VMware Solutions Discussions

vsc plugin and account in vSphere?

heightsnj
5,852 Views

We have VSC plugin installed in vSphere since a long time ago. Often, we can also see "vsc" account being used, for instance creating a Datastore in vSphere as shown in logs. I don't know how VSC works from high level. 

 

1.  Would somebody has to log into vSphere as "vsc" and performed the task? I couldn't find such logins from vSphere.
2. Or, would that person can perform the task remotely from VSC server without logins? If yes, how can trace back to that server from vSphere?

3. How can I check if VSC is still installed vSphere/vcenter? As you can see from the attachment, when I click on Virtual Storage Console, I don't see much information there. 

 

Obviously, I don't know much about VSC, and need your help. 

 

6 REPLIES 6

Ontapforrum
5,771 Views

VSC versions has changed a lot over the course of time and so it's name, it is now called 'ONTAP tools for VMware vSphere'. But, it's purpose remains the same - A plug-in that provides end-to-end lifecycle management for virtual machines in VMware environments using NetApp storage systems. If you are very new to this software/tool/plug-in, I suggest go through the basic concepts, and to be honest there is loads of information around VSC, I am sure you must have already discovered it.

 

In a nutshell it is  as simple as:
1) Install VSC (or whatever the name it has) as binaries/ova.
2) Ensure the VSC software/appliance is up and running and can talk to the vCenter server.
3) Register this VSC appliance with the vCenter server.
https://appliance_ip:8143/Register.html to register the VSC instance.
4) That's it, when you login to vCenter HTML5/(adobe-flash-webclient:deprecated) it will appear as a plug-in.


1. Would somebody has to log into vSphere as "vsc" and performed the task? I couldn't find such logins from vSphere.
No. It gets integrated into the vCenter server and appear as a plug-in with NetApp ICON. VSC integrates smoothly with the VMware vSphere Web Client and enables you to use Single Sign-on (SSO) services.

 

2. Or, would that person can perform the task remotely from VSC server without logins? If yes, how can trace back to that server from vSphere?
No. Via plug-in

 

3. How can I check if VSC is still installed vSphere/vcenter? As you can see from the attachment, when I click on Virtual Storage Console, I don't see much information there.
In the vcenter: Could you search for a VM/appliance named 'vsc' ? ( Documentation ?)

 

What version of vCenter ,vSphere and Ontap you are running ?

 

Also, you may be aware that 'vSphere Adobe-Flash-based Web Client' has reached EOL. VMware’s recommendation is to upgrade vCenter Servers to vSphere 6.7 Update 3 and use HTML5 based vSphere Client to manage vSphere environments]


Some references to get an idea about this tool (Plug-in):
https://docs.netapp.com/us-en/ontap-tools-vmware-vsphere/deploy/task_deploy_ontap_tools.html
https://docs.netapp.com/us-en/ontap-tools-vmware-vsphere/deploy/concept_installation_workflow_for_new_users.html
https://mysupport.netapp.com/info/web/ECMLS2588119.html
https://library.netapp.com/ecm/ecm_download_file/ECMLP2858383
https://library.netapp.com/ecmdocs/ECMP1392339/html/GUID-328AEB84-3256-42EF-BEA1-5D1D3C6F537F.html
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/VSC_and_VASA_Provider/How_to_completely_uninstall_remove_VSC_from_your_environm...

heightsnj
5,724 Views

Thank you both for messages! The links for docs are great!

 

I have a very specific question.

The attached was excerpted from a ESXi log, which indicated the ID "vsc_svc" created a Datastore. this is not a ID for an employee but a VSC ID, I think, which means to me that VSC created the Datastore 

 

So, my question,

1.  how was this datastore created, inside vSphere or outside in VSC server?

2. I also suspect a server has old VSC installed, how do I check if the server has VSC?

 

 

 

 

ChanceBingen
5,723 Views

Most likely somebody created a user to function like a service account and registered the plugin with it. You can check the users on the vCenter server and look at the different domains in the list to see if it's there.

 

Anything xxx_vsc_svc is a pretty common name people create for that purpose.

 

bingen_1-1638398218828.png

 

 

ChanceBingen
5,738 Views

Just adding to what was already said.

 

ONTAP tools & legacy VSC both use vCenter RBAC, and in fact, if you look at your permissions in vCenter you can see that there are several new roles created, like VSC Read-only, etc...

 

You can use these pre-created roles to limit what SSO users can do in vCenter.

 

Also, ONTAP tools is also a REST API endpoint, so you can do pretty much anything (depending on your version!) via REST API that you could do via the vCenter UI. This enables you to create automated workflows that you can use in your orchestration tools.

 

The same RBAC roles apply via REST API, so no worries about somebody trying to sneak past their permissions.

heightsnj
5,720 Views

1. Is this plugin still registered and being used in vCenter? If you go back to check out the attachment in my first message. Virtual Storage Console looks empty to me. 

2. I will have to check out the account tomorrow. But, did somebody logged in using "xxx_vsc_svc" credential, then created the Datastore, or he could create it from outside vSphere without logging in? Because we all have our own account, if he logged in why didn't he use his own account. 

Ontapforrum
5,661 Views

As you are new to VSC tool, I suggest open a call with NetApp. Tech Support will be able to remote-in and quickly assess your case. This is advisable b'cos you are new to this tool. I would probably first look for the virtual appliance (VSC) in the vCenter, go to vCenter and look for any appliance/VM i.e named VSC or has netapp or something that will give you an idea whether you have the VSC tool installed/alive/dead etc.

Public