cancel
Showing results for 
Search instead for 
Did you mean: 
bruce_giles
Intrepid explorer

Seeking Assistance @ VCenter Introspection Rules and IBM PVU Scanning of VMWare Vcenter

Hello Everyone, I have been trying to understand why some of our VCenter Introspection Rules under the Discovery and Inventory Section never show any  numbers in the "Service Discovered", "Inventory Completed", "Inventory Skipped" or "Inventory Failed"  even though when I look at the logs available in the FNMS tool and the logs available on the Beacons ... devices are being discovered and inventoried by these Rules.

I have been analyzing data between what rules work and what rules don't and have not come up with any answers as of yet. The "action" in the rule is all the same of "Vcenter Introspection" for each rule so that is not it. Targets are targets so that should not be the difference.

What I have noticed is that the times in the Next and Last Run seem to be a little wonky.

It looks like the IBM PVU Scanning of the VMWare VCenters (every 30 minutes), is combined with the Vcenter Rules running (which we have scheduled for once a day generally at night time) which maybe skewing things .. don't know. 

The other point I thought of, which I do not know the answer to is ..  what happens if either the "Rule" or "IBM PVU VCenter" scans do not find any changes ..  perhaps in my scenario the 30 minute IBM PVU VCenter scans are zeroing out any previous numbers that our nightly Rules are finding.

I apologize in advance for the length of this .. but its driving me crazy on why I see this behaviour.

 

Thx as Always

Bruce

 

0 Kudos
10 Replies
bruce_giles
Intrepid explorer

Re: Seeking Assistance @ VCenter Introspection Rules and IBM PVU Scanning of VMWare Vcenter

Hello Again, just wanted to add that we have 5 Beacons which participate in these VCenter rules depending on the subnet of the Vcenter. The only Rule that indicates numbers in the FNMS tool is our AsiaPac one which is 12 -13 hours ahead of us here in Eastern time. Analyzing some more logs, is leading me to think that because we have 5 potential Beacons (depending on the subnet) which attempt every rule, the Beacons that do not participate in the VCenter scanning, report as completed and perhaps update the FNMS tool with zeroes.

Once again, a little bit of knowledge is very dangerous and I can only find a little bit of detail in the System Reference Guide pertaining to how these VCenter scans actually operate in conjunction with the IBM PVU VCenter scanning .. if anyone has come across any literature that explains how these scans operate, I would really appreciate it.

 

0 Kudos
Highlighted
adrian_ritz1
Intrepid explorer

Re: Seeking Assistance @ VCenter Introspection Rules and IBM PVU Scanning of VMWare Vcenter

Hi @bruce_giles 

To check the vCenter inventory, one point to start should be to check the logs on beacons.

Check c:\programdata\Flexera Software\compliance\logging\inventory rule

Here you have all the logs run by the beacon related to inventory, order by date, and open the most actual log.

in VmWareInventory.log you will find what is trying to do the beacon.

You can search and check if you find your vCenter here and see what errors are returning.

Some consideration to take is the if ICMP (ping) protocol is disabled the automatic discovery of the vCenter will not work and will fail, you need to modify the inventory rules in UI and disable the automatic discovery.

If port 443 is closed again the inventory will fail and will say that discovery did not find any service on the device.

Regarding PVU scanning, I can't advise here as I didn't activate this in my environment.

 

stefangeerars
Occasional contributor

Re: Seeking Assistance @ VCenter Introspection Rules and IBM PVU Scanning of VMWare Vcenter

Hi Bruce,

So if I understand correctly, only 1 vCenter is currently working right?

The IBM PVU scanning enables the frequent vCenter scanning on all vCenter targets (in 2019 R2 you can select your targets from a dropdown list). in FNMS versions before 2019 R2 you can select the option "Perform remote scans against all known VMware vCenter and Oracle VM Manager servers" in the inventory settings, this will create a rule on all the beacons for scanning the vCenter every 30 minutes. Note, the IBM PVU scan depends on the configuration of the normal vCenter scan in FNMS. (targets, subnet assignments, passwords firewalls etc)

I would recommend the following

- Check if the normal vCenter scan is working on the beacon

-  Check your targets and subnet assignments (I would always create dedicated /32 subnets for scanning vCenter which are assigned to a dedicated beacon)

- verify the inventory rule log (discovery.log contains the name of the task, this should match the IBM PVU rule)

Hope this helps

Stefan

 

bruce_giles
Intrepid explorer

Re: Seeking Assistance @ VCenter Introspection Rules and IBM PVU Scanning of VMWare Vcenter

Hi Guys .. thanks for the suggestions .. here is the thing though . When I look at all of the logs on the Beacons, both the IBM PVU VCenter and the VCenter Introspection Rule processes work as expected on all rules and indeed find the vcenters and perform the inventory scans. I have 2 rules that indicate that services have been discovered and inventoried in the FNMS GUI under the Discovery and Inventory rules but the others do not.

Here is an example of what I am seeing ... I have attached a Word Document with the Image from one of the rules. So, the Rule ran this morning at 2:08 am and found the VCenters and identified them in the tool. Later today, about 4 or 5 hours from now, the screenshot I attached will be updated with all zeroes and a time that indicates that same 4 or 5 hours.

So, I am thinking that the IBM PVU VCenter scan that runs every 30 minutes is clobbering these numbers. This is where I do not know what exactly happens during these scans if nothing has changed. Perhaps it updates things .. not sure.

In Summary then .. everything is working for all rules according to the logs but do not indicate that in FNMS tool except for 2 rules .. one that runs in AsiaPac which maybe the 13 hour time difference is affecting and the one that I have attached in the Word document which the data changes 4 or 5 hours later.

No doubt its probably the way we have things setup or the fact that our Vcenter team reassigns Hosts and VM's on a nightly basis along with the fact that we have 5 Beacons and all 5 are running these VCenter scans every 30 minutes along with our nightly rule. Just trying to understand why we are seeing what we are. I think I am onto something with the example I attached since the numbers are there for a bit but then get updated to all zeroes when what looks to be the IBM PVU scans are running. Not sure if the IBM PVU scans update the Inventory Rules or not.

 

Again, sorry for all the details .... 

 

Bruce

 

 

0 Kudos