Managing vCenter Permissions for Pure1 VM Analytics

For the un-initiated, Pure1 VM Analytics is a tool where you can deploy a collector and authenticate it with one or more vCenters. That collector then sends performance and topology data back to Pure1. We then display it in an easy-to-understand view to help you view your end-to-end environment. Identify performance bottlenecks, heavy hitters, whatever.

For this to work, the collector needs authentication to vCenter of course, but not a lot. Read Only will do. If you want it to see the entire vCenter and every object, the simplest option is to create a new user, and assign it read-only permissions to the vCenter object and propagate it down to everything:

Then select your user, choose read only and make sure to select “Propagate to Children”

You can then use that account to authenticate the collector. But what if you only want a single cluster sent to Pure1? Or a subset?

Well you can login vCenter and choose a cluster and do the same thing, but if that is all you do (just give the user read only access at the cluster level) you will see a similar error to this in the collector:

Note that I am using my PowerShell method to manage my OVA connections.

So what is wrong? Well, the collector pulls a variety of pieces of information (topology, metrics, names). You can see the full list here:

https://support.purestorage.com/Pure1/Pure1_Manage/003_Analytics/Pure1_Manage_-_VM_Analytics#Collected_Metrics

The top level one (under vSphere) refers to the vCenter itself. It needs to look at what is associated with it. So it needs read only access to the vCenter object as well. The error above says that cryptically (VpxSettings error).

So the process is as such:

Assign the read only user to the vCenter object (do not select propagate children, if you do everything will be collected.

This image has an empty alt attribute; its file name is 2020-01-03_8-00-38.png

Then find the cluster(s) or datacenter(s) you want to provide access to. So if I only want to give access to the MountainView cluster, click on it and then choose the Permissions tab, then the plus sign.

Then choose your user, and read only. Make sure to choose propagate so it can read the metrics etc from the hosts and VMs.

If you login to the vSphere Client with those credentials you should see just those objects:

This will be the only cluster in that vCenter/datacenter in Pure1:

2 thoughts on “Managing vCenter Permissions for Pure1 VM Analytics”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.