For JetPatch Manager to discover supported vCenter VMs, AWS cloud instances, MS Azure cloud instances, or Active Directory instances, you need to configure JetPatch Agent Manager's connection to organizational vCenter servers, AWS EC2, Azure, etc with a read-only account
For other environments, connect to non-discoverable endpoints individually.
Configuring Automatic Endpoint Discovery
To configure Automatic Endpoint Discovery connections:
- Make sure organizational firewalls allow HTTPS (port 443) communication from the JetPatch Application Server to the required Discovery Source.
- Log in as a JetPatch Administrator and go to Platform configuration (upper right-hand corner)
- Go to Settings > Discovery Sources:
- For each organizational asset inventory (vCenter/AWS EC2/Azure/and more) need to create the relevant Discovery Source:
- Click Add Discovery Source.
- Select the required Source Type and provide the Source Name (a descriptive name for display in the JetPatch Manager Console):
- Configure the Discovery Source parameters as described below and click Test Connection. If the connection is successful, a confirmation message appears.
- Click Save (available upon successful connection test).
- Configure endpoint user accounts.
- IP address / name - name of Ip of the vCenter
- User name and Password - vSphere user account details, in a Role with Read permissions for retrieving VM details from the vCenter.
- Maximum vCenter calls per minute - to limit the communication between JetPatch Agent Manager and the discovery source (leave empty for unlimited calls).
- Note - To enable fallback hypervisor communications for endpoint operations, the provided user account should be in a Role with all Guest Operations permissions (in Role configuration, under Virtual machine > Guest Operations, select all three Guest Operation permissions).
Note - VM discovery and vSphere communication are supported for VMware vSphere 5.0 and above
Amazon EC2 (AWS)
Microsoft Azure Service Management (ASM)
- Subscription ID - can found in the Windows Azure Management Portal)
- Key store (JKS) (certificate file in JKS format) and Certificate password. To obtain the certificate file, export it from Azure and then convert it to JKS. To convert to JKS, run (requires Java JDK):
- Keytool -importkeystore -srckeystore <cert>.pfx -srcstoretype pkcs12 -destkeystore <cert>.jks -deststoretype JKS
<cert> is the certificate file name (without extension). Verify that the discovery user has ‘Windows Azure Service Management API’ extra permissions. Add the user to the Microsoft Domain App as an Owner under the RBAC roles (Azure).
Microsoft Azure Resource Management (ARM)
- Tenant ID - instructions can be found here.
- Subscription Id - can be found on your of the navigation panel in Azure>subscriptions>list of subscriptions is displayed along with the subscription ID.
- Client ID and Client Secret (aka authentication key) - instructions can be found here.
- Hostname and Domain - of the Active Directory machine.
- Port (default 389) - the communication port to the Active Directory.
- SSL Configuration (Minumum JAVA version requirement is 1.8.250):
- Use SSL - As the Java security was strengthened regarding LDAP connection during JDK 8 lifespan, we have to be sure that the hostname of the LDAP server we connect to matches the 'CN' field inside the certificate. And the other way around: the field 'CN' in the certificate must match the hostname. To verify issue from the Linux command line:
- By enabling Enforce validity of server certificate:
- Directory User and Password to connect to the Directory User. Can have only read access to Active Directory. The format of the Directory User field should be either:
- Base DN and Query - Provide the DN query to pull the users from
Example of Active Directory configuration:
- IP address / name - The IP/name of the WSUS machine as appears in JetPatch.
More information about WSUS Discovery Source can be found in Endpoint and JetPatch Configuration for WSUS and WSUS Scripts.
Change Discovery Source Timeouts
- Edit /usr/share/tomcat/default/conf/intigua.properties
- Add and configure the relevant discovery sources to the properties file
discovery-source.AWS.success.sleep-time.min (default 10)
discovery-source.AWS.error.sleep-time.min (default 20)
// Active directory
discovery-source.AD.success.sleep-time.min (default 10)
discovery-source.AD.error.sleep-time.min (default 20)
discovery-source.VC.success.sleep-time.ms (default 500)
discovery-source.VC.error.sleep-time.min (default 5)
// Azure ASM
discovery-source.ASM.success.sleep-time.min (default 10)
discovery-source.ASM.error.sleep-time.min (default 20)
- An Endpoint power status will not be updated when the connection is not via vCenter/Amazon/ Azure etc.
- Newly-added endpoints appear in the endpoint list with the initial status of Untested. Upon first vAgent deployment or upon a manual Refresh status from the Servers tab, the connection status will be updated and JetPatch Agent Manager will attempt to install the connector on the machine.
- To disable a discovery source (for example, before changing a password, to avoid the account being locked due to repetitive login failures), click .