2015-12-02 12:48 AM - last edited on 2016-06-30 03:59 PM by Li-Jacques
Why ONTAP Edge needs to connect to vCenter?
Tue Dec 1 15:01:19 CET [ontap-edge:vsa.vsphere.unreachable:error]: Cannot establish connection to vSphere server: 10.X.Y.Z
Any document that show this requirement?
Solved! SEE THE SOLUTION
2015-12-02 01:51 AM
Looks like ONTAP Edge has lost connection to the Vcenter. Try to log into the Edge VM and with the DIAG mode see what credential is used to connect the the vCenter server. Update the credential if required.
Check the following link "https://library.netapp.com/ecmdocs/ECMP1608881/html/GUID-A02DDB03-7D95-47A8-A9C3-CF397D79BA72.html" for more information.
hope this helps.
2015-12-02 02:37 AM
Thanks for your reply. But for us is a security concern let a VM of a customer connect to vCenter.
For us it's ok that dvadmin connects to vCenter and dvadmin connects to ONTAP Edge but can be a risk that a customer managed VM(ONTAP Edge) connects to vCenter.
We didn't found any documentation that specify the requirement of the ontap edge to connect to vsphere neither the minimum permissions that should be granted to the user used to connect to vCenter.
any documentation that specifies the requirement of the ontap edge to connect to vsphere neither the minimum permisions that should be granted to the user used to connect to vCenter.
2015-12-02 02:46 AM
Maybe the following guide can help you. "https://library.netapp.com/ecm/ecm_get_file/ECMP1547909"
2015-12-02 06:06 AM
I've missed to say that we run Edge-T 7-Mode. Documentation and express guides are incomplete.
The most useful information about why ONTAP Edge needs to connect to vCenter we found is here:
"vSphere authentication info is required for ``sysconfig -p'' to be able to gather information about the physical host machine."
2015-12-02 07:49 AM
You could create a read only user on the host, and have edge log in to its host directly. There is no need for it to have credentials in vcenter, since it is permanently bound to its host. This way sysconfig -p will be operational, and the warnings will go away. Even without access to its host it will still serve data, it just will not have any awareness of the underlying physical infrastructure, storage, etc and any related commands will not work.