MCP connection requirements
To connect to Virtana MCP, each client needs three basic settings: the transport protocol, the server endpoint, and authentication details. The transport protocol is always streaming HTTP. The endpoint URL and authentication method vary by product.
Ensure all required connectivity, credentials, and configuration conditions are met before setting up and using the MCP client.
Decide which Virtana product the MCP client will connect to, such as IO, Global View, or both.
Each Virtana product uses a different credential type and header format, summarized in the following table.
Table 8.Product
Credential type
Authentication headers
Credential source
Global View
OAuth 2.0 Client ID and Client Secret
client-id: <your-client-id>andclient-secret: <your-client-secret>Infrastructure Observability (IO)
API bearer token
Authorization: Bearer <your-io-api-token>
Store secrets in a secrets manager or equivalent secure store.
Collect the required login details for the selected product.
Make sure your MCP client already has an LLM provider and model configured.
Ensure the client system can reach the MCP endpoint over HTTPS.
Confirm that the MCP endpoint uses a valid and trusted TLS certificate.
If using a local GV‑IO integration, update the deployment configuration after changing the MCP settings and redeploy the affected services.
Required settings
The following settings are required for an MCP connection:
Parameter | Description | Value or Format |
|---|---|---|
Authentication | The credentials used to authorize requests. The header format varies by product. | HTTP headers |
Server Endpoint | The URL of the MCP server you want to reach. Use the endpoint listed for your Virtana product. | Product-specific URL |
Transport Protocol | The method used to establish the MCP connection. This is the only supported transport protocol. |
|
Product connection details
The following table shows the connection details for each Virtana product:
Product | Endpoint URL format | Authentication method |
|---|---|---|
Global View (GV) |
| OAuth token in the HTTP Authorization header |
Infrastructure Observability (IO) |
| Bearer token in the HTTP Authorization header |
For IO, the trailing slash in /api/sdk/mcp/ is required. If you omit the slash, the client fails with a 404 Not Found response.
For Virtana-hosted GV environments, the endpoint is typically https://app.cloud.virtana.com/mcp.
Feature availability by endpoint
The IO and Global View endpoints provide different capabilities through MCP. Use this section to compare the two endpoints and choose the one that supports the data and actions you need.
The following table shows which capabilities each MCP endpoint currently supports:
Capability | Infrastructure Observability | Global View |
|---|---|---|
Aggregated metric data |
|
|
Alert data |
|
|
Basic relationship queries |
|
|
Entity and inventory data |
|
|
Schema queries (data model and structure) |
|
|
Network and certificate requirements
MCP connection requires the environment that exists outside the client UI to verify the connection path, especially in on-premises or restricted-network deployments.
The MCP client host must have outbound HTTPS connectivity to the configured endpoint, and the endpoint must present a TLS certificate that the client trusts. Some clients don't accept self-signed certificates, for example, Goose rejects them.
If the server uses a self-signed certificate, use one of the following options:
Replace the self-signed certificate with a valid certificate on the server.
Import the self-signed certificate into the client trust store, if the client supports it.
Front the server with a reverse proxy that terminates TLS using a valid certificate.
The right option depends on your environment, so there is no single recommendation. For GV-IO on-premises integration, IO must present a valid certificate, or the integration can fail even when the endpoint and headers are correct.

