Menu
AWS Application Discovery Service
User Guide

Setting up Agentless Discovery

To set up agentless discovery, you must deploy the AWS Agentless Discovery Connector virtual appliance on a VMware vCenter Server host in your on-premises environment. Download the Agentless Discovery Appliance OVA (and MD5 and SHA256 checksums for verification). The connector appliance is an Open Virtualization Archive (OVA) file that you must install in your on-premises VMware environment. Deploy and configure the connector as described in the following sections.

Deploying the AWS Agentless Discovery Connector Virtual Appliance

Deploy the downloaded OVA file in your VMware environment.

To deploy the connector virtual appliance

  1. Sign in to vCenter as a VMware administrator.

  2. Choose File, Deploy OVF Template. Type the URL that was sent to you after you completed the registration and complete the wizard.

  3. On the Disk Format page, select one of the thick provision disk types. We recommend that you choose Thick Provision Eager Zeroed, because it has the best performance and reliability. However, it requires several hours to zero out the disk. Do not choose Thin Provision. This option makes deployment faster but significantly reduces disk performance. For more information, see Types of supported virtual disks in the VMware documentation.

  4. Locate and open the context (right-click) menu for the newly deployed template in the vSphere client inventory tree and choose Power, Power On. Open the context (right-click) menu for the template again and choose Open Console. The console displays the IP address of the connector console. Save the IP address in a secure location. You need it to complete the connector setup process.

Configuring the AWS Agentless Discovery Connector

To finish the setup process, open a web browser and complete the following procedure.

To configure the connector using the console

  1. In a web browser, type the following URL in the address bar: https://ip_address/, where ip_address is the IP address of the connector console that you saved earlier.

  2. Choose Get started now and follow the wizard steps.

  3. In Step 5: Discovery Connector Set Up, choose Configure vCenter credentials.

    1. For vCenter Host, type the hostname or IP address of your VMware vCenter Server host.

    2. For vCenter Username, type the name of a local or domain user that the connector uses to communicate with vCenter. For domain users, use the form domain\username or username@domain.

    3. For vCenter Password, type the local or domain user password.

    4. Choose Ignore security certificate to bypass SSL certificate validation with vCenter.

  4. Choose Configure AWS credentials and type the credentials for the IAM user who is assigned the AWSAgentlessDiscoveryService IAM policy that you created in Attach Required IAM User Policies. Choose Next.

  5. Choose Configure where to publish data and select suitable publishing options. Choose Next. You should see the AWS Agentless Discovery Connector console.

Note

After you complete this initial setup, you can access connector settings by using SSH and the connector IP address: root@Connector_IP_address. The default user name is ec2-user and the default password is ec2pass. We strongly encourage you to change the value of the default user name and password.

Enabling Auto-Upgrades on AWS Agentless Discovery Connector

To ensure that you are running the latest version of AWS Agentless Discovery Connector, we recommend that you enable auto-upgrades.

To enable auto-upgrades

  1. In a web browser, type the following URL in the address bar: https://ip_address/, where ip_address is the IP address of the AWS Agentless Discovery Connector.

  2. In the Application Discovery Service console, under Actions, choose Enable Auto-Upgrade.

Troubleshooting the Agentless Discovery Connector

If you don’t see inventory information after starting data collection with the connector, confirm that you have registered the connector with your vCenter Server instance. Agentless discovery does not support a stand-alone ESX host that is not part of the vCenter Server instance.

Controlling the Scope of Data Collection

The vCenter user requires read-only permissions on each ESX host or virtual machine (VM) to inventory using Application Discovery Service. Using the permission settings, you can control which hosts and VMs are included in the data collection. You can either allow all hosts and VMs under the current vCenter to be inventoried, or grant permissions on a case-by-case basis.

Note

As a security best practice, we recommend against granting additional, unneeded permissions to the vCenter user.

The following procedures describe configuration scenarios ordered from least granular to most granular.

To discover data about all ESX hosts and VMs under the current vCenter

  1. In your VMware vSphere client, choose vCenter and then choose either Hosts and Clusters or VMs and Templates.

  2. Choose Manage, Permissions.

  3. Select the vCenter user, open the context (right-click) menu, and choose Change Role.

  4. In the Assigned Role pane, choose Read-only.

  5. Choose Propagate to children, OK.

To discover data about a specific ESX host and all of its child objects

  1. In your VMware vSphere client, choose vCenter and then choose either Hosts and Clusters or VMs and Templates.

  2. Choose Related Objects, Hosts.

  3. Open the context (right-click) menu for the host name and choose All vCenter Actions, Add Permission.

  4. Under Add Permission, add the vCenter user to the host. For Assigned Role, choose Read-only.

  5. Choose Propagate to children, OK.

Discover data about a specific ESX host or child VM

  1. In your VMware vSphere client, choose vCenter and then choose either Hosts and Clusters or VMs and Templates.

  2. Choose Related Objects.

  3. Choose Hosts (showing a list of ESX hosts known to vCenter) or Virtual Machines (showing a list of VMs across all ESX hosts).

  4. Open the context (right-click) menu for the host or VM name and choose All vCenter Actions, Add Permission.

  5. Under Add Permission, add the vCenter user to the host or VM. For Assigned Role, choose Read-only, .

  6. Choose OK.

Note

If you chose Propagate to children, you can still remove the read-only permission from ESX hosts and VMs on a case-by-case basis. This option has no effect on inherited permissions applying to other ESX hosts and VMs.

Collecting and Exporting Data

After agentless-discovery setup is complete, you can use the console or API to start collecting data; managing service, tag, and query configuration items; and exporting data. You can export data as a CSV file to an Amazon S3 bucket or an application that enables you to view and evaluate the data. For more information, see Tutorial: Using the AWS Application Discovery Service Console or the Application Discovery Service API Reference.