ESX credentials question

I am standing up NPM, SAM, NTA, et al. and I have a question regarding ESX 5 credentials required to monitor the ESX host. In the SAM and NPM guide it states to create a user and at a minimum it needs read-only rights.

In the "Troubleshooting ESX Hardware Monitoring" section (pg 220 of the SAM Admin guide and below) it identifies that the account needs root access. Which level of permissions is correct read-only or root?

I am getting push back from our VM team and they are unwilling to add the root creds into the tool.

-------------------------------------

Troubleshooitng ESX Hardware Monitoring

When an ESX server returns the message, Unable to connect to remote server, check the following:

Ensure CIM is enabled on the ESX server. To enable CIM on ESX/ESXi, refer to the following section: "Hardware Monitoring and VMware" on page 393.
5989 is opened on the firewall

If the ESX server returns the message, Unable to establish session with all provided credentials, check the following:

Verify the VMware credentials in the VIM are correct
Verify the account belongs to the root user group

Any feedback is greatly appreciated.

Tony

Find more posts tagged with

sam

npm_esx

esx_credentials_v10

sam_esx

Accepted answers

aLTeReGo

The monitoring of Hardware Health for ESX hosts requires root level permissions due to the nature of the CIM security model implemented by VMware. The following blog posting goes into the specific details and provides a workaround by creating a dedicated user account with the necessary "non-root" level permissions required to connect via CIM and retrieve hardware health status information.

virtuallyGhetto: CIM monitoring caveat with ESXi

All comments

aLTeReGo

virtuallyGhetto: CIM monitoring caveat with ESXi

vispetto

Thanks for the prompt response.

raka0204

Can we get the documents link mentioned for referring.