Skip to main content

Installation Prerequisites

  • A supported version of Hyper- V/Windows Server must have been properly installed and configured. Refer to the Interoperability section for supported versions.

  • Windows Remote Management (WinRM) must be properly configured.

  • Ensure that the property "com.vi.hyperv.winRM" is configured with the value "true" to enable compatibility with WinRM.

  • The Windows hosts must have been properly configured for monitoring. Refer to the Configuring the Windows Host(s) for Monitoring section for more information.

For access to the Windows host, note the following:

  • You must have available a WinRM user and login credentials to the OS host.

  • The user must have a minimum of read-only privileges.

  • An appropriate port must be available. If using WinRM over HTTPS, set the port to 5986 or 5985 (WinRM HTTP).

  • Supported transport methods for host credentials is NTLM.

Before configuring the Microsoft Hyper-V Integration, you need to properly prepare the Windows environment for access by the integration. Following are the tasks you need to complete on each Windows host server. The tasks can be performed in any order, but must be successfully completed prior to configuring the Hyper-V Integration in IPM for discovery.

  • Create a Domain User Service Account.

  • Add the Domain User Service Account to the Performance Monitor User Group.

  • Windows Management Instrumentation (WMI) Configuration.

  • Windows Remote Management (WinRM) Configuration.

  • Windows Firewall Configuration.

  • Optional:

    • Create the HTTPS (WinRM) Certificate.

    • Download (Export) the HTTPS Certificate.

About These Tasks You must create a domain user that IPM can use to access Windows to gather monitoring data.

Prerequisites

  • You must be running a supported version of 64-bit Windows Server: 2012, 2012R2, 2016, or 2019. If you are running an earlier version of Windows, contact Virtana Support.

  • You must be logged in as a domain administrator to perform these tasks.

  • You need the IP address and subnet for IPM.

Note

The instructions provided in this section are suggestions for how to proceed to configure a Windows Server for connectivity with IPM. If these instructions do not work for your particular Windows Server system, please reach out to Microsoft Support for assistance.

Create a Domain User Service Account in Active Directory

  1. Enter a password and do the following:

    • Deselect: User must change password at next logon.

    • Select: User cannot change password

    • Select: Password never expires

  2. Click Next and Finish.

Set Permissions for a User with Non-Administrator Privileges

Log in as a domain administrator on each server that will be monitored by IPM.

  1. Navigate to Administrative Tools and access Computer Management.

  2. Navigate to Local Users and Groups and select Groups.

  3. Double-click Performance Monitor Users and add the Domain User Service account created in the previous section.

  4. Click Apply and OK to close the properties page.

Windows Management Instrumentation (WMI) Configuration

A Domain User Service account that accesses the Windows host to gather monitoring data must be configured in WMI. You must be logged in to the server as a domain administrator to perform this task.

  1. Open Windows PowerShell and enter the following command: wmimgmt.msc

    Alternatively, you can navigate in the UI to Control Panel> Administrative Tools>Computer Management> More Actions>WMI Control

  2. Under Actions/WMI Control (right pane), click More Actions to open the WMI Control Properties wizard.

  3. Click the Security tab and select Root.

  4. Click the Security button and, in "Group or user names", select the domain user service account you previously created. If the domain user is not listed, click Add, enter the username in the text field, and click OK.

  5. Select the domain user service account and select the following permissions:

    • Execute Methods

    • Provider Write

    • Remote Enable

  6. Click Advanced section, select the domain user service account, and then click Edit.

  7. Choose the following:

    Applies to = This namespace and subnamespaces

  8. Ensure the permissions selected previously are also selected on this window: Execute Methods, Provider Write, Remote Enable.

  9. Click Apply and OK to all open dialog boxes.

    This completes configuration of the user in WMI

Windows Remote Management (WinRM) Configuration

A Domain User Service account that accesses the Windows host to gather monitoring data must also be configured in WinRM. This is the same user that was configured in WMI.

  1. Access Windows Powershell and enter the following command:

    • Enable-PSRemoting

  2. Open PowerShell and enter the following command: winrm configSDDL default

    Alternatively, you can navigate in the UI to Control Panel>Administrative Tools>Computer Management>More Actions>WMI Control.

    A Permissions for Default property windows will be displayed.

  3. Select the domain user service account and select the following permissions for the user:

    • Read (Get, Enumerate, and Subscribe)

    • Execute (Invoke)

      If the domain user is not listed, click Add, enter the username in the text field, and click OK.

  4. Click Apply and OK to exit the window.

    This completes configuration of the user in WinRM.

Configure the Windows Firewall

If a firewall is enabled, you might need to configure the firewall with an exception to permit communication between the IPM Appliance and the Windows server.

  1. Open PowerShell and enter the following command: wf.msc A firewall properties page will be displayed.

  2. Click Inbound Rules (left pane) and click New Rule (right pane).

    The New Inbound Rules wizard opens to the Rule Type tab.

  3. Modify the configuration as follows:

    Note

    Virtana recommends that you do not limit Local and Remote ports or local IP addresses, but instead define firewall connection rules by remote IP address. The remote IP address defined should be that of the IPM Appliance.

    Clicking Next moves you through the wizard tabs, identified in the left pane.

    • On the Rule Type tab: Select Custom and click Next.

    • On the Program tab: Ensure All programs is selected and click Next.

    • On the Protocol and Ports tab: Leave the defaults and click Next.

    • On the Scope tab:

      • In the Which remote IP addresses does this rule apply to field, select These IP addresses and click Add.

      • In the This IP address or subnet field, type the IP address of the IPM Appliance and click Next.

    • On the Action tab: Ensure Allow the connection is enabled and click Next.

    • On the Profile tab: Ensure Domain is selected and deselect Private and Public (as required), and then click Next.

    • On the Name tab: Enter a name and description for the firewall rule and click Finish.

  4. Restart services:

    • Open Services using the PowerShell command: services.msc

    • Select Windows Management Instrumentation service to restart.

      Note: This will also restart User Access Logging and IP Helper.

    • Click Yes in the popup to restart the three services.

      This completes configuration of the Windows firewall in WMI.