Accenture MDR Quick Start Guide for VMware® vSphere(API)

This quick start guide will help Accenture MDR customers configure VMware® vSphere to allow log collection from the Log Collection Platform (LCP).

The document includes the following topics:

Supported Versions

A list of supported versions is available in the Accenture Security Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found at

Accenture Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents

Port Requirements

Table 1-1: Port requirements for LCP communication.

Configuring VMware vSphere

 Note: The collector should connect to VMware vSphere, Vcenter and ESX(I) under a root user account (or any other account that has web access permissions). Accenture Security MDR recommends that you use the HTTPS protocol to protect the connection. For information on modifying the server configuration to support HTTP, see the VMware Infrastructure SDK 2.5 Developer's Setup Guide. In some configurations of the collector, the SSL certificate for the VMware server must be retrieved and sent to Accenture Security MDR. Please contact the Accenture Security MDR onboarding team for assistance.

 To obtain the SSL certificates from the server.

1. To use encryption for the HTTPS VMware server connection, define the Connection protocol and set Ignore SSL Certificates to false.

2. To receive a certificate, follow the instructions from Obtaining Server Certificates in the VMware Developer's Setup Guide. See Table1-2 for the location of the obtained certificate. 

 Note:  VMware products use standard X.509 version 3 (X.509v3) certificates to encrypt session information that is sent over SSL (secure sockets layer) connections between server and client systems. When a client application initiates an SSL session with the server, the server sends its certificate to the client application. The client application checks the X.509 certificate against a list of known Certificate Authorities (CAs) to verify the authenticity of the certificate. The client then uses the server’s public key (contained in the X.509) to generate a random symmetric key. The client uses the key to encrypt all subsequent communications. The server certificates are created automatically during the process of installing VMware products, including ESX Server and VirtualCenter Server systems. These default certificates are digitally signed with the name of the host system, so they are sometimes referred to as “self-signed certificates". Because these certificates are self-signed (not signed by an official root CA), you must obtain the server certificate from each server that you plan to target with your client application (the “target servers”) and store it locally. 

You can obtain the certificates in one of the following ways:

• To obtain server certificates using Microsoft Internet Explorer

Note: These instructions cannot be applied to any other browsers (non-Internet Explorer), nor to non-Windows platforms. 

• To export the cached certificates to a local directory (for Java development on Windows)

•  To obtain server certificates using secure shell client application (for Linux development platform)

Note: This approach can be used by developers using Linux for development workstation, or anyone who has appropriate privileges to directly connect to the target server. 

1. Open the Internet Explorer browser from the development workstation, .

2. Navigate to the ESX Server or VirtualCenter Server Web server using the following HTTPS Protocol:  https://servername.

3. A Security Alert message displays a warning regarding the certificate’s certifying authority. The message text varies, depending on the version of Microsoft Internet Explorer that you use. The warnings are raised because the default certificates are self-signed. If your site has replaced the default certificates, you will probably not see the warning messages. However, you still need to obtain the certificates and install them on the local development workstation.

4. Click View Certificate to open the Certificate properties page.

5. Click Install Certificate to launch the Certificate Import wizard. Keep the default setting (Automatically select the certificate store based on the type certificate) and click Next to continue.

6. Click Next to continue installing the certificate.

7. Click Finish. A security warning message regarding the certificate’s certifying authority is displayed.

8. Click Yes to continue with the certificate installation. A Certificate Import Wizard success message is displayed.

9. Click OK to dismiss the success message. The Certificate properties page becomes active again.

10. Click OK in the Certificate dialog box to continue to the server. The initial Security Alert message that was presented in step 2 becomes active again. Click Yes in the Security Alert message to continue with the original HTTPS request for the server. The Server (VMware ESX Server 3, VMware VirtualCenter 2) Welcome page is displayed. The certificate has now been installed in the Internet Explorer’s certificate cache.

11. Repeat the process for each ESX Server and VirtualCenter Server that you will be using with the VI SDK. Obtain all the certificates you need (one for each target server).​

12. Share the obtained certificate to Accenture Onboarding Engineer via MDR Portal.

Follow the steps below after obtaining all the certificates you need (each target server).

1. Create a directory named VMware-Certs (at the root level) for the certificates. Several of the VI SDK batch files assume this path as the location of the keystore, and will fail if you do not use the path: C:\VMware-Certs

2. From the Internet Explorer Tools menu, select Internet Options to open the Internet Options Properties page.

3. On the Properties page, click the Content tab to activate the content advisor, certificates store.

4. Click Certificates to open the Certificate Manager.

5. Click the Trusted Root Certificate Authorities tab to display the list of trusted certificates. This list should contain a certificate for each of the target servers selected in steps 2 - 8.

6. Scroll through the list of certificates to find the required certificates. For ESX Server systems, the certificate name matches the DNS name of the server. For VirtualCenter Server systems, the certificate name is VMware.

7. Do the following for each target server:

   • Click the certificate to select it.

   • Click Export to launch the Certificate Export wizard.

   • Click Next to continue. The Export File Format dialog box is displayed.

   • Keep the defaults (DER encoded binary X.509 (.CER)) and click Next to continue. The File To Export dialog box is displayed.

   • This dialog box lets you enter a unique name for the certificate.

   • Choose a filename and enter it along with the complete path to the directory that you created in step 1: C:\VMware-Certs\servername.cer

   • Click Next to continue with the export. A Completing the Certificate Export Wizard page is displayed, summarizing the information about the certificate.

   • Click Finish to complete the export. A Certificate Export Wizard success message is displayed.

   • Click OK to dismiss the success message.

8. When you have exported all certificates for the servers you want to target, click Close to exit the certificates export dialog box.

9. Click Cancel to close the Internet Options properties page.

10. Share the obtained certificate to Accenture Onboarding Engineer via MDR Portal.

Note: The following instructions require administrative privileges on the VirtualCenter Server so that you can access the necessary sub-directory.

1. From the development workstation, create a directory to store certificates of ESX Servers or VirtualCenter Servers that you use during development: ~\vmware-certs\

2. Connect to the ESX Server using an SSL client from the development workstation. Remote connections to the ESX Server service console as root are effectively disabled. You must connect as another user with privileges on the server to obtain the certificate. The server certificate filenames and locations on various versions of the ESX Server and VirtualCenter Server are listed in Table 1-2.

3. Copy the certificates from the server to the certificate sub-directory of the development workstation by using a unique filename for the certificate.For example, you are copying multiple default certificates from multiple ESX Server systems.

4. Import the server-certificate into the certificate store.'

5. Share the obtained certificate to Accenture Onboarding Engineer via MDR Portal.

Table 1-2: Directory locations and certificate filenames.

Creating New Request for Monitoring

Once the device is configured as outlined in the steps above and all network pre-requisites have been made, you are now ready to onboard it for MDR monitoring. To complete this process, submit a New Request via the MDR Portal at https://mss.accenture.com/. This new request should contain the following information:

1. Reporting LCP Hostname/IPAddress:

2. VMware vSphere IPAddress/FQDN:

3. VMware vSphere Port Number: 

4. Connection Protocol:

5. Read-only User Name: 

6. Read-only User Password: 

If you have any questions about this process, please contact your Onboarding Engineer or Service Manager.

 ​LCP Configuration Parameters

Table 1-3: The VMware vSphere event (API - 3527) collector properties to be configured by MDR are shown in the table.