Integrating vRNI with UCS Manager using an AD Service Account

One of the great features of vRNI (vRealize Network Insight) is that it has the ability to not only capture and display insights into your vSphere and NSX environments but also your physical environment as well - see supported products and versions here

The hosts in my environment are all Cisco UCS C-series rack mount servers being managed by UCS Managers and UCS Central. Guess what? It just so happens that vRNI supports UCS C-series servers and FI’s(Fabric Interconnects)! Hooray! Connectivity, as described in the official documentation, is listed as follows:

The data provider connects to UCS Manager over HTTPS and UCS Fabric Interconnect over SSH to fetch information. It also connects to the SNMP service on UCS.

The mention of SSH will become important later on in the story.

Before deploying vRNI, we created an AD Service Account to use for connectivity to all the potential data sources we’d want to integrate with, and for the sake of this example, let’s call that account [email protected]. This user has been mapped to UCS Central with the Read Only role for the UCS Domains applicable to our environment. I tested logging in via the HTTPS interface to UCSC/UCSM and everything worked great, so now it was time to create the data source in vRNI.

The process of adding a data source in vRNI is fairly simple, and you can find the instructions for doing so here. My first instinct when filling in credentials for the UCSM data sources was to format the username in the form of UPN [email protected] or Down-Level Logon Name mydomain\vernie - in both cases I found that authentication was failing. After much head scratching, Google searching, and talking with VMware GSS, I found myself staring at Cisco UCS Manager Administration Management Using the CLI and more specifically the Chapter on Remote Authentication. There’s a section with the following information:

When multiple authentication domains and native authentication are configured with a remote authentication service,
use one of the following syntax examples to log in with SSH, Telnet or Putty.

SSH log in is case-sensitive.
From a Linux terminal using SSH:

ssh ucs-auth-domain\\[email protected]{UCSM-ip-address|UCMS-ipv6-address}
ssh ucs-example\\[email protected]
ssh ucs-example\\[email protected]::1
ssh -l ucs-auth-domain\\username {UCSM-ip-address| UCSM-ipv6-address| UCSM-host-name}
ssh -l ucs-example\\jsmith
ssh -l ucs-example\\jsmith 2001::1
ssh {UCSM-ip-address | UCSM-ipv6-address | UCSM-host-name} -l ucs-auth-domain\\username
ssh -l ucs-example\\jsmith
ssh 2001::1 -l ucs-example\\jsmith
ssh ucs-auth-domain\\[email protected]{UCSM-ip-address|UCSM-ipv6-address}
ssh ucs-ldap23\\[email protected]
ssh ucs-ldap23\\[email protected]::1

Since vRNI is connecting via SSH and is not doing any post-formatting of the username, for version 3.4 and prior, you must format the AD username like so:\vernie.

The reason I stress versions 3.4 and prior is that after working with GSS, a feature request to fix the parsing/formatting was created and I was told it would be included in version 3.5.