Skip to main content

MCP connection requirements

To connect to Virtana MCP, each client needs three basic settings: the transport protocol, the server endpoint, and authentication details. The transport protocol is always streaming HTTP. The endpoint URL and authentication method vary by product.

Ensure all required connectivity, credentials, and configuration conditions are met before setting up and using the MCP client.

  • Decide which Virtana product the MCP client will connect to, such as IO, Global View, or both.

    Each Virtana product uses a different credential type and header format, summarized in the following table.

    Table 8.

    Product

    Credential type

    Authentication headers

    Credential source

    Global View

    OAuth 2.0 Client ID and Client Secret

    client-id: <your-client-id> and client-secret: <your-client-secret>

    Generate OAuth Credentials

    Infrastructure Observability (IO)

    API bearer token

    Authorization: Bearer <your-io-api-token>

    Get Bearer Token



  • Store secrets in a secrets manager or equivalent secure store.

  • Collect the required login details for the selected product.

  • Make sure your MCP client already has an LLM provider and model configured.

  • Ensure the client system can reach the MCP endpoint over HTTPS.

  • Confirm that the MCP endpoint uses a valid and trusted TLS certificate.

  • If using a local GV‑IO integration, update the deployment configuration after changing the MCP settings and redeploy the affected services.

Required settings

The following settings are required for an MCP connection:

Parameter

Description

Value or Format

Authentication

The credentials used to authorize requests.

The header format varies by product.

HTTP headers

Server Endpoint

The URL of the MCP server you want to reach.

Use the endpoint listed for your Virtana product.

Product-specific URL

Transport Protocol

The method used to establish the MCP connection.

This is the only supported transport protocol.

streaming-http

Product connection details

The following table shows the connection details for each Virtana product:

Product

Endpoint URL format

Authentication method

Global View (GV)

https://<your-platform-url>/mcp

OAuth token in the HTTP Authorization header

Infrastructure Observability (IO)

https://<io_server>/api/sdk/mcp/ (trailing slash required)

Bearer token in the HTTP Authorization header

For IO, the trailing slash in /api/sdk/mcp/ is required. If you omit the slash, the client fails with a 404 Not Found response.

For Virtana-hosted GV environments, the endpoint is typically https://app.cloud.virtana.com/mcp.

Feature availability by endpoint

The IO and Global View endpoints provide different capabilities through MCP. Use this section to compare the two endpoints and choose the one that supports the data and actions you need.

The following table shows which capabilities each MCP endpoint currently supports:

Table 9.

Capability

Infrastructure Observability

Global View

Aggregated metric data

Tick_sym.png

Cross_sym.png

Alert data

Cross_sym.png

Tick_sym.png

Basic relationship queries

Tick_sym.png

Cross_sym.png

Entity and inventory data

Tick_sym.png

Cross_sym.png

Schema queries (data model and structure)

Tick_sym.png

Cross_sym.png



Network and certificate requirements

MCP connection requires the environment that exists outside the client UI to verify the connection path, especially in on-premises or restricted-network deployments.

The MCP client host must have outbound HTTPS connectivity to the configured endpoint, and the endpoint must present a TLS certificate that the client trusts. Some clients don't accept self-signed certificates, for example, Goose rejects them.

If the server uses a self-signed certificate, use one of the following options:

  • Replace the self-signed certificate with a valid certificate on the server.

  • Import the self-signed certificate into the client trust store, if the client supports it.

  • Front the server with a reverse proxy that terminates TLS using a valid certificate.

The right option depends on your environment, so there is no single recommendation. For GV-IO on-premises integration, IO must present a valid certificate, or the integration can fail even when the endpoint and headers are correct.