VMware Requirements
DMC supports scanning of on-premises VMware environments with the following requirements.
| vSphere Version |
|---|
| vSphere 6.0 and above |
DMC supports scanning of the below guest operating systems running on the VMware environment.
| Operating System | Support Details |
|---|---|
| Windows Server 2008 R2 and above | Collects metrics for Windows servers |
| Ubuntu | Collects metrics for Linux servers |
| Red Hat | Collects metrics for Linux servers |
| CentOS | Collects metrics for Linux servers |
| SUSE | Collects metrics for Linux servers |
Network Requirements
DMC requires network access to target vCenter(s) within the scope of discovery.
| Source | Destination | Ports | Purpose |
|---|---|---|---|
| Jump Box | vCenter Servers | 443 (HTTPS) | API communication for discovery |
| Jump Box | ESXi Hosts | 443 (HTTPS) | Transfer Guest VM discovered metrics |
VMware Tools Requirement
VMware Tools must be installed and running on all guest VMs (both Windows and Linux) for DMC to perform guest-level data collection.
What Happens If VMware Tools Is Not Running
If VMware Tools is not installed or not running on a guest VM:
- DMC will still collect hypervisor-level data (VM configuration, resource allocation, etc.)
- Guest-level data collection will be skipped
- The scan will show a partial scan status for that VM
- No guest OS metrics, software inventory, or process data will be collected
Verify VMware Tools Status
Check VMware Tools Status in vSphere Client
- Open vSphere Client
- Navigate to the VM
- Check the Summary tab
- Look for VMware Tools status:
- Running - VMware Tools is installed and running (required for full scan)
- Not running - VMware Tools is installed but not running (will result in partial scan)
- Not installed - VMware Tools is not installed (will result in partial scan)
Install or Start VMware Tools
For Windows VMs:
- Right-click the VM in vSphere Client
- Select Guest OS → Install/Upgrade VMware Tools
- Follow the installation wizard
- Restart the VM if required
For Linux VMs:
- Right-click the VM in vSphere Client
- Select Guest OS → Install/Upgrade VMware Tools
- Mount the VMware Tools ISO
- Extract and install using the appropriate package manager for your Linux distribution
PowerShell Constrained Mode
DMC does not support PowerShell constrained mode. This feature must be disabled on Windows VMs to allow DMC to collect the required system information.
To disable PowerShell constrained mode:
Check Current Status
Run the following command to check if constrained mode is enabled:
$ExecutionContext.SessionState.LanguageModeDisable Constrained Mode
If the output shows “ConstrainedLanguage”, run the following command to disable it:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachineCheck UAC Token Filtering
Run the following command to check if UAC token filtering is enabled:
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicyIf the value is 0, UAC token filtering is enabled and may prevent DMC from collecting data. Set the value to 1 to disable filtering:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /fCredential Requirements
To ensure DMC can perform discovery the following permissions are required.
vCenter Access
| Account | Minimum Required Permissions | Reason |
|---|---|---|
| vCenter Admin Account | Read-only access to VMs, Hosts, and Datastores. Guest Operations execution role. Access to retrieve performance metrics |
Required to collect virtual infrastructure metadata, execute lightweight guest operations, and retrieve VM performance data without impacting environment stability. |
Guest OS Credentials
| OS | Credentials Needed | Permissions Required | Reason |
|---|---|---|---|
| Windows VMs | Domain Admin or Local Admin, with Interactive Login Rights | Read system settings, software inventory, network stack, and processes. | Enables collection of system settings, software inventory, active processes, and network dependencies to assist with environment assessment. |
| Linux VMs | Root or Sudo-enabled user | Installed packages, active processes, and network connections. | Enables collection of system settings, software inventory, active processes, and network dependencies to assist with environment assessment. |
Windows VM Access Requirements
| Account | Minimum Required Permissions | Reason |
|---|---|---|
| Domain Admin or Local Admin | Interactive Login Rights | Required to collect system settings, software inventory, active processes, and network dependencies to assist with environment assessment. |
| Remote Management Users | Group membership | Required for VMware Guest Operations API to access guest VM data (via VMware Tools) |
| Performance Monitor Users | Group membership | Allows performance data collection via WMI (accessed through VMware Guest Operations API) |
| Performance Log Users | Group membership | Enables performance logging access via WMI (accessed through VMware Guest Operations API) |
Verify Group Membership: Being a Local Admin or Domain Admin may not automatically include membership in the Remote Management Users, Performance Monitor Users, or Performance Log Users groups. Verify that your Windows VM Access account is a member of all required groups before running DMC discovery.
UAC Filtering Note: Sometimes, even after adding the account to the right groups, it may not return the needed data because of UAC filtering. To fix this, give the user account the right permissions on the CIMV2 namespace and its sub-namespaces on the target server. For information on how to troubleshoot UAC filtering, see Remediating Access Issues.
user/domain or user@domain.com format for Windows VMs; both styles are supported.Least Privilege Guest OS Account Setup
If a customer wishes to set up a Least Privilege account, the following roles must be configured.
Without vCentre Administrator account DMC cannot assess the health of the VMware environment. We recommend that a vSphere administrator checks the environment’s health before running DMC, as a safety precaution.
Customers can review VMware’s vSphere Health via:
🔗 View vCenter Server Health Status
Roles required for Least Privilege vCenter Permissions
| Role | Note |
|---|---|
| VirtualMachine.GuestOperations.Query | Allows DMC to query guest OS-level info such as file system and processes. |
| VirtualMachine.GuestOperations.Execute | Enables DMC to run lightweight commands inside the VM for inventory checks. |
| VirtualMachine.GuestOperations.Modify | Required for actions like copying files or scripts into the VM during discovery. |
| Read Only access to vCenter | Grants visibility into vSphere objects like VMs, hosts, clusters, and tags — essential for inventory mapping. |
Least Privilege Guest OS Account Setup
Windows VM Accounts
For Windows VMs, you can create a least-privileged Windows user account:
Required Group Memberships:
| Group | Purpose | Alternative |
|---|---|---|
| Remote Management Users | Required for VMware Guest Operations API to access guest VM data (via VMware Tools) | Required |
| Performance Monitor Users | Allows performance data collection via WMI (accessed through VMware Guest Operations API) | Required |
| Performance Log Users | Enables performance logging access via WMI (accessed through VMware Guest Operations API) | Required |
Required permissions: The account needs these permissions so DMC can create a CIM connection with the server and collect configuration and performance data from the required WMI classes via VMware Guest Operations API.
Additional Requirements:
- For Windows Server 2008 and 2008 R2, ensure that WMF 3.0 is installed on the servers.
Linux VM Accounts
You need a user account that has sudo permissions to execute specific commands with NOPASSWD on the Linux VMs you want to discover. These commands are executed via VMware Guest Operations API, so the account must have appropriate sudo permissions configured.
Required sudo access (NOPASSWD) for commands executed via VMware Guest Operations API:
| Command | Purpose | Full Path |
|---|---|---|
| netstat or ss | Network connection analysis | /usr/bin/netstat, /usr/bin/ss |
| ps | Process information | /usr/bin/ps |
| ls | File system listing | /usr/bin/ls |
Sudoers file entry example:
username ALL=(ALL) NOPASSWD: /usr/bin/netstat, /usr/bin/ss, /usr/bin/ps, /usr/bin/ls