Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
jng1 Absent Member.
Absent Member.
967 views

[SmartConnector] VMware Web Services

Jump to solution

I was looking through the VMwareWebServicesConfig.pdf in SmartConnector Guide 5.2.3.6281. in order to obtain the logs, we need to specify the following in the connector:

host (hostname of the vSphere server)

username:

password:

my question would be, what is the minimum level of privilege required for smartconnector to accurately collect logs from vsphere? im hoping it not to be administrator. i have combed through the entire PDF and found no clue. would greatly appreciate if anyone who has experience with this shed some light!

Labels (1)
0 Likes
1 Solution

Accepted Solutions
aner@we-can.co. Absent Member.
Absent Member.

Re: [SmartConnector] VMware Web Services

Jump to solution

Hii.

Work by this:

1. set user and pass on the VC.

2. get.rui.crt from VC in c:\documents and settings\all users\applicationData\VMwareVirtualCenter\SSL

3. put the rui.crt in $ARCSIGHT_HOME\Current\jre\lib\security

4.from bin, run: arcsight agent keytool -import -trustcacerts -alias vmware -file d:\arcsight\vmware\current\jre\lib\security\rui.crt -store -clientcerts

5.run agentsetup

6.validateCert=true

7.host=the host as in the rui.crt

8.user and pass = as set in the VC


goodluck

0 Likes
10 Replies
jng1 Absent Member.
Absent Member.

Re: [SmartConnector] VMware Web Services

Jump to solution

anyone able and willing to share some light..?

0 Likes
Highlighted
Rodion Super Contributor.
Super Contributor.

Re: [SmartConnector] VMware Web Services

Jump to solution

Hello!

As I know, you need create just a user, without any additional privileges and this user will have ability to read logs by default.

0 Likes
gbenga.ogunsaki1 Absent Member.
Absent Member.

Re: [SmartConnector] VMware Web Services

Jump to solution

Hi Jack,

There are additional configuration to ensure user has the required privileges to collect logs:

1.  On the vSphere Console Menu, click on the 'Inventory' menu

2.  Click 'Virtual Machine'

3.  Choose 'Add Permission' from the list

4.  Click the 'Add' button under the 'Users and Groups' section on the left and select intended user.

5.  Choose the required level of role from the 'Assigned Role' drop down on the right (where role is any of 3 'No access', Read-only' and 'Administrator'). Where Read-Only is sufficient for this purpose

6.  Expand 'Datastore' and check the 'Browse datastore' box

7.  Click OK


I hope this helps.

Gbenga.

0 Likes
jng1 Absent Member.
Absent Member.

Re: [SmartConnector] VMware Web Services

Jump to solution

Hi Rodion,

yes that was what i saw from the smartconnector guide, however, my customer would like me to confirm if the rights are minimal.

Gbenga,

thanks for the advice! what you have suggested seemed logically sound and i will try this out with my client soonest.

thanks everyone for the feedback!


0 Likes
aner@we-can.co. Absent Member.
Absent Member.

Re: [SmartConnector] VMware Web Services

Jump to solution

Hii.

Read-only permissions. not more is needed.

plus, web service agent uses .cer file (from the vc) you have to import to the agent using keytoolgui.

0 Likes
jng1 Absent Member.
Absent Member.

Re: [SmartConnector] VMware Web Services

Jump to solution

Hi aner@we-can.co.il,

i was looking at your reply and i saw this keytoolgui. this was not mentioned in the official docs and im having difficulty collecting the logs from vmware web services. mind sharing how this process works for u?

0 Likes
aner@we-can.co. Absent Member.
Absent Member.

Re: [SmartConnector] VMware Web Services

Jump to solution

Hii.

Work by this:

1. set user and pass on the VC.

2. get.rui.crt from VC in c:\documents and settings\all users\applicationData\VMwareVirtualCenter\SSL

3. put the rui.crt in $ARCSIGHT_HOME\Current\jre\lib\security

4.from bin, run: arcsight agent keytool -import -trustcacerts -alias vmware -file d:\arcsight\vmware\current\jre\lib\security\rui.crt -store -clientcerts

5.run agentsetup

6.validateCert=true

7.host=the host as in the rui.crt

8.user and pass = as set in the VC


goodluck

0 Likes
AS_User Honored Contributor.
Honored Contributor.

Re: [SmartConnector] VMware Web Services

Jump to solution

you can use a base64 encoded .cer file which can be exported from the vsphere server by using internet explorer to browse to it and exporting the certificate.

this has to be added to the connector cacerts file by using the keytoolgui.

no idea why this isnt documented in the connector configuration guide - it would be really helpful.

cheers, tom

0 Likes
ca199777 Absent Member.
Absent Member.

Re: [SmartConnector] VMware Web Services

Jump to solution

Yep, I completely agree.  If it wasn't for finding this info here on Protect724, I would not have been able to figure it out.  Needs to be in the product manual.

CP.

0 Likes
sunil.jaiswal8 Super Contributor.
Super Contributor.

Re: [SmartConnector] VMware Web Services

Jump to solution

Hi,

I am getting below error message while configuring smart connector VMware Web Services on connector appliance.

"Connector table parameters did not pass the verification with error [0:Unable to open a connection to [Hostname]. (; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target) ]. Do you still want to continue?"

I have uploaded the required certificate to container of connector appliance. has anyone faced the similar issue?

Regards,

Sunil

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.