VMware {code} Community
a_b_h_i
Contributor
Contributor
‎04-10-2015 06:08 AM
Jump to solution

What is the actual purpose of the accessible property in the NetworkSummary data object ?

Hi There,

I have a scenario where i need to monitor the SSH connectivity of the ESX server.

Simple way is to ping each server and get the status of individuals against the response of a ping.

I found the accessible property in the network summary data object.

vSphere 5.5 Documentation Center

Description of it is not that much succinct to get the meaning of it in a one go.

Is anyone aware about the purpose of this property? Will it be helpful to monitor the SSH connectivity of ESX Server.(something like iteratively checking the ping status)

How it internally works? Does it try a ping to individual server to confirm the connectivity?

Any help will be appreciated.

Abhijit.

0 Kudos
1 Solution

Accepted Solutions
a_b_h_i
Contributor
Contributor
‎04-12-2015 11:50 PM
Jump to solution

Thanks for your response.

It is helpful.

View solution in original post

0 Kudos
4 Replies
stumpr
Virtuoso
Virtuoso
‎04-10-2015 06:18 AM
Jump to solution

You might want to use runtime.connectionState.  This will tell you that the host is reachable by vCenter.

Ping would be another way, though that won't tell you if SSH is running.  You might want to script a basic SSL handshake process against the hosts (perhaps ping or check runtime.connectionState first to save on some overhead).  You could also monitor the SSHD service settings through vCenter (or the Host API).  If it's running and the firewall port for SSHD is open, you're probably safe to say SSH is available.  Or a simple port scan as well (restricted to TCP:22).

I've done the port scan (nmap) process in the past and it's generally worked out as a reliable way to validate SSH is enabled, running and accessible on ESXi.

Reuben Stump | http://www.virtuin.com | @ReubenStump
0 Kudos
a_b_h_i
Contributor
Contributor
‎04-10-2015 07:04 AM
Jump to solution

Connection state is useful if host got disconnected or it is not responding.

What if ESX server is in a full-fledged up condition but some firewall port blockers are not allowing SSH connectivity then would NetworkSummary data object be helpful to get the accessibility information about the ESX ?

~Abhijit

0 Kudos
stumpr
Virtuoso
Virtuoso
‎04-10-2015 11:51 AM
Jump to solution

I don't think it will be useful.  It's basically summarizing the Network object (VSS PG); not the HostSystem SSH daemon.  The accessible flag there is just saying "at least one host is attached to this network".

I believe if connectionState indicates the host is unavailable, that means you lost connection to the management agent on the ESXi host, and all the data in the API is probably old (defunct).

I think if your target is SSH, I would do port scan to 22 or an openssl handshake (pick your fav script language or tool) to validate it's up.  Assuming the host has connectivity to the vSphere system (connectionState ok), then you could also review the SSHD service configuration from the API, verify it's running and also check the lockdown mode flags (which disable SSH).  But assuming your port 22 or ssl handshake is failing, that information is more about why vs "is it working".

Reuben Stump | http://www.virtuin.com | @ReubenStump
a_b_h_i
Contributor
Contributor
‎04-12-2015 11:50 PM
Jump to solution

Thanks for your response.

It is helpful.

0 Kudos