For the un-initiated, Pure1 VM Analytics is a tool where you can deploy a collector and authenticate it with one or more vCenters. That collector then sends performance and topology data back to Pure1. We then display it in an easy-to-understand view to help you view your end-to-end environment. Identify performance bottlenecks, heavy hitters, whatever.
For this to work, the collector needs authentication to vCenter of course, but not a lot. Read Only will do. If you want it to see the entire vCenter and every object, the simplest option is to create a new user, and assign it read-only permissions to the vCenter object and propagate it down to everything:
Then select your user, choose read only and make sure to select “Propagate to Children”
You can then use that account to authenticate the collector. But what if you only want a single cluster sent to Pure1? Or a subset?
Well you can login vCenter and choose a cluster and do the same thing, but if that is all you do (just give the user read only access at the cluster level) you will see a similar error to this in the collector:
Note that I am using my PowerShell method to manage my OVA connections.
So what is wrong? Well, the collector pulls a variety of pieces of information (topology, metrics, names). You can see the full list here:
The top level one (under vSphere) refers to the vCenter itself. It needs to look at what is associated with it. So it needs read only access to the vCenter object as well. The error above says that cryptically (VpxSettings error).
So the process is as such:
Assign the read only user to the vCenter object (do not select propagate children, if you do everything will be collected.
Then find the cluster(s) or datacenter(s) you want to provide access to. So if I only want to give access to the MountainView cluster, click on it and then choose the Permissions tab, then the plus sign.
Then choose your user, and read only. Make sure to choose propagate so it can read the metrics etc from the hosts and VMs.
If you login to the vSphere Client with those credentials you should see just those objects:
This will be the only cluster in that vCenter/datacenter in Pure1:
I’ve seen it deployed and working it is indeed powerful.
Thanks for sharing:)
Hey Cody,
Thanks for making these blog posts to fill in the documentation gaps for pure. Your blogs and comments on reddit were a big reason we decided to purchase Pure storage over other competitors.
I followed the instructions in your post to give the read only account access to a specific cluster in vcenter. However, the data never shows up in pure1. I have a support case #CS0370117 open and support has confirmed that the data is being sent via collector to the pure telemetry server, but somehow it’s not being displayed in pure1. Perhaps you could take a look at my case. Thanks!