Configuring Automatic Endpoint Discovery

For JetPatch Manager to discover supported vCenter VMs, AWS cloud instances, and MS Azure cloud instances, you need to configure JetPatch Agent Manager's connection to organizational vCenter servers,  AWS EC2, Azure, etc with a read-only account

VM discovery and vSphere communication are supported for VMware vSphere 5.0 and above .

For other environments, connect to non-discoverable endpoints individually.

To configure vCenter, EC2, and Azure connections:

1. Make sure organizational firewalls allow HTTPS (port 443) communication from the JetPatch Agent Manager to the vCenter servers and out to the internet.
2. Log in as a JetPatch Administrator and go to Platform configuration (upper right-hand corner)            
3. Go to Settings > Discovery Sources:

   

4. For each organizational vCenter server, EC2 and Azure account:
   1. Click Add Discovery Source.
   2. Select the Source Type: vCenter, EC2, or Azure, and Source Name: A descriptive name for display in the JetPatch Manager Console:

      

   3. Configure the connection fields, depending on the selected source type:

      

      • For vSphere: Server Name (the vCenter's resolvable name or IP address), the User Name, Password of a vSphere user account in a Role with Read permissions for retrieving VM details from the vCenter and set Maximum vCenter calls per minute to limit the communication between JetPatch Agent Manager and the discovery source (leave empty for unlimited calls).
      • To enable fallback hypervisor communications for endpoint operations, the provided user account should be in a Role with all Guest Operations permissions (in Role configuration, under Virtual machine > Guest Operations, select all three Guest Operation permissions).
      • For Microsoft Azure Resource Management (ARM): Enter your Tenant ID (learn how to retrieve the info here), Subscription Id (can be found on your of the navigation panel in Azure>subscriptions>list of subscriptions is displayed along with the subscription ID), Client ID, Client Secret  aka authentication key (learn how to retrieve the info here)
      • For Amazon EC2: The Access key and Secret key for the AWS API. You can generate this key pair from the AWS console, preferably using the AWS IAM service. Choose how you want to import tags.

        *When choosing "Import the following tags only," AWS tags that consist of a comma will not be imported.

      • For Microsoft Azure Service Management (ASM): Subscription ID (found in the Windows Azure Management Portal), certificate file in JKS format, and Certificate password. To obtain the certificate file, export it from Azure and then convert it to JKS. To convert to JKS, run (requires Java JDK):
      • Keytool -importkeystore -srckeystore <cert>.pfx -srcstoretype pkcs12 -destkeystore <cert>.jks -deststoretype JKS
      • Where <cert> is the certificate file name (without extension)

      Verify that the discovery user has ‘Windows Azure Service Management API’ extra permissions. Add the user to the Microsoft Domain App as an Owner under the RBAC roles (Azure).

   4. Click Test Connection. If the connection is successful, a confirmation message appears.
   5. Click Save (available upon successful connection test).
5. Configure endpoint user accounts.

Note: An EndPoint power status will not be updated when the connection is not via vCenter/Amazon/ Azure etc.

Newly-added endpoints appear in the endpoint list with the initial status of Untested. Upon first vAgent deployment or upon a manual Refresh status from the Servers tab, the connection status will be updated and JetPatch Agent Manager will attempt to install the connector on the machine.

To disable a discovery source (for example, before changing a password, to avoid the account being locked due to repetitive login failures), click .