VMware vCenter Scanning Reference
This guide provides a reference for the VMware vCenter scanner, which discovers and maps your complete virtualized infrastructure managed by vCenter.
Overview
The vCenter scanner connects directly to the vSphere API on your vCenter server. It performs a deep inventory of your virtual environment, collecting information about datacenters, clusters, ESXi hosts, virtual machines (VMs), and their complex relationships. This method does not require agents on individual ESXi hosts or VMs.
Network Requirements
- Port: TCP 443 must be open from the NopeSight Scanner Agent to the vCenter server's IP address or hostname.
- Protocol: vSphere API (SOAP/REST over HTTPS)
Authentication and Privilege Requirements
The scanner requires a user account with permissions to read data from vCenter. An administrator account is not necessary.
- Recommended Role: A user with the Global Read-Only role is sufficient for all discovery operations and is a security best practice.
- Permission Scope: The permissions must be applied at the top-level vCenter object and propagated down to all child objects (Datacenters, Clusters, etc.).
For advanced configurations, the specific privileges required by the service account are: System.Anonymous, System.Read, System.View, Global.Licenses, Host.Config.AdvancedConfig, and VirtualMachine.Config.AdvancedConfig.
Data Collected Summary
The vCenter scanner builds a complete picture of your virtual infrastructure and the relationships between components.
| Category | Examples |
|---|---|
| vCenter Server | vCenter Version & Build, API Version, Instance UUID, Overall Health Status |
| Infrastructure | Datacenter Names, Folder Structures, Cluster Configurations |
| Clusters | Cluster Name, Total CPU/Memory Resources, HA/DRS Status, EVC Mode |
| ESXi Hosts | Hostname, Manufacturer & Model, Serial Number, Hypervisor Version & Build, Power State, Maintenance Mode Status, CPU & Memory Specs |
| Virtual Machines | VM Name, UUID, Guest OS, Power State, CPU & Memory Allocation, VMware Tools Status, IP & MAC Addresses, Annotations & Tags |
| Storage | Datastore Names, Type (VMFS, NFS, vSAN), Total Capacity, Free Space, Number of VMs per Datastore |
| Networking | Standard and Distributed vSwitches, Port Group Names, VLAN IDs, Teaming Policies |
| Resource Pools | Pool Name, CPU & Memory Reservations/Limits/Shares |
| Relationships | - VM → runs on → ESXi Host - ESXi Host → member of → Cluster - VM → uses → Datastore - VM → connected to → Port Group |