Add a VMware vCenter
You can import a VMware vCenter into Deep Security Manager and then protect its virtual machines with an agent.
You cannot import a vCenter that is using vShield Manager.
You have the following options for adding a vCenter:
Deep Security Manager supports vCenter High Availability environments in Active or Passive mode.
Add a vCenter
- In Deep Security Manager, go to Computers > Add > Add VMware vCenter.
The following page appears:
- Enter vCenter information:
- Server Address: The vCenter server's IP address (or host name if DNS is configured and able to resolve FQDNs to IP addresses).
- Server Port: The port number to connect to the vCenter (443 by default).
- Name: The name of the vCenter that will appear in the manager.
- Description: A description for the vCenter.
- Username and Password: Enter the user name and password of a vCenter user account. This account must conform to the specifications in the tables below, and is required to synchronize the VM inventory between vCenter and Deep Security Manager.
Applying the Read Only role at the Hosts and Clusters or Virtual Machine level in vCenter causes synchronization problems.
vCenter user account specifications
- Accept the vCenter TLS (SSL) certificate.
- Click Next.
The following page appears:
If you don't see the NSX binding options at the top of the page, it's because you're using an older version of the manager. Upgrade your manager to FR 2019-12-12 to see the options.
- Fill out the page as follows:
- Make sure Configure vCenter without NSX binding is selected and click Next. NSX is not supported with the
- Make sure Configure vCenter without NSX binding is selected and click Next. NSX is not supported with the
- Click Next.
- Review the vCenter information and click Finish.
- The VMware vCenter has been successfully added message is displayed. Click Close.The vCenter will appear on the Computers page.
| Protection method | NSX Type | vCenter user account specifications |
|---|---|---|
| agent only |
No NSX-V or NSX-T integration |
The vCenter user account must have the vCenter Read Only role (or another role that has equal or greater privileges) at the data center level. |
In a large environment with more than 3000 machines reporting to a vCenter Server, this process may take 20 to 30 minutes to complete. You can check the vCenter's Recent Task section to verify if there are activities running.
Deep Security Manager will maintain real-time synchronization with this VMware vCenter to keep the information displayed in Deep Security Manager (number of VMs, their status, etc.) up to date.
Add a vCenter - FIPS mode
To add a vCenter when Deep Security Manager is in FIPS mode:
- Import the vCenter and NSX Manager TLS (SSL) certificates into Deep Security Manager before adding the vCenter to the manager. See Manage trusted certificates.
- Add a vCenter following the steps in Add a vCenter. The steps are exactly the same, except that in FIPS mode you will see a Trusted Certificate section on the vCenter page. Click Test Connection to check whether the vCenter's SSL certificate has been imported successfully into Deep Security Manager. If there are no errors, click Next and continue on through the wizard.