Adding vCenters to CloudControl

CloudControl learns about your vSphere environment when you add a vCenter.

From the Home tab, select Inventory > vSphere.
On the vSphere page, select Actions > Add vCenter.

Note: If there are no vCenters in your system, you can also click the Add vCenter link on the vSphere page.

On the About page, specify the following:

Field	Value
IP/FQDN	Enter the vCenter IP address or FQDN.
Port	Enter the port used for the vCenter, or accept the default.

Select Service Account or Managed Credentials Account.

For a Service Account:

Field	Value
Service Account	The vCenter service account to be used for CloudControl. The same account must be used across all vCenter Servers, and it must have administrator privileges.
Service Account Password	The password for the vCenter service account.

For a Managed Credentials Account

Field	Value
Account	Select the managed credentials account that you want to use. If you have not yet created a managed credentials account, see Creating a Credential Management Account.
Secret Name	For Secrets Vault, this is the secret name to be used to access the secret in the format box:secret that be found in the KeyControl webGUI. Where 'box' is the name of the box that contains the secret, and 'secret' is the name of the secret. For example, box1:secret1. For CyberArk, this is the secret ID.

Field

Value

Account

Select the managed credentials account that you want to use. If you have not yet created a managed credentials account, see Creating a Credential Management Account.

Secret Name

For Secrets Vault, this is the secret name to be used to access the secret in the format box:secret that be found in the KeyControl webGUI. Where 'box' is the name of the box that contains the secret, and 'secret' is the name of the secret. For example, box1:secret1.

For CyberArk, this is the secret ID.

On the Configure page, view and approve the certificates for the Platform Services Controller (PSC) and all vCenters that were discovered. The Approve checkbox must be checked for all certificates before you can add the vCenter.
- Certificates from a trusted source have the Approve checkbox checked automatically.
- Click the Certificate link to view the certificate details. Click Approve to populate the approve checkbox for the certificate, or click the x icon to close the window.
- Certificates without a certificate authority are displayed with a warning icon. Click the link in the tool tip to add a CA. For more information, see Installing a Certificate Authority. You can manually approve these certificates by checking the Approve checkbox.
- Certificates that are invalid or expired are displayed with an error icon. These certificates cannot be approved.
All vCenter and PSC certificates are displayed on the Certificate Authorities tab on the Certificates page.
Determine if you want to use a single Published IP for each vCenter or a Published IP Range to be used for all current and future vCenters in this ELM.

Important: If you plan to use Access Control, you must have a Published IP address or range.
- For a Published IP, click the Configure link in the Published IP column of the vCenter table, enter the Published IP Address and Netmask, and click Apply.
- For a Published IP Range, enter the Published IP Address and Netmask in the Published IP Range section.
When all certificates are approved, click Continue.

Note: You cannot click Continue until all of the Approve checkboxes are checked.
On the Details page, you can monitor the process as all of your vSphere information is collected.
Click Continue.
On the Onboard Hosts page, you can view the hosts that were discovered, remove hosts, or add additional hosts to be added to CloudControl. Select the hosts that you want to add and click Onboard Hosts.

You must add hosts before you can run Configuration Hardening policies (assessment and remediation) against your hosts.
On the Hosts Credentials page, you can add or import the credentials for your ESXi hosts.
- To add credentials:
  1. Select one or more ESXi hosts that share the same credentials and click the Missing link in the Credentials column.
  2. In the Add Host Credentials window, enter the User Name and Password for the ESXi hosts and click Apply.
    The Credentials column for each host displays the status. This can be one of the following:
    - Missing
    - Valid
    - Invalid
- To import credentials, you will need to upload a CSV file in the following format:
  
  ESXINAME FQDN, PASSWORD, USERNAME
  1. Select one or more ESXi hosts that share the same credentials and click Import Credentials.
  2. Select the file that you want to import and click Continue.
  3. Review the summary on the Discovered page.
  4. Click Apply.
Important: If you do not add the credentials, then you cannot run Configuration Hardening policies (assessment and remediation) against your hosts.
After you have added the credentials, you can enable Global PIP. Global PIP is disabled by default. For more information, see Enabling and Disabling Global PIP .
Click Continue.
Click Done to view the dashboard for the newly added vCenters.

What to Do Next

Review your vSphere inventory (See Viewing vSphere Inventory )
View the Certificate Authorities that have been imported (See Viewing Certificate Details)