Physical Requirements

Docs

DMC

DMC supports scanning of physical Windows and Linux servers with the following requirements.

Supported Operating Systems

Operating System	Support Details
Windows Server 2008 R2 and above	Collects metrics for Windows servers
Ubuntu	Collects metrics for Linux servers
Red Hat	Collects metrics for Linux servers
CentOS	Collects metrics for Linux servers
SUSE	Collects metrics for Linux servers

Network Requirements

DMC requires network access to target physical servers within the scope of discovery.

Source	Destination	Ports	Purpose
Jump Box	Windows Servers	5985 (HTTP), 5986 (HTTPS)	Windows Remote Management (WinRM)
Jump Box	Linux Servers	22 (SSH)	Linux management and data collection

Windows VM Prerequisites

PowerShell Remoting must be enabled on Windows VMs to allow DMC to run PowerShell commands over WinRM connections.

Enable Powershell Remoting

Open Powershell

Open PowerShell as Administrator on each Windows VM

Run Command

Run the following command:

Enable-PSRemoting -force

Enable AllowRemoteShellAccess

In order to allow DMC to successfully collect guest information please ensure that AllowRemoteShellAccess is enabled in WinRM Configuration

Set-WSManInstance -ResourceURI winrm/config/winrs -ValueSet @{AllowRemoteShellAccess="true"}.

This enables the WinRM service and configures the necessary firewall rules for remote PowerShell connections.

PowerShell Constrained Mode

DMC does not support PowerShell constrained mode. This feature must be disabled on Windows servers to allow DMC to collect the required system information.

To disable PowerShell constrained mode:

Check Current Status

Run the following command to check if constrained mode is enabled:

$ExecutionContext.SessionState.LanguageMode

Disable Constrained Mode

If the output shows “ConstrainedLanguage”, run the following command to disable it:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine

Check UAC Token Filtering

Run the following command to check if UAC token filtering is enabled:

reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy

If the value is 0, UAC token filtering is enabled and may prevent DMC from collecting data. Set the value to 1 to disable filtering:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

⚠️

PowerShell constrained mode restricts the execution of certain PowerShell commands and modules, which prevents DMC from collecting necessary system information. Ensure this mode is disabled before running DMC discovery.

Credential Requirements

To ensure DMC can perform discovery the following permissions are required.

Windows Server Access

Account	Minimum Required Permissions	Reason
Domain Admin or Local Admin	Interactive Login Rights	Required to collect system settings, software inventory, active processes, and network dependencies to assist with environment assessment.
Remote Management Users	Group membership	Enables WinRM connections for remote data collection
Performance Monitor Users	Group membership	Allows performance data collection
Performance Log Users	Group membership	Enables performance logging access

⚠️

Verify Group Membership: Being a Local Admin or Domain Admin may not automatically include membership in the Remote Management Users, Performance Monitor Users, or Performance Log Users groups. Verify that your Windows VM Access account is a member of all required groups before running DMC discovery.

UAC Filtering Note: Sometimes, even after adding the account to the right groups, it may not return the needed data because of UAC filtering. To fix this, give the user account the right permissions on the CIMV2 namespace and its sub-namespaces on the target server. For infomation how to troubleshoot UAC filtering please see here

Linux Server Access

Account	Minimum Required Permissions	Reason
Root or Sudo-enabled user	System access for package queries and process monitoring	Required to collect system settings, software inventory, active processes, and network dependencies to assist with environment assessment.

ℹ️

Usernames can be entered in either user/domain or user@domain.com format for Windows servers; both styles are supported.

Least Privilege Setup

If you prefer to use least-privilege accounts instead of admin accounts, you can set up dedicated user accounts with specific permissions.

Guest OS Account Setup

Windows Server Accounts

For Windows servers, you can create a least-privileged Windows user account:

Prerequisites:

PowerShell remoting must still be enabled on the Windows servers (see Windows Server Prerequisites above)

Required Group Memberships:

Group	Purpose	Alternative
Remote Management Users	Enables WinRM connections	WinRMRemoteWMIUsers_
Performance Monitor Users	Allows performance data collection	Required
Performance Log Users	Enables performance logging access	Required

Required permissions: The account needs these permissions so DMC can create a CIM connection with the server and collect configuration and performance data from the required WMI classes.

ℹ️

Additional Requirements:

For Windows Server 2008 and 2008 R2, ensure that WMF 3.0 is installed on the servers.

Linux Server Accounts

ℹ️

Need help creating SSH keys? See our Creating SSH Keys for use with DMC guide for step-by-step instructions.

You need a user account that has sudo permissions to execute specific commands with NOPASSWD on the Linux servers you want to discover.

This account helps collect configuration and performance data, perform software inventory (find installed applications), and enable agentless dependency analysis using SSH.

Required sudo access (NOPASSWD):

Command	Purpose	Full Path
netstat or ss	Network connection analysis	/usr/bin/netstat, /usr/bin/ss
ps	Process information	/usr/bin/ps
ls	File system listing	/usr/bin/ls

Sudoers file entry example:

username ALL=(ALL) NOPASSWD: /usr/bin/netstat, /usr/bin/ss, /usr/bin/ps, /usr/bin/ls

⚠️

Important: Ensure that you enable NOPASSWD for the account so it can run the required commands without asking for a password each time it uses sudo. Also modify the sudoers file to disable terminal (requiretty) for the user account.

SSH Key Requirements

For Linux servers, DMC supports SSH private keys created using the ssh-keygen command with the following algorithms:

Algorithm	Support Details
RSA	Full support for RSA key pairs
DSA	Full support for DSA key pairs
ECDSA	Full support for ECDSA key pairs
ed25519	Full support for ed25519 key pairs

⚠️

Important Notes:

SSH keys with passphrases are not supported. Use keys without a passphrase.
SSH private key files created by PuTTY are not supported.
Only SSH private key files in OpenSSH format are supported.