3.3 Configuration
3.3.1 Service Account Configuration
Monitoring a subset of VMs is accomplished using permissions assigned to the vRealize Operations service account at key locations in vCenter Server. For example, the VM folder that corresponds to an Organization VDC in VMware vCloud Director® automatically monitors all VMs provisioned within that Organization VDC.
Figure 4. Example Showing Permissions Assigned to Monitor All VMs in an Organization VDC
Follow these steps to set up permissions and see
https://kb.vmware.com/kb/1036195 for additional details:
1. Create a service account for vRealize Operations to collect data from vCenter Server.
2. Clone the “Read-only” role in vCenter Server.
3. Add privileges to the new role:
• Global / Health
• Profile-driven storage / Profile-driven storage view
• Storage views / View
4. Assign permissions in vCenter Server to the appropriate vCenter Server objects using the new role.
Table 2 offers some suggested locations to assign permissions.
5. Log in to vCenter Server using the service account to verify that the desired objects are visible.
Note Visibility of some objects require that permissions are assigned to the object’s parent. If an object is not visible in the VMware vSphere® Client™, assign permissions to the parent of the object with propagation disabled.
Table 2. Example Service Account Permission Locations
Location | Propagation? | Description |
ESXi hosts | No | Allow monitoring of ESXi Host without monitoring all VMs |
Resource pool for vCloud Director | Yes | Allow monitoring of all VMs in an Org VDC |
VM folder for Org VDC | Yes | Allow monitoring of all VMs in an Org VDC |
VM folder for vApp | Yes | Allow monitoring of all VMs in a vApp |
VMware vSphere Distributed Resource Scheduler™ cluster | Yes | Allow monitoring of all ESXi hosts and VMs in a DRS cluster |
Individual datastore | No | Allow monitoring of a specific datastore |
Datastore folder | Yes | Allow monitoring of group of datastores |
Network folder | Yes | Allow monitoring of VMware vSphere Distributed Switch™ instances and all port groups |