Read Accounts for Data Sources

Without read access to the data sources you wish to inventory, vScope won’t discover any information from them. That is why you need to define Credentials in Discovery Manager. You can either use an existing account or create a new specific read account for vScope.

At its core, a vScope inventory can only pull information and cannot make any changes whatsoever in your data center. This is important to mention because when working with the Discovery Manager, it’s important to have access to accounts with read rights for the different data sources you wish to inventory. For example, a service with maximum read rights would work perfectly.

Account credentials for each data source

VMware

Read-only role with full rights to read all resources and information. There’s an option to only view parts of the virtual infrastructure (for example an outsourced part) with the use of a so-called “limited VMware read account“.

Hyper-V (WMI or VMM)

Read only-accounts with access to the entire virtual infrastructure. Setting Up WMI on Target Machines

Windows (WMI/WinRM)

Set up local user accounts with reading rights as per the following guide. For simplicity, it is possible to use a domain admin account, but this isn’t something InfraSight Labs recommends.

SCCM

You need an account with full read permissions and access to the SCCM SQL database (the SCCM host).
Minimum Rights to Read SCCM

Linux & Unix (SSH)

User account with access to all Linux operative systems.

How vScope probes with SSH.

Web certificates (HTTP)

No user account is needed for information about web certificates.

Databases (Oracle, MS SQL, MySQL)

LDAP and Active Directory

The same as for WMI, the account needs highest possible reading rights, and you can either create a local account or the non-recommended domain admin.

Azure AD / Office365

For Azure, you need to set up an API connection with vScope by creating an application with read permissions. See step-by-step instructions here.

Veeam

vScope querys Veeam’s SQL database for information. Find out more here.

SAN (SMI-S or NetApp)

Depending on the vendor you may have to turn on “SMI-S” on the SAN. SMI-S is a standard protocol that most of the SAN vendors supports. You can find more information on how to turn on this protocol for the different vendors here.

Docker

Pull only account is sufficient.

Switches, printers, access points etc. (SNMP)

This “account” is a public string. The default is usually “Public”, but could have been changed by your organization at some point.

Read more

More information?

You can also find more information about read accounts, targets, and the Discovery Manager here.

Leave a Reply