Follow

How to configure vCenter Integration on Vectra Detect Appliances

Feature Description

If using VMware vSphere, some configuration is required to enable the Vectra System to query the vCenter API. Enabling API access to vCenter provides a read-only view into the vSphere state, otherwise obtainable only by logging into vSphere itself.

Enabling the vCenter API query connectivity helps with vSensor deployment planning by identifying the physical hosts, clusters and data centers that currently have vSensor coverage, and those that do not have coverage.

Enabling the vCenter connection also shows available resources on physical VMware hosts, and exposes any configuration errors that might be affecting packet capture. This view, seen in the Vectra UI Manage > Physical Hosts page, helps the Vectra System operator identify the exact requirements that need to be conveyed to VMware operational teams.

Once this setting is enabled, the Manage > Physical Hosts page appears in the Vectra UI.

Through the vSphere connection, the Vectra Brain email notifications to the configured administrators about changes in the virtual environment that merit security consideration.

For example:
• A new physical server where a vSensor may be needed is added to the network
• vSensor has been moved or powered down
• VM is moved from a host that is monitored by a Sensor to a host that is not monitored by a Sensor

NOTE: Vectra strongly recommends enabling the VMware integration setting, as a best practice. More about this integration is covered in Deploy vSensors.

Configuration Instructions

Prepare vSphere Account for Brain Access

To connect the Brain to vSphere, a vSphere user account and password must be configured into the Brain. The vSphere user account must have at least global, read-only rights.
To ensure that the vSphere user/group the Brain will use has global, read-only access, use the following steps in the vSphere UI:

1. From the vSphere Administration page select Access > Global Permissions.
2. Click the plus sign to display the global permissions dialog.
3. At the bottom of the left pane, click Add.
4. Ensure the domain is set to the proper domain, select the users or groups you intend to use in Vectra’s configuration to connect to vCenter’s API and click OK.
5. In the Assign Role section, select Read-Only from the drop-down list.
6. Make sure the Propagate to children checkbox is selected, and click OK.

 

vSphere API Access Settings

The following information is needed for setting up Brain access to vSphere:

vSphere Setting Description
vCenter Server IP/ Domain name Hostname or IP address of VMware vCenter
Port number TCP port to which the Brain should send API requests (default 443)
User ID Username for the Brain to use when logging into vSphere
Password Password for the Brain to use when logging into vSphere

 

Configure VMware integration

 Log into the brain using vectra user and password.

Go to Settings -> External Connectors 

mceclip0.jpg

Click the Edit button next to Enable integration with vCenter
mceclip1.png
Click on Enable integration with vCenter and provide the details collected above in vSphere API Access Settings.
mceclip2.png
Click Save.
Was this article helpful?
0 out of 0 found this helpful

Download PDF

0 Comments

Article is closed for comments.