AWS Agentless Discovery Connector

Download the discovery Connector

Download, Install and Begin Data Collection

To enable agentless discovery, you must first download and install the Discovery Connector, a virtual appliance, on a VMware vCenter Server host in an on-premises environment. In your on-premises VMware environment, you must install the Discovery Connector as an Open Virtualization Archive (OVA) file.

This section shows how to download, deploy, configure, and collect data with the Discovery Connector.

To verify the checksum of the Discovery Connector OVA file, download it.

1. Log in as a VMware administrator to vCenter and navigate to the directory where you want to save the Discovery Connector OVA file.
    
2. Download either the MD5 or SHA256 hashing algorithms, depending on which hashing algorithm you use in your system environment, to get the file containing the checksum value. This value is used to validate the AWSDiscoveryConnector.ova file downloaded in the previous step.
    
3. Run the version-appropriate MD5 or SHA256 command, depending on your Linux distribution, to ensure that the cryptographic signature of the AWSDiscoveryConnector.ova file matches the value in the respective MD5/SHA256 file that you downloaded.

$ md5sum AWSDiscoveryConnector.ova
$ sha256sum AWSDiscoveryConnector.ova

Deploy the Discovery Connector

Following are the steps required to deploy the discovery connector:

1. Log in as a VMware administrator to vCenter.
    
2. Select File, Deploy OVF Template, and then select the OVA file you downloaded in the previous section to finish the wizard.
    
3. Choose one of the thick provision disc types on the Disk Format page. We recommend Thick Provision Eager Zeroed because it provides the best performance and reliability. However, zeroing out the disc takes several hours. Do not select Thin Provision. This option speeds up deployment but drastically reduces disc performance. See Types of supported virtual discs in the VMware documentation for more information.
    
4. Choose Power, Power On from the context (right-click) menu for the newly deployed template in the vSphere Client inventory tree.
    
5. Return to the template's context (right-click) menu and select Open Console. The IP address of the connector console is displayed on the console. 

 Note the IP address because you'll need it to finish the connector setup process.

Configure the AWS discovery Connector

Following are the steps required to configure the AWS discovery connector:

1. In a web browser, type https://ip address>/ in the address bar, where 'IP address' is the IP address of the connector console that was saved earlier.
    
2. Choose Begin now, and then proceed to the following setup pages: License Agreement, Create a Password, and Network Info.
    
3. We recommend selecting Upload logs automatically on the Log Uploads and Upgrades page. AWS can better assist you in troubleshooting connector issues when your logs are made available via automatic uploads.
    
4. The auto-upgrade feature of the AWS Agentless Discovery Connector is enabled by default. Running the most recent connector version ensures that the most recent security patches are installed. You can turn off auto-upgrades at any time; for more information, see Disabling auto-upgrades on AWS Discovery Connector.
    
5. Perform the following steps on the Discovery Connector Set Up page:
   1. Configure vCenter credentials as follows:
      1. Enter the hostname or IP address of the VMware vCenter Server host in the vCenter Host field.
      2. Fill in the name of a local (or domain) user that the connector will use to communicate with vCenter in the vCenter Username field. Use the form domainusername or username@domain for domain users.
      3. Enter the local or domain user password for vCenter Password.
      4. To avoid SSL certificate validation with vCenter, select Ignore security certificate.
          
   2. Fill in the credentials for the IAM user who is assigned the IAM managed policy under Configure AWS credentials. 
      Then select Next.
       
   3. Select a local file or a specific AWS Regional endpoint under Configure where to publish data. When you publish to a local file, your Discovery Connector does not send data about your on-premise servers to AWS. On the other hand, the Discovery Connector will continue to send data about the connector to AWS.
      Then, select Next to return to the AWS Agentless Discovery Connector console.   

Discovery Collector data Connection

Making Use of the Migration Hub Console

On the Data Collectors page of the Migration Hub console, the following procedure shows how to start or stop the Discovery Connector data collection process.

To begin or end data collection.

1. Select Data Collectors from the navigation pane.
2. Select the Connectors tab.
3. Check the box next to the connector you want to start or stop.
4. Select either Start or Stop data collection.

Troubleshooting the discovery Connector

To repair the AWS connection

1. Examine your firewall to see if it is blocking egress traffic to ec2.amazonaws.com. If so, unblock it. Reconfigure the Discovery Connector after updating the firewall.
    
2. If updating the firewall fails to resolve the connection problem, ensure that the connector virtual machine has outbound network connectivity. If the virtual machine has outbound connectivity, use telnet on ports 80 and 443 to test the connection to aws.amazon.com and ec2.amazonaws.com, as shown below.
   telnet ec2.amazonaws.com 80
    
3. If you enable outbound connectivity from the virtual machine, you must contact AWS Support for further assistance.

Fixing unhealthy connectors

The Migration Hub console's Data Collectors page contains health information for each Discovery Connector. You can identify problematic connectors by looking for any connectors with a Health status “Unhealthy”. Following are some of the steps required to fix unhealthy connectors:

1. Navigate to the Migration Hub console and select Data Collectors from the left-hand navigation in a web browser.
    
2. Note the IP address for each connector with an Unhealthy health status on the Connectors tab.
    
3. Open browser on any computer that can be used to connect to the connector virtual machine and type https://ip address of connector, where IP address of connector is the IP address of an unhealthy connector.
    
4. Enter the connector management console password, which you must have set up when you configured the connector.
    
5. One can take action to resolve an unhealthy status once you've accessed the connector console. If you select View Info for vCenter connectivity, a dialogue box with a diagnostic message will appear. Only connectors with version 1.0.3.12 or later have the View Info link.
    
6. After resolving the health issues, the connector will re-establish connectivity with the vCenter Server, and its status will change to HEALTHY. If the problems persist, please get in touch with AWS Support.

Problems with IP addresses

A connector can become unhealthy if the vCenter endpoint provided during the connector setup is incorrect or if the vCenter Server is currently unavailable. When you select View Info for vCenter connectivity in this case, you'll see a dialogue box with the message "Confirm the operational status of your vCenter server; you can also choose Edit Settings to update the vCenter endpoint."

You can solve IP address issues using the steps below.

1. Select Edit Settings from the connector console (https://ip address of connector).
    
2. Select Discovery Connector Set Up from the left-side navigation.
    
3. Note the vCenter Host IP address from Configure vCenter credentials. 
    
4. Confirm that the associated vCenter Server is active and that the IP address is reachable from the connector VM using a separate command-line tool such as ping or traceroute.
   1. If the vCenter service is running and the IP address is incorrect, update it in the connector console and click Next.
   2. If the IP address is correct, but the vCenter Server is not running, restart it.
   3. Check if the vCenter Server is blocking ingress network connections due to firewall issues if the IP address is right and the Server is active. Configure your firewall to allow incoming connections from the connector VM.

Credential issues

If the vCenter user credentials provided during connector setup are invalid or do not have vCenter read and view account privileges, connectors can become unhealthy. Therefore we need to fix the credentials issues, so the following are the steps required to fix the credentials issues:

1. Select Edit Settings from the connector console (https://ip address of connector).
    
2. Select Discovery Connector Set Up from the left-side navigation.
    
3. Update the vCenter Username and vCenter Password from Configure vCenter Credentials and provide the credentials for a vCenter user who has read and viewed permissions.
    
4. To finish the setup, select Next.

Obtaining additional assistance for connector issues

If you require assistance, contact AWS Support. You will be asked to submit the connector logs. To obtain the logs, perform the following steps:

1. Log in to the AWS Agentless Discovery Connector console once more (as you did during configuration) and select Download log bundle.
2. Please send the log bundle to AWS Support as directed once the log bundle is downloaded.

Frequently Asked Questions

What operating systems are supported by agentless discovery?

Agentless discovery is platform-independent. It obtains data about VMware virtual machines regardless of the VM operating system.

Is it possible to run agentless discovery in EC2 instances?

No, the AWS Agentless Discovery Connector is installed on VMware and only collects data from VMware vCenter.

Where is my browsing data stored securely? Is it S3 bucket?

Yes. The specially designed S3 bucket data is encrypted with a customer master key. Bucket ACLs can also be used in conjunction with IAM and bucket policies to restrict access to S3 resources further.

Has AWS granted remote access to my data center servers via the AWS Application Discovery Agentless Connector?

No, AWS Agentless Connectors installed in VMware environments do not provide AWS remote access to data center servers. On the other hand, the Agentless Connector requires VMware credentials to collect data. These credentials are kept on your computer and are never shared with AWS. The Agentless Connector creates an outbound SSL connection solely to transfer the data collected.

Conclusion

In this article, we have discussed the concepts of AWS AgentlessDiscovery Connector. We started with an introduction to AWS Agentless Discovery Connector, and then we discussed the following topics data collected by the discovery connector, download, deployment, and configuration of the AWS Agentless Discovery connector, Discovery Collector data Connection, and in the end, we concluded with troubleshooting the discovery connector.

We hope that this blog has helped you enhance your knowledge regarding AWS Agentless Discovery Connector and if you would like to learn more, check out our article AWS Step Functions.

For peeps out there who want to learn more about Data Structures, Algorithms, Power programming, JavaScript, or any other upskilling, please refer to guided paths on Coding Ninjas Studio. Enroll in our courses, go for mock tests and solve problems available and interview puzzles. Also, you can put your attention towards interview stuff- interview experiences and an interview bundle for placement preparations. Do upvote our blog to help other ninjas grow.

Do upvote our blog to help other ninjas grow. 

Happy Coding!