Installing the HPE CloudPhysics Virtual Appliance

The new HPE CloudPhysics virtual appliance (aka “Observer”) allows for new features that enable customers and partners to get a richer analytics experience, expand supported vCenter configurations, and provided added security to the collection process. For most organizations, the process of deploying and configuring the observer will be less than 5 minutes.

Before you begin, please Note:

  • An individual with VMware vSphere experience and credentials to deploy the observer is required.
  • One HPE CloudPhysics virtual appliance is required per VMware vCenter.
  • After you deploy the appliance, you can expect data to start to appear in your portal within 10 to 30 minutes depending on the size of your environment.
  • Additional Troubleshooting available at the bottom of this page.

Installing the HPE CloudPhysics Virtual Appliance

It takes just a few minutes to create an account and deploy your HPE CloudPhysics data collector virtual appliance (“Observer”). Watch the video, or read the step-by-step instructions below to learn how. If you need help, please email us for assistance. 

Deploy the observer virtual appliance

Upon logging in to HPE CloudPhysics, you will be prompted to install our observer. The observer establishes the metadata connection between your data center and HPE CloudPhysics. One HPE CloudPhysics virtual appliance is required for EACH vCenter you wish to collect.  The HPE CloudPhysics appliance has the following resource requirements once deployed:

HPE CloudPhysics Appliance Resource Requirements
HPE CloudPhysics supports VMware vCenter Server 4.1 through 7.x.
– Download Size of OVF/OVA: Approx. 180MB
– Guest OS: Debian Linux 8 64bit
– vCPU: 2
– vRAM: 8192 MB<
– VMXNET3 Network Interfaces: 1
– Size of Deployed Volume: 13 GB
–  Local vHDD1 System: 1 GB
–  Local vHDD2 Data: 12 GB
– Network access to vCenter
– Internet Access to HPE CloudPhysics via Port 443
– vCenter Account with Read Access – See Requirements below.

Installation Steps:

  1. Select your preferred installation media for the virtual application (OVF or OVA). To use the OVF, copy the location URL to your clipboard or active memory and use it within VMware vCenter to import a new Virtual Appliance. To use the OVA, download the OVA file to your local system or a shared storage accessible from vCenter.
OVF URL for vCenter:
Download OVA:
Troubleshooting vCenter 7.x Hashing Error

Note: VMware upgraded the default hash algorithm from SHA1 to SHA256 for OVA generation. The older vSphere/ESXi clients only support the SHA1 hash. HPE CloudPhysics is aware of this change and is working on a new OVA/OVF that will satisfy the new vCenter 7.x hashing validation.

  • Switch to the VMware vCenter Client or Web interface.
  • Using the vCenter menu, navigate to “File > Deploy OVF Template” to deploy from the OVF URL or specify the OVA file you downloaded to import the appliance from local storage.
  • Proceed with vSphere Client prompts to complete the installation.
    • Provide an Appliance Name and deployment location.
    • Choose a Host or Cluster
    • Choose a datastore with a minimum of 12GB free.
    • Accept the disk configuration.
    • Choose a network
    • If you wish to use a Static IP Addresses, please specify the Default Gateway, DNS, Static IP Address, and network mask for the appliance from within vCenter
    • Review the settings and choose Power On After Deployment to start the Virtual Machine.
  • Wait for the virtual appliance to deploy.
  • When the appliance is deployed, open the console view for the virtual appliance to complete the configuration.

Configure the observer virtual appliance

You’re almost done. Post-installation, you need to activate the observer virtual appliance with a quick configuration.

  1. In vSphere Client inventory, select the observer virtual appliance and power it on.
  2. Open the virtual appliance console view.
  3. Complete the configuration steps, detailed below. Note the required steps.


Activation Data Required? Example
EULA Required Click to accept
Network Settings Required Confirm your network settings are accurate. If they are not correct, please review the Network Troubleshooting Guide located here:
OPTIONAL: HTTP Proxy Server Optional as Needed E.g. Proxy:

Tip: This is only needed if vCenter Server needs a proxy to reach the Internet. If you do not require a proxy server, please leave this blank.

OPTIONAL: HTTP Proxy Port Optional as Needed E.g. 8080
OPTIONAL: HTTP Proxy User, Password and Domain Optional as Needed E.g. Proxy User “bjones”

Proxy User Password “ ******** “

Proxy Domain: “”

Tip: This is only needed if you have a proxy server which requires credentials. E.g. Blue Coat ProxySG.

Advancing past Network Confirmation Screen Validate If you try to continue and receive a notification that the appliance cannot communicate with CloudPhysics, please confirm your network firewall rules permit the connection. For more troubleshooting tips, please review the Network Troubleshooting Guide located here:
Platform Service Controller (PSC) Optional E.g. “”

This is used for vCenter 6.0 and above with a Platform Service Controller deployed.

Select A vCenter Server Optional Choose an existing vCenter server name from the pick list of presented with this option.  (vCenter 6.0 and Above)
vCenter Server, Username, and Password Required E.g. “”.  This may be pre-populated from the PSC selection above.


“ ******** “

Tip: Windows style credentials may requires “domain\user” format.

Guest User and Guest Password for Dependency maps and guest processes discovery. Optional E.g. “company.local\guestacct”,  “ ******** ”
Note: You can provide credentials for Windows, Linux, and Other OS.
Tip: Use the format supported by your environment. “Domain\user”, “user@domain.local”, and simple user are all valid credentials depending on your environment and authentication model. It is also possible to have no local access credentials available, so this section is optional.
Organization Token Required on initial configuration. E.g.: AA11-BB22-ZZ99

This token is available from your HPE CloudPhysics Welcome Page ( for new users and from the HPE CloudPhysics Status Page ( for existing users.  This token is unique per organization and valid for only 24 hours and used for organization account selection.  Optional after initial configuration and the appliance is already associated with an organization.

If you need a new token, you can find steps for locating and activating a new token here:

Wait for Data Upload Final Step After you deploy the appliance, you can expect data to start to appear in your portal within 10 to 30 minutes depending on the size of your environment. Please be patient. Note: The appliance will not report as registered until the first upload completes.

Account Validation and Organization Tokens

HPE CloudPhysics now leverages an Organization Token to ensure observers are associated with the correct organization much like Two-Factor Authentication.  This adds an extra level of validity to observers for Partners and 3rd Parties who deploy multiple observers to customer organizations.  Tokens are valid for only 24 hours after being generated. A single token can be used multiple times within the 24-hour window to deploy multiple observers within an organization. This process will result in an observer being associated with an organization and not a single email address or individual.
The Token adds additional security in that it ensures that only data from your validated observers are sharing data with HPE CloudPhysics.

Application Discovery and Dependency Discovery Settings (Optional)

New options for guest OS application process discovery leverages a guest account and VMware tools.  A guest process list and network connectivity data are collected by requesting data from the VM through the VMware Tools interface to vSphere. This data collection and analytics is optional to the user.  Process discovery allows for automatic tagging of applications and classification of workloads. This feature will require you to provide a local guest OS account credential. This account does not need to be a vSphere Admin or a domain admin account.  In simply needs local guest access to view running processes. In many cases, this may be a local guest account or a domain account. Please note that VMware Tools are required to be present and enabled as well as and elevated security policy for the observer account to allow these features.

vCenter Server Credentials

HPE CloudPhysics recommends the creation and use of a dedicated vCenter Server service account for use with our observer virtual appliance. For best results, the service account should have administrator-level permissions and be configured to read-only. In place of this, the vSphere administrator’s credentials will also work. If the creation of a new user role and account is not an option, the HPE CloudPhysics account can use any vSphere admin account with sufficient privileges to read from the required resources.

If there is sensitivity to using an administrator user credential set, a semi-privileged user role can be created for use. This role can be applied to a user credential set with minimal permissions to provide the access needed to use HPE CloudPhysics. The resulting user is much less privileged than an administrative user.

This user role can be created as follows:

  1. In vSphere Client, go to Roles.
  2. Create a new role, e.g. HPECloudPhysicsUser.
  3. Edit privileges, and enable (check off) the following. Note: Depending on versions and vSphere Client versions, you may find slight variations on the permission names below.
  4. In all cases, unless stated otherwise, all permissions require read access only.

For reference, vSphere Defined Privileges can be reviewed here:

Credentials for vCenter
Global Privileges
vSphere 4-6.x

  • Global Service Managers

vSphere 7.x

  • Global Service Managers

Host CIM Privileges
vSphere 4-6.x

  • Host CIM Interaction (Host.Cim.CimInteraction)

vSphere 7.x

  • Host CIM.CIM Interaction

Host Configuration Privileges
vSphere 4-6.x

  • Host Advanced Configuration (Host.Config.AdvancedConfig)
  • Host Configuration Patch (Host.Config.Patch)

vSphere 7.x

  • Host.Configuration.Advanced Settings
  • Host.Configuration.Query patch
  • Host.Configuration.Storage partition configuration

Datastore Privileges
vSphere 4-6.x

  • Datastore Browse (Datastore.Browse)
  • Host Configuration Storage (Host.Config.Storage)

vSphere 7.x

  • Datastore Browse (Datastore.Browse)


If you plan to use Dependency Discovery or Guest Process Identification, additional vCenter Policy settings will be required. This is an elevated level of Virtual Machine security to allow VMware tools to gather guest data. These features will require VMware Tools be present and enabled in the guest operating system.

Virtual Machine Guest Operations Privileges
vSphere 4-6.x

  • VirtualMachine.GuestOperations.Query
  • VirtualMachine.GuestOperations.Execute
  • VirtualMachine.GuestOperations.Modify

vSphere 7.x

  • Virtual machine.Guest Operations.Guest Operation Queries
  • Virtual machine.Guest Operations.Guest Operation Program Execution
  • Virtual machine.Guest Operations.Guest Operation Modifications

Save the new role.

Next, associate this role to the user to also have the HPECloudPhysicsUser role and Save.

The read-only, non-admin user now has the appropriate privileges needed to use HPE CloudPhysics.


Most issues are common misconfigurations which are easily resolved. Refer to the table below for common issues and resolutions. If you still need assistance, please contact

Appliance cannot connect to CloudPhysics Verify Firewall rules, Proxy settings, Network Ports, Network managers, and network policies If you try to continue past the Network screen and you receive an error connecting to CloudPhysics, please review the Network Troubleshooting Guide located here: Most common issues are related to restrictive firewall rules, 3rd party port managers, duplicate IP addresses, and network segments without internet access.
I don’t have a VMware vCenter, can I still collect data? No. A VMware vCenter is required for data collection. To eliminate load on ESXi hosts and VMs, HPE CloudPhysics collects its data directly from Vmware vCenter. We leverage the security policies and permissions through the vCenter API.
This is required for data collection.
Data is not appearing in HPE CloudPhysics Have you completed vApp configuration less than 15 minutes ago? Allow 15 minutes for the first upload of data to populate your HPE CloudPhysics account.
Appliance is only collecting one VMware vCenter of data Each appliances supports a single VMware vCenter for data collection. One HPE CloudPhysics virtual appliance is required per VMware vCenter. If you have 6 VMware vCenters, you will require 6 appliances configured for individuals environments. This ensures scalability. An appliance cannot collect from more than one VMware vCenter.
Cannot connect HPE CloudPhysics observer to vCenter Network Access? Ensure the HPE CloudPhysics observer is on a network segment that has network access to the vCenter you wish to monitor
My observer will not activate Network Access? Ensure the HPE CloudPhysics observer is on a network segment that has internet access and does not block port 443. If you require a Proxy, be sure to configure the proxy settings in the observer config.
I run vCenter 6.0 or Older. observer Setup Check the setup box for vCenter v6.0 and older during the setup. This will use the legacy API’s to collect data from vCenter. This will limit your ability to collect TAGS and other vCenter 6.5/6.7 specific resources.
I am not getting Guest Process Data The observer Setup, Guest OS Credentials To ensure Guest Processes are collected correctly, you will need to use a guest account that is common to either all VM’s or a domain account that has permissions to your VM’s. Many organizations have a limited access domain account for this purpose. Specify the account in the format that is required for your OS and a valid password. Valid formats for the guest user may be in the form of guestuser@domain.local, domain.local\guestuser, or simply guestuser
I am not getting Guest Process Data VMware Tools Not Installed Guest Process collection requires VMware tools to be installed and enabled in the Guest OS to collect. Ensure your VM’s have up to date VMware tools installed and enabled.
I need a Static IP Address Observer import step missed You can specify a static IP Address during the observer import process for vCenter. Specify a Static IP Address, Default Gateway, and DNS. Be sure the IP Address you specified has not already been deployed to a different network resource.
My observer will not connect to the vCenter or I have no IP Address DHCP not working When defining the network interfaces while deploying the observer appliance, leave all the Network fields blank to allow vCenter to deploy the appliance to use DHCP. If you deployed the observer and specified a DNS Server, Subnet Mask, or default router, it is possible vCenter did not provide a DHCP address since values were already provided for the other fields. Redeploy the observer and leave all the fields blank to ensure DHCP is used. If you intend to define any fields, you must define them and the result will be a Static IP Address.
I am not getting vCenter Tags vCenter Version needs to be v6.x and above Tag collection is only supported with vCenter v6.x and above.
Where do I enter my email address? Old observer version The 1.x versions of the HPE CloudPhysics observers leveraged an account email address for account validation. This method is no longer supported in the v2.x observer. If you have an older version of the virtual appliance, use the latest OVF appliance at and switch to the token based activation.
The email user ID in your observer virtual appliance is different than the email address you registered. This creates a data mismatch. Open your observer VM console and confirm/change your email ID to be equal to the email address you registered with HPE CloudPhysics.
The observer data payload cannot reach the Internet. Your organization may require a proxy to reach the Internet. View your vApp console to edit and provide a proxy server and port number.
The observer data payload cannot reach the Internet. If your organization uses a proxy server, this server may require credentials in order to allow access to the Internet. If this is the case, view your vApp console, edit, and provide the proxy server credentials and domain as needed.
Data stopped appearing in HPE CloudPhysics Your vCenter Server user credentials have expired or were revoked. Check that the password for the observer user account is correct. Password expiration policies can be the cause.

Alternately, if a personal user credential was used, and that person no longer works for your company, this credential may have been revoked. Update with a service account or other new credentials.

Observer vApp has been powered-off or suspended. In vSphere Client, power the observer vApp back on.
An admin for your account chose to exclude this observer on the status page. Email for assistance. Please describe your issue in detail.
Your observer IP Address is no longer valid. This can occur for static and DHCP addresses if mismanaged. View your vApp console to check settings. Note: To change IP settings, you must first power-off the vApp before you can make changes with ‘Edit Settings > Options > IP Properties’.
Your vCenter Server name may have changed. If so, view your vApp console and edit the vCenter Server name to the new name.
I am unable to log in to HPE CloudPhysics Forgot your password? At, click on ‘I forgot my password’ to request a password reset.
You were removed from this account. Your HPE CloudPhysics admin may have removed you from this account. Please inquire with this person.
I am not getting Dependency Map Data VMware Tools/Open Tools Required HPE CloudPhysics collects data from the Guest OS by issuing commands to vCentr to request data from the Guest OS through VMware Tools. Tools version 10.x and above must be present in the Guest OS to collect dependney data. See the Dependnecy Map FAQ for more details.
No Temp Directory Present VMware Tools and Open Tools will store temporary data from the request in a TEMP folder. This folder is often located in a common folder on the host with a TEMP or TMP environment variable pointing to the path. It is possible that the local user is using a user home path with a contained TEMP folder that has not yet ben defined, example: temp = %home%/%user%/temp/, If this is the case, it may be that the user account has never logged into the guest OS and that the temp path has never been created. If you use a login script to create user home directories or specify a temp path, VMware Tools may not have access to such a pth if the user has never logged into the system to create the directories. The user TEMP path must already exist. A global TEMP path should be defined for all users as a backup path in the event the user specific path does not exist.

For issues or troubleshooting not included above, please contact