Add a VMware vCenter to Workload Security
When a vCenter is added to Workload Security, virtual machines accessible to the account are imported into Workload Security and become visible in:
Workload Security > Computers > the_vCenter_Name > Virtual Machines
The benefits of adding a vCenter account (through Workload Security > Computers > Add VMware vCenter) instead of adding individual VMs (through Workload Security> Computers > Add Computer), are:
- Changes in your vCenter VM inventory are automatically reflected in Workload Security. For example, if you delete a number of VM instances, those instances disappear automatically from the console. By contrast, if you use Computers > Add Computer, VM instances that you have deleted remain visible in the console until you manually delete them.
- VMs are organized into vCenter accounts in the console, which lets you easily see which VMs are protected and which are not. Without the vCenter account, all your VMs appear at the same root level under Computers.
Add a data center gateway
A data center gateway enables communication between Workload Security and your vCenter, allowing Workload Security to retrieve your virtual machine inventory from the vCenter server.
Prior to adding a vCenter Account, a data center gateway has to be deployed and running. The vCenter server hostname and port are required. For more information, see Set up the data center gateway.
Add a VMware vCenter
- Ensure you've Set up the data center gateway.
- Go to Administration > User Management > Roles > Properties > Computer Rights and select Allow VMware vCenters to be added, removed and synchronized.
- If you are using self-signed certificates, go to Administration > User Management > Roles > Properties > Other Rights and select "Full" for Certificates.
In the Workload Security console, go to Computers > Add > Add VMware vCenter.
The following page appears:
Enter your vCenter information:
- Server Address: The vCenter server's IP address (or hostname if DNS is configured and able to resolve FQDNs to IP addresses) which must be one of the vCenter servers in the Data Center Gateway allow lists. The connection will be relayed by the data center gateway, therefore the Server Address could be an internal IP address or hostname.
- Server Port: The port number to connect to the vCenter. By default, it's 443.
- Name: The name of the vCenter that will appear in the manager. By default, it's vCenter - \<Server Address>
- Description: A description for the vCenter. - Username and Password: Enter the username and password of a vCenter. This account is required to synchronize the VM inventory between vCenter and Workload Security.
The vCenter user account must have the vCenter Read Only role (or another role that has equal or greater privileges) at the data center level. Applying the Read Only or Administrator role at the Hosts and Clusters or Virtual Machine level in vCenter causes synchronization problems.
- Accept the vCenter TLS (SSL) certificate.
- Review the vCenter information and click Finish.
- A message indicating the VMware vCenter has been successfully is displayed. Click Close. The vCenter will appear on the Computers page.
In a large environment with more than 3000 machines reporting to a vCenter Server, this process may take 20 to 30 minutes to complete. You can check the vCenter's Recent Task section to verify if there are activities running.
During the sync process, a
504 gateway timeout error might appear. Please ignore the error as the sync job is continuing to run in the background.
Workload Security will maintain real-time synchronization with this VMware vCenter to keep the information displayed in Workload Security (number of VMs, their status, etc.) up to date.
Protect workloads in VMware
VMware workloads managed by Workload Security are protected by Deep Security Agent. For more information about how to deploy and manage agents in Workload Security, see Install the agent.