From BMC Discovery 11.0, you no longer need to know the IP address of an ESX or ESXi host. When a VMware vCenter server or appliance is found and a valid vCenter credential is available, BMC Discovery retrieves a list of managed ESX and ESXi hosts. The IP addresses of these hosts are added, as part of the same scan range, to the list of IP addresses that are going to be scanned.
BMC Discovery uses the vSphere API to discover VMware ESX and ESXi hosts. It uses
Unpatched VMware vSphere known problems
Unpatched versions of VMware vSphere have known issues when scanned by various tools. BMC recommends that you apply the appropriate patches to affected systems. For more information about this issue, see the related information on Configipedia.
There are two ways of scanning a VMware ESX or ESXi host:
BMC Discovery scans an IP address:
- The scan detects a Windows host running a vCenter server, or a vCenter appliance.
- If vCenter credentials are defined, they are used to server on port 443.
- On successful connection, BMC Discovery retrieves a list of ESX and ESXi hosts managed by a
- The IP addresses are added to the list of IP addresses that were specified in the original scan. As they are not requested by a user, they are referred to as implicitly scanned IP addresses.
If there are user requested IP addresses being scanned or waiting to be scanned, discovery waits until the IP address to implicitly scan is complete, or there are no more IP addresses to scan. The IP address is removed, and the DroppedEndpoints node associated with the DiscoveryRun records
OptAlreadyProcessing as the reason for removal.
Implicitly scanned IP addresses
When IP addresses are implicitly scanned, the DiscoveryRun records the total number of IP addresses as usual, but it also records counts of IP addresses whose scan was requested by a user (
explicit_ip_count) and implicitly scanned (
implicit_ip_count) IP addresses.
BMC Discovery scans an IP address:
- The scan detects the following:
- Port 902 is open and responds to a vSphere API call with a message from the VMware Authentication Daemon.
- Port 443 (HTTPS) is open.
- Valid are available.
- BMC Discovery uses the vSphere API on port 443 to discover the ESX/ESXi host. However, if the host has already been discovered via vCenter, then the discovery attempt is terminated, and the DiscoveryAccess node records
OptNotBestAccessMethodas the reason for failure.
- If the discovery attempt using vSphere is unsuccessful, and port 22 or an alternative ssh port is configured, an is attempted.
The following screenshot shows a discovered VMware ESXi host:
VMware ESX and ESXi discovery uses version 2.5 of the vSphere API, which supports the following versions and later:
- ESX 3.5
- ESXi 3.5
- vCenter Server 4.0
- VirtualCenter 2.5
Intermittent retrieval of vCenter serial number (ServiceTag)
vCenter caches the serial number (ServiceTag) value in memory rather than in its database. That cache expires after some time. Therefore, if you look at the ESX host via the vSphere client or the managed object browser, or perform a scan while the cached value is held in memory, you see the ServiceTag value, and BMC Discovery retrieves it. After the value has expired, the only way to get it back is to restart the ESX host services. This behavior will only be fixed in an upcoming major vSphere release. You can view related discussions on the BMC Discovery community forum.
SSH discovery of VMware ESX and ESXi hosts
SSH discovery of ESX and ESXi hosts is a fallback method used when other methods have been unsuccessful. If ssh access has not been enabled, the ESX or ESXi system is not discovered.
VMware ESX and ESXi ssh discovery requires a root user permissions
VMware ESX and ESXi ssh discovery requires root user permissions. You must log in directly as the root user. It is possible to log in as a nonroot user, but such a user cannot close sessions properly. This results in sessions hanging and inactive sessions building up on the ESXi host.
VMware ESX and ESXi discovery limitation
VMware ESX and ESXi ssh discovery cannot determine network connection details, because the
netstat command has no equivalent.