Installing the CloudPhysics Observer
The new CloudPhysics Observer allows for new features that enable customers and partners to get a richer analytics experience, expand supported vCenter configurations, and provided added security to the collection process. For most organizations, the process of deploying and configuring the CloudPhysics Observer will be less than 5 minutes. Note: An individual with VMware vSphere experience and credentials to deploy the CloudPhysics virtual appliance is required.
In the new CloudPhysics Appliance, we have made the following updates:
- Require a TOKEN per appliance during deployment to associate each appliance with the organization. This will eliminate the primary account email address from the registration process and allow you to associate appliances with organizations instead of individuals while adding an added level of security and authentication to each appliance’s communication with CloudPhysics.
- Improved Security – The new appliance has several security updates and enhancements to reduce attack surfaces, update legacy software, and require great levels of authentication for Organizations to CloudPhysics.
- Added vCenter Platform Services Controller (PSC) for complex deployments
- Added vCenter Tag Collection to import resource tags directly from vCenter vs creating them within the CloudPhysics UI.
- Reduced the resource requirements for data collection.
- Improved vCenter 6.5/6.7 Support – The new appliance has new API interfaces to take full advantage of vCetner 6.5 and 6.7
- Optional guest process discovery
All of these are available in the new CloudPhysics Observer. New details installation and configuration instructions are below.
Installing the CloudPhysics Observer
It takes just a few minutes to create an account and deploy your CloudPhysics data collector virtual appliance (Observer). Watch the video, or read the step-by-step instructions below to learn how. If you need help, please email us for assistance.
CloudPhysics supports VMware vCenter Server 4.1 through 6.x.
Registration takes just a couple of minutes and can be accomplished online.
- Sign up and create a free account.
- You will receive an automated email to the email address you provided.
- Click the “Activate Now” in the email you received. Note: Google Chrome is the only supported browser at this time.
- Log in with your new CloudPhysics user credentials.
Deploy the Observer Virtual Appliance
Upon logging in to CloudPhysics, you will be prompted to install our Observer. The Observer establishes the metadata connection between your data center and CloudPhysics. The CloudPhysics Observer has the following resource requirements once deployed:
Observer Resource Requirements
– Download Size of OVF/OVA: Approx. 150MB
– Guest OS: Debian Linux 8 64bit
– vCPU: 2
– vRAM: 8192 MB<
– VMXNET3 Network Interfaces: 1
– Size of Deployed Volume: 12 GB
– Local vHDD1 System: 4 GB
– Local vHDD2 Data: 8 GB
– Network access to vCenter
– Internet Access to CloudPhysics via Port 443
– vCenter Account with Read Access – See Requirements below.
- Select your preferred installation media for the virtual application (OVF or OVA). To use the OVF, copy the location URL to your clipboard or active memory and use it within VMware vCenter to import a new Virtual Appliance. To use the OVA, download the OVA file to your local system or a shared storage accessible from vCenter.
OVF URL for vCenter: https://download.cloudphysics.com/observer/observer.ovf Download OVA:
- Switch to the VMware vCenter Client or Web interface.
- Using the vCenter menu, navigate to “File > Deploy OVF Template” to deploy from the OVF URL or specify the OVA file you downloaded to import the appliance from local storage.
- Proceed with vSphere Client prompts to complete the installation.
- Provide an Appliance Name and deployment location.
- Choose a Host or Cluster
- Choose a datastore with a minimum of 12GB free.
- Accept the disk configuration.
- Choose a network
- If you wish to use a Static IP Addresses, please specify the Default Gateway, DNS, Static IP Address, and network mask for the appliance from withing vCenter
- Review the settings and choose Power On After Deployment to start the Virtual Machine.
- Wait for the virtual appliance to deploy.
- When the appliance is deployed, open the console view for the virtual appliance to complete the configuration.
Configure the Observer Virtual Appliance
You’re almost done. Post-installation, you need to activate the Observer virtual appliance with a quick configuration.
- In vSphere Client inventory, select the Observer virtual appliance and power it on.
- Open the virtual appliance console view.
- Complete the configuration steps, detailed below. Note the required steps.
|EULA||Required||Click to accept|
|Platform Service Controller (PSC)||Optional||E.g. “vcenter.company.local”|
This is used for vCenter 6.0 and above with a Platform Service Controller deployed.
|Select A vCenter Server||Optional||Choose an existing vCenter server name from the pick list of presented with this option. (vCenter 6.0 and Above)|
|vCenter Server, Username, and Password||Required||E.g. “Vcenter.company.local”. This may be pre-populated from the PSC selection above.|
“ ******** “
Tip: Windows style credentials may requires “domain\user” format.
|Guest User and Guest Password for Dependency maps and guest processes discovery.||Optional||E.g. “company.local\guestacct”, “ ******** ”|
Note: You can provide credentials for Windows, Linux, and Other OS.
Tip: Use the format supported by your environment. “Domain\user”, “firstname.lastname@example.org”, and simple user are all valid credentials depending on your environment and authentication model. It is also possible to have no local access credentials available, so this section is optional.
|HTTP Proxy Server||Optional as Needed||E.g. Proxy: 192.168.00.00|
Tip: This is only needed if vCenter Server needs a proxy to reach the Internet.
|HTTP Proxy Port||Optional as Needed||E.g. 8080|
|HTTP Proxy User, Password and Domain||Optional as Needed||E.g. Proxy User “bjones”|
Proxy User Password “ ******** “
Proxy Domain: “domain.company.com”
Tip: This is only needed if you have a proxy server which requires credentials. E.g. Blue Coat ProxySG.
|Organization Token||Required on initial configuration.||E.g.: AA11-BB22-ZZ99|
This token is available from your CloudPhysics Welcome Page (https://app.cloudphysics.com/welcome) for new users and from the CloudPhysics Observer Status Page (https://app.cloudphysics.com/observer-status/vsphere/token) for existing users. This token is unique per organization and valid for only 24 hours and used for organization account selection. Optional after initial configuration and the appliance is already associated with an organization.
Account Validation and Organization Tokens
CloudPhysics now leverages an Organization Token to ensure Observers are associated with the correct organization much like Two-Factor Authentication. This adds an extra level of validity to Observers for Partners and 3rd Parties who deploy multiple observers to customer organizations. Tokens are valid for only 24 hours after being generated. A single token can be used multiple times within the 24-hour window to deploy multiple observers within an organization. This process will result in an Observer being associated with an organization and not a single email address or individual.
The Token adds additional security in that it ensures that only data from your validated observers are sharing data with CloudPhysics.
Application Discovery and Dependency Discovery Settings (Optional)
New options for guest OS application process discovery leverages a guest account and VMware tools. A guest process list and network connectivity data are collected by requesting data from the VM through the VMware Tools interface to vSphere. This data collection and analytics is optional to the user. Process discovery allows for automatic tagging of applications and classification of workloads. This feature will require you to provide a local guest OS account credential. This account does not need to be a vSphere Admin or a domain admin account. In simply needs local guest access to view running processes. In many cases, this may be a local guest account or a domain account. Please note that VMware Tools are required to be present and enabled as well as and elevated security policy for the observer account to allow these features.
vCenter Server Credentials
CloudPhysics recommends the creation and use of a dedicated vCenter Server service account for use with our Observer virtual appliance. For best results, the service account should have administrator-level permissions and be configured to read-only. In place of this, the vSphere administrator’s credentials will also work.
If there is sensitivity to using an administrator user credential set, a semi-privileged user role can be created for use. This role can be applied to a user credential set with minimal permissions in order to provide the access needed to use CloudPhysics. The resulting user is much less privileged than an administrative user.
This user role can be created as follows:
- In vSphere Client, go to Roles.
- Create a new role, e.g. CloudPhysicsUser.
- Edit privileges, and enable (check off) the following. Note: Depending on versions and vSphere Client versions, you may find slight variations on the permission names below
- Global Service Managers
- Host CIM Interaction (Host.Cim.CimInteraction)
- Host Advanced Configuration (Host.Config.AdvancedConfig)
- Host Configuration Patch (Host.Config.Patch)
- Datastore Browse (Datastore.Browse)
- Host Configuration Storage) Host.Config.Storage
- Permission Defaults (not visible in the vSphere Client user interface). FYI only.
If you plan to use Dependency Discovery or Guest Process Identification, additional vCenter Policy settings will be required. This is an elevated level of Virtual Machine security to allow VMware tools to gather guest data. These features will require VMware Tools be present and enabled in the guest operating system.
- Next, associate this role to the user to also have the CloudPhysicsUser role
The read-only, non-admin user now has the appropriate privileges needed to use CloudPhysics.
Most issues are common misconfigurations which are easily resolved. Refer to the table below for common issues and resolutions. If you still need assistance, please contact email@example.com.
|Data is not appearing in CloudPhysics||Have you completed vApp configuration less than 15 minutes ago?||Allow 15 minutes for the first upload of data to populate your CloudPhysics account.|
|Cannot connect CloudPhysics Observer to vCenter||Network Access?||Ensure the CloudPhysics Observer is on a network segment that has network access to the vCenter you wish to monitor|
|My observer will not activate||Network Access?||Ensure the CloudPhysics Observer is on a network segment that has internet access and does not block port 443. If you require a Proxy, be sure to configure the proxy settings in the Observer Config.|
|I run vCenter 6.0 or Older.||Observer Setup||Check the setup box for vCenter v6.0 and older during the setup. This will use the legacy API’s to collect data from vCenter. This will limit your ability to collect TAGS and other vCenter 6.5/6.7 specific resources.|
|I am not getting Guest Process Data||Observer Setup, Guest OS Credentials||To ensure Guest Processes are collected correctly, you will need to use a guest account that is common to either all VM’s or a domain account that has permissions to your VM’s. Many organizations have a limited access domain account for this purpose. Specify the account in the format that is required for your OS and a valid password. Valid formats for the guest user may be in the form of firstname.lastname@example.org, domain.local\guestuser, or simply guestuser|
|I am not getting Guest Process Data||VMware Tools Not Installed||Guest Process collection requires VMware tools to be installed and enabled in the Guest OS to collect. Ensure your VM’s have up to date VMware tools installed and enabled.|
|I need a Static IP Address||Observer Import Step Missed||You can specify a static IP Address during the Observer Import process for vCenter. Specify a Static IP Address, Default Gateway, and DNS. Be sure the IP Address you specified has not already been deployed to a different network resource.|
|My Observer will not connect to the vCenter or I have no IP Address||DHCP not working||When defining the network interfaces while deploying the Observer Appliance, leave all the Network fields blank to allow vCenter to deploy the appliance to use DHCP. If you deployed the observer and specified a DNS Server, Subnet Mask, or default router, it is possible vCenter did not provide a DHCP address since values were already provided for the other fields. Redeploy the observer and leave all the fields blank to ensure DHCP is used. If you intend to define any fields, you must define them and the result will be a Static IP Address.|
|I am not getting vCenter Tags||vCenter Version needs to be v6.x and above||Tag collection is only supported with vCenter v6.x and above.|
|Where do I enter my email address?||Old observer version||The 1.x versions of the CloudPhysics observers leveraged an account email address for account validation. This method is no longer supported in the v2.x observer. If you have an older version of the virtual appliance, use the latest OVF appliance at https://download.cloudphysics.com/observer/observer.ovf and switch to the token based activation.|
|The email user ID in your Observer vApp is different than the email address you registered. This creates a data mismatch.||Open your Observer VM console and confirm/change your email ID to be equal to the email address you registered with CloudPhysics.|
|The Observer data payload cannot reach the Internet.||Your organization may require a proxy to reach the Internet. View your vApp console to edit and provide a proxy server and port number.|
|The Observer data payload cannot reach the Internet.||If your organization uses a proxy server, this server may require credentials in order to allow access to the Internet. If this is the case, view your vApp console, edit, and provide the proxy server credentials and domain as needed.|
|Data stopped appearing in CloudPhysics||Your vCenter Server user credentials have expired or were revoked.||Check that the password for the Observer user account is correct. Password expiration policies can be the cause.|
Alternately, if a personal user credential was used, and that person no longer works for your company, this credential may have been revoked. Update with a service account or other new credentials.
|Observer vApp has been powered-off or suspended.||In vSphere Client, power the Observer vApp back on.|
|An admin for your account chose to exclude this Observer on the Observer Status page.||Email email@example.com for assistance. Please describe your issue in detail.|
|Your Observer IP Address is no longer valid.||This can occur for static and DHCP addresses if mismanaged. View your vApp console to check settings. Note: To change IP settings, you must first power-off the vApp before you can make changes with ‘Edit Settings > Options > IP Properties’.|
|Your vCenter Server name may have changed.||If so, view your vApp console and edit the vCenter Server name to the new name.|
|I am unable to log in to CloudPhysics||Forgot your password?||At https://app.cloudphysics.com, click on ‘I forgot my password’ to request a password reset.|
|You were removed from this account.||Your CloudPhysics admin may have removed you from this account. Please inquire with this person.|
|I am not getting Dependency Map Data||VMware Tools/Open Tools Required||CloudPhysics collects data from the Guest OS by issuing commands to vCentr to request data from the Guest OS through VMware Tools. Tools version 10.x and above must be present in the Guest OS to collect dependney data. See the Dependnecy Map FAQ for more details. https://www.cloudphysics.com/dependency-map-faq/|
|No Temp Directory Present||VMware Tools and Open Tools will store temporary data from the request in a TEMP folder. This folder is often located in a common folder on the host with a TEMP or TMP environment variable pointing to the path. It is possible that the local user is using a user home path with a contained TEMP folder that has not yet ben defined, example: temp = %home%/%user%/temp/, If this is the case, it may be that the user account has never logged into the guest OS and that the temp path has never been created. If you use a login script to create user home directories or specify a temp path, VMware Tools may not have access to such a pth if the user has never logged into the system to create the directories. The user TEMP path must already exist. A global TEMP path should be defined for all users as a backup path in the event the user specific path does not exist.|
For issues or troubleshooting not included above, please contact firstname.lastname@example.org