Docs
Data Collection
DMC
Setup Overview
System & Access Requirements
VMware Requirements

VMware Requirements

DMC is compatible with the following on-premises implemented versions and later.

vSphere Version
vSphere 6.0 and above

Network Requirements

DMC requires network access to target vCenter(s) within the scope of discovery.

Source Destination Ports Purpose
Jump Box vCenter Servers 443 (HTTPS) API communication for discovery
Jump Box ESXi Hosts 443 (HTTPS) Transfer Guest VM discovered metrics

Credential Requirements

To ensure DMC can perform discovery the following permissions are required.

vCenter Access

Account Minimum Required Permissions Reason
vCenter Admin Account Read-only access to VMs, Hosts, and Datastores.

Guest Operations execution role.

Access to retrieve performance metrics		 Required to collect virtual infrastructure metadata, execute lightweight guest operations,

and retrieve VM performance data without impacting environment stability.

Guest OS Credentials

OS Credentials Needed Permissions Required Reason
Windows VMs Domain Admin or Local Admin, with Interactive Login Rights Read system settings, software inventory, network stack, and processes. Enables collection of system settings, software inventory, active processes, and network dependencies to assist with environment assessment.
Linux VMs Root or Sudo-enabled user Installed packages, active processes, and network connections. Enables collection of system settings, software inventory, active processes, and network dependencies to assist with environment assessment.
ℹ️
Usernames can be entered in either user/domain or user@domain.com format for Windows VMs; both styles are supported.

Least Privilege Guest OS Account Setup

If a customer wishes to set up a Least Privilege account, the following roles must be configured.

⚠️

Without vCentre Administrator account DMC cannot assess the health of the VMware environment. We recommend that a vSphere administrator checks the environment’s health before running DMC, as a safety precaution.

Customers can review VMware’s vSphere Health via:
🔗 View vCenter Server Health Status

Roles required for Least Privilege vCenter Permissions

Role Note
VirtualMachine.GuestOperations.Query Allows DMC to query guest OS-level info such as file system and processes.
VirtualMachine.GuestOperations.Execute Enables DMC to run lightweight commands inside the VM for inventory checks.
VirtualMachine.GuestOperations.Modify Required for actions like copying files or scripts into the VM during discovery.
Read Only access to vCenter Grants visibility into vSphere objects like VMs, hosts, clusters, and tags — essential for inventory mapping.

Least Privilege Guest OS Account Setup

Windows VM Accounts

For Windows VMs, you can create a least-privileged Windows user account:

Required Group Memberships:

Group Purpose Alternative
Remote Management Users Enables WinRM connections WinRMRemoteWMIUsers_
Performance Monitor Users Allows performance data collection Required
Performance Log Users Enables performance logging access Required

Required permissions: The account needs these permissions so DMC can create a CIM connection with the server and collect configuration and performance data from the required WMI classes.

⚠️
UAC Filtering Note: Sometimes, even after adding the account to the right groups, it may not return the needed data because of UAC filtering. To fix this, give the user account the right permissions on the CIMV2 namespace and its sub-namespaces on the target server.
ℹ️

Additional Requirements:

  • For Windows Server 2008 and 2008 R2, ensure that WMF 3.0 is installed on the servers.

Linux VM Accounts

You need a user account that has sudo permissions to execute specific commands with NOPASSWD on the Linux VMs you want to discover.

This account helps collect configuration and performance data, perform software inventory (find installed applications), and enable agentless dependency analysis using SSH.

Required sudo access (NOPASSWD):

Command Purpose Full Path
netstat or ss Network connection analysis /usr/bin/netstat, /usr/bin/ss
ps Process information /usr/bin/ps
ls File system listing /usr/bin/ls

Sudoers file entry example:

username ALL=(ALL) NOPASSWD: /usr/bin/netstat, /usr/bin/ss, /usr/bin/ps, /usr/bin/ls

⚠️
Important: Ensure that you enable NOPASSWD for the account so it can run the required commands without asking for a password each time it uses sudo. Also modify the sudoers file to disable terminal (requiretty) for the user account.
nux VMs, DMC supports SSH private keys created using the ssh-keygen command with the following algorithms:

Algorithm Support Details
RSA Full support for RSA key pairs
DSA Full support for DSA key pairs
ECDSA Full support for ECDSA key pairs
ed25519 Full support for ed25519 key pairs