Virtualization is a software technology that enables multiple operating systems to share the physical resources of a single computer at the same time. By running multiple operating systems on the same hardware, virtualization consolidates IT resources on fewer machines.
A hypervisor (e.g. VMware ESX) is virtualization software that manages the physical resources of a single computer — for instance, the computer’s hard disk, random access memory (RAM), and central processing unit (CPU). A virtual infrastructure (VI) host machine is a computer on which virtualization software (such as a hypervisor) has been installed, and a virtual system is a simulated computer or switch created by a hypervisor.
A virtual infrastructure (VI) is an IT environment containing one or more virtual systems. A VI consists of both physical and virtual components, including virtual systems, VI host
machines, network hardware, hypervisors, and other virtualization software.
VI node discovery is an automated process in which Tripwire Enterprise creates nodes and node groups that represent the virtual objects defined in VI management software. VI node discovery involves the following steps.
1. In the Node Manager, you complete the New Node Wizard for a VI management node (e.g. a vCenter node; seeCreating a VI Management Node on page 370).
2. When you click Finish in the New Node Wizard, Tripwire Enterprise queries the
specified installation of VI management software to identify the properties of each of the software’s virtual objects. The query also determines the hierarchy of virtual objects defined by the software.
3. In the Node Manager, TE creates the VI management node. Under the VI management node, TE creates a node or node group for each virtual object identified by the query. The hierarchy of Node Manager objects mirrors the hierarchy defined by the VI management software.
Once a VI management node has been created, you can synchronize the node’s contents with the VI management software at any time. When a VI management node is synchronized, Tripwire Enterprise updates the node’s descendant objects in the Node Manager to reflect the current contents and hierarchy of the VI management software. For example, if a user creates a new virtual machine in the VI management software, synchronization will create a
corresponding virtual machine node under the VI management node.
l To synchronize a VI management node manually, click the Synchronize button in the node’s properties dialog (seeChanging the Properties of a Node on page 317).
l To schedule synchronization, configure the Synchronization tab in the node’s properties dialog (seeChanging the Properties of a Node on page 317).
Note If you install TE Agent on a new virtual machine for which a node has yet to be
Discovering and Synchronizing a VMware Virtual Infrastructure
vSphere and VMware Infrastructure 3 (VI3) are VI platforms developed by VMware, Inc.
With each platform's VI management console, VI administrators can manage the physical and virtual components of their virtual infrastructure. vSphere Client is the console for vSphere, while VMware Infrastructure Client (VIC) is the console for VI3.
In vSphere Client and VIC, inventory views provide VI administrators with alternative perspectives on their inventory objects. An inventory object is any system or object in an inventory view; for instance, a virtual machine, cluster, or datacenter.
Inventory views include:
l Hosts & Clusters (Figure 7 below)
l Virtual Machines & Templates view (Figure 8 below)
l Networking (vSphere only)
l Datastores (vSphere only)
Table 12 (on page 62)indicates which inventory object types appear in each inventory view.
Figure 7. Hosts & Clusters View in vSphere Client or VIC
Figure 8. Virtual Machines & Templates View in vSphere Client or VIC
Tripwire Enterprise 8.2 User Guide 59 Chapter 3. Terms, Concepts, and Functions
In Tripwire Enterprise, a VMware vCenter node is a VI management node that can either represent a vCenter or a VirtualCenter. When you complete the New Node Wizard for a VMware vCenter node, TE ‘discovers’ the specified vCenter/VirtualCenter and creates the vCenter node in the Node Manager. Directly beneath the new vCenter node, TE creates a node group for each inventory view of the vCenter/VirtualCenter.
Note All objects in vCenter must have Full Access rights in order for TE to synchronize with vCenter. Any object in vCenter with limited rights such as No Access will cause the synchronization process to fail.
As shown inFigure 9 below, the hierarchy of objects in these node groups matches the object hierarchy in the inventory views of vSphere Client or VIC. For example, the Hosts & Clusters node group contains nodes and node groups that represent the inventory objects in the Hosts &
Clusters inventory view (Figure 7 on the previous page), while the VMs & Templates node group presents the contents of the VMs & Templates view (Figure 8 on the previous page).
Figure 9. A VMware vCenter node in the Node Manager
For each type of inventory object,Table 12 (on the next page)indicates the type of Node Manager object created by the VI node discovery process. In addition, the VI node discovery process creates:
l Host groups. A host group consists of nodes that represent the components of a single VI host machine. At minimum, a host group contains a VI hypervisor node.
l Template node groups. In the Hosts & Clusters node group (seeFigure 9 on the previous page), TE automatically adds a ‘Templates’ node group to each datacenter node group.
This group contains all virtual machine template nodes for a datacenter.
l A Deleted Nodes group. If the vCenter node contains an inventory object that is subsequently deleted from vCenter/VirtualCenter, TE moves the object's node to the Deleted Nodes group.
Once a VMware vCenter node has been created in the Node Manager, Tripwire Enterprise can synchronize the node with any future changes made in the vCenter/VirtualCenter. If
TE synchronizes the node and detects any of the following changes, TE automatically makes corresponding changes to the nodes and node groups under the VMware vCenter node:
l A change in the properties of an inventory object
l A change in the hierarchy of inventory objects in an inventory view
Note To have the delegated Agent for a VMware vCenter node authenticate SSL certificates from VI host machines, the VMware Certificate Validation property (tw.vi.vmware.ignoreCerts) must be disabled in the Agent’s configuration file (<TE_root>/data/config/agent.properties). For more information, see Tripwire Enterprise Agent Configuration Properties in the Tripwire Enterprise Reference Guide.
Tripwire Enterprise 8.2 User Guide 61 Chapter 3. Terms, Concepts, and Functions
Inventory
Clusters Yes No No No ... a static node
groupA
Datacenters Yes Yes No Yes ... a static node
groupA
Datastores No No No Yes ... a node group
Distributed
Folders Yes Yes Yes Yes ... a node group
Host machines
Yes No Yes Yes ... a node
Networks No No Yes No ... a node group
Resource
A A static node or node group is a Node Manager object for which a properties dialog cannot be opened by selecting the object in the main pane of the Node Manager.
B The VMware Infrastructure Client (VIC) displays most inventory objects in the Inventory Panel of the VIC console. However, virtual switches can only be viewed in the VIC by following the steps below.
1. Select a virtual machine in the Inventory Panel.
2. Click the Configuration tab in the Information Panel.
3. Select Networking from the Hardware menu.
C If an Agent has been installed on a virtual machine, Tripwire Enterprise creates a node group that contains both the Agent node and virtual machine node.
Table 12. Inventory objects and equivalent TE objects