About VM Monitoring on VMware vCenter

The Panorama plugin for VMware vCenter gives you the tools to build policy for your vCenter environment using Dynamic Address Groups. Dynamic address groups allow you to create policy that automatically adapts to changes in your environment, such as the addition or deletion of guests. The VMware vCenter plugin monitors for changes in your vCenter environment and shares that information with Panorama.
The plugin processes the information it receives from vCenter and converts it into a set of tags on Panorama that you can use as match criteria for assigning IP address to dynamic address groups. Each tag has a prefix that describes the hierarchy above the VM.
In this example, each tag in Panorama begins with the prefix shown below. Each tag includes the vCenter name, data center name, and cluster name; if you have folders in your vCenter hierarchy, tags will include the folder names. The order of the objects in the tag matches the order in the vCenter hierarchy.
vcenter.<vcenter-name>_ParentA_ParentB_Datacenter_CHILD1_CHILD2_Cluster_<tag>
vmware-vcenter-hierarchy.png
The Panorama plugin for VMware vCenter does not support tags associated to vApps or resource pools.
The tags are shown in Panorama in the following formats:
  • vcenter.<vcenter-name>_<datacenter-name>_<cluster-name>_vmname.<vm-name>
    —this tag maps virtual machine IP addresses based on VM name.
  • vcenter.<vcenter-name>_<datacenter-name>_<cluster-name>_guestos.<guest-os>
    —this tag maps virtual machine IP addresses based on guest operating system.
  • vcenter.<vcenter-name>_<datacenter-name>_<cluster-name>_annotation.<annotation>
    —this tag maps virtual machine IP addresses based on annotation.
  • vcenter.<vcenter-name>_<datacenter-name>_<cluster-name>_vlanId.<vlan-ID>
    —this tag maps virtual machine IP addresses based on VLAN ID.
  • vcenter.<vcenter-name>_<datacenter-name>_<cluster-name>_host-ip.<host-ip>
    —this tag maps virtual machine IP addresses based on host IP address.
  • vcenter.<vcenter-name>_<datacenter-name>_<cluster-name>_<tag-category>.<user-defined-tag>
    —this tag maps virtual machine IP addresses based on user-defined tags created in vCenter.
    The plugin supports a maximum of 16 user-defined tags per VM. Any user-defined tags beyond 16 are not processed.
The Panorama plugin for vCenter cannot process tags that are longer than 128 characters; this includes letters, numbers, and special characters. Whitespace in vCenter object names is replaced with forward slashes. Additionally, Panorama does not support non-ASCII special characters or the following special characters—
’<>&”
in vCenter VM names and annotations. Panorama drops tags containing unsupported characters.
To retrieve endpoint IP-address-to-tag mapping information, you must configure a Monitoring Definition for each vCenter in your virtual environment. The Monitoring Definition specifies the username and password that allows Panorama to connect to vCenter. It also specifies the device groups and corresponding notify groups containing the firewalls to which Panorama pushes the tags. After you configure the Monitoring Definition and the Panorama plugin for VMware vCenter retrieves the tags, you can create DAGs and add the tags as match criteria.

Related Documentation