the supplied information to provision new virtual sensors to vCenter or a standalone ESXi hypervisor.

A single command will be issued in the format :

vscli > provision vmware vsensor < -vs vsphere > < -vm vmname > < -ds datastore > < -m mgmt_pg > < -cp  capture_pg > < -s vswitch > [ -dc datacenter ] [ -vh vmhost ] [ -d ] [ -mip mgmt_ip ] [ -mnm  mgmt_netmask ] [ -mgw mgmt_gw ] [ -n dns ] [ -c 2 | 4 | 8 | 16 ] [ -p port ] [ -r resource_path ]  [ -f ] [ -hn hostname ] [ -u username ] [ -pw password ] [ --wait-for-ip ]

Options for provision vmware vsensor command:

vscli > provision vmware vsensor -h
Usage: provision vmware vsensor [OPTIONS]

Uses ovftool along with the supplied information to provision new virtual
sensors to vCenter or a standalone ESXi hypervisor.

Options:
-vs, --vsphere TEXT IP or hostname of vCenter/vSphere instance [required]
-vm, --vmname TEXT Virtual machine name to assign to the vSensor [required]
-ds, --datastore TEXT Name of the datastore to create the virtual machine on [required]
-m, -mp, --mgmt_pg TEXT Management NIC's portgroup name [required]
-cp, --capture_pg TEXT Capture NIC's portgroup name [required]
-s, -vsw, --vswitch TEXT Name of the vSwitch that the capture portgroup is on [required]
-dc, --datacenter TEXT Name of the data center where the vsensor will be created on (vCenter only)
-vh, --vmhost TEXT Name of the physical host that the vSensor will be created on (vCenter only)
-d, --dhcp Select DHCP or static IP, Netmask, Gateway for vSensor management (only supported on vCenter)
-mip, --mgmt_ip TEXT Static Management IP address (only supported on vCenter)
-mnm, --mgmt_netmask TEXT Static Management IP netmask (only supported on vCenter)
-mgw, --mgmt_gw TEXT Static Management gateway IP address (only supported on vCenter)
-n, --dns TEXT Comma separated list of DNS server IP addresses (only supported on vCenter)
-c, --cores [2|4|8|16] Number of cores for vSensor to use (default 4)
-p, --port INTEGER vSphere port (default is 443)
-r, -rp, --resource_path TEXT Folder/resource path in which a host is located, e.g. "Folder Name/Cluster name" (vCenter only)
-f, -fp, --force_promiscuous if provided, promiscuous mode will be enabled on capture portgroup automatically
-hn, --hostname TEXT vSensor hostname to assign (only supported on vCenter)
-u, --username TEXT vCenter/vSphere username (you will be prompted if not provided)
-pw, --password TEXT vCenter/vSphere password (you will be prompted if not provided)
--wait-for-ip If selected, command returns only when the sensor successfully got an IP address
-h, --help Show this message and exit.

Example

provision vmware vsensor --vsphere "vpshere.local" --vmname "vSensor-01" --datacenter "Oakland" 
--vmhost esxhost2.vpshere.local
--datastore "esxhost2 NVMe" -mgmt_pg "10x3 Management Network" -c 8
--capture_pg "Vectra Analyzer" --vswitch vSwitch1 -mip 10.0.3.92
-mnm 255.255.255.0 -mgw 10.0.3.1 -n 10.0.6.10 -u root

Troubleshooting

Locator does not refer to an object

The parameters provided to the "provision vmware vsensor" command are constructed into a resource path used to access the vCenter/vSphere server.  This error message means that the resource path is invalid.  The user should check that the parameter are correct, that any special characters are escaped (e.g. the forward slash '/' should be escaped to %2F) and that the provided user has permission to access the resource path.

The constructed locator takes the following form: vi://{username}:{password}@{vsphere}:{port}/{datacenter}/host/{resource_path}{vmhost}

The user may try to access the above path using ovftool (from another system) to confirm that the path is valid and accessible.

Transfer failed

The transfer of the OVA data from the Brain to the hypervisor (ESXi/ESX/vSphere) has failed.  The user should validate that any access control devices (e.g. firewalls) between the brain and the hypervisor are not blocking or prematurely terminating the connection.

 

Was this article helpful?
0 out of 0 found this helpful

Download PDF

0 Comments

Article is closed for comments.