Monitoring VMware VMC on AWS

Overview

TOS monitors the VMware platform for policy revision changes. For TOS to show full accountability details (who made the policy changes and when the changes were made), you must also configure the platform to send syslogs.

To see which TOS features are supported for your device, review the SecureTrack Features by Vendor.

Prerequisites

By default, changes to unlogged rules do not trigger new revisions on TOS. Therefore, unlogged changes created by tools such as Service Composer will not trigger a TOS revision. See Tracking Unlogged Rules for details.

Ensure that the device user has the following permissions: (TOS requires minimum permissive privileges to monitor devices.)

NSX Cloud Admin
NSX Cloud Auditor
NSX Cloud Admin NSX Cloud Auditor

Add a Device

  1. Select VMware > VMC on AWS:

  2. Configure the device settings:

    • Name for Display

    • Domain: Available only if you have configured your system for managing multi-domains and All Domains is currently selected. Select the domain to which to add the device. The Domain can only be entered when adding a device; to change the Domain, you must migrate the device.

    • Get revisions from one of the following:

      • IP Address: Enter the IP address of the device.
      • Offline File: (If available) Revisions are manually uploaded to TOS for Offline Analysis

    • Enable Topology: Collects routing information for building the network Map.

      Topology options for Advanced management mode are configured when you import managed devices.

    • If the device uses dynamic addressing (such as DHCP) or dynamic routing protocols (such as OSPF), select Collect dynamic topology information.

    • ST server: In a distributed deployment, select which TOS cluster monitors this device (not shown in image)

  3. Click Next.

  4. Configure the TOS connection to the VMware device, according to the parameters required by the device:

    • Organization ID: ID given to the account within the VMware ecosystem.

    • SDDC ID: ID given to the entire VMC deployment.

    • API token: Enter your API token to authenticate your organization. You can generate it from your account page in the Cloud Serivces Console or through the VMware Cloud Services.

    • Login domain: Country of the account, provided by VMware.

  5. Click Next.

  6. In Monitoring Settings , configure the time interval for periodic polling:

    For VMware VMC devices, both the Default and Custom options set periodic polling automatically. If you select Custom, you can configure the time interval for periodic polling by selecting Custom settings > Polling frequency. Polling frequency determines how often TOS fetches the configuration from each device. If you select 1 day, you can then select the exact time (hour and minute) for the daily polling.

  7. Click Next.

  8. Save the configuration.

    The VMware device now appears in the Monitored Devices tree.

Configure a Monitored Device

After you add a device, further configuration options are available.

Options vary depending on your environment.

  • Edit configuration: Use the wizard to modify selected device settings. See Add a Device in this topic.

  • Delete this device: Type yes to confirm that you want to delete the device.

  • Import Logical Routers: Select the Logical Routers to import. Logical Routers are used for topology only.

  • Migrate (ST servers): Available in distributed deployments. Select the server where the device will be monitored and click Migrate.

  • Migrate (Domains): Available in multi-domain deployments. Select the domain where the device will be monitored and click Migrate.

How Do I Get Here?

SecureTrack > Monitoring > Manage Devices