Morpheus Documentation

Morpheus

Feb 07, 2025

 HPE VM ESSENTIALS

1 Getting Started 1
1.1 Network Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3 Initial HPE VME manager Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2 Operations 29
2.1 Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.2 Wiki . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.3 Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3 Provisioning 33
3.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.2 Provisioning Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.3 Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

4 Library 43
4.1 Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
4.2 Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4.3 Virtual Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5 Infrastructure 55
5.1 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
5.2 Clouds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.3 Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
5.4 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
5.5 Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
5.6 Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

6 Backups 109
6.1 Initial Backups Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
6.2 Configuring Backups during Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
6.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
6.4 Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

7 Tools 113
7.1 Cypher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
7.2 Archives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

8 Administration 119
8.1 Identity Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
8.2 Plans & Pricing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

i
 8.3 Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
8.4 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
8.5 Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
8.6 Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
8.7 User Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

9 Integration Guides 161

9.1 Clouds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

ii
 CHAPTER

ONE

GETTING STARTED

HPE VM Essentials Software is a virtualization solution allowing for easy deployment of KVM-based HPE VME
clusters with administration made easy through HPE VME manager. Once deployed, take advantage of powerful
features including live migration of VMs across cluster hosts with zero downtime, dynamically distribute workloads
based on load, automatic failover of workloads following the loss of a host, and a lot more. Provisioning new workloads
is also made easy with the HPE VM Essentials image library, automation tools, and powerful provisioning wizard. In
addition to HPE VME clusters, HPE VM Essentials also includes a deep integration into VMware vCenter, which also
takes advantage of the same powerful provisioning wizard, automation engine, and monitoring capabilities.
This documentation covers the system requirements for HPE VME clusters and a setup guide for installing HPE VME
manager. It also includes example use cases for effective implementation of the feature set and in-depth sections for
each area of the UI detailing the capabilities of each tool.
Before getting started, it’s important to note that administrators have the responsibility to install and configure servers
and network equipment in a way that will ensure successful operation of HPE VM Essentials. This includes selecting
host servers, storage hardware, and networking hardware that have been certified as compatible with the platform. The
HPE VM Essentials section of the HPE Support Center contains a reference architecture document which includes a
validated design with specific hardware SKUs. The same section of the HPE Support Center also includes a qualifica-
tion matrix which lists hardware that has been certified compatible.
Additionally, administrators will be required to perform some setup functions on their own, such as preinstalling Ubuntu
22.04 on host servers, configuring networking for each host, configuring access to external storage at the OS level, and
establishing a network topology that ensures acceptable performance. Subsequent sections of this document will outline
some effective network designs and some tips for selecting a network design based on available hardware. It will be
the responsibility of the administrator to select a network design based on available hardware and to use the Linux
command line to establish appropriate network bonds, storage configuration, and access across the cluster.

1.1 Network Considerations

In order to run HPE VM Essentials effectively in production, network redundancy and throughput must be considered.
Network bonding is an important component to building redundancy into the environment so we will briefly discuss it
here before showing some example network configurations. Ultimately the environment is your own but this discussion
and the example network configurations that follow will help in planning out an effective operating environment for
HPE VM Essentials.

1
Morpheus Documentation

1.1.1 Network Bonding

Network bonding is the combining of multiple network adapters into a single logical interface. This is done to build
in redundancy and to increase throughput. Network bonds are configured at the operating system level and there are
multiple types of network bonds depending on hardware support and other factors. Here we will call out two types
of network bonds that are effective for virtualization and utilized in the example configurations that follow. Once
established, we can later offer up these bonded interfaces as a compute network (for virtual machine traffic) or storage
network (for interacting with external storage) when creating our cluster within the HPE VME manager UI.
Link Aggregation Control Protocol (LACP) 803.2ad
LACP offers dynamic link aggregation with automatic negotiation, meaning the host and switch can communicate to
determine the best available transmission parameters. It also includes load balancing and failover capabilities in the
event of a failure somewhere in the path (failed interface, switch, etc). Bear in mind that LACP bonds require hardware
support from a compatible switch but most current enterprise-grade switches do support it. If you have supported
hardware and high availability and dynamic load balancing are important for your workloads, this is a good choice of
bond type.
Balanced XOR
Balanced XOR is another bond type worth considering, especially if your switch hardware does not support LACP. It’s
simpler to set up and provides basic load balancing and failure but is less fexible and dynamic as compared to LACP.
It’s a good choice in environments where LACP is not supported or where dynamic load balancing is not required.

1.1.2 Example Network Configurations

If you have the capability to do so, it’s recommended you set up networking with full redundancy. Such a setup
could include two network switches and hosts with at least six network interfaces spread across two network cards.
This would allow for failover in the event of the loss of a switch and/or one of the host network cards in addition to
separating management and compute network traffic to their own interfaces. Hosts with only four NICs each can still be
configured for full redundancy but would have to converge management and compute traffic across the same interfaces.
Keep in mind also that these examples use MPIO (multi-path input/output) for storage. It would also be possible to use
bonding for storage depending on capabilities of the environment. MPIO is recommended whenever fibre channel or
iSCSI LUNs are being used for GFS2 datastores.
Six NICs with LACP bonds and MPIO for storage traffic

2 Chapter 1. Getting Started

 Morpheus Documentation

• Six network interfaces

• One VLAN for management
• N VLANs for compute
• Two VLANs for storage
• Management and compute interfaces bonded on the hosts
• MLAG bonding on switches for management and compute
In the diagram note that each host has two network cards with four network interfaces on each card. We have a man-
agement network where the host IP address will go, which is an LACP-based bond that is replicated on the switches
in a multi-chassis link aggregation group (MLAG). We also have a compute VLAN trunk to create networks for pro-
visioning workloads onto. This is a similar bond interface with LACP and MLAG. For storage, it’s recommended you
use either fibre channel or iSCSI connectivity. To support that, in this example, two separate networks are created so
MPIO can be configured (Multi-path Input/Output). MPIO provides multiple physical paths between hosts and storage
devices which, like other considerations here, offers increased throughput and resiliency.
Six NICs with XOR bonds and MPIO for storage traffic

1.1. Network Considerations 3

Morpheus Documentation

• Six network interfaces

• One VLAN for management
• N VLANs for compute
• Two VLANs for storage
• Management and compute interfaces bonded on the hosts
• MLAG bonding on switches for management and compute
This configuration is very similar to the previous one but the MLAGs have been removed from the switches and
changed the bonding type to XOR. As mentioned previously, this model might be a good selection for environments
with switches that don’t support LACP bonds.
Four NICs with LACP bonds and MPIO for storage traffic

4 Chapter 1. Getting Started

 Morpheus Documentation

• Four network interfaces

• Management and compute VLANs on the same network trunk
• Two VLANs for storage
• Management interfaces bonded on hosts
• Compute interfaces bonded on hosts
• MLAG bonding on switches for management and compute
If there aren’t enough interfaces available to separate the management and compute networks, a network configuration
similar to the one shown here might be a good option. In this configuration, since there are only four network interfaces
per host, the management and compute are converged. Once again, we have an LACP bond on this converged interface
with MLAG on switches. We also have separate networks to handle storage MPIO.
Four NICs with XOR bonds and MPIO for storage traffic

1.1. Network Considerations 5

Morpheus Documentation

• Four network interfaces

• Management and compute VLANs on the same network trunk
• Two VLANs for storage
• Management interfaces bonded on hosts
• Compute interfaces bonded on hosts
• MLAG bonding on switches for management and compute
This network example is very similar to the previous one with LACP bonds replaced with XOR bonds and MLAG
removed. All configuration is handled at the host level. Other configurations are unchanged.

1.2 Installation

Having completed a discussion of networking considerations in the previous section, let’s now turn to OS installation
on the HPE VME hosts. The hosts are recommended to be HPE Proliant Gen 11 physical servers and must be running
Ubuntu 22.04. Other OS types are planned for certification in the future but for now you must be running Ubuntu 22.04.
The HPE VME hypervisor runs on top of the Ubuntu 22.04 hosts. We’ll get to the installation portion in the next section
but for now we will discuss the system requirements and recommendations for network and storage configuration during
the installation.

6 Chapter 1. Getting Started

 Morpheus Documentation

1.2.1 Host Requirements

• Operating System: Ubuntu 22.04

• Hardware: HPE Proliant Gen 11 Hardware is recommended with additional hardware being tested and certified
over time
• CPU: One or more 64-bit x86 CPUs, 1.5 GHz minimum with Intel VT or AMD-V enabled
• Memory: Minimum of 8GB for non-hyperconverged (HCI) deployments or 8GB plus 4GB for each data disk
for HCI deployments
• Storage: Minimum of 50GB for operating system storage
• Network: 100 Mbps or faster NIC (10 Gbps recommended)
• IP Addressing: Static IP address
• Internet Connectivity: Internet access is required to download and install the required packages and dependen-
cies

1.2.2 Ubuntu Network Setup

During the networking setup portion of the Ubuntu installation, with some network configurations you might have to
create the initial bond for the management network in order to get initial connectivity. Bonds can be created from
the Ubuntu deployment wizard itself and a discussion of different bond types and their potential usefulness within an
effective HPE VM Essentials networking scheme is described in greater detail in the previous section. In the screenshot
below, the host is using a converged management and compute interface bond. The bond was created and a VLAN
added to the bond. After creating the VLAN, an IP address was assigned at which the individual host can be managed.
Thus, when setting up the cluster later, we can identify the bond0.2 interface for host management traffic and bond0
as the interface to send all compute traffic. Of course, this is a specific caveat that may not apply such as if you’re not
using converged networking (described in the previous section) or if DHCP is configured.

1.2. Installation 7
Morpheus Documentation

1.2.3 Ubuntu Storage Setup

During the storage setup portion of the Ubuntu installation, keep in mind that Ubuntu won’t utilize the entire disk by
default when using LVM. You’ll need to grow the disk. This guide won’t discuss that process in complete detail but
there are plenty of guides available on the Internet if they are needed.

8 Chapter 1. Getting Started

 Morpheus Documentation

1.2.4 External Storage Setup

Though it is possible to utilize local storage on the hosts, more commonly HPE VME clusters will be configured to
interface with external storage. Currently, only connecting to external storage over iSCSI is supported but support for
Fibre Channel is also planned for the very near future. External storage provides a number of redundancy capabilities
that aren’t realized through local storage, such as automatic failover when a host is lost and migrating workloads to new
hosts with zero downtime.
Configuring connections to external storage must be done on each host at the OS level. This is part of preparing the
hosts for installation of the HPE VM Essentials console and manager. This is done by going to the Ubuntu command
line on each host and configuring the initiator to talk to the target. Once this is done and the disk is presented up to the
OS, the groundwork is laid for configuring the datastore within HPE VME manager. This process of creating a new
datastore within the Manager UI is shown later in this guide following installation.
How the storage traffic is routed will depend on networking configuration. Having dedicated storage interfaces, as
shown in the network examples from the previous section, is important for optimal throughput and resiliency. After
establishing the datastore in the HPE VME manager UI, this will ensure the operating system is utilizing those dedicated
routes rather than through other interfaces that might be available.

1.2. Installation 9
Morpheus Documentation

1.2.5 Console Installation and Configuration

It’s time to begin the actual installation process on the hosts. From a high level, the process is as follows:
• Install Ubuntu 22.04
• Patch Ubuntu 22.04 with the latest updates and security fixes
• Install HPE VM Essentials Console. This is a light Debian package that is used to configure the hosts and
bootstrap initial virtualization capabilities. This is done on all hosts
• Configure the host system for networking, storage, NTP, etc
• Deploy the HPE VME manager using the HPE VM Essentials Console. This is done on only one host
• Launch the HPE VME manager UI

Important: Compatibility with GFS2 datastores requires hardware enablement (HWE) packages to be installed. This
is a set of software components that enables users to run a longterm support version of Ubuntu yet still use newer
hardware that might not be supported by the default kernel. Run sudo apt install linux-generic-hwe-22.04
to install HWE packages.

This guide won’t go much deeper than what was already stated above regarding Ubuntu 22.04 installation and the
process of applying the latest patches. We will pick up at this point with the process of installing the HPE VM Essentials
console which enables virtualization capability on cluster hosts by installing KVM, OVS, and other packages. This
process is repeated on each host that will be part of the HPE VME cluster. Continuing with this installation guide will
require downloading packages from My HPE Software Center. If you are unable to log into the software center or if
you believe you are missing software entitlements that should be present, contact your account representative.
Once logged into My HPE Software Center, click on the “Software” section from the side navigation.

10 Chapter 1. Getting Started

 Morpheus Documentation

Within the “Software” section, search for HPE VM Essentials Software amongst your other software entitlements. A
“Product Info” type search for the term “hpe vm essentials” may work but depending on the entitlements present in
the account and future changes to search functionality, a slightly different search might be required. Once HPE VM
Essentials is successfully returned, click on the dropdown menu under “Action” and click on “Get License.”

From the download page, you’ll see software packages, signature files and license files. For a fresh installation, the
.iso file is the primary download that you need. It contains a debian package and a QCOW2 image which will prep
your hypervisor hosts and spin up your HPE VME manager VM for the first time. Mark the box next to any files you
wish to download and then click “Download.” You do not need the separate debian packages offered outside of the
.iso as those are only for upgrading a pre-installed HPE VME manager.

1.2. Installation 11
Morpheus Documentation

Note: Some commands listed in this installation guide will require superuser privileges.

Mount the ISO to your computer. The exact process will vary by software platform. On Linux, first select a tem-
porary mount point (such as /mnt/iso) or create a temporary mount point if it doesn’t exist (sudo mkdir /mnt/
iso). Next, mount the ISO to your temporary mount point (sudo mount -o loop /path/to/file.iso /mnt/
iso). Take stock of the files by changing into the proper directory (cd /mnt/iso) and listing them out (ls).
Now that the packages are downloaded and the files contained in the ISO are accessible, copy them over to the hosts.
You’ll need to copy the .deb file over to each host but the QCOW image needs to only be copied to the host which
will eventually run the HPE VME manager VM. On Linux, this could be done with scp (scp /path/to/file.deb
username@hpevmhost_hostname_or_ip:/path/to/desired/location/) but the copy process will be slightly
different for other operating system platforms.
With the Debian package now available to the hosts, go ahead and install it with apt install -f hpe-vm.deb. The
“-f” option indicates that a file will be installed. Note that the Debian file name listed here is an example placeholder
and the name of your downloaded file will likely be different. When asked if you wish to install all of the packages
provided, confirm that you do and then wait for installation to complete. This process is installing on the host all of the
packages needed to be part of a virtualization server, including KVM, Libvirt, Ceph, and more.

Important: The rest of this section describes the configuration process within the console for a specific network
configuration. Your network configuration may be different and certainly interfaces and VLANs will be differently
named. This is meant to illustrate the tools that are available within the console for performing various networking
configurations. You may or may not need all of these steps and the specific configurations within these steps may be
different in your environment.

With that, the HPE VM Essentials console installation is complete. Enter the console with the following command:

12 Chapter 1. Getting Started

 Morpheus Documentation

hpe-vm.

First, enter the section for keyboard layouts and timezones. Set the time and make any changes to the keyboard layout,
if needed.

Next, enter the section for network configuration. The first thing that I’ve going to do is set the MTU for relevant
interfaces to 9000 (jumbo frames). This has a number of benefits including improved efficiency, reduced latency, and
optimization for storage networks. Open the “Device Type” dropdown and choose “vlan”. In my example case, there’s
one VLAN which is the “bond0.2” VLAN shown in a prior section. Once selected, mark the box next to “mtu” and
enter “9000” in the resulting box. Then, save changes.

1.2. Installation 13
Morpheus Documentation

Next, use the “Device Type” dropdown to once again select “ethernet” which you saw earlier before switching into the
“vlan” section. Using the same process, I will also set the MTU to 9000 on both ethernet devices that make up my
bond as well as on the bond itself. To get to the bond, you’d access the bond section from the “Device Type” dropdown
in the same way that VLANs and ethernets were accessed. Now that I’ve set MTU of 9000 across the board, I’ll go
back to the ethernets section to work with my other two devices (the storage interfaces).
I’ll continue this example by opening each of the two storage interfaces in turn. Three configurations I’ll point out
here are “addresses”, “nameservers”, and “mtu”. In this case, I’ll mark the box for “addresses” and provide an address
in the pop-up modal that appears. I don’t need to make any other configurations within that modal (lifetime, etc). A
nameserver is not needed because the storage network are isolated and don’t need to route out anywhere. Finally, I’m
marking the box for “mtu” and setting the value at 9000 as I have with other interfaces. Next, tab over the DHCP section
and disable DHCP for this interface. Save the changes and repeat the process for the other storage interface.

Once all of the necessary networking configurations are made, you’ll want to save all changes. This will cause the
changes to be applied and take us back to the main screen where we first accessed the timezone section and the net-
working configuration section. The console will show you that changes are being applied and will respond with a
confirmation if they are successful.

14 Chapter 1. Getting Started

 Morpheus Documentation

At this point, I am done configuring my example interfaces through the HPE VM Essentials console. It does have some
additional functionality not shown here which may be needed depending on your specific network configuration. Make
sure to complete this process on all hosts before moving on to the next section which covers the installation of HPE
VME manager onto one of the prepared HPE VME hosts.

1.2.6 Manager Installation

Having configured the HPE VME hosts through the HPE VM Essentials Console in the prior step, we’ll now install HPE
VME manager. Unlike the console, the manager is only installed on one of the hosts and serves as the control plane for
the server in addition to providing a provisioning engine, automation functionality, monitoring, secrets management,
and a lot more. Before starting, make sure you’ve already downloaded the QCOW image for the manager and are aware
of its full path on the host you’ve chosen to work from. In fact, it will be beneficial in the next step to go ahead and
copy the full path into your paste buffer. The image is available in the HPE software center. Contact your account
representative if you are unable to download it using the steps in the previous section.
Before you begin, the following information should be readily at hand:
• IP address to give to the HPE VME manager
• URL for the web server
• DNS resolution for the URL (points the URL to the manager IP address)
• VLAN the manager should be deployed on
• Management interface name
• Compute interface name
To install the manager, go back into the console as we did in the previous step using the hpe-vm command. This time
use the selection labeled “Install Morpheus”. Morpheus was the original name for HPE VME manager. Here we are
given a modal containing some configuration options we must set in order to stand up HPE VME manager.

1.2. Installation 15
Morpheus Documentation

Let’s first paste in the path to the manager image since it’s already in the paste buffer from a step earlier in this section.
In the “Image URI” field, first type “file://” and then paste in the file path. Since the path begins with a leading “/” the
final configuration value will look something like “file:///path/to/file.qcow2”. After entering the URI, configure the
following fields using the information mentioned previously you should have available for this step:
• IP Address
• Netmask
• Gateway
• DNS Server
• Appliance URL
• Hostname (same as the appliance URL without the FQDN)
After filling in those fields, enter a username and password for an SSH user that can be used to get into the manager
machine. Following that, if necessary, configure any proxy details.
The final configuration to make here involves specifying the size of the manager machine, either small, medium, or
large. Each of the respective sizes consumes the following amount of resources:
• Small: 2 vCPUs and 12 GB RAM
• Medium: 4 vCPUs and 16 GB RAM
• Large: 4 vCPUs and 32 GB RAM
The greater the capacity, the greater amount of resources and cluster sizes the HPE VME manager can manage. For
large production environments, it’s recommended you select a large manager. After selecting the size, you’ll need to
identify the management interface and (if using) the compute interface and compute VLAN tag. Following all of these
configurations, select “Install”.

16 Chapter 1. Getting Started

 Morpheus Documentation

At a certain phase in the install process, you’ll see a message in the progress bar modal stating “Starting Morpheus
Services. . . ”. At this point, you can direct a web browser to the appliance URL and see if you can access the appliance.
If you get a response returned, even if it’s just telling you the appliance is still loading, that’s a good sign the web server
is installed and things are working. Once all is well, you will arrive at a setup page which leads us into the next section
on setting up HPE VME manager.

1.2.7 Manager Initialization

With HPE VME manager up and running, you can now access the UI frontend by pointing your web browser to the
appliance URL that you set in a previous step. You should see a registration screen like the one below.

You’ll need a license to go much further with the product. If you’ve followed this guide up to this point, you should
already have your license key downloaded from My HPE Software Center. If not, you can log back in any time an
re-download the file containing the license key. If you choose to skip entering a license key at this time, a short-term
evaluation license will be applied. This can be upgraded to a full license at any time from the global settings section
of the application.

1.2. Installation 17
Morpheus Documentation

The rest of the process involves naming the account on the manager and entering the details for your initial administrator
user. Next, provide a name for the appliance, confirm the appliance URL is correct as entered, and choose from a few
global enablements (for backups, monitoring, and logs).

After clicking through to the next section, you will paste in your license key. Click “Complete Setup” and you will be
dropped into the UI for the first time. Installation is now complete!
At this point, you are ready to move on to the next section which goes over the initial environmental setup steps that
must be undertaken to add the first HPE VME cluster to the HPE VME manager.

1.2.8 Upgrading the Manager

To upgrade the HPE VME manager, you’ll need to obtain the .deb upgrade package(s) from the HPE Software Center.
Reach out to your account manager if you’re unable to access the downloads as described in the next paragraphs. For
an upgrade, you’ll need the debian package (not the ISO, which is for first-time installation). If you are performing an
offline upgrade, you will also need the “supplemental” debian package.
Once logged into My HPE Software Center, click on the “Software” section from the side navigation.

18 Chapter 1. Getting Started

 Morpheus Documentation

Within the “Software” section, search for HPE VM Essentials Software amongst your other software entitlements. A
“Product Info” type search for the term “hpe vm essentials” may work but depending on the entitlements present in
the account and future changes to search functionality, a slightly different search might be required. Once HPE VM
Essentials is successfully returned, click on the dropdown menu under “Action” and click on “Get License.”

From the download page, you’ll see software packages, signature files and license files. Mark the checkbox next to any
that you need and download them to your computer.

1.2. Installation 19
Morpheus Documentation

For an upgrade, we only need the .deb file available in the software center (and potentially the “supplemental” debian
package as well if this will be an offline upgrade). To continue, copy the .deb file(s) over to the HPE VME cluster
host containing the HPE VME manager VM. On Linux, this could be done with scp (scp /path/to/file.deb
username@hpevmhost_hostname_or_ip:/path/to/desired/location/). Next, connect to the remote HPE VM
host and confirm the VM name of the HPE VME manager (virsh list). The host should already have virt-copy-in
from the libvirt suite installed. Use it to copy the .deb file onto the VM file system: virt-copy-in -d <vm_name>
/path/to/file.deb /path/to/remote/directory.
With the .deb file in place, we need to open a console connection to the HPE VME manager VM to perform the actual
upgrade. There are a number of methods to accomplish this but below are two examples from either an HPE VM host
or from your own computer.
From the HPE VM Host
Confirm the manager VM name (virsh list) and connect with virsh console <vm name>. This starts a local
VNC serial connection. This method only works if the host has GUI capabilities installed, which means the host must
be running Ubuntu Desktop or Ubuntu Server with GUI services installed.
From another computer
Confirm the manager VM name (run virsh list on the HPE VM host). Next, make note of the VNC port and
password for the HPE VME manager VM. This is done by running virsh edit <vm name> on the HPE VM host
and finding it within the block beginning <graphics. This block is typically near the bottom of the XML. Having
obtained this information, move back over to your own computer (must be a computer with a desktop terminal, access
to the VME host, and GUI capabilities). Connect to the SSH tunnel: ssh -L <VNC PORT>:127.0.0.1:<VNC PORT>
<VME Host User>@<Host IP/hostname>. Then, using a VNC viewer (for example, VNCViewer64), connect to
localhost:<VNCPort>. Use the password obtained from the VM XML viewed earlier.
Having copied over the needed files and connected to the HPE VME manager VM, the upgrade is completed in just a
few commands. These commands will stop the current services, install the package, and then reconfigure the Manager.

20 Chapter 1. Getting Started

 Morpheus Documentation

Replace the placeholder .deb file in the commands below with the correct path and file name of the package you’ve
copied over.

Important: Upgrading HPE VME manager will result in downtime of at least a few minutes. Ensure users are not
doing critical work during the upgrade window. This downtime applies only to the Manager itself and has no effect on
the hypervisor host(s) or any provisioned VMs currently running.

sudo morpheus-ctl stop morpheus-ui

sudo dpkg -i xxxx.deb
sudo dpkg -i xxxx.supplemental.deb # Optional -- Only for offline upgrades
sudo morpheus-ctl reconfigure

All services will automatically start during the reconfigure process. After the reconfigure has succeeded, tail the UI
service to watch UI startup logs with morpheus-ctl tail morpheus-ui. Once the UI service is up and running,
the upgrade process is complete. Attempt to reach your appliance normally through a web browser to confirm success.

Note: Services will be stopped during package installation and started during the reconfigure process, including
the morpheus-ui service. If the reconfigure process is interrupted or fails, the morpheus-ui service may need to
be manually started or restarted. In certain situations if another service hangs on starting during reconfigure, run
systemctl restart morpheus-runsvdir then reconfigure and restart morpheus-ui if successful.

1.3 Initial HPE VME manager Setup

With HPE VME manager now installed, you’re dropped into the UI and want to get up and running as quickly as
possible. This section goes over some useful first steps for configuring the environment, locating useful features, and
adding the first HPE VME cluster.

1.3.1 Global Settings

A useful first stop is in global settings (Administration > Settings). Within the Appliance category, check and fill an
“Appliance URL” value. This is the default value for HPE VM Essentials Agent installation and functionality. All
Instances and hosts must be able to resolve and reach this URL over port 443 for the Agent to install and function
properly. Individual Clouds can also have an individual Appliance URL which supersedes the global one set here.
While here in the Appliance category, consider checking the “Skip Agent Install” toggle. If on, this toggle will be set
by default in the Instance provisioning wizard. If off, this toggle will not be set by default in the Instance provisioning
wizard. If your default stance is to install the Agent and maximize the value provided for workloads running on HPE
VME clusters, this toggle should be off.

1.3. Initial HPE VME manager Setup 21

Morpheus Documentation

Next, check the Backups section which houses global settings related to backups. If “Scheduled Backups” is toggled,
default automatic backup settings will be pre-set each time you begin to configure a new Instance through the Instance
provisioning wizard. These default backups will target the default bucket, schedule, and retention settings you see
here. This is a good time to double check your default backup bucket and retention settings as it is possible to backup
Instances directly to the HPE VME manager VM. If you fill the Manager’s disk with backups you could bring the
Manager down.

One last area to check is the License section. Here you can check your usage against licensed maximums as well as
apply new licenses. If you started the Manager using the built-in trial license you will have to return here at some point
to apply a full license.

22 Chapter 1. Getting Started

 Morpheus Documentation

See the global settings section of HPE VM Essentials documentation for complete details on settings.

1.3.2 User Settings

Next, check User Settings. User Settings is accessed by clicking the user’s name in the upper-right corner of the
application window and then clicking “USER SETTINGS”.
Some settings you may want here include “Email” which will ensure any automatic email generated by the Manager
(such as Instance provisioning success messages) arrives at a place it can be seen. Setting a default Group and Cloud is
also useful as new workloads will begin with your most-used Group and Cloud set by default, which will save a lot of
clicks over time. If you haven’t yet created your first Group and Cloud (covered in a later section), come back later to
set that default. Finally, it’s useful to configure a Linux and Windows user here. At provision time if you opt for your
user to be added to provisioned Instances, a user will be added with your indicated username, password, and public
key (if specified, you must have an existing SSH keypair in the Manager) for easy access to any running workload. API
access settings and 2FA settings are also here.

1.3. Initial HPE VME manager Setup 23

Morpheus Documentation

1.3.3 Creating Groups and Clouds

You won’t be able to add your first HPE VME cluster without a pre-existing Group and Cloud. Groups define logical
groupings of resources and users access those resources based on the Groups associated with their Roles. A Cloud can
represent a grouping of HPE VME clusters or a connection into a VMware vCenter environment. You can read more
on Groups and Clouds here and here, respectively. This guide will go through the process of adding Private Cloud-type
Clouds which house HPE VME clusters. For VMware-type Clouds, see the associated integration guide.
Start by making your first Group. Click + CREATE at Infrastructure > Groups. A Group needs only a name, at
minimum. If this Group is going to hold some or all of your HPE VME clusters, you may want to name it accordingly.
Once done, save the new Group. We’ll next create a Cloud. Navigate to Infrastructure > Clouds and click + ADD. In
addition to being a logical grouping for HPE VME clusters, Clouds can also be a connection into a specific VMware
vCenter environment (as narrow as a specific Resource Pool or folder, or more broadly scoped). See the link in the
previous paragraph for more details on VMware Clouds. In this case, create a “Private Cloud.” Once again, a name is
the minimal amount of information required and you may want to name this Cloud in a way that indicates which HPE
VME clusters it will encompass. When done, save the new Cloud.

24 Chapter 1. Getting Started

 Morpheus Documentation

1.3.4 Creating the first HPE VME cluster

In preparing the environment, we’ve already prepped the physical cluster servers but now it’s time to provision the
actual cluster object within HPE VM Essentials. Begin by navigating to Infrastructure > Clusters and click + ADD
CLUSTER. Currently, the only available cluster type is “HPE VM,” which is what we want. Select the correct cluster
type and click NEXT. On the Group tab, select the Group we created in the previous section and click NEXT. On the
Name tab, select the Cloud we created in the previous section and enter a name for the cluster. Click NEXT.
HPE VM Essentials gives the option to select a hyperconverged infrastructure (HCI) LAYOUT or non-HCI. In this
example, the HCI Layout is used (requires a three-node minimum). Next, configure the names and IP addresses for the
host boxes (SSH HOST). The SSH HOST name configuration is simply a display name in HPE VM Essentials, it does
not need to be a hostname. By default, configuration space is given for three hosts which is what this example cluster
will have. You must at least configure one and it’s possible to add more by clicking the (+) button. The SSH PORT
is pre-configured for port 22, change this value if applicable in your environment. Next, set a pre-existing user on the
host boxes (SSH USERNAME and SSH PASSWORD) and SSH KEY. Use a regular user with sudo access.
In the next part of the modal, you’ll configure the storage devices and network interfaces. When Ceph initializes, it
needs to be pointed to an initial data device. Configure this in the DATA DEVICE field. At this time, only one device
may be given but in the near future, an update will allow for multiple devices to be configured which would be added
to the total Ceph storage as one large volume. Find your disk name, if needed, with the lsblk command. In my case,
the target device is located at /dev/sdb.
Though not strictly required, it’s recommended to have separate network interfaces to handle cluster management,
storage traffic, and compute. In this example case, eth0 is configured as the MANAGEMENT NET INTERFACE
which handles communication between the cluster hosts. eth1 is configured as the STORAGE NET INTERFACE
and eth2 is configured as the COMPUTE NET INTERFACE. The COMPUTE VLANS field can take a single value
(ex. 1) or a range of values (ex. 22-25). This will create OVS port group(s) selectable as networks when provisioning
workloads to the cluster. If needed, you can find your network interface names with the ip a command.
Finally, only one CPU TYPE is currently supported (x86_64) though this may change in the future. For CPU MODEL
configuration, we surface the entire database of model configurations from libvirt. If unsure or if you don’t know of
a specific reason to choose one or the other, select host-model which is the default option.

1.3. Initial HPE VME manager Setup 25

Morpheus Documentation

At this point we’ve kicked off the process for configuring the cluster nodes. Drill into the Cluster detail page and click
on the History tab. Here we can monitor the progress of configuring the cluster. HPE VM Essentials will run scripts to
install KVM, install Ceph, install OVS, and to prepare the cluster. In just a short time, the cluster provisioning should
complete and the cluster will be ready to deploy workloads.
For more on cluster provisioning, monitoring clusters, and provisioning workloads to existing clusters, see the full
section on HPE VM Clusters.

1.3.5 Take Note of Virtual Images and Automation

Now that we have a cluster, let’s take a quick look at where Virtual Images live and where Automation scripts can be
created and stored. Both are under the Library menu. In the Virtual Images section is a list of all Virtual Images that
have been synced from integrated Clouds (such as a VMware vCenter Cloud) or manually uploaded. Additionally,
running workloads (such as VMs running on HPE VME clusters) can be saved as images with one click. Once the
image has been taken, it will appear in the list of Virtual Images here. When provisioning, a list of all compatible
images for the target Cloud type is shown. You will need to have at least one HPE VM-compatible image here in order
to provision new Instances to the cluster. When uploading images manually, there’s often some additional configuration
that must be done to make the image compatible with the intended target Cloud type. Take a look at Virtual Images
documentation for more detail.
Next in the Library section is Automation. This page contains a list of automation scripts that are stored in HPE VM

26 Chapter 1. Getting Started

 Morpheus Documentation

Essentials. These scripts can be shell scripts, Powershell scripts, or a restart Task that restarts workloads it’s run against.
I won’t go into full detail on writing scripts and the nuances of how they can be used in this section but there’s more in
the full Tasks section of HPE VM Essentials documentation. Tasks can be used on the Automation tab of the Instance
provisioning wizard. Stack Tasks and chain the results for fully automated Instance deployment.

1.3.6 Provsioning the First Workload

All groundwork is now laid to begin provisioning workloads to the HPE VME cluster. Launch the wizard by going to
Provisioning > Instances and clicking + ADD. Select an HPE VM-type Instance and click NEXT. You’ll once again
notice the Group and Cloud we created in this guide can be selected. You’ll also specify a plan (VM size), resource pool
(cluster), image, and cluster host, among a few other selections. After clicking NEXT, you’ll land on the Automation
tab where a set of Tasks can be selected to automate the deployment and configuration of the new Instance. Once the
wizard is fully completed, a new Instance will be provisioned to the HPE VME cluster. You are now ready to add more
of your images, add more automation tasks, and monitor workloads that are running on your clusters.

1.3. Initial HPE VME manager Setup 27

Morpheus Documentation

28 Chapter 1. Getting Started

 CHAPTER

TWO

OPERATIONS

2.1 Dashboard

The Dashboard is a single, high-level view into your environment which includes easy-to-read performance and con-
figuration information. In many cases other areas within HPE VM Essentials UI will allow you to drill deeper into the
information presented in the dashboard.
Environment
• Groups: Total number of Groups currently created
• Clouds: Total number of Clouds currently integrated
• Clusters: Total number of clusters currently provisioned
• Apps: Total number of Apps currently provisioned
• Instances: Total number of Instances currently provisioned
• Users: Total number of HPE VM Essentials user accounts
System Status
System status gives a high-level view of the health of the appliance. More detailed information can be viewed on the
appliance health detail page (Administration > Health) and a more detailed breakdown of the meaning of each status
indicator is in HPE VM Essentials health documentation.
Favorites
Any Instances you’ve “favorited” will appear here along with the Instance name, type, and IP address
The most recent five Alarms are displayed here and the user may link through to the resource which triggered the Alarm.
For the complete list of Alarms and more information on each Alarm navigate to Operations > Activity > Alarms
Instance Status
The total number of Instances is listed along with a pie chart showing the statuses of each. Hover over each section
of the pie chart to see the total number and percentage of Instances in that state. States may include running, stopped,
provisioning, and more
Instances By Cloud
The total number of Clouds which currently have an Instance provisioned is shown. Hover over each section of the pie
chart to see the total number and percentage of Instances provisioned to each Cloud
The number of Instances that have existed at any point in the day with additional breakdown to show the number
provisioned to each Cloud. This number will include any pre-existing Instances which have carried over from previous
days along with any new Instances that were provisioned and existed on that day even for a short time
Group Workloads

29
Morpheus Documentation

The instantaneous count of host or container records broken down by Group association
Cloud Workloads
The instantaneous count of host or container records broken down by Cloud association
Cluster Workloads
The instantaneous count of managed containers broken down by Cluster association
Backups
Displays the number of successful and unsuccessful backups over the last day, week or month
Task Executions
Displays the number of successful and unsuccessful Task executions over the last day, week or month
Activity
The activity list displays the last few events that have taken place in HPE VM Essentials by any user. This could be
new provisioned workloads, deleted workloads, backups, or a number of other things. A more complete list of recent
activities can be viewed in Operations > Activity

2.2 Wiki

The Morpheus Wiki is a tenant-wide, RBAC-controlled, auditable Wiki that allows easy UI, API and CLI access to
information, notes, configurations or any other data needed to be referenced or shared with others. Wiki pages can be
created directly from the Wiki tab of the detail page for various resource types, including Clouds, Groups, Servers,
Instances, and Clusters. Wiki pages created this way are automatically categorized under the appropriate resource
type. Additional Wiki pages and custom categories can be created when viewing the whole Wiki at Operations > Wiki.
Here you will also see the complete Wiki, including pages created on various object detail pages which are categorized
appropriately.

2.2.1 Highlights

• Main Wiki section is at Operations > Wiki

• Wiki tabs are on Clouds, Groups, Instances, Hosts, VMs, and Clusters detail pages
• Additional Wiki Pages and Categories can be created from Operations > Wiki
• When a Wiki tab is populated, a Page is automatically added and accessible at Operations > Wiki
• The Wiki is accessible from the UI, CLI and API.
• Wiki access is RBAC-controlled via the Operations: Wiki permission in Roles (None, Read and Full)
• Page updates are stamped with the “Last Updated By” user and the time the edit was made
• Wiki pages can be searched from /operations/wiki or navigated from /operations/wiki-page/
page-index
• All wiki pages are encrypted using AES 256-bit encryption
• Wiki pages use Flexmark for Markdown. Annotate your Wiki pages with headers, text styling, code blocks,
hyperlinks, and more as needed
• Create a new page with title “Home” to replace the default Wiki landing page that ships with HPE VM Essentials

30 Chapter 2. Operations
 Morpheus Documentation

2.2.2 Creating Wikis

The Wiki service ties into assets throughout the environment. Create pages for Instances, hosts, groups, Clouds, and
even clusters directly on their detail pages (see the Wiki tab). Users may also just create general notes pages in the
centralized Wiki section (Operations > Wiki)in Markdown format.
Creating your first page is as simple as clicking the Create Page button from the Wiki home page (Operations > Wiki).
Write down some content, give the page a title, and click SAVE. The Wiki will also keep track of who last edited a
page and when. The beauty of this Wiki is that it’s clean and easy to write down notes related to various parts of your
application deployment or infrastructure without going to an external tool. Many HPE VM Essentials constructs, such
as Instances, hosts, and more, also have their own Wiki page. Navigate to the detail page for the selected construct,
open the Wiki tab, and click EDIT to add content.

Important: All wiki pages are encrypted using AES-256 bit encryption. Though we don’t advise storing passwords
in a Wiki document (services like Cypher are for that), role-based access control also can properly restrict access to
content related to Instances or hosts which the user may not have access to.

2.2.3 Hosting Images

It’s possible to add images to your Wiki pages and images can be sourced from the Internet, a Cloud storage bucket
(like an AWS S3 Bucket), or even from files stored to the HPE VM Essentials appliance’s local file system. Within
your Wiki page markdown, add your image using the following syntax:


The text within the square brackets [] sets the HTML “alt” description for the image and the URL within parentheses
() is the “src” URL for the image. The HPE VM Essentials Archives feature is a great resource for hosting images for
use in Wiki. Archives can target cloud storage buckets or even file shares on the HPE VM Essentials appliance local
storage. HPE VM Essentials generates an access URL for each file stored in Archives, simply target this URL in your
markdown to show an image stored in HPE VM Essentials Archives within your Wiki pages.

2.3 Activity

The Activity section displays a recent activity report for Auditing. HPE VM Essentials defines an activity as any major
action performed on an instance or server, such as, but not limited to adding a server, deleting a server, provisioning an
instance, deleting an instance, creating a backup, etc. . . This view can be searched and filtered by type, user, and date
range.

2.3.1 Activity

There are four types of activities that are displayed in the Activity Reports:
• Backup
• Provisioning
• Alert
To View a Recent Activity report:
1. Select the Operations link in the navigation bar.
2. Select Activity in the sub navigation bar.

2.3. Activity 31
Morpheus Documentation

Recent activity is displayed in order from recent to oldest. This view can be searched and filtered by type, user, and
date range.
Review
To review the item that generated the activity, click the name of the activity and it will go to a new page and display
that item. The list of activity can be filtered by type, user or date range.

Note: Deleted activities are displayed as an alert and do not contain a link to the event item. If the activity is not a
deletion event we provide a link on the activity name to go to the item the activity occurred on. Delete activity alerts
are shown for Instances, servers, Clouds, and Groups.

2.3.2 History

The HISTORY section shows process history from Instance processes. This is an aggregate view of the History tab
contained in each Instance detail page.
Processes can be expanded to view all process steps and process history detail including output and errors.
Access to HISTORY is given by the Operations:Activity Role permission.
The Logs displayed in Administration - Health - Morpheus Logs are from /var/log/
morpheus/morpheus-ui/current. These logs show all ui activity and are useful for troubleshooting
and auditing.

Note: Stack traces in Administration - Health - Morpheus Logs are filtered for HPE VM Essen-
tials services. Complete stack traces can be found in /var/log/morpheus/morpheus-ui/current.

32 Chapter 2. Operations
 CHAPTER

THREE

PROVISIONING

There are many capabilities in the HPE VM Essentials provisioning engine ranging from virtual machines bound for
VMware vCenter and HPE VME cluster targets to containerized workloads targeting Docker. Deployment management
and library template construction are also core aspects of the provisioning engine. This section of HPE VM Essen-
tials documentation covers the provisioning engine itself while the Library section covers template building, image
management, and automation stacks.

3.1 Requirements

Provisioning Instances typically involves many steps beyond starting a workload and HPE VM Essentials is centered
around automating everything for your application to be fully operational. There is a lot that goes on when spinning
up an Instance, and to make the magic happen a few requirements need to be met.

Important: By default, Agent Installation is enabled when provisioning unless deselected on the Virtual Image or
SKIP AGENT INSTALL is selected from the provisioning wizard.

3.1.1 VM Provision Steps

While many things can happen during an individual provisioning process, the basic order is:
• Look for the Virtual Image
HPE VM Essentials will check if the Virtual Image set on the Node Type or selected from a list of images during
provisioning is already available to the HPE VME cluster or to a vCenter Cloud target. If not and it is an uploaded
or local image, HPE VM Essentials will attempt to upload the image to the HPE VME cluster or vCenter target.
Upload Image
For uploaded or local images that do not exist in the target, HPE VM Essentials will need to upload the Image.
Ensure the Virtual Image is valid for the target technology, the image meets the target upload requirements, and
HPE VM Essentials has network access and permissions to upload the image.

Note: When uploading an image to a VMware Cloud, the Virtual Image is copied directly to the target ESXi
host, NOT through the vCenter server. Ensure the HPE VM Essentials Appliance(s) can resolve target ESXi
hostnames and connect on port 443 for successful vmdk/ova uploads.

Clone Image
Once the Image is confirmed available in the target cloud, HPE VM Essentials will clone the Image to the target
Datastore.

33
Morpheus Documentation

Note: The target host must have access to the target Datastore of the Image

• Reconfigure Image
Once cloned, HPE VM Essentials will resize the Image based off provisioning parameters
• Cloud-init (if enabled)
Attached cloud-init iso When using cloud-init, HPE VM Essentials will attach a tiny metadata iso to the
new VM. Network, Machine, User and any other cloud-init metadata will be sourced from this iso.
VM Tools HPE VM Essentials will run guest customizations via VMware VM Tools, including network
config when assigning static IP addresses.
• Wait for Power On status and Network info
HPE VM Essentials will wait to hear back from the target that the VM has successfully started and has an IP
address.

Note: If VM TOOLS INSTALLED? is NOT checked on the source Virtual Image configuration, HPE VM Essen-
tials will skip waiting for network.

• Finalize
By default, this step will include Agent installation.

Important: If the VM is stuck in finalize for long periods of time, this typically means the Agent
cannot be installed or has not been heard back from. This will result in a ! warning Instance status
upon provisioning completion.

If agent installation is not possible or is not desired, uncheck “Install Agent” on the source Virtual
Image configuration or select “Skip Agent Install” during provisioning to speed up provisioning com-
pletion.

3.1.2 Virtual Images

The most common provisioning method within HPE VM Essentials involves Virtual Machines, and the most important
part of provisioning a VM is the Virtual Image. When provisioning a VM, HPE VM Essentials will need to do a few
things depending on the location of the Virtual Image and if agent install and console access are desired.
Synced Images need to be properly configured HPE VM Essentials gathers as much metadata for synced images as
possible, but depending on the target (HPE VME cluster or VMware vCenter), OS, image configuration, or agent
install settings, the synced Virtual Images may not be ready to provision without some configuration within HPE
VM Essentials. The Virtual Image is already at the target Cloud, but datastore selection, credentials, cloud-init
settings, networks, and security settings on the Virtual Image can cause provisioning issues.
Local/Uploaded Virtual Images Images uploaded to HPE VM Essentials are configured during the Add Virtual Image
process, however HPE VM Essentials in most scenarios will still need to copy the Virtual Image to the target
Hypervisor/Cloud upon the first provision to the target Cloud. In addition to the requirements for provisioning
a synced Virtual Image, copying an uploaded Virtual Image to the target Cloud is required. Network and image
configurations can cause upload failures, resulting in provisioning issues.

34 Chapter 3. Provisioning
 Morpheus Documentation

Synced Images

When a provisioning target (Cloud) is added, all available image and template records from that Cloud will be synced
in regardless of Inventory settings on the Cloud. These image records will be available in the Virtual Images section
and can be provisioned by using the target clouds generic Instance Type (ex. By selecting the HPE VM or VMware
Instance Type from the provisioning wizard).

Note: Synced Virtual Images are just metadata records in HPE VM Essentials pointing to the image in the target
Cloud. The actual image files are not copied/imported to HPE VME manager.

Before provisioning a synced Virtual Image, ensure the image is configured properly:
Name Name of the Virtual Image in HPE VM Essentials. This can be changed from the name of the image, but editing
will not change the name of the actual image file.
Operating System Specifies the platform and OS of the image. All Windows images will need to have Operating
System specified on the Virtual Image, as HPE VM Essentials will assign Linux as the platform for all images
without an operating system specified.
Minimum Memory The Minimum Memory setting will filter available Plan options during provisioning. Plans that
do not meet the minimum memory value set on the Virtual Image will not be provided as Plan choices by the
provisioning wizard.
Cloud Init Enabled? On by default, uncheck for any image that does not have Cloud-Init or Cloudbase-Init installed.

Important: Provisioning a Virtual Image that has Cloud Init Enabled? checked on the Virtual Record in HPE
VM Essentials but does not have cloud-init installed will result in immediate provisioning failure.

Install Agent On by default, uncheck to skip Agent install. Note this will result in the loss of utilization statistics,
logs, Task execution, and monitoring (Some utilization stats are still collected by Agent-less workloads).
Username An existing Username on the Image. This is required for authentication, unless HPE VM Essentials is
able to add user data, Cloud-Init, Cloudbase-Init or Guest Customizations. If Cloud-Init, Cloudbase-Init Guest
Customizations or Nutanix Sysprep are used, credentials are defined in Administration > Settings > Provisioning
and User Settings. If credentials are defined on the Image and Cloud-Init is enabled, HPE VM Essentials will add
that user during provisioning, so ensure that user does not already exist in the image (aka root). For Windows
Guest Customizations, HPE VM Essentials will set the Administrator password to what is defined on the image
if Administrator user is defined. Do not define any other user than Administrator for Windows Images unless
using Cloudbase-init. HPE VM Essentials recommends running Guest Customizations for all Windows Images,
which is required when joining Domains as the SID will change.
Password Password for the existing user on the image if the Username field is populated.
Storage Provider Location where the Virtual Image will be stored. Default Virtual Image Storage location is /var/
opt/morpheus/morpheus-ui/VMs. Additional storage providers can be configured in Infrastructure > Storage.
Cloud-Init User Data Accepts what would go in runcmd and can assume bash syntax. Example use: Script to con-
figure satellite registration at provision time.
Auto Join Domain? Enable to have Instances provisioned with this image auto-join configured domains (Windows
only, domain controller must be configured in Infrastructure > Network and the configured domain set on the
provisioned to Cloud or Network).
VirtIO Drivers Loaded? Enable if VirtIO Drivers are installed on the image for provisioning to KVM-based hyper-
visors, such as HPE VME cluster

3.1. Requirements 35
Morpheus Documentation

VM Tools Installed? On by default, uncheck if VMware Tools (including OpenVMTools) are not installed on the
Virtual Image. HPE VM Essentials will skip network wait during provisioning when deselected.
Force Guest Customization? VMware only, forces guest customizations to run during provisioning, typically when
provisioning to a DHCP network where guest customizations would not run by default. This is required for
host/computer name definitions. domain joining, licenses and user definitions when using DHCP.
Trial Version Enable to automatically re-arm the expiration on Windows Trial Images during provisioning.

Important: Provisioning a Virtual Image that has Cloud Init Enabled? checked on the Virtual Record in HPE VM
Essentials but does not have cloud-init installed will result in immediate provisioning failure.

Important: For Linux images without cloud-init, an existing username and password must be defined on the Virtual
Image record for Agent Install, Domain joining, licensing, script execution and other automation, and SSH or RDP
Console access.

Local Virtual Images

A Local Virtual Image means it has been uploaded to HPE VM Essentials. To provision, HPE VM Essentials will need
to upload the image to the provisioning target upon first provision.
• Ensure the Virtual Image is valid for the target Cloud, the Image meets the target cloud upload requirements, and
HPE VM Essentials has network access and permissions to upload the image.

Note: When uploading an image to a VMware Cloud, the Virtual Image is copied directly to the target ESXi host,
NOT through the vCenter server. Ensure the HPE VM Essentials Appliance(s) can resolve target ESXi hostnames and
connect on port 443 for successful vmdk/ova uploads.

Once a local Virtual Image has been uploaded to a provisioning target, subsequent provisions will use the image local
to the target instead of uploading again as long as the copied image is still available.

3.1.3 Agent Install

When provisioning an Instance, there are some network and configuration requirements to successfully install the
Agent. Typically when a VM Instance is still in the provisioning phase long after the VM is up, the Instance is unable
to reach HPE VM Essentials, or depending on Agent install mode, HPE VM Essentials is unable to reach the Instance.
The most common reason an Agent install fails is the provisioned Instance cannot reach the HPE VM Essentials Appli-
ance via the appliance_url set in Administration > Settings over both 443 and 80. When an Instance is provisioned
from HPE VM Essentials, it must be able to reach the HPE VM Essentials appliance via the appliance_url or the
Agent will not be installed.
In addition to the main appliance_url in Administration > Settings, additional appliance_urls can be set per
Cloud in the Advanced options of the Cloud configuration pane when creating or editing a Cloud. When this field is
populated, it will override the main appliance URL for anything provisioned into that Cloud.

Tip: The HPE VM Essentials current log, located at /var/log/morpheus/morpheus-ui/current, is very helpful
when troubleshooting Agent installations.

36 Chapter 3. Provisioning
 Morpheus Documentation

Agent Install Modes

There are 3 Agent install modes:

• SSH/WinRM
• VMware Tools
• Cloud-init

For All Agent Install modes

When an Instance is provisioned and the Agent does not install, verify the following for any agent install mode:
• The HPE VM Essentials appliance_url (Administration > Settings) is both reachable and resolvable from the
provisioned node.
• The appliance_url begins with to https://, not http://.

Note: Be sure to use https:// even when using an IP address for the appliance.

• Inbound connectivity access to the HPE VM Essentials Appliance from provisioned VMs and HPE VME cluster
hosts on port 443 (needed for Agent communication)
• Private images (those not provided with HPE VM Essentials by default) must have their credentials entered.
These can be entered or edited in the Library > Virtual Images section by clicking the edit button (pencil icon)
next to the appropriate image.

Note: Administrator user is required for Windows agent install.

• The Instance does not have an IP address assigned. For scenarios without a DHCP server, static IP information
must be entered by selecting the Network Type: Static in the Advanced section during provisioning. IP Pools
can also be created in the Infrastructure > Network > IP Pools section and added any Cloud’s network section
for IPAM.
• DNS is not configured and the node cannot resolve the appliance. If DNS cannot be configured, the IP address
of the HPE VM Essentials appliance can be used.

SSH/Winrm

Linux Agent

• Port 22 is open for Linux images, and SSH is enabled

• Credentials have been entered on the image if using a custom or synced image. Credentials can be entered on
images in the Library > Virtual Images section.

3.1. Requirements 37
Morpheus Documentation

Windows Agent

• Port 5985 must be open and WinRM enabled for Windows images.
• Credentials have been entered on the image if using custom or synced image. Credentials can be entered on
images in the Library > Virtual Images section.

Note: Administrator user is required for Windows agent install.

VMware tools (vmtools) RPC mode

• VMware tools is installed on the template(s)

• Credentials have been entered on the Image if using an uploaded or synced image when Cloud-init or Guest
Customizations or Sysprep for Windows are not used. Credentials can be entered on Images in the Library >
Virtual Images section.

Cloud-Init Agent install mode

• Cloud-Init is configured in Administration > Settings > Provisioning section

• Provisioned image has Cloud-Init (Linux) or Cloudbase-Init (Windows) installed

3.2 Provisioning Concepts

HPE VM Essentials is a powerful provisioning and management platform for HPE VME clusters and VMware vCenter
private cloud. Compared to other CMP platforms in the space, some terminology and concepts may differ. These
concepts are documented in this section along with places where terminology may be slightly different compared with
other platforms or with common industry parlance.

3.2.1 Instances

HPE VM Essentials starts with provisioning Instances. In some platforms, an Instance is representative of a singular
object like a virtual machine in VMware vCenter. In HPE VM Essentials, this concept was rethought. An Instance is
more of a representation of a resource or service. This service may involve several virtual machines, as in the case of
a database cluster or horizontally-scaled web servers.
When viewing an Instance detail page, one is able to look at details and statistics specific to a virtual machine or
container. HPE VM Essentials simply helps simplify the management model for tracking these services.

38 Chapter 3. Provisioning
 Morpheus Documentation

3.2.2 Containers / Nodes / Virtual Machines

In relation to Instances, an Instance can have many nodes. A node is a generic representation of a container or a virtual
machine. In most cases, HPE VM Essentials will represent a node as a Container or Virtual Machine depending on the
provisioning engine used for the Instance (workload provisioned to a HPE VME cluster as opposed to a Docker cluster,
for example). Node is just a generic naming representation when referring to these types of items. The public HPE
VM Essentials developer API, however, often refers to both virtual machines and Docker containers as “containers”.
The UI was updated to better delineate this concept for easier understanding but, in essence, the name is valid for both
concepts of containerized environments as well as virtual machines.

3.2.3 Hosts / Servers

This concept is mostly tailored to users of HPE VM Essentials who are responsible for managing and maintaining
the underlying infrastructure integrations. A Host typically refers to a Docker Host in which a container (within an
Instance) is running, or a hypervisor that virtual machines can be provisioned onto. A server is the underlying general
representation of a physical or virtual server. It could be a Host representation, a Virtual Machine, or even a Bare Metal
delineation.
When a user provisions a VM-based Instance, a corresponding server record is created to represent the link to the actual
resource via the underlying provisioning engine. This may seem a bit odd but provides an aspect of HPE VM Essentials
that is quite powerful. This singular concept is what allows HPE VM Essentials to ingest “brownfield” environments.
We do not need to start clean. HPE VM Essentials can be integrated into existing environments and manage existing
virtual machines. The way HPE VM Essentials does this is by periodically syncing existing VMs from the added cloud
integrations. A server record will be created and periodically updated (every five minutes, by default) with realtime
information and changes. This, in essence, provides CMDB-like capabilities as well. When a server is discovered,
the user (given the appropriate access) can convert the virtual machine to a managed Instance. When this is done, a
corresponding Instance is made in the provisioning section of HPE VM Essentials and the HPE VM Essentials Agent
can optionally be installed to provide more refined guest operating system-level statistics and logging.

3.3 Instances

Instances are a great starting point for taking advantage of self-service features and spinning up both VMs and con-
tainers. The top of the main Instances page shows overall statistics for the listed Instances, including count, status, and
resource utilization. You can search for Instances by name, or filter by group, type, or category.
The Instance list contains important information about each Instance, including the Instance name, environment tag,
type, IP address and port info, Instance version, the number of virtual machines or containers, the Group, and the
associated Cloud.

3.3.1 Creating Instances

The Instance catalog is where you will create new workloads targeting the HPE VME clusters and/or VMware vCen-
ter Clouds available to the HPE VM Essentials environment. The list contains only Instance Types relevant to the
provisioning engines which enabled and integrated in the current appliance.
To get started, simply click the + Add button in the upper right of the Provisioning > Instances page. A modal will
display allowing the catalog to be searched. Once an item is selected, it is just a matter of following the steps through
the wizard.

Tip: The Instance catalog can be customized via role-based access control (RBAC) to restrict provision types only to
certain Roles. It is completely customizable.

3.3. Instances 39
Morpheus Documentation

The next step will ask for a Group and Cloud to be selected. The Group is an abstract representation that can contain
multiple HPE VME clusters or VMware vCenter integrations. Clouds can be in multiple Groups and Groups are also
useful for using RBAC to restrict provisioning access and set retainment policies. The wizard continues by allowing
us to choose a name for the Instance as well as an environment.

Note: Currently the Environment option is most useful for presenting the user with informative metadata around the
Instance when coming back to it later.

Moving on, it is now time to configure the Instance. Depending on the Instance Configuration that is chosen, fields
will change. This can include cloud-specific fields (i.e. target hosts for HPE VME clusters or datastores for VMware
Clouds). There will also be options like setting an initial user account. Some of these fields are optional and will be
represented as such in the wizard.
One last step before the Instance can be provisioned is the Automation step. It is here that you can select Tasks which
will run during the provision process and these Tasks must complete successfully in order for the Instance status to be
reported as successful. Tasks are either Bash or Powershell scripts which can be configured in the Library > Automation
section.
Now that the steps are completed for provisioning the selected Instance type, simply review your selections and com-
plete. The Instance will automatically show up in the Instances list and its provisioning state will be represented.
Depending on what was provisioned this step can range from seconds to minutes.

Converting Discovered Resources to Managed Instances

When creating new cloud integrations (or updating existing ones), users may opt for HPE VM Essentials to onboard
any existing resources that currently reside in the Cloud. For example, these may be virtual machines that exist on
vCenter hosts prior to integration with HPE VM Essentials. With the Add/Edit Cloud modal open, mark INVENTORY
EXISTING INSTANCES for HPE VM Essentials to automatically onboard these resources. Not only will HPE VM
Essentials inventory these hosts at the time the cloud is integrated (or updated), it will also continue to poll the target
cloud every five minutes (by default) for newly added or removed servers. Users can see these discovered servers by
looking in Infrastructure > Compute. Depending on the type of resource, it may appear on the Virtual Machines tab, the
Containers tab, or another tab. Additionally, we can see a list of discovered servers on Cloud detail pages (Infrastructure
> Clouds > Selected Cloud). Just click on the tabs for VMs, Containers or Hosts tab. Discovered resources will be
indicated as such whereas containers which are associated with a managed Instance will be marked as a “Managed”.
Additionally, HPE VM Essentials allows users to convert discovered resources into managed Instances. Begin from the
server detail page (Infrastructure > Compute > Virtual Machines > selected machine) and from the ACTIONS menu
select “Convert to Managed”. At this point, we must make a number of selections:
• Select a Group (this dropdown contains a filtered list of Groups in which the associated Cloud resides)
• Username and password for a seeded account
• Opt to install HPE VM Essentials Agent or not
• Select the Instance Type which should be associated with the new Instance containing this VM
• Identify the operating system
• Select a Plan (this dropdown contains a filtered list of plans which correlate to the size of the VM)
Finally, click EXECUTE. Once this process is completed, the server will be indicated as “Managed” in the servers list.
Additionally, a new Instance will appear on the Instances List page (Provisioning > Instances). We can now work with
it in the same way we can work with any other Instance, such as by expanding the Instance horizontally with added
nodes.

40 Chapter 3. Provisioning
 Morpheus Documentation

3.3.2 Managing Instances

Instance actions allow you to perform numerous management tasks on instances. The actions available depend on the
instance type, hypervisor, roles permissions, and instance state. Actions can be accessed from the Instances list page
or from an Instance detail page.
Edit Edit the Name, Description, Environment, Group, Tags, and Owner for the Instance.
Delete Deletes the Instance.

Important: Deleting an Instance will delete the actual underlying VMs or Containers and cannot be undone.

Tip: You can change the owner of an instance easily by selecting the edit button and entering a new owner in the
corresponding field.

Actions

Available options in the Actions dropdown can include:

Suspend Puts the VM in a suspended state without shutting down the OS.
Stop/Start/Restart Server Stops, Starts or Restarts the Virtual Machine.
Import as Image Clones and exports VM in its current state to target Storage provider and adds a Virtual Image record
with metadata matching the source Instance configuration.
Clone to Image Clones and converts VM in its current state to image in the source Cloud and adds a Virtual Image
record with metadata matching the source Instance configuration.
Lock/Unlock Instance A locked Instance cannot be deleted until it is unlocked.
Reconfigure The Reconfigure action allows service plan, disk, CPU, memory, networks and storage controller changes.
Available options depend on the type and Plan configuration. Some resize actions require an Instance restart.
Clone Creates a new Instance from the Instance at its current state.
Backup Immediately executes a backup of the Instance. This is only available for Instances with backups enabled.
Run Task Select a currently-configured Task to run against the Instance. Tasks can be created and edited in Library
> Automation.
Add Node Adds an additional node to the configuration. Additional options and configurations are required in the add
node wizard depending on Instance configuration and type.
Eject Disk Ejects attached disks (ISOs).
Clone to Template (VMware) Creates a new VMware Template from the Instance with corresponding HPE VM Es-
sentials Virtual Image record.

Tip: Scrolling down in the Actions dropdown may be necessary to see all options.

3.3. Instances 41
Morpheus Documentation

Performing Instance Actions

1. Select the Provisioning link in the navigation bar.

2. From the Instances list, select the desired Instance.
3. Click the Actions dropdown button and select an Action.

Notes

Every Instance has a Wiki section for adding useful information about the Instance. Wiki can be added by selecting
the Wiki tab on the bottom of the Instance Detail page. Instances with associated VMware VMs will bi-directionally
sync HPE VM Essentials Wiki content and VMware VM Notes. See the Wiki Section for more details.

Tip: Markdown Syntax is supported in Wikis.

42 Chapter 3. Provisioning
 CHAPTER

FOUR

LIBRARY

4.1 Labels

Labels are a categorization feature designed to allow easier filtering of list views in the HPE VM Essentials Library.
The following library constructs can be labeled:
• Clouds
• Groups
• Tasks
• Instances
• Servers
• Virtual Images
Labels are visible from the list views of any constructs listed above. By default, labels are turned on in the list view but
if they aren’t showing, click the gear icon () and then click Labels to enable them.
The list view contains a row of filters above the list, one of which is Labels. Enter a search string to find an existing label
or click the dropdown button within the field to select an existing label. This will filter the list to show only constructs
which have the selected label.

Note: Any list may be filtered by any label which exists on any construct. When a label is removed from a construct
and no other constructs also have that label, HPE VM Essentials will remove the label from the list during its nightly
sync. It is normal for a label to continue to exist in this list, even if it’s not currently applied to any constructs, until the
next nightly sync has taken place.

4.1.1 Adding and Removing Labels

Labels can be created when adding or edited any of the supported constructs listed above. When adding or editing the
object, enter or edit the comma-separated list of labels you wish to apply.

43
Morpheus Documentation

4.1.2 Running Automation Against Label Targets

Tasks can be run against Instance Labels or Server Labels. When executing the Task, select either Server Label or
Instance Label. After specifying the Label, the automation will be run against all Instances or Servers which have the
indicated Label. Currently, only one Label may be selected and users cannot enter multiple Labels in the field. If a
non-existent Label is entered, the automation simply will not run against any Workloads since the Label does not match
any.

Note: Instance and server Labels are separate. Even if some Instances or servers have the same Label, the automation
is only run against the selected construct (Instance Labels or Server Labels).

4.2 Automation

Library > Automation

The automation section is where scripts, known as Tasks, can be created. Tasks are individual Bash or Powershell scripts
which can be selected to run against Instances at the time they are provisioned from the Instance provisioning wizard.
In this section, users can also create execution schedules which are configured time intervals on which automated jobs
(such as backups) would be carried out.

4.2.1 Tasks

Role Permissions

The User Role Permission ‘Provisioning: Tasks FULL’ is required to create, edit and delete Tasks.

44 Chapter 4. Library
 Morpheus Documentation

Common Options

When creating a Task, the required and optional inputs will vary significantly by the Task type. However, there are
options which are common to Tasks of all types.

Target Options

When creating a Task, users can select a target to perform the execution. Some Task types allow for any of the three
execution targets listed below and some will limit the user to two or just one. The table in the next section lists the
available execution targets for each Task type.
• Resource: A HPE VM Essentials-managed Instance or server is selected to execute the Task
• Local: The Task is executed by the HPE VM Essentials appliance node
• Remote: The user specifies a remote box which will execute the Task

Execute Options

• Continue on Error: When marked, automation stacks including this Task can continue when this Task fails.
Additionally, Instances provisioned with this Task as part of its automation stack can be considered provisioned
successfully even if this Task has failed
• Retryable: When marked, this Task can be configured to be retried in the event of failure
• Retry Count: The maximum number of times the Task will be retried when there is a failure
• Retry Delay: The length of time (in seconds) HPE VM Essentials will wait to retry the Task
• Allow Custom Config: When marked, a text area is provided at Task execution time to allow the user to pass
extra variables or specify extra configuration. See the next section for an example.

Source Options

Task configuration code may be entered locally or sourced via URL. Changing the SOURCE type will often update the
available fields in the Task modal to accommodate the selected sourcing.
• Local: The Task configuration code is written directly in HPE VM Essentials in a large text area. HPE VM
Essentials includes syntax highlighting for easier debugging and script writing
• URL: For Task configuration that can be source via an outside URL, specify the address in the URL field

Allow Custom Config

When “Allow Custom Config” is marked on a Task, the user is shown a text area for custom configuration when the
Task is executed manually from the Tasks List Page. This text area is inside the “Advanced Options” section, which
must be expanded in order to reveal the text area. Within the text area, add a JSON map of key-value pairs which can
be resolved within your automation scripts. This could be used to pass extra variables that aren’t always needed in the
script or for specifying extra configuration.
Example JSON Map:

{"key1": "value1",
"key2": "value2",
"os": "linux",
"foo": "bar"}

4.2. Automation 45
Morpheus Documentation

When the Task is executed, these extra variables would be resolved where called into the script such as in the following
simple BASH script example:

echo "<%=customOptions.os%>"
echo "<%=customOptions.foo%>"

The above example would result in the following output:

linux
bar

Task Types

Table 1: Available Task Types

Task Task Description Source Execute Config- Role Per-
Type Op- Target uration missions
tions Options Require- Require-
ments ments
Pow- Execute PowerShell Script on the Tar- Local, Remote, None Library:
er- get Resource Reposi- Re- Tasks
Shell tory, Url source,
Script Local
Restart Restarts target VM/Host/Container and System Resource None Library:
confirms startup status before execut- Tasks
ing next task in Workflow
Shell Executes Bash script on the target re- Local, Local, None Library:
Script source Reposi- Remote, Tasks
tory, Url Resource

Task Management

Adding Tasks

1. Select Automation from within the Library menu

2. On the Tasks tab, click the Add button
3. From the New Task Wizard input a name for the task
4. Select the type of task from from the type dropdown
5. Input the appropriate configuration details. These will vary based on the selected Task type.
6. Once done, click SAVE CHANGES

Tip: When writing a Task config, it’s often necessary to reference HPE VM Essentials variables which pertain to the
specific Instance the Task is being run against. HPE VM Essentials includes a pop-out column along the right side of
the Add/Edit Task modal which lists available variables. Click and drag the relevant variable into the config area and
HPE VM Essentials will automatically fill in the variable call formatted for the currently chosen Task type. See the
screenshot below.

46 Chapter 4. Library
 Morpheus Documentation

Editing Tasks

1. Select Automation from within the Library menu

2. Click the pencil icon () on the row of the task you wish to edit
3. Modify Task as needed
4. Once done, click SAVE CHANGES

Deleting Tasks

1. Select Automation from within the Library menu

2. Click the trash icon () on the row of the Task you wish to delete

4.2.2 Execute Scheduling

Execute Scheduling creates time schedules for automated jobs, such as backups. Backup Jobs are discussed in greater
detail in the Backups section and are configured with an execution schedule to coordinate their run times. This section
goes through the process of creating and configuring the scheduling object.
Schedules use CRON expressions, such as 0 23 * * 2 equalling Executes every week on Tuesday at 23:00.
CRON expressions can easily be created by clicking the corresponding translation in the create or edit Execution
Schedule modal below the Schedule field and selecting a new value.

Note: Execute Schedules CRON expressions should not include seconds or years. The days of the week should be
numbered 1-7, beginning with Monday and ending with Sunday. SUN-SAT notation may also be used. For more on
writing CRON expressions, many guides are hosted on the Internet including this one. HPE VM Essentials execution
schedules support most cron syntax but certain more complex expressions may fail to evaluate and the execute schedule
will not save. Additionally, some complex expressions may save and work correctly while the friendly written evaluation
below the SCHEDULE field is not interpreted correctly. This is due to an issue with the underlying library used to
build this feature and cannot easily be resolved at this time.

NAME Name of the Execution Schedule

Note: When assigning Execution Schedules, the name value will appear in the selection drop-down. Using a
name that makes clear the time interval is often helpful.

DESCRIPTION Description of the Execution Schedule for reference in the Execution Schedules list
TIME ZONE The time zone for execution
Enabled Check to enable the schedule. Uncheck to disable all associated executions and remove the schedule as an
option for Jobs in the future
SCHEDULE Enter CRON expression for the Execution Schedule, for example 0 0 * * * equals Every day at
00:00
SCHEDULE TRANSLATION The entered CRON schedule is translated below the SCHEDULE field. Highlighted
values can be updated by selecting the value, and relevant options will be presented. The CRON expression will
automatically be updated

4.2. Automation 47
Morpheus Documentation

4.3 Virtual Images

4.3.1 Overview

The Virtual Image section displays a list of all images, local and synced, that are available to deploy. HPE VM Essentials
includes a rich catalog of pre-configured default images for HPE VME clusters or for VMware vCenter Cloud targets as
well. User Images are automatically synced from Cloud Integrations and added to the Virtual Images section. Images
can also be uploaded directly into HPE VM Essentials via local file or url. Understanding the process of prepping
images for consumption in HPE VM Essentials is a very important step toward building an effective HPE VM Essentials
environment.

Tip: HPE VM Essentials includes a wide catalog of system image types as examples to show how the product can be
used and to give users a starting point for implementing their own library. The included images are not intended to be
production-ready images. HPE VM Essentials always recommends its users create their own gold images which meet
their required specifications.

Important: Invalid Image Settings cause provisioning failures. HPE VM Essentials syncs in as much metadata as
possible for synced images, but additional configuration may be needed to ensure successful provisioning.

Warning: Cloud-init is enabled by default for all Linux images. If your Linux image does not have Cloud-init
installed, Cloud-init Enabled must be unchecked before provisioning the image or it will fail immediately.

4.3.2 Configuring Virtual Images

System Images

System Virtual Images are pre-configured with metadata and have Cloud-Init or Cloudbase-Init installed. These images
are ready to be provisioned with no configuration necessary, however it is required to populate Administration > Settings
> Provisioning, Cloud-Init section, with user data as well as User Profile(s) users data when creating additional users
prior to provisioning, as the user data from these sections is required when provisioning System provided Virtual
Images.

Note: System Images settings are not editable.

User Images

Typically HPE VM Essentials does not have sufficient metatdata to successfully provision synced User Images with no
additional configuration. After integrating Clouds and User Images have synced, it is highly recommended to configure
the images prior to provisioning.
To edit and configure an existing Virtual Image:
1. Select the pencil icon at the right of any row on the Virtual Images list page, or click EDIT on a Virtual Image
detail page.
2. Configure the following on the Image:

48 Chapter 4. Library
 Morpheus Documentation

Name Name of the Virtual Image in HPE VM Essentials. This can be changed from the name of the image, but
editing will not change the name of the actual image
Operating System Specifies the platform and OS of the image. All Windows images will need to have the
operating system specified on the Virtual Image, as HPE VM Essentials will assign Linux as the platform
for all images without an operating system specified
Minimum Memory The Minimum Memory setting will filter available Service Plan options during provision-
ing. Service Plans that do not meet the minimum value set on the Virtual Image will not be provided as
Service Plan choices
Cloud Init Enabled? On by default, uncheck for any Image that does not have Cloud-Init or Cloudbase-Init
installed
Install Agent? On by default, uncheck to skip Agent install. Note this will result in the loss of utilization
statistics, logs, script execution, and monitoring. (Some utilization stats are still collected for Agent-less
hosts and VMs depending on the cloud)
Username Existing username on the image. This is required for authentication, unless HPE VM Essentials is
able to add user data, Cloud-Init, Cloudbase-Init or Guest Customizations. If Cloud-Init, Cloudbase-Init
or Guest Customizations are used, credentials are defined in Administration > Settings > Provisioning and
User Settings. If credentials are defined on the image and Cloud-Init is enabled, HPE VM Essentials will
add that user during provisioning, so ensure that user does not already exist on the image (such as root). For
Windows Guest Customizations, HPE VM Essentials will set the Administrator password to what is defined
on the image if Administrator user is defined. Do not define any other user than Administrator for Windows
Images unless using Cloudbase-init. HPE VM Essentials recommends running Guest Customizations for
all Windows Images, which is required when joining Domains as the SID will change
Password Password for the user on the image if username is populated
Bucket Location where the Virtual Image will be stored. Default Virtual Image Storage location is /var/opt/
morpheus/morpheus-ui/vms. Additional Storage Providers can be configured in Infrastructure >
Storage
Cloud-Init User Data Accepts what would go in runcmd and can assume Bash syntax. Example use: Script to
configure satellite registration at provision time
Create Image ID Select FILE to browse locally for an image or drop an image file into the dropzone. Alterna-
tively, select URL to download the image from an accessible URL. It is recommend to configure the rest
of the settings below prior to uploading the source Image File(s)
Permissions Set Tenant permissions in a multi-tenant HPE VM Essentials environment. Select private visibility
and select specific Tenants to which the Virtual Image will be made available. Select public visibility to
share the Virtual Image with all Tenants
Auto Join Domain? Enable to have Instances provisioned with this image auto-join configured domains (Win-
dows only, domain controller must be configured in Infrastructure > Network and the configured
domain set on the provisioned to Cloud or Network)
VirtIO Drivers Loaded? Enable if VirtIO Drivers are installed on the image for provisioning to KVM-based
hypervisors
FIPS Compliant Image? When selected, HPE VM Essentials will install the FIPS-compliant HPE VM Essen-
tials Agent package
VM Tools Installed? On by default, uncheck if VMware Tools (including OpenVMTools) are not installed on
the Virtual Image. HPE VM Essentials will skip network wait during provisioning when deselected
Force Guest Customization? VMware only, forces guest customizations to run during provisioning, typically
when provisioning to a DHCP network where guest customizations would not run by default. This options
requires that VMware Tools is installed on the image

4.3. Virtual Images 49

Morpheus Documentation

Trial Version Enable to automatically re-arm the expiration on Windows Trial Images during provisioning
Enabled Sysprep? Applicable to VMware vCenter Clouds. Enable if the Windows Image has been sysprepped.
If enabled, HPE VM Essentials will inject unattend.xml
3. Click Save Changes

Note: Cloud-Init is enabled by default on all images. Images without Cloud-Init or Cloudbase-Init installed must have
the cloud-init flag disabled on the Virtual Image setting or Provisioning may fail.

4.3.3 Provisioning Images

When provisioning a system image, HPE VM Essentials will stream the image from Amazon S3 to the target Cloud if
the image is not local to the Cloud.
When using images that already exist in the destination Cloud, such as synced or previously copied images, no image
stream from S3 through the HPE VM Essentials Appliance to the destination cloud will take place.

Note: The HPE VM Essentials Appliance must be able to download from Amazon S3 when provisioning system
images.

Note: The HPE VM Essentials Appliance must be able reach and resolve the destination Host when provisioning
System Images or uploaded Images for the first time. This included being able to resolve ESXi host names in VMware
vCenter clouds, and reach the destination ESXi host over port 443.

4.3.4 Add Virtual Image

Virtual Images can be uploaded to HPE VM Essentials from local files or URLs.

Warning: Be conscious of your Storage Provider selection. The default Storage Provider is the HPE VM Essentials
Appliance at /var/opt/morpheus/morpheus-ui/vms. Uploading large images to the HPE VM Essentials Ap-
pliance when there is inadequate space will cause upload failures and impact Appliance functionality. Ensure there
is adequate space on your selected Storage Provider. Additional Storage Provider can be added at Infrastructure >
Storage, which can be configured as the default Virtual Image Store or selected when uploading Images.

Note: VMware-type OVF Virtual Images do not support mounted ISO uploads

To Add Virtual Image:

1. Select + Add in the Virtual Images page.
2. Select Image format:
• ISO
• QCOW2
• RAW

50 Chapter 4. Library
 Morpheus Documentation

• VMware (vmdk/ovf/ova)
3. Configure the following on the Virtual Image:
Name Name of the Virtual Image in HPE VM Essentials. This can be changed from the name of the
image, but editing will not change the name of the actual image
Operating System Specifies the platform and OS of the image. All Windows images will need to have
the operating system specified on the Virtual Image, as HPE VM Essentials will assign Linux as the
platform for all images without an operating system specified
Minimum Memory The Minimum Memory setting will filter available Service Plan options during pro-
visioning. Service Plans that do not meet the minimum value set on the Virtual Image will not be
provided as Service Plan choices
Cloud Init Enabled? On by default, uncheck for any Image that does not have Cloud-Init or Cloudbase-
Init installed
Install Agent? On by default, uncheck to skip Agent install. Note this will result in the loss of utilization
statistics, logs, script execution, and monitoring. (Some utilization stats are still collected for Agent-
less hosts and VMs depending on the cloud)
Username Existing username on the image. This is required for authentication, unless HPE VM Essen-
tials is able to add user data, Cloud-Init, Cloudbase-Init or Guest Customizations. If Cloud-Init,
Cloudbase-Init or Guest Customizations are used, credentials are defined in Administration > Set-
tings > Provisioning and User Settings. If credentials are defined on the image and Cloud-Init is
enabled, HPE VM Essentials will add that user during provisioning, so ensure that user does not
already exist on the image (such as root). For Windows Guest Customizations, HPE VM Essentials
will set the Administrator password to what is defined on the image if Administrator user is defined.
Do not define any other user than Administrator for Windows Images unless using Cloudbase-init.
HPE VM Essentials recommends running Guest Customizations for all Windows Images, which is
required when joining Domains as the SID will change
Password Password for the user on the image if username is populated
Bucket Location where the Virtual Image will be stored. Default Virtual Image Storage location is
/var/opt/morpheus/morpheus-ui/vms. Additional Storage Providers can be configured in
Infrastructure > Storage
Cloud-Init User Data Accepts what would go in runcmd and can assume Bash syntax. Example use:
Script to configure satellite registration at provision time
Create Image ID Select FILE to browse locally for an image or drop an image file into the dropzone. Al-
ternatively, select URL to download the image from an accessible URL. It is recommend to configure
the rest of the settings below prior to uploading the source Image File(s)
Permissions Set Tenant permissions in a multi-tenant HPE VM Essentials environment. Select private
visibility and select specific Tenants to which the Virtual Image will be made available. Select public
visibility to share the Virtual Image with all Tenants
Auto Join Domain? Enable to have Instances provisioned with this image auto-join configured domains
(Windows only, domain controller must be configured in Infrastructure > Network and the
configured domain set on the provisioned to Cloud or Network)
VirtIO Drivers Loaded? Enable if VirtIO Drivers are installed on the image for provisioning to KVM-
based hypervisors
FIPS Compliant Image? When selected, HPE VM Essentials will install the FIPS-compliant HPE VM
Essentials Agent package

4.3. Virtual Images 51

Morpheus Documentation

VM Tools Installed? On by default, uncheck if VMware Tools (including OpenVMTools) are not in-
stalled on the Virtual Image. HPE VM Essentials will skip network wait during provisioning when
deselected
Force Guest Customization? VMware only, forces guest customizations to run during provisioning, typ-
ically when provisioning to a DHCP network where guest customizations would not run by default.
This options requires that VMware Tools is installed on the image
Trial Version Enable to automatically re-arm the expiration on Windows Trial Images during provision-
ing
Enabled Sysprep? Applicable to VMware vCenter Clouds. Enable if the Windows Image has been
sysprepped. If enabled, HPE VM Essentials will inject unattend.xml

Note: Default Storage location is /var/opt/morpheus/morpheus-ui/vms. Additional Storage Providers can be

configured in Infrastructure > Storage. Ensure local folders are owned by morpheus-app.morpheus-app if used.

Warning: Provisioning will fail if Cloud init Enabled is checked and Cloud-Init is not installed on the Image.

Note: Existing Image credentials are required for Linux Images that are not Cloud-Init enabled and for Windows
Images when Guest Customizations are not used. Cloud-Init and Windows user settings need to be configured in
Administration > Settings > Provisioning when using Cloud-Init or Guest Customizations and new credentials are not
set on the Virtual Image.

4. Upload Image
Images can be uploaded by File or URL:
File Drag and Drop the image file, or select Add File to select the image file.
Url Select the URL radio button, and enter URL of the Image.

Note: The Virtual Image configuration can be saved when using a URL and the upload will finish in the
background. When selecting/drag and dropping a file, the image files must upload completely before saving
the Virtual Image record or the Image will not be valid.

5. Save Changes.

VMware - VM Templates Copies

In a VMware environment, you may have a single VM template that you use across different vCenters. Uploading an
image to HPE VM Essentials, mentioned in the Add Virtual Image section, is one method to solve this. Alternatively,
an organization may decide to create a VM template in one vCenter and then transfer it to other vCenters, which then
could be synced into HPE VM Essentials.
If all the vCenters are added as Clouds into HPE VM Essentials and the templates are named the same in each vCenter,
they will be aggregated under a single virtual image in HPE VM Essentials. This means that as you deploy to the
various vCenter Clouds in HPE VM Essentials using this virtual image, it will choose the correct VM template to use
based on the Cloud deployed to.
HPE VM Essentials supports VMware Content Libraries storing VM templates and syncing into HPE VM Essentials,
the same as a template in a folder. Additionally, the Content Library can be used to house the same template in multiple

52 Chapter 4. Library
 Morpheus Documentation

libraries. If they have the same name, these templates will be aggregated under a single virtual image. If the Content
Library is stored on a datastore that the target host/cluster has access to, it will use that library first, to reduce the cloning
time. If the Content Library is not stored in a datastore accessible by the cluster/host, a copy of the VM template will
be performed to the target host/cluster instead.

Note: VM templates are a Datacenter level object. The same process above applies to a single VMware cloud with
multiple logical datacenters. It will not apply to clusters, as a template is not associated with a cluster, only when it is
converted to a VM.

4.3. Virtual Images 53

Morpheus Documentation

54 Chapter 4. Library
 CHAPTER

FIVE

INFRASTRUCTURE

The heart of HPE VM Essentials is the ability to manage provisioning across any infrastructure, from bare metal to
virtualized clouds and all the way to public infrastructure.

5.1 Groups

5.1.1 Overview

Groups in HPE VM Essentials define the available resources for each user. Group access is defined by Roles. Clouds
are added to Groups, and a User can only access the Clouds associated with Groups in their Role. Resources such as
networks, datastores, resource pools, and folders have additional Group access settings.
The Groups list page displays all current groups, which can be filtered by applied Labels or by simple search. Existing
Groups can be edited here and new Groups can be created.
To View Groups:
1. Hover over the Infrastructure link in the menu bar
2. Click the Groups link

5.1.2 UI

1. Select the Infrastructure link in the navigation bar

2. Click the Groups link

5.1.3 CLI

To view all groups: groups list.

To use the group: groups use <id> or groups use "group name"
To get a JSON output of a specific group: groups get <id> -j or groups get "group name" -j

55
Morpheus Documentation

5.1.4 API

To view all groups: curl https://api.gomorpheus.com/api/groups -H "Authorization:

BEARER access_token"
To view a specific group: curl https://api.gomorpheus.com/api/groups/:id -H
"Authorization: BEARER access_token"

5.1.5 Adding Groups

To add a group:
1. Select the Infrastructure link in the navigation bar
2. Click the Groups link
3. Click the Create Group button
4. Input out the Name and Location (optional) fields
5. Click the Save Changes button to save

5.1.6 Managing Groups

To view a Group:
1. Select the Infrastructure link in the navigation bar
2. Click the Groups link
3. Click the Group name to view/modify
Available tabs in group view
Hosts Lists available hosts in the group and displays power, os, name, type, cloud, ip address, nodes, disc space,
memory, and status. You can add a host from this tab panel by clicking Add Host.
Virtual Machines List all Virtual Machines in the Group.
Bare Metal List all Bare Metal Hosts added to the Group
Clouds Lists Clouds added to the Group. Existing Clouds or new Clouds can be added from the Group by clicking
Add Cloud.
Wiki Provides a text area for entering wiki content related to the Group in Markdown format. Additional information
on Wiki is available in the Operations > Wiki documentation section

5.1.7 Edit Group

To edit a Group:
1. Select the Infrastructure link in the navigation bar.
2. Click the Groups link.
3. Click the name of the group you wish to edit.
4. Click the Edit button.
5. From the Edit Group Wizard modify information as needed.
6. Click the Save Changes button to save.

56 Chapter 5. Infrastructure
 Morpheus Documentation

5.1.8 Delete Group

To delete a Group:
1. Select the Infrastructure link in the navigation bar.
2. Click the Groups link.
3. Click the name of the group you wish to delete.
4. Click the Delete button.
5. Confirm

5.1.9 User Access

Important: User access to Groups is determined by their Role(s). Group access for Roles can be configured in the
Group Access section of a Role’s Settings.

5.2 Clouds

5.2.1 Overview

In HPE VM Essentials, a Cloud represents a grouping of HPE VME clusters (referred to as a “Private Cloud”) or an
integration with a VMware vCenter appliance. This section describes general information about the Clouds construct
and UI pages for Clouds. See the VMware integration guide for more specific details on integrating with VMware and
the features supported by HPE VM Essentials.

5.2.2 Creating Clouds

Clouds can be added from Infrastructure > Clouds or in Infrastructure > Groups > (selected Group) > Clouds. A more
detailed guide to adding a VMware vCenter Cloud can be found in the vCenter integration guide. The other available
Cloud type, known as Private Cloud, is a generic Cloud type that doesn’t directly integrate with any other technology
as the vCenter Cloud type does. Instead Private Cloud-type Clouds are used to house your HPE VME clusters. Make
as many Private Cloud-type Clouds as needed to organize your HPE VME clusters properly.

5.2.3 Cloud Detail View

The Cloud Detail view shows metrics on health, sync status, resource utilization statistics, and resource counts for
hosts, virtual machines, or any other constructs under the umbrella of the selected Cloud.
From the Cloud list page, select the name of a Cloud to display that Cloud’s detail page. You’ll notice the following
actions are available:
EDIT Edit the setup configuration of the Cloud.
REFRESH Force a sync with the Cloud.
DELETE Delete the Cloud from HPE VM Essentials.

5.2. Clouds 57
Morpheus Documentation

Important: All Instances, managed Hosts, and VMs associated with the Cloud must be removed prior to deleting a
Cloud.

Cloud Detail Tabs

Note: Not all tabs are available for all Cloud Types.

Clusters The Clusters tab displays clusters provisioned into the Cloud being viewed, including their status, type, name,
layout, workers, and compute, memory, and storage stats. You can add a cluster by clicking ADD CLUSTER.
Hosts
The Hosts tab displays available hosts in the Cloud and displays power, OS, name, type, cloud, IP
address, nodes, disk space, memory, and status. You can add a resource by clicking ADD RESOURCE,
add a hypervisor host by clicking ADD HYPERVISOR, or perform action an action by selecting one
or more Hosts and clicking ACTIONS.
VMs Displays an inventory of existing Instances in your Cloud configuration and provides details such as power,
OS, name, type, cloud, IP address, nodes, disk space, memory, and status.
Bare Metal Setup PXE Boot in the Boot section to add bare metal servers. Once set up you can view information such
as power, OS, name, type, cloud, IP address, nodes, disk space, memory, and status.
Security Groups The Security Groups tab displays a list of existing security groups in the cloud. You can add a
security group to this cloud by clicking EDIT SECURITY GROUPS.
Networks Displays Networks synced or added to the Cloud, including their name, type, CIDR, pool, DHCP status,
visibility and targeted Tenant.
Data Stores Displays Datastores synced or added to the Cloud, including their name, type, capacity, online status,
visibility, and targeted Tenant.
Resources Displays Resource Pools synced from the Cloud, including their name, description, and targeted Tenant.

5.2.4 Deleting Clouds

To delete a Cloud:
1. Select the Infrastructure link in the navigation bar.
2. Select the Clouds link in the sub navigation bar.
3. Click the Delete icon of the cloud to delete.

Important: All Instances, managed Hosts and VMs must be removed prior to deleting a Cloud.

58 Chapter 5. Infrastructure
 Morpheus Documentation

5.3 Clusters

5.3.1 Overview

The Infrastructure > Clusters section is where the list of existing HPE VME clusters can be viewed. Here you can view
high-level statistics about all clusters under management by HPE VME manager, such as aggregate resource usage by
all clusters and the number of workloads running across all of them. Click into an existing HPE VME cluster to view
additional metrics such as hosts, VMs, resource utilization by the host, and a lot more.

5.3.2 Requirements

• HPE VM Essentials Role permission Infrastructure: Clusters > Full required for Viewing, Creating,
Editing and Deleting Clusters
• HPE VM Essentials Role permission Infrastructure: Clusters > Read required for Viewing Cluster list
and detail pages

5.3.3 Cluster Permissions

• Cluster Permissions Each Cluster has Group and Service Plan access permissions settings (Gear icon > Per-
missions from the Clusters list page)

5.3.4 HPE VME clusters

An HPE VME cluster is a hypervisor clustering technology utilizing KVM. Beginning with just a few basic Ubuntu
boxes, HPE VM Essentials can create a cluster of HPE VME Hypervisor hosts complete with monitoring, failover,
easy migration of workloads across the cluster, and zero-downtime maintenance access to hypervisor host nodes. All
of this is backed by a highly-granular RBAC engine, and image library with automation stacks.

Features

Host Features
• Automated HPE VME cluster provisioning
• CEPH storage configuration for multi-node clusters
• CEPH summary, a high-level dashboard of CEPH components and status
• DRS, automatic rebalancing of clusters based on resource consumption
• Compatibility validation of network and storage devices at time of cluster provisioning
• Hypervisor console
• Configuration and deployment of OVS networks (VLANs)
• Cluster and individual host monitoring
• Add hosts to existing clusters
• Console support for cluster hosts
• Add, edit and remove networks and datastores from clusters
• Gracefully take hosts out of service with maintenance mode

5.3. Clusters 59
Morpheus Documentation

• Migration of workloads across hosts

• Configurable automatic failover of running workloads when a host is lost
• Ability to add and provision to fibre channel storage resources or iSCSI storage resources via GFS2 or OCFS2
filesystem
• Governance through HPE VM Essentials RBAC
VM Features
• Workload provisioning and monitoring (Linux or Windows workloads)
• Console support for running workloads
• Affinity placement, pin VMs to hosts
• Brownfield discovery of existing VMs
• Reconfigure VM sizing
• Disk migration across datastores
• UEFI support
• Migration of VMs across hosts
• Configure automatic failover for individual VMs in the event a host is lost
• Reconfigure running workloads to resize plan, add/remove disks, and add/remove network interfaces
• Backup and restore VM workloads, with optional synthetic full backups
• Clone VMs
• Take snapshots and revert to snapshots
• HPE VM Essentials library and automation support

Base Cluster Details

An HPE VME cluster using the hyperconverged infrastructure (HCI) Layout consists of at least three hosts. Physical
hosts are recommended to experience full performance of the solution. In smaller environments, it is possible to
create an HPE VME cluster with three nested virtual machines, a single physical host (non-HCI only), or a single
nested virtual machine (non-HCI only) though performance may be reduced. With just one host it won’t be possible
to migrate workloads between hosts or take advantage of automatic failover. Currently, a host must be a pre-existing
Ubuntu 22.04 box with environment and host system requirements contained in this section. HPE VM Essentials
handles cluster configuration by providing the IP address(es) for your host(s) and a few other details. Details on adding
the cluster to HPE VM Essentials are contained in the next section.
Hardware Requirements
• Operating System: Ubuntu 22.04
• CPU: One or more 64-bit x86 CPUs, 1.5 GHz minimum with Intel VT or AMD-V enabled
• Memory: 4 GB minimum. For non-converged Layouts, configure HPE VME hosts to use shared external storage,
such as an NFS share or iSCSI target. Converged Layouts utilize Ceph for clustered storage and require a 4 GB
minimum memory per Ceph disk
• Disk Space: For converged storage, a data disk of at least 500 GB is required for testing. More storage will
be needed for production clusters. An operating system disk of 15 GB is also required. Clusters utilizing non-
converged Layouts can configure external storage (NFS, etc.) while HPE VM Essentials will configure Ceph for
multi-node clusters

60 Chapter 5. Infrastructure
 Morpheus Documentation

• Network Connectivity: HPE VME hosts must be assigned static IP addresses. They also need DNS resolution
of the HPE VM Essentials appliance and Internet access in order to download and install system packages for
dependencies, such as KVM, Open vSwitch (OVS), and more

Note: Ubuntu 22.04 uses netplan for networking and it is the responsibility of the customer to establish recommended
networking configurations prior to provisioning an HPE VME cluster. To configure a static IP address, change into
the directory holding the config files (cd /etc/netplan) and edit the existing configuration file (/etc/netplan/
50-cloud-init.yaml or /etc/netplan/00-installer-config.yaml or /etc/netplan/01-netcfg.yaml).
If desired, backup the existing configuration prior to editing it (cp /etc/netplan/<file-name>.yaml /etc/
netplan/<file-name>.yaml.bak). For additional information on configuration file formatting, refer to netplan
documentation. Once the configuration is updated, validate and apply it (netplan try). The try command will
validate the configuration and apply it if it’s valid. If invalid, it will automatically be rolled back.

Note: Clustered storage needs as much network bandwidth as possible. Network interfaces of at least 10 Gbps
with jumbo frames enabled are required for clustered storage and for situations when all traffic is running through the
management interface (when no compute or storage interface is configured). It’s highly likely that performance will be
unacceptable with any lower configurations.

Table 1: Network Communication Ports

Description Source Destination Port Pro-
to-
col
HPE VM Essentials Agent communication with HPE VME host HPE VM Essentials 443 TCP
the HPE VM Essentials appliance appliance server
HPE VME host configuration and management HPE VM Essentials HPE VME host 22 TCP
appliance server
Inter-host communication for clustered deploy- HPE VME host HPE VME host 22 TCP
ments
HPE VM Essentials server SSH access for de- HPE VM Essentials Hosted virtual ma- 22 TCP
ployed virtual machines appliance server chines
HPE VM Essentials server WinRM (HTTP) ac- HPE VM Essentials Hosted virtual ma- 5985 TCP
cess for deployed virtual machines appliance server chines
HPE VM Essentials server WinRM (HTTPS) HPE VM Essentials Hosted virtual ma- 5986 TCP
access for deployed virtual machines appliance server chines
Ceph Storage HPE VME host HPE VME host 3300 TCP
Ceph Storage HPE VME host HPE VME host 6789 TCP
Ceph MDS/OSD HPE VME host HPE VME host 6800- TCP
7300

Example Cluster Deployment

In this example cluster, each host box consists of:
• 4 vCPU
• 16 GB memory
• 20 GB OS boot disk
• 250 GB data disk (deployed to /dev/sdb)
• 3 network interfaces for management, storage, and compute traffic (set to eth0, eth1, and eth2, respectively, in
this example. Your environment may differ.)

5.3. Clusters 61
Morpheus Documentation

Note: 250 GB data disks used in this example are simply for demonstration purposes. A typical test cluster should
consist of at least 500 GB storage and more will be required for production. Do not raid disks on physical servers.
Currently, only one data disk may be used, which is given in the DATA DEVICE configuration during cluster setup.
In the very near future, an update will be provided to allow multiple data disks to be used. These will be added to the
total Ceph storage in one large volume. Until that update, only one data disk may be given in the configuration.

HPE VME clusters must also live in Private Cloud-type Clouds (See Infrastructure > Clouds). A pre-existing Cloud
may be used or a new Cloud could be created to house HPE VME clusters.

Provisioning the Cluster

As mentioned in the previous section, this example is starting with three provisioned Ubuntu 22.04 boxes. I also
have a Private Cloud-type Cloud to house the cluster. Begin the cluster creation process from the Clusters list page
(Infrastructure > Clusters). Click + ADD CLUSTER and select “HPE VM”.
HPE VM Essentials gives the option to select a hyperconverged infrastructure (HCI) LAYOUT or non-HCI. In this
example, the HCI Layout is used (requires a three-node minimum). Next, configure the names and IP addresses for the
host boxes (SSH HOST). The SSH HOST name configuration is simply a display name in HPE VM Essentials, it does
not need to be a hostname. By default, configuration space is given for three hosts which is what this example cluster
will have. You must at least configure one and it’s possible to add more by clicking the (+) button. The SSH PORT
is pre-configured for port 22, change this value if applicable in your environment. Next, set a pre-existing user on the
host boxes (SSH USERNAME and SSH PASSWORD) and SSH KEY. Use a regular user with sudo access.
In the next part of the modal, you’ll configure the storage devices and network interfaces. When Ceph initializes, it
needs to be pointed to an initial data device. Configure this in the DATA DEVICE field. At this time, only one device
may be given but in the near future, an update will allow for multiple devices to be configured which would be added
to the total Ceph storage as one large volume. Find your disk name, if needed, with the lsblk command. In my case,
the target device is located at /dev/sdb.
Though not strictly required, it’s recommended to have separate network interfaces to handle cluster management,
storage traffic, and compute. In this example case, eth0 is configured as the MANAGEMENT NET INTERFACE
which handles communication between the cluster hosts. eth1 is configured as the STORAGE NET INTERFACE
and eth2 is configured as the COMPUTE NET INTERFACE. The COMPUTE VLANS field can take a single value
(ex. 1) or a range of values (ex. 22-25). This will create OVS port group(s) selectable as networks when provisioning
workloads to the cluster. If needed, you can find your network interface names with the ip a command.
Finally, only one CPU TYPE is currently supported (x86_64) though this may change in the future. For CPU MODEL
configuration, we surface the entire database of model configurations from libvirt. If unsure or if you don’t know of
a specific reason to choose one or the other, select host-model which is the default option.

62 Chapter 5. Infrastructure
 Morpheus Documentation

At this point we’ve kicked off the process for configuring the cluster nodes. Drill into the Cluster detail page and click
on the History tab. Here we can monitor the progress of configuring the cluster. HPE VM Essentials will run scripts to
install KVM, install Ceph, install OVS, and to prepare the cluster. In just a short time, the cluster provisioning should
complete and the cluster will be ready to deploy workloads.

Provisioning a Workload

At this point, the cluster is ready for workloads to be provisioned to it. Within the Instance provisioning wizard (See
Provisioning > Instances documentation for more details on provisioning), there is now the “HPE VM” Instance Type.
This Instance will allow you to choose from any HPE VME cluster-compatible images within your environment. Out of
the box, HPE VM Essentials does not include any compatible images but there is a section later in this guide covering
the process of onboarding existing QCOW images into the UI as Virtual Images and another section covering the
process of prepping Windows images from the downloaded ISO.
After arriving at the Configure tab of the provisioning wizard, select a Plan based on resource needs. From the RE-
SOURCE POOL field, select the desired HPE VME cluster. When configuring VOLUMES for the new workload,
note that space can be claimed from the Ceph volume. Within NETWORKS, we can add the new workload to one of
the VLANS set up as part of cluster creation. Finally, note that we can choose the HOST the workload should run on
in addition to selecting the compatible image.
Review and complete the provisioning wizard. After a short time, the workload should be up and running. With a

5.3. Clusters 63
Morpheus Documentation

workload now running on the cluster, we can take a look at some of the monitoring, migration, failover, and other
actions we can take for workloads running on HPE VME clusters.

Monitoring the Cluster

With the server provisioned and a workload running, take a look at the monitoring and actions capabilities on the cluster
detail page (Infrastructure > Clusters, then click on the new HPE VME cluster). View cluster performance and resource
usage (Summary and Monitoring tabs), drill into individual hosts (Hosts tab), see individual workloads (VMs tab), and
more.
Moving Workloads Between Hosts
To manually move workloads between hosts, drill into the detail page for the VM (from the VMs tab of the cluster
detail page). Click ACTIONS and select “Manage Placement”. Choose a different host and select from the following
placement strategies:
• Auto: Manages VM placement based on load
• Failover: Moves VMs only when failover is necessary
• Pinned: Will not move this workload from the selected host
Within a short time, the workload is moved to the new host.
Adding hosts
The process of adding hosts to a pre-existing cluster is very similar to the process of provisioning the cluster initially.
The requirements for the new worker node will be identical to the nodes initially added when the cluster was first
provisioned. See the earlier sections in this guide for additional details on configuring the worker nodes.
To add the host, begin from the Cluster detail page (selected from the list at Infrastructure > Clusters). From the Cluster
detail page, click ACTIONS and select “Add Worker”. Configurations required are the same as those given when the
cluster was first created. Refer to the section above on “Provisioning the Cluster” for a detailed description of each
configuration.
Once HPE VM Essentials has completed its configuration scripts and joined the new worker node to the cluster, it will
appear in a ready state within the Hosts tab of the Cluster detail page. When provisioning workloads to this Cluster
in the future, the new node will be selectable as a target host for new Instances. It will also be an available target for
managing placement of existing VMs running on the cluster.

Note: It’s useful to confirm all scripts related to creating the new host and joining the new host to the cluster completed
successfully. To confirm, navigate to the detail page for the new host (Infrastructure > Clusters > Selected Cluster >
Hosts Tab > Selected Host) and click on the History tab. Confirm all scripts, even those run on the pre-existing hosts,
completed successfully as it’s possible the new host was added successfully (green status) but failed in joining the
cluster. When such a situation occurs it may appear adding the new host was successful though it will not be possible
to provision workloads onto it due to not joining the cluster successfully.

Maintenance Mode
HPE VME hosts can be easily taken out of service for maintenance when needed. From the host detail page, click
ACTIONS and then click “Enter Maintenance.” When entering maintenance mode, the host will be removed from the
pool. Live VMs that can be migrated will be moved to new hosts. VMs that are powered off will also be moved when
possible. When a live VM cannot be moved (such as if it’s “pinned” to the host), the host will not go into maintenance
mode until that situation is cleared. You could manually move a VM to a new host or you could power it down if it’s
non-essential. After taking that action, attempt to put the host into maintenance mode once again. HPE VM Essentials
UI provides a helpful dialog which shows you which VMs live on the host are to be moved as the host goes into
maintenance mode. When maintenance has finished, go back to the ACTIONS menu and select “Leave Maintenance.”

64 Chapter 5. Infrastructure
 Morpheus Documentation

Failover
HPE VME clusters support automatic failover of running workloads in the event of the loss of a host. Administrators
can control the failover behavior through the “Manage Placement” action on any running VM. From the VM detail
page, click ACTIONS and select “Manage Placement”. Any VM with a placement strategy of “Auto” or “Failover” will
be eligible for an automatic move in the event its host is lost. When the loss of a host does occur, the workload will be
up and running from a different cluster host within just a short time if it’s configured to be moved during an automatic
failover event. Any VMs pinned to a lost host will not be moved and will not be accessible if the host is lost. When the
host is restored, those VMs will be in a stopped state and may be restarted if needed.

Each of these VMs is configured for a different failover strategy. When the host is lost, we should expect to see the first
two VMs moved to an available host (since they have the “Auto” and “Failover” placement strategies, respectively). We
should not see the third VM moved.

5.3. Clusters 65
Morpheus Documentation

After loss of the host these three VMs were running on, we can see the lost host still has one associated VM in a stopped
state. The other two VMs are running on a second host which is still available.

66 Chapter 5. Infrastructure
 Morpheus Documentation

When the lost host returns, the moved VMs will come back to their original host. The third VM is associated with this
host as well and is in a stopped state until it is manually restarted.
Adding an NFS Datastore
Existing NFS shares can be used with HPE VME clusters for virtual machine storage. These are added and viewed from
the Storage tab of the cluster detail page and, once added and active, become selectable as targets for virtual machine
storage.

Note: Ensure NFS is properly configured to allow all of the HPE VME hosts to access the shared directory, including
permissions to read and write. For backup purposes, it’s also helpful to give HPE VM Essentials access to NFS.

Start by navigating to the Storage tab of the cluster detail page. Make sure the Data Stores subtab is also selected. Here
you will see a list of existing datastores with some additional information, such as type, capacity, and status. Click ADD.
Enter the NAME for the datastore in HPE VM Essentials and select the TYPE as NFS Pool. Note that the datastore
name cannot be changed once it has been created. This will update the available fields to include the additional fields
needed to integrate the NFS server. Enter the SOURCE HOST which is the hostname or the IP address of the NFS
server. Finally, enter the SOURCE DIRECTORY which is the directory path of the NFS share. Click SAVE.
Once the modal is saved, it will take a few minutes to initialize the new datastore and show a successful online status
in HPE VM Essentials. Once this initialization process is completed, the datastore can now be used as VM storage for
cluster.

5.3. Clusters 67
Morpheus Documentation

Utilizing Existing QCOW Images from an NFS File Share

Integrated NFS shares can be used both as a repository for HPE VME cluster images and as a target for saving new
images from existing VMs. This offers benefits of greatly expanding the available storage compared to what’s available
on the HPE VME manager VM, insulates you from issues that can arise from images completely filling the manager
storage, and allows for the same images to be easily integrated with multiple HPE VM Essentials appliances.
To begin, we need the NFS file share integrated with HPE VM Essentials. This is done in the Infrastructure > Storage
section of the UI. This guide assumes the NFS file share is pre-existing and the HPE VME manager can reach it.
Actually setting up an NFS file share goes beyond the scope of this guide. From the File Shares tab, check to see the
desired file share is already integrated. If needed, you can add one by clicking + ADD and then selecting “NFSv3”.
When adding a new file share, configure the following:
• NAME: A friendly name for the file share within HPE VM Essentials
• HOST: The IP address or hostname for the NFS file share server
• EXPORT FOLDER: The path to the folder that should be mounted to the manager
• ACTIVE: Must be checked to be able to consume this file share elsewhere in HPE VME manager UI
• DEFAULT VIRTUAL IMAGE STORE: (Optional) Select if you wish this file share to be the default store for
newly uploaded or generated images
When done, click Save changes.

Important: You must configure the NFS share to give HPE VME manager read and write access if you want to be
able to read images from and write images to the file share. Configuring NFS file shares goes beyond the scope of this
guide. Deleting files from an integrated file share deletes the actual file and not just the representation of the file in HPE
VM Essentials. This includes Virtual Images. Deleting a Virtual Image that is backed by a QCOW image file stored in

68 Chapter 5. Infrastructure
 Morpheus Documentation

an integrated file share will also cause the file itself to be deleted in addition to the Virtual Image object within HPE
VM Essentials.

With the file share integrated, we can now create Virtual Images which are backed by QCOW images that are pre-
existing in the file share. Navigate to Library > Virtual Images and click + ADD. From the dropdown, select “QCOW2”.
Make the configurations specified below. Those not mentioned can often be left on the default value. For a deeper
explanation of configurations not mentioned here, see the dedicated section of HPE VM Essentials documentation on
Virtual Images.
• NAME: A friendly name for the image in HPE VM Essentials
• OPERATING SYSTEM: Specify the operating system of the image
• MINIMUM MEMORY: Enter a minimum memory value and HPE VM Essentials will not allow the image to
be provisioned using a plan with lower memory
• BUCKET: Select the NFS share integrated in the previous step
• CREATE IMAGE ID: Set to “URL/PATH”
• URL: Enter the path to the QCOW image within the file share. See the next paragraph for a deeper explanation
of how to enter the path properly
The entered path to the QCOW image should not include the name of the NFS share or the name of the file itself. See
the portion highlighted in the screenshot:

It also should only be the path to the folder containing the QCOW image. The file name itself should not be part of the
path. For example, templates/qcow/ubuntu/server/2204/011025. Click Save changes.
With the NFS file share integrated and the Virtual Image created, the image is now usable from the provisioning wizard.
This guide won’t fully cover the use of the provisioning wizard but from the Configure tab of the wizard, the image is
now selectable (assuming you’ve selected a compatible provisioning target). Additionally, we can now click into the
detail page for running Instances and save them to images backed by the NFS file share. From the Instance detail page,
click Actions, then “Import as Image.” You’ll be able to set a name for the new image and specify the NFS file share
as the target bucket.

Image Prep (Windows)

This section will go through the steps to prepare a Windows image which can be successfully provisioned to HPE
VME clusters. Additionally, this image can serve as a template from which additional images and HPE VM Essentials
Library items can be built. In this example case, we’ll start from downloading a Windows Server 2019 ISO directly
from the Microsoft download center and go all the way through to creating a new Instance Type in HPE VM Essentials
that users can provision on-demand.
With the Windows ISO already downloaded, begin by uploading the ISO as a Virtual Image in HPE VM Essentials.
Virtual Images are added in Library > Virtual Images. Click + ADD and then choose “ISO.” Before adding the file
itself, set the following configurations on the Virtual Image:
• NAME: A name for the Virtual Image in HPE VM Essentials, such as “Windows Server 2019 ISO”
• OPERATING SYSTEM: “windows server 2019”

5.3. Clusters 69
Morpheus Documentation

• MINIMUM MEMORY: Filters out Service Plans at provision time which do not meet the minimum value. For
this image type, I’ve set 4 GB
In addition to the above, there are a number of checkbox configurations here (many of them are in the expandable “Ad-
vanced” section), some of which are checked by default. They should all be unchecked except for “VIRTIO DRIVERS
LOADED?” within the “Advanced” expandable section.
With the configurations set, it’s time to upload the ISO to HPE VM Essentials. Keep in mind that if you do not specify
a bucket in which the file should be uploaded, it will be uploaded to the appliance itself. If you choose to do this, be
sure you have enough space to store the images you need. Within the UPLOAD VIRTUAL IMAGE modal is a large
dropzone labeled “Drop Files Here.” You can drag and drop the ISO file here or you can click the button labeled “Add
File” and browse for it. A progress bar will appear, wait until the file is completely uploaded before you save and
dismiss the modal. After the file has completely uploaded, click SAVE CHANGES.

Next, we’ll provision a VM from the ISO using the built-in HPE VM Instance Type. Once running, we will configure
the VM to any specific requirements and convert it to a template. Navigate to Provisioning > Instances and click +
ADD. On the TYPE tab of the Instance provisioning wizard, we select the Instance Type to provision. In this case,
select “HPE VM” and click NEXT.
On the GROUP tab, select the Group and Cloud containing the target MVM Cluster and provide a name for the new
Instance. In my case, I have an automatic naming policy setting my Instance name, but depending on your appliance
configuration you may need to enter a custom name. Click NEXT.
On the CONFIGURE tab, first select the IMAGE. Select the Windows server ISO that was uploaded in the previous
step. Based on the minimum memory configuration that was set on the Virtual Image, Plans which are too small will
be filtered out. Among compatible Plans, select one that meets your requirements. Next, set the RESOURCE POOL,
which is the HPE VME cluster you’re targeting. Configure disks and disk sizes, as well as network details (this will
vary based on HPE VME cluster configuration). Finally, select the HOST, which is the HPE VME host within the
cluster that the new Instance should initially be provisioned onto.
As a final step, we need to also expand the “Advanced Options” section and make sure “ATTACH VIRTIO DRIVERS”
is checked. This will attach an ISO containing the VirtIO drivers which we’ll use later. Click NEXT.

70 Chapter 5. Infrastructure
 Morpheus Documentation

The final two tabs of the wizard, AUTOMATION and REVIEW, do not require any configuration changes though you
may want to review the Instance settings on the final tab. When done, click COMPLETE.
Click on the newly provisioning Instance from the Instances list page. Since this image is being provisioned for the first
time, the image must be uploaded to the HPE VME host. This can take a little bit of time but any future attempts to
provision workloads from this image will skip this step. Wait for the Instance to fully complete and appear in a green
“Ready” status.
Once the Instance has fully finished provisioning, launch a console session by clicking ACTIONS and then “Open
Console.” This will open a new window with a console session into the VM.

After selecting the language, click “Next.” On the following screen, click “Install Now.” This will begin the Windows
setup process on our new VM. You’ll next select the operating system type you wish to install. For this example, I’m
installing 2019 standard with desktop experience. Click “Next.”

5.3. Clusters 71
Morpheus Documentation

Accept the licensing terms and click “Next.”

On the next screen, choose a custom install.

The next screen asks where Windows should be installed and may be empty. Click “Load Driver” to locate the mounted
disk image containing the VirtIO drivers. The search should return a number of VirtIO SCSI controller packages for
various Windows flavors. Select the proper package for the Windows version being installed. Click “Next.”

72 Chapter 5. Infrastructure
 Morpheus Documentation

After a moment, we’re back at the screen asking where Windows should be installed. We should see the disk(s) of
size and type selected at the time the VM was provisioned. Select the proper disk and click “Next.” The Windows
installation will now begin. Once Windows has fully installed, proceed to the next step.

Following installation, Windows will restart and prompt for an Administrator user password. Set the password and log
in as Administrator. Currently, there are no network interfaces configured. We need to install the VirtIO drivers to get
this machine onto the network. We have a disk image mounted with the driver installer so we need to navigate to that
drive and launch the installer. Open Windows Explorer and locate the drive in the side bar. In my case, it’s the E: drive.
Right-click on virtio-win-gt-x64 and select “Install.”

5.3. Clusters 73
Morpheus Documentation

Step through the installer. Simply click “Next” or “Install” through each step, there are no configuration changes needed.
Once the installer has completed, click “Finish.” Next, complete the same process for virtio-win-guest-tools` going all
the way through until the installer has completed. You can confirm we now have a network interface by opening a
Command Prompt session and using the ipconfig command. One network adapter should be listed.

We can now eject the two virtual disks, drives D: and E: in my case. Then, launch Windows Security so we can disable
firewalls. Turn off firewall for domain, private network, and public network.

74 Chapter 5. Infrastructure
 Morpheus Documentation

Next, back in Command Prompt, run winrm quickconfig to configure winrm. Within Services, ensure that winrm
(Windows Remote Management) is set to automatic on startup. Right-click on the Start button and select Run. Enter
“sysprep” and click OK. In the Windows Explorer window that appears, right-click on sysprep and click “Run as
Administrator”. Under “Shutdown Options”, choose Quit and click OK. If this is set to shutdown, HPE VM Essentials
will simply restart the VM. Once this is completed, a new file Sysprep_succeeded.tag appears in Windows Explorer.

We’re now done configuring Windows and the console window can be closed. We’ll move on to creating a template
from the VM we just configured. Begin by opening an SSH session into the HPE VM Essentials appliance server.
Confirm jq is up to date on the appliance box (apt install jq). Then, go ahead and stop the running Windows
VM. We can do this from the Instance detail page in HPE VM Essentials. Click ACTIONS and then “Stop Server.”
Still on the Instance detail page, click ACTIONS and then “Import as Image.” This will perform a snapshot and create
a new Virtual Image (Library > Virtual Images).
The Virtual Image is not usable until it’s in an active status and the UI indication may display an active status even
before it’s fully ready. If it’s “SAVING” or “QUEUED,” it is still being prepared and saved. To determine the current
status of the Virtual Image, check with a call to HPE VM Essentials API like the one below. When the return output
lists a status of “Active,” the image is ready to be provisioned from.

curl -k --request GET --url https://xx.xx.xx.xx/api/virtual-images/<id>

--header 'accept: application/json' --header 'authorization: Bearer xxx-xxx-xxx-xxx-xxx'␣
˓→|

jq '.virtualImage.status'

Once saved, additional configurations are needed on the Virtual Image in HPE VM Essentials. Edit the new Virtual

5.3. Clusters 75
Morpheus Documentation

Image and check the following configurations:

• MINIMUM MEMORY: Set as appropriate
• SYSPREPPED/GENERALIZED IMAGE?: Checked
• INSTALL AGENT?: Checked
• USERNAME: Remove if present
• PASSWORD: Remove if present
• VIRTIO DRIVERS LOADED?: Checked
All other checkbox-type configurations not mentioned in the above list should be unchecked. Click SAVE CHANGES.
At this point all image preparation steps are completed. Repeat the process of provisioning an HPE VM Instance Type
selecting the new image in the future when needed.

5.4 Network

5.4.1 Networks

Infrastructure > Network > Networks

Overview

The Networks section is for configuring networks across all Clouds in HPE VM Essentials. Existing networks from
Clouds added in HPE VM Essentials will auto-populate in the Networks section.
Networks can be configured for DHCP or Static IP assignment, assigned IP pools, and configured for visibility and
account assignment for multi-tenancy usage. Inactive Networks are unavailable for provisioning use. In addition, HPE
VM Essentials allows administrators to restrict management of HPE VM Essentials-created Networks through Role
permissions.

Configuring Networks

DHCP

To configure a network for DHCP:

1. Navigate to Infrastructure > Network > Networks
2. Search for the target network
3. Edit the Network by either:
• Select Actions > Edit
• Select the Network, then select Edit
4. In the Network Config modal, set the DHCP flag as Active (default)
5. Save Changes

Important: The DHCP flag tells HPE VM Essentials this network has a DHCP server assigning IP Addresses to
hosts. HPE VM Essentials does not act as the DHCP server, and provisioning to a network that has the DHCP server

76 Chapter 5. Infrastructure
 Morpheus Documentation

flag active in HPE VM Essentials, but no DHCP server actually on the network will, in most cases, cause the instance
to not receive an IP address.

Note: When selecting a network with DHCP enabled during provisioning, “DHCP” will populate to the right of the
selected network:

Static and IP Pools

To configure a network for Static IP Assignment:

1. Navigate to Infrastructure > Network > Networks
2. Search for the target network
3. Edit the Network by either:
• Select Actions > Edit
• Select the Network, then select Edit
4. In the Network Config modal, add the following:
• Gateway
• DNS Primary
• DNS Secondary
• CIDR ex 10.10.10.0/22
• VLAN ID (if necessary)
• Network Pool * Leave as “choose a pool” for entering a static IP while provisioning * Select a Pool to use
a pre-configured HPE VM Essentials or IPAM Integration IP Pool
• The Permissions settings are used for Multi-Tenant resource configuration
– Leave settings as default if used in a single-tenant environment (only one Tenant in your HPE VM
Essentials appliance)
– To share this network across all accounts in a multi-tenant environment, select the Master Tenant and
set the Visibility to Public
– To assign this network to be used by only one account in a multi-tenant environment, select the account
and set visibility to Private
• Active
– Leave as enabled to use this network
– Disable the active flag to remove this network from available network options
5. Save Changes

Note: When selecting a network with DHCP disabled and no IP Pool assigned during provisioning, an IP entry field
will populate to the right of the selected network(s):

5.4. Network 77
Morpheus Documentation

Note: When selecting a network with an IP Pool assigned during provisioning, the name of the IP pool will populate
to the right of the selected network(s). IP Pools override DHCP.

Advanced Options (Search Domains)

Search domains are appended to DNS searches when a non fully qualified domain name (short name) is queried. Search
domains can be entered as comma separated values, which will be added to DNS configurations, such as /etc/resolv.conf
These domains are injected via cloud-init or other method chosen for the virtual image.

Group and Tenant Access

Networks can be configured to provide specific Group access, if desired. Group Access controls which Groups at
provision time will have access to the Network resource. Only workloads being provisioned to the selected Groups
would have visibility into the Network. Workloads provisioned to other Groups would not see the Network as an
available selection.

Guest Console SSH Tunnel

In some scenarios, Instances that are segregated from the HPE VM Essentials appliance by port restrictions, or other
mechanisms, can cause difficulties to access the guest console via the HPE VM Essentials web UI. Guest Console SSH
Tunnel settings allow the administrator to configure a jump host’s settings that is dual-homed, accessible by HPE VM
Essentials but also resides on the segregated network. When the guest console is configured with the SSH protocol,
the traffic will be routed to the jump host, which will then relay to the target instance.
GUEST CONSOLE JUMP HOST DNS hostname or IP of the jump host to relay the traffic
GUEST CONSOLE JUMP PORT Port override, if different than 22 for SSH
GUEST CONSOLE JUMP USERNAME Username used to authenticate to the jump host
GUEST CONSOLE JUMP PASSWORD Password that is used with the username to autenticate to the jump host
GUEST CONSOLE KEYPAIR Keypair saved in HPE VM Essentials to be used in lieu of, or in addition to, the
password to the jump host, which is associated with the configured username Keypairs can be imported at:
Infrastructure > Trust > Key Pairs

Subnets

Subnet details can be viewed from the SUBNETS tab on the detail page of a specific network. From the SUBNETS tab,
Morpheus allows the user to search and edit existing subnets.
In an Azure VNet, you can also create new subnets with the +ADD button.

78 Chapter 5. Infrastructure
 Morpheus Documentation

5.4. Network 79
Morpheus Documentation

5.4.2 Network Groups

Network Groups are useful for grouping networks during provisioning and scaling or grouping availability subnets
together such that during provisioning vm’s within an instance can be round robin provisioned across availability zones.

Adding Network Groups

1. Navigate to Infrastructure > Network > Networks Groups

2. Select ADD
3. Enter the following:
Group info:
• Name: Name of the Network Group in HPE VM Essentials
• Description: Details of the Network Group in HPE VM Essentials
Networks
• Search for and select target Networks for the Network Group
• Search for and select target Subnets for the Network Group
Group Access
• Set Group Access for the Network Group. Group access controls which Groups at provision time will
have access to this resource. Select “all” (default) to give workloads provisioned to any Group access
to this resource. If this resource should be restricted only to workloads provisioned to specific Groups,
select all that apply.
2. Select SAVE CHANGES

5.4.3 Routers

Overview

Routers can be viewed, created, and managed from the Routers tab of the Infrastructure > Networks page. HPE VM
Essentials supports the creation of the following router types depending on networks that are currently configured:
• OVS Bridge Domain

Create New Router

1. Navigate to Infrastructure > Networks > Routers tab

2. Click + ADD
3. Select the router type and complete the fields on the resulting modal
4. Once complete, click ADD NETWORK ROUTER

80 Chapter 5. Infrastructure
 Morpheus Documentation

Editing Existing Routers

1. Navigate to Infrastructure > Networks > Routers tab

2. Click on the pencil icon for the appropriate router
3. After editing router fields, click SAVE

Deleting Existing Routers

1. Navigate to Infrastructure > Networks > Routers tab

2. Click on the trash can icon for the appropriate router
3. Acknowledge the pop-up banner ensuring you wish to delete the router

5.4.4 IP Pools

Infrastructure > Network > IP Pools

Overview

The IP Pools tab in the Networks section allows you to create HPE VM-type IP Pools (which is an IP address range
HPE VM Essentials can use to assign available static IP addresses to Instances) and NSX IP Pools. The IP Pool section
also displays pools synced from IPAM integrations like Infoblox, Bluecat and others.

To add a HPE VM Essentials Network Pool

1. Click + ADD in Infrastructure > Network > IP Pools

2. Enter the following:
Name A friendly name for the IP Pool in HPE VM Essentials.
Pool Type Currently, HPE VM-type IP Pools and NSX IP Pools (with a configured integration) can be
created directly from HPE VM Essentials
Starting Address The starting IP address of the IP Pool address range. ex: 192.168.0.2
Ending Address: The ending IP address of the IP Pool address range. ex: 192.168.0.255
3. Save Changes

Note: Multiple Address Ranges can be added to a pool by selecting the + icon next to the address range.

After saving the IP pool will be available for assignment to networks in the NETWORK POOL dropdown when adding
or editing a network.

5.4. Network 81
Morpheus Documentation

5.4.5 Floating IPs

Overview

HPE VM Essentials supports sync and management of floating IP addresses for OpenStack, Huawei, and OTC Clouds.
When these Clouds are integrated and floating IPs are present, HPE VM Essentials will automatically sync them in.
Once synced, floating IPs are viewable from their own list page (Infrastructure > Network > Floating IPs) and related
options are presented during provisioning, teardown, and from Instance detail pages.

Note: The Floating IPs tab is present only when supported Clouds are integrated and floating IPs are available.
Additional Cloud support is planned for the future.

Floating IPs List Page

All Floating IPs known to HPE VM Essentials can be viewed on the Floating IPs List Page (Infrastructure > Network
> Floating IPs). From the Floating IPs list page we can see the following:
• IP ADDRESS: The address for the floating IP synced from a supported Cloud
• CLOUD: The Cloud integration the floating IP was synced from
• STATUS: “Free” when the floating IP is available and “Assigned” when the floating IP is currently assigned to
a workload
• VM: For assigned floating IPs, the VM which currently has the floating IP attached
Free floating IPs will have a gear icon () at the end of the row. Click the gear icon and select “Release Floating IP” to
release from within the source cloud and remove the entry from the Floating IPs list.

82 Chapter 5. Infrastructure
 Morpheus Documentation

Working with Floating IPs

When provisioning to supported Clouds, HPE VM Essentials will give the option to attach a floating IP at provision
time. From the CONFIGURE tab of the provisioning wizard for supported Clouds, select the desired floating IP.

5.4. Network 83
Morpheus Documentation

During Instance teardown, HPE VM Essentials gives the option to release the floating IP.

84 Chapter 5. Infrastructure
 Morpheus Documentation

5.4.6 Domains

Infrastructure > Network > Domains

Overview

The Domains section is for creating and managing domains for use in HPE VM Essentials. Domains are used for
setting FQDNs, joining Domains, and creating DNS records. The Domains section is also a multi-tenant endpoint for
managing domain settings across multiple tenants.
• Domains are synced in from Cloud, DNS and Network Integrations. Domains can also be user created.
• Active Domains are available for selection in the Domain dropdown when provisioning an Instance
• Default Domains can be set for Clouds and Networks in their Advanced Options sections.
• Images can be flagged to Auto-Join Domains in the Infrastructure > Network > Domains section

Important: For an Instance to auto-join a Domain, a Domain must set in the Advanced Options section of the Cloud
or Network used when provisioning

5.4. Network 85
Morpheus Documentation

Adding Domains

1. Navigate to Infrastructure > Network > Domains

2. Select + ADD
3. Enter the following:
Domain Name Ex. demo.example.com
Description Descriptive metadata for use in HPE VM Essentials
Display Name Overrides the displayed name in domain selection components, which is useful when
using many OU paths
Public Zone Check for Public Zones, leave uncheck for Private Zones
Workflow Select an existing Workflow which will be applied to Instances at provision time when
they are associated with the domain. This is useful for any domain-related scripting you may
currently use. For example, you may want to ensure a machine is removed from the domain
when it’s torn down which could be accomplished by creating a Provisioning Workflow (with
teardown phase Tasks) and associating the Workflow with the domain
Active Active Domains are available for selection in Domain selection fields across HPE VM Essen-
tials. Inactive Domains are removed from Domain selection fields.
Join Domain Controller Enable to have Windows instances join a Domain
Username Admin user for Domain. domain\username format required when specifying OU Path
Password Password for DC user account
DC Server (optional) Specify the URL or Path of the DC Server
OU Path (optional) Enter the OU Path for the connection string.
Guest Username (optional) If set, this will change the provisioned hosts RPC Service User after
domain join. Useful when a domain policy disables the Administrator account that typically
would be set as the RPC user on a host record. HPE VM Essentials will update the RPC username
and password on the host(s) record after domain join with the specified Guest Username and
Guest Password. The RPC username and password are used for auth during Remote Procedure
Call (RPC) executions over winrm, ssh and guest tools.
Guest Password (optional) The password for the Guest User account indicated in the prior field
4. Click Save Changes
The Domain has been added and will be selectable in the Domain dropdown during provisioning, and in Cloud and
Network settings.

Editing Domain Permissions

To edit visibility permissions for a domain, navigate to Infrastructure > Network > Domains. In the row for the
selected domain, click MORE > Permissions. Within the Permissions modal, set Group access permissions.

86 Chapter 5. Infrastructure
 Morpheus Documentation

Group Access

The Group Access control affects which Groups have access to the domain at provision time. Select “all” to allow
workloads provisioned to any Group access to the domain. If specific Groups are selected, only workloads provisioned
to those Groups will have visibility of the domain during provisioning.

Editing and Removing Domains

• Domains can be edited by selecting the Actions dropdown for the Domain and selecting Edit, or by selecting the
icon in list views.
• Added Domains can be removed from HPE VM Essentials by selecting the Actions dropdown for the Domain
and selecting Remove, or the icon in list views.

Setting the default domain on a Cloud

1. Navigate to Infrastructure > Clouds.

2. Edit the target Cloud.
3. Expand Advanced Options section.
4. In the Domain dropdown, select the Domain.
5. Save Changes

Setting the default domain on a Network

1. Navigate to Infrastructure > Network.

2. Edit the target Network.
3. Expand Advanced Options section.
4. In the Domain dropdown, select the Domain.
5. Save Changes

Selecting a Domain while provisioning an Instance

1. While creating an instance, in the Configure section, expand the DNS Options.
2. Select Domain from the Domain dropdown.

5.4.7 Proxies

Overview

In many situations, organizations deploy virtual machines in proxy restricted environments for things such as PCI
Compliance, or just general security. As a result of this HPE VM Essentials provides out of the box support for proxy
connectivity. Proxy authentication support is also provided with both Basic Authentication capabilities as well as
NTLM for Windows Proxy environments. HPE VM Essentials is even able to configure virtual machines it provisions
to utilize these proxies by setting up the operating systems proxy settings directly (restricted to cloud-init based Linux
platforms for now, but can also be done on windows based platforms in a different manner).

5.4. Network 87
Morpheus Documentation

To get started with Proxies, it may first be important to configure the HPE VM Essentials appliance itself to have access
to proxy communication for downloading service catalog images. To configure this, visit the Administration > Settings
page where a section labeled “Proxy Settings” is located. Fill in the relevant connection info needed to utilize the
proxy. It may also be advised to ensure that the Linux environment’s http_proxy, https_proxy, and no_proxy are set
appropriately.

Defining Proxies

Proxies can be used in a few different contexts and optionally scoped to specific networks with which one may be
provisioning into or on a cloud integration as a whole. To configure a Proxy for use by the provisioning engines within
HPE VM Essentials we must go to Infrastructure > Networks > Proxies. Here we can create records representing
connection information for various proxies. This includes the host ip address, proxy port, and any credentials (if
necessary) needed to utilize the proxy. Now that these proxies are defined we can use them in various contexts.

Cloud Communication

When morpheus needs to connect to various cloud APIs to issue provisioning commands or to sync in existing envi-
ronments, we need to ensure that those api endpoints are accessible by the appliance. In some cases the appliance may
be behind a proxy when it comes to public cloud access like Azure and AWS. To configure the cloud integration to
utilize a proxy, when adding or editing a cloud there is a setting called “API Proxy” under “Advanced Options”. This
is where the proxy of choice can be selected to instruct the Provisioning engine how to communicate with the public
cloud. Simply adjust this setting and the cloud should start being able to receive/issue instructions.

Provisioning with Proxies

Proxy configurations can vary from operating system to operating system and in some cases it is necessary for these
to be configured in the blueprint as a prerequisite. In other cases it can also be configured automatically. Mostly with
the use of cloud-init (which all of our out of the box service catalog utilizes on all clouds). When editing/creating a
cloud there is a setting for “Provisioning Proxy” in “Provisioning Options”. If this proxy is set, HPE VM Essentials
will automatically apply these proxy settings to the guest operating system.
Overriding proxy settings can also be done on the Network record. Networks (or subnets) can be configured in Infras-
tructure > Networks or on the Networks tab of the relevant Cloud detail page. Here, a proxy can also be assigned as
well as additional options like the No Proxy rules for proxy exceptions.

5.4.8 Integrations

Overview

The Network Integrations section allows you to add and manage IPAM, DNS, and Service Registry integrations.

88 Chapter 5. Infrastructure
 Morpheus Documentation

Scoping Services

NETWORKING Networking integrations are available in the NETWORK MODE dropdown located under the Ad-
vanced Options section in Cloud configurations.
IPAM IPAM integrations will populate pools in the IP Pool section, which are available for assignment to networks
in the NETWORK POOL dropdown when configuring a network.
SECURITY Security integrations are available in the SECURITY SERVER dropdown located under the Advanced
Options section in Cloud configurations.
DNS DNS integrations will populate domains in the Infrastructure > Network > Domains section, and are available
in the DOMAIN dropdown located under the Advanced Options section in Cloud, Group, and Network configu-
rations, as well as in the Configure section of the Create Instance wizard. DNS integrations are also available in
the DNS SERVICE dropdown located under the Advanced Options section in Cloud and Group configurations.
Service Registry Service Registry integrations are available in the SERVICE REGISTRY dropdown located under the
Advanced Options section in Cloud and Group configurations.

Note: Infoblox will also appear as a DNS INTEGRATION option in Clouds and Groups after adding Infoblox IPAM
Integration.

5.5 Storage

Infrastructure > Storage is for adding and managing Storage Buckets, File Shares, Volumes, Data Stores and Storage
Servers for use with other Services in HPE VM Essentials.

5.5.1 Role Requirements

There are two Role permissions for the Infrastructure > Storage section: Infrastructure: Storage and Infrastructure:
Storage Browser. Infrastructure: Storage gives Full, Read or No access to the Infrastructure > Storage sections, while
Infrastructure: Storage Browser is specific to Buckets and Files Shares. Full Infrastructure: Storage Browser permis-
sions allows Buckets and Files Shares to be browsed and files and folders to be added, downloaded and deleted from
the Buckets and Files Shares. Read Infrastructure: Storage Browser permissions allows Buckets and Files Shares to be
browsed only.

5.5.2 Default Storage

The default Storage path for Virtual Images, Backups, Deployment Archives, Archive Service, and Archived Snapshots
is var/opt/morpheus/morpheus-ui/. It is recommended to add Storage Buckets and File Shares for these targets
in the Infrastructure > Storage section to avoid running out of disk space on the HPE VM Essentials Appliance.

5.5. Storage 89
Morpheus Documentation

Storage Buckets

Storage Buckets are for Backup, Archives, Deployment and Virtual Images storage targets. Buckets can be browsed
and files and folders can be uploaded, downloaded or deleted from the Bucket section. Retention Policies can be set on
Storage Buckets for files to be deleted or backed up to another bucket after a set amount of time.

5.5.3 Supported Bucket Types

• Alibaba
• Amazon S3
• Azure
• Google Cloud Storage
• Openstack Swift
• Rackspace CDN
• Generic S3

5.5.4 Alibaba Buckets

To Add an Alibaba Storage Bucket:

1. Select the Infrastructure link in the navigation bar.
2. Select the Storage link in the sub navigation bar.
3. In the BUCKETS tab, Click the + ADD button.
4. Select Alibaba from the dropdown list
5. From the NEW BUCKET Wizard input the following:
NAME Name of the Bucket in HPE VM Essentials.
ACCESS KEY Alibaba Access Key
SECRET KEY Alibaba Secret Key
REGION Enter Alibaba Region for the Bucket
BUCKET NAME Enter existing Alibaba Bucket name, or to add a new Bucket enter a new name and select
Create Bucket.
Create Bucket Enable if the Bucket entered in BUCKET NAME does not exist and needs to be created.
Default Backup Target Sets this Bucket as the default backup target when creating Backups. If selected the
option to update existing Backup configuration to use this Bucket will be presented.
Archive Snapshots Enabled to export VM snapshots to this Bucket when creating VMware Backups, after
which the snapshot will be removed from the target hypervisor.
Default Deployment Archive Target Sets this bucket as the default storage target when uploading Deployment
files in the Deployments section.
Default Virtual Image Store Sets this bucket as the default storage target when uploading Virtual Images from
the Virtual Images section, importing Images from Instance Actions, creating Images with the Image
Builder and when creating new images from Migrations.
RETENTION POLICY

90 Chapter 5. Infrastructure
 Morpheus Documentation

None Files in the Bucket will not be automatically deleted or backed up.
Backup Old Files
This option will backup files after a set amount of time and remove them from the bucket.
DAYS OLD Files older than the set number of days will be automatically backed up to the selected
Backup Bucket.
BACKUP BUCKET Search for and then select the Bucket the files will be backed up to.
DELETE OLD FILES
This option will delete files from this bucket after a set amount of days.
DAYS OLD Files older than the set number of days will be automatically deleted from the Bucket.
6. Select SAVE CHANGES
The Bucket will be created and displayed in the Buckets tab.
• To browse, upload, download, or delete files from this Bucket, select the name of the Bucket.
• To edit the Bucket, select the edit icon or select the name of the Bucket and select ACTIONS - EDIT.

Warning: Repointing a bucket that is in use may cause loss of file references. Ensure data is mirrored first.

• To delete a Bucket, select the trash icon or select the name of the Bucket and select DELETE.

Warning: When deleting a Bucket, all Deployment Versions and Backups associated with the Bucket will
be deleted.

5.5.5 Amazon S3 Buckets

To Add an Amazon S3 Storage Bucket:

1. Select the Infrastructure link in the navigation bar.
2. Select the Storage link in the sub navigation bar.
3. In the BUCKETS tab, Click the + ADD button.
4. Select Amazon S3 from the dropdown list
5. From the NEW BUCKET Wizard input the following:
NAME Name of the Bucket in HPE VM Essentials.
ACCESS KEY AWS IAM Access Key
SECRET KEY AWS IAM Secret Key
BUCKET NAME Enter existing S3 Bucket name, or to add a new Bucket enter a new name and select Create
Bucket.
CREATE BUCKET Enable if the Bucket entered in BUCKET NAME does not exist and needs to be created.
If enabled, select an AWS Region to create the Bucket in.
ENDPOINT URL Optional endpoint URL if pointing to an object store other than amazon that mimics the
Amazon S3 APIs.

5.5. Storage 91
Morpheus Documentation

Default Backup Target Sets this Bucket as the default backup target when creating Backups. If selected the
option to update existing Backup configuration to use this Bucket will be presented.
Archive Snapshots Enabled to export VM snapshots to this Bucket when creating VMware Backups, after
which the snapshot will be removed from the target hypervisor.
Default Deployment Archive Target Sets this bucket as the default storage target when uploading Deployment
files in the Deployments section.
Default Virtual Image Store Sets this bucket as the default storage target when uploading Virtual Images from
the Virtual Images section, importing Images from Instance Actions, creating Images with the Image
Builder and when creating new images from Migrations.
RETENTION POLICY
None Files in the Bucket will not be automatically deleted or backed up.
Backup Old Files
This option will backup files after a set amount of time and remove them from the bucket.
DAYS OLD Files older than the set number of days will be automatically backed up to the selected
Backup Bucket.
BACKUP BUCKET Search for and then select the Bucket the files will be backed up to.
DELETE OLD FILES
This option will delete files from this bucket after a set amount of days.
DAYS OLD Files older than the set number of days will be automatically deleted from the Bucket.
6. Select SAVE CHANGES
The Bucket will be created and displayed in the Buckets tab.
• To browse, upload, download, or delete files from this Bucket, select the name of the Bucket.
• To edit the Bucket, select the edit icon or select the name of the Bucket and select ACTIONS - EDIT.

Warning: Repointing a bucket that is in use may cause loss of file references. Ensure data is mirrored first.

• To delete a Bucket, select the trash icon or select the name of the Bucket and select DELETE.

Warning: When deleting a Bucket, all Deployment Versions and Backups associated with the Bucket will
be deleted.

5.5.6 Azure Buckets

To Add an Azure Storage Bucket:

1. Select the Infrastructure link in the navigation bar.
2. Select the Storage link in the sub navigation bar.
3. In the BUCKETS tab, Click the + ADD button.
4. Select Azure from the dropdown list
5. From the NEW BUCKET Wizard input the following:

92 Chapter 5. Infrastructure
 Morpheus Documentation

NAME Name of the Bucket in HPE VM Essentials.

STORAGE ACCOUNT Name of the Storage Account in Azure for the Bucket
STORAGE KEY Storage Key provided from Azure
SHARE NAME Enter existing Azure Storage Share name, or to add a new Share enter a new name and select
Create Bucket below.
CREATE BUCKET Enable if the Share entered in SHARE NAME does not exist and needs to be created.
Default Backup Target Sets this bucket as the default backup target when creating Backups. If selected the
option to update existing Backup configuration to use this Bucket will be presented.
Archive Snapshots Enabled to export VM snapshots to this Bucket when creating VMware Backups, after
which the snapshot will be removed from the target hypervisor.
Default Deployment Archive Target Sets this Bucket as the default storage target when uploading Deployment
files in the Deployments section.
Default Virtual Image Store Sets this bucket as the default storage target when uploading Virtual Images from
the Virtual Images section, importing Images from Instance Actions, creating Images with the Image
Builder and when creating new images from Migrations.
RETENTION POLICY
None Files in the Bucket will not be automatically deleted or backed up.
Backup Old Files
This option will backup files after a set amount of time and remove them from the bucket.
DAYS OLD Files older than the set number of days will be automatically backed up to the selected
Backup Bucket.
BACKUP BUCKET Search for and then select the Bucket the files will be backed up to.
DELETE OLD FILES
This option will delete files from this bucket after a set amount of days.
DAYS OLD Files older than the set number of days will be automatically deleted from the Bucket.
6. Select SAVE CHANGES
The Bucket will be created and displayed in the Buckets tab.
• To browse, upload, download, or delete files from this Bucket, select the name of the Bucket.
• To edit the Bucket, select the edit icon or select the name of the Bucket and select ACTIONS - EDIT.

Warning: Repointing a bucket that is in use may cause loss of file references. Ensure data is mirrored first.

• To delete a Bucket, select the trash icon or select the name of the Bucket and select DELETE.

Warning: When deleting a Bucket, all Deployment Versions and Backups associated with the Bucket will
be deleted.

5.5. Storage 93
Morpheus Documentation

5.5.7 Google Cloud Storage Buckets

Note: Google Cloud Storage Buckets are associated with an existing GCP Cloud integration. Ensure the GCP Cloud
integration is pre-existing before attempting to create a new Google Cloud Storage Bucket. On the initial integration
and subsequent cloud syncs, Google Cloud Storage Buckets are automatically onboarded and updated.

To add a Google Cloud Storage Bucket:

1. Select the Infrastructure link in the navigation bar
2. Select the Storage link in the sub-navigation bar
3. In the BUCKETS tab, Click the + ADD button
4. Select Google Cloud Storage from the dropdown list
5. From the NEW BUCKET Wizard input the following:
NAME A friendly name for the bucket in HPE VM Essentials
STORAGE SERVICE Select the GCP cloud integration this bucket should be created in
PROJECT ID Select the Project to create the group under, Projects are a GCP-specific concept and are logical
grouping for your resources. Select any existing project associated with your selected GCP cloud integration
BUCKET NAME The name for the bucket resource on the GCP side
LOCATION TYPE Select Region, Dual-Region, or Multi-Region. Buckets with a Region location type will
be stored in one GCP region, such as “us-east1 (South Carolina)”. Dual-Region and Multi-Region data is
stored in two (or more, in the case of multi-region) GCP regions separated by a significant physical distance.
Dual-Region and Multi-Region data is geo-redundant across the multiple selected regions
LOCATION A selected GCP region (or regions, in the case of dual and multi-location data) where the data will
be stored
STORAGE CLASS Select Standard, Nearline, Coldline, or Archive. The appropriate storage class will depend
on how frequently the bucket data is accessed and how long the type of data in the bucket is expected to be
stored. More information on storage classes can be found in GCP Documentation
ACTIVE When marked, the bucket is available for use in HPE VM Essentials
DEFAULT BACKUP TARGET Sets the bucket as the default storage option when creating backups at provi-
sion time or in the Backups section of HPE VM Essentials
DEFAULT DEPLOYMENT ARCHIVE TARGET Sets this Bucket as the default storage target when upload-
ing deployment files in the Deployments section
DEFAULT VIRTUAL IMAGE STORE Sets this bucket as the default storage target when uploading virtual
images from the Virtual Images section, importing images from Instance actions, creating images with the
Image Builder, and when creating new images from Migrations
RETENTION POLICY Select None and the files in this bucket will never be deleted or backed up by HPE
VM Essentials. When selecting ‘Backup Old Files’, HPE VM Essentials will backup files into another
selected bucket once they reach a certain number of days old. When selecting ‘Delete Old Files’, HPE VM
Essentials will delete any files that reach a certain number of days old

94 Chapter 5. Infrastructure
 Morpheus Documentation

5.5.8 Dell EMC ECS Buckets

Note: A Dell EMC ECS Storage Server must be configured in Infrastructure - Storage - Servers prior to adding a Dell
EMC ECS Bucket.

To Add a Dell EMC ECS Storage Bucket:

1. Select the Infrastructure link in the navigation bar.
2. Select the Storage link in the sub navigation bar.
3. In the BUCKETS tab, Click the + ADD button.
4. Select Dell EMC ECS Bucket from the dropdown list
5. From the NEW BUCKET Wizard input the following:
NAME Name of the Bucket in HPE VM Essentials.
STORAGE SERVICE Select existing Dell EMC ECS Storage Server (configured in Infrastructure - Storage -
Servers)
BUCKET NAME Enter a name for the new Dell EMC ECS bucket.
USER Dell EMC ECS User
SECRET KEY Dell EMC ECS Secret key
NAMESPACE Select Dell EMC ECS Namespace for the Bucket
STORAGE GROUP Select a Dell EMC ECS Storage Group
Default Backup Target Sets this bucket as the default backup target when creating Backups. If selected the
option to update existing Backup configuration to use this Bucket will be presented.
Archive Snapshots Enabled to export VM snapshots to this Bucket when creating VMware Backups, after
which the snapshot will be removed from the target hypervisor.
Default Deployment Archive Target Sets this Bucket as the default storage target when uploading Deployment
files in the Deployments section.
Default Virtual Image Store Sets this bucket as the default storage target when uploading Virtual Images from
the Virtual Images section, importing Images from Instance Actions, creating Images with the Image
Builder and when creating new images from Migrations.
RETENTION POLICY
None Files in the Bucket will not be automatically deleted or backed up.
Backup Old Files
This option will backup files after a set amount of time and remove them from the bucket.
DAYS OLD Files older than the set number of days will be automatically backed up to the selected
Backup Bucket.
BACKUP BUCKET Search for and then select the Bucket the files will be backed up to.
DELETE OLD FILES
This option will delete files from this bucket after a set amount of days.
DAYS OLD Files older than the set number of days will be automatically deleted from the Bucket.
6. Select SAVE CHANGES

5.5. Storage 95
Morpheus Documentation

The Bucket will be created and displayed in the Buckets tab.

• To browse, upload, download, or delete files from this Bucket, select the name of the Bucket.
• To edit the Bucket, select the edit icon or select the name of the Bucket and select ACTIONS - EDIT.

Warning: Repointing a bucket that is in use may cause loss of file references. Ensure data is mirrored first.

• To delete a Bucket, select the trash icon or select the name of the Bucket and select DELETE.

Warning: When deleting a Bucket, all Deployment Versions and Backups associated with the Bucket will
be deleted.

5.5.9 Openstack Swift Buckets

To Add an Azure Storage Bucket:

1. Select the Infrastructure link in the navigation bar.
2. Select the Storage link in the sub navigation bar.
3. In the BUCKETS tab, Click the + ADD button.
4. Select Openstack Swift from the dropdown list
5. From the NEW BUCKET Wizard input the following:
NAME Name of the Bucket in HPE VM Essentials.
USERNAME Openstack Swift Username
API KEY Openstack Swift API Key
BUCKET NAME Enter existing Openstack Swift Bucket name, or to add a new Bucket enter a new name and
select Create Bucket below.
IDENTITY URL Openstack Swift Identity URL
Create Bucket Enable if the name entered in BUCKET NAME does not exist and needs to be created.
Default Backup Target Sets this bucket as the default backup target when creating Backups. If selected the
option to update existing Backup configuration to use this Bucket will be presented.
Archive Snapshots Enabled to export VM snapshots to this Bucket when creating VMware Backups, after
which the snapshot will be removed from the target hypervisor.
Default Deployment Archive Target Sets this Bucket as the default storage target when uploading Deployment
files in the Deployments section.
Default Virtual Image Store Sets this bucket as the default storage target when uploading Virtual Images from
the Virtual Images section, importing Images from Instance Actions, creating Images with the Image
Builder and when creating new images from Migrations.
RETENTION POLICY
None Files in the Bucket will not be automatically deleted or backed up.
Backup Old Files
This option will backup files after a set amount of time and remove them from the bucket.

96 Chapter 5. Infrastructure
 Morpheus Documentation

DAYS OLD Files older than the set number of days will be automatically backed up to the selected
Backup Bucket.
BACKUP BUCKET Search for and then select the Bucket the files will be backed up to.
DELETE OLD FILES
This option will delete files from this bucket after a set amount of days.
DAYS OLD Files older than the set number of days will be automatically deleted from the Bucket.
6. Select SAVE CHANGES
The Bucket will be created and displayed in the Buckets tab.
• To browse, upload, download, or delete files from this Bucket, select the name of the Bucket.
• To edit the Bucket, select the edit icon or select the name of the Bucket and select ACTIONS - EDIT.

Warning: Repointing a bucket that is in use may cause loss of file references. Ensure data is mirrored first.

• To delete a Bucket, select the trash icon or select the name of the Bucket and select DELETE.

Warning: When deleting a Bucket, all Deployment Versions and Backups associated with the Bucket will
be deleted.

5.5.10 Rackspace CDN Buckets

To Add a Rackspace CDN Bucket:

1. Select the Infrastructure link in the navigation bar.
2. Select the Storage link in the sub navigation bar.
3. In the BUCKETS tab, Click the + ADD button.
4. Select Rackspace CDN from the dropdown list
5. From the NEW BUCKET Wizard input the following:
NAME Name of the Bucket in HPE VM Essentials.
USERNAME Rackspace CDN Username
API KEY Rackspace CDN API Key
REGION Enter Rackspace CDN Region
BUCKET NAME Enter existing Rackspace CDN Bucket name, or to add a new Bucket enter a new name and
select Create Bucket below.
Create Bucket Enable if the name entered in BUCKET NAME does not exist and needs to be created.
Default Backup Target Sets this bucket as the default backup target when creating Backups. If selected the
option to update existing Backup configuration to use this Bucket will be presented.
Archive Snapshots Enabled to export VM snapshots to this Bucket when creating VMware Backups, after
which the snapshot will be removed from the target hypervisor.
Default Deployment Archive Target Sets this Bucket as the default storage target when uploading Deployment
files in the Deployments section.

5.5. Storage 97
Morpheus Documentation

Default Virtual Image Store Sets this bucket as the default storage target when uploading Virtual Images from
the Virtual Images section, importing Images from Instance Actions, creating Images with the Image
Builder and when creating new images from Migrations.
RETENTION POLICY
None Files in the Bucket will not be automatically deleted or backed up.
Backup Old Files
This option will backup files after a set amount of time and remove them from the bucket.
DAYS OLD Files older than the set number of days will be automatically backed up to the selected
Backup Bucket.
BACKUP BUCKET Search for and then select the Bucket the files will be backed up to.
DELETE OLD FILES
This option will delete files from this bucket after a set amount of days.
DAYS OLD Files older than the set number of days will be automatically deleted from the Bucket.
6. Select SAVE CHANGES
The Bucket will be created and displayed in the Buckets tab.
• To browse, upload, download, or delete files from this Bucket, select the name of the Bucket.
• To edit the Bucket, select the edit icon or select the name of the Bucket and select ACTIONS - EDIT.

Warning: Repointing a bucket that is in use may cause loss of file references. Ensure data is mirrored first.

• To delete a Bucket, select the trash icon or select the name of the Bucket and select DELETE.

Warning: When deleting a Bucket, all Deployment Versions and Backups associated with the Bucket will
be deleted.

File Shares

File Shares are for Backup, Archives, and Virtual Images storage targets. File Shares can be browsed and files and
folders can be uploaded, downloaded or deleted from the File Shares section. Retention Policies can be set on Storage
File Shares for files to be deleted or backed up to another File Share after a set amount of time.

5.5.11 Supported File Share Types

• CIFS (Samba Windows File Sharing)

• Local Storage
• NFSv3

98 Chapter 5. Infrastructure
 Morpheus Documentation

5.5.12 CIFS File Shares

To Add a CIFS File Share:

1. Select the Infrastructure link in the navigation bar.
2. Select the Storage link in the sub navigation bar.
3. In the FILE SHARES tab, Click the + ADD button.
4. Select CIFS (Samba Windows File Sharing) from the dropdown list
5. From the NEW FILE SHARE Wizard input the following:
NAME Name of the File Share in HPE VM Essentials.
HOST
Enter host IP or resolvable hostname Example: 192.168.200.210
USERNAME CIFS Share Username
PASSWORD CIFS Share User Password
SHARE PATH
Enter CIFS Share Path Example: cifs
Default Backup Target Sets this File Share as the default backup target when creating Backups. If selected the
option to update existing Backup configuration to use this File Share will be presented.
Archive Snapshots Enabled to export VM snapshots to this File Share when creating VMware Backups, after
which the snapshot will be removed from the source Cloud.
Default Deployment Archive Target Sets this File Share as the default storage target when uploading Deploy-
ment files in the Deployments section.
Default Virtual Image Store Sets this File Share as the default storage target when uploading Virtual Images
from the Virtual Images section, importing Images from Instance Actions, creating Images with the Image
Builder and when creating new images from Migrations.
RETENTION POLICY
None Files in the File Share will not be automatically deleted or backed up.
Backup Old Files
This option will backup files after a set amount if time and remove them from the File Share.
DAYS OLD Files older than the set number of days will be automatically backed up to the selected
Backup File Share.
BACKUP File Share Search for and select the File Share the files will be backed up to.
DELETE OLD FILES
This option will delete files from this File Share after a set amount of days.
DAYS OLD Files older than the set number of days will be automatically deleted from the File
Share.
6. Select SAVE CHANGES
The File Share will be created and displayed in the File Shares tab.
• To browse, upload, download, or delete files from this File Share, select the name of the File Share.

5.5. Storage 99
Morpheus Documentation

• To edit the File Share, select the edit icon or select the name of the File Share and select ACTIONS - EDIT.

Warning: Repointing a File Share that is in use may cause loss of file references. Ensure data is mirrored
first.

• To delete a File Share, select the trash icon or select the name of the File Share and select DELETE.

Warning: When deleting a File Share, all Deployment Versions and Backups associated with the File Share
will be deleted.

5.5.13 Local Storage File Shares

Important: Local Storage refers to local to the HPE VM Essentials Appliance and the path must be owned by
morpheus-app. Please be conscious of storage space. High Availability configurations require Local Storage File
Shares paths to be shared storage paths between the font end HPE VM Essentials Appliances.

Note: To change the owner of a file path to be used as a Local Storage File Share, run chown morpheus-app.
morpheus-app /path on the HPE VM Essentials Appliance.

Note: HPE VM Essentials will validate path and ownership of the File Share Path.

To Add a Local Storage File Share:

1. Select the Infrastructure link in the navigation bar.
2. Select the Storage link in the sub navigation bar.
3. In the FILE SHARES tab, Click the + ADD button.
4. Select Local Storage Share from the dropdown list
5. From the NEW FILE SHARE Wizard input the following:
NAME Name of the File Share in HPE VM Essentials.
STORAGE PATH
Enter the File Share path on the local HPE VM Essentials Appliance. Example: /var/opt/
morpheus/morpheus-ui/vms/virtual-images

Important: High Availability configurations require Local Storage File Shares paths to be shared
storage paths between the font end HPE VM Essentials Appliances.

Default Backup Target Sets this File Share as the default backup target when creating Backups. If selected the
option to update existing Backup configuration to use this File Share will be presented.
Archive Snapshots Enabled to export VM snapshots to this File Share when creating VMware Backups, after
which the snapshot will be removed from the source Cloud.

100 Chapter 5. Infrastructure

 Morpheus Documentation

Default Deployment Archive Target Sets this File Share as the default storage target when uploading Deploy-
ment files in the Deployments section.
Default Virtual Image Store Sets this File Share as the default storage target when uploading Virtual Images
from the Virtual Images section, importing Images from Instance Actions, creating Images with the Image
Builder and when creating new images from Migrations.
RETENTION POLICY
None Files in the File Share will not be automatically deleted or backed up.
Backup Old Files
This option will backup files after a set amount if time and remove them from the File Share.
DAYS OLD Files older than the set number of days will be automatically backed up to the selected
Backup File Share.
BACKUP File Share Search for and select the File Share the files will be backed up to.
DELETE OLD FILES
This option will delete files from this File Share after a set amount of days.
DAYS OLD Files older than the set number of days will be automatically deleted from the File
Share.
6. Select SAVE CHANGES
The File Share will be created and displayed in the File Shares tab.
• To browse, upload, download, or delete files from this File Share, select the name of the File Share.
• To edit the File Share, select the edit icon or select the name of the File Share and select ACTIONS - EDIT.

Warning: Repointing a File Share that is in use may cause loss of file references. Ensure data is mirrored
first.

• To delete a File Share, select the trash icon or select the name of the File Share and select DELETE.

Warning: When deleting a File Share, all Deployment Versions and Backups associated with the File Share
will be deleted.

5.5.14 NFSv3 File Shares

Note: Configure access to the NFS folder on the NFS Provider prior to adding the NFSv3 File Share.

Note: Upon save HPE VM Essentials will create a persistent mount owned by morpheus-app.morpheus-app on the
HPE VM Essentials Appliance for the NFSv3 File Share. The HPE VM Essentials appliance will require access to the
following ports in order to mount the share: 111, 54302, 20048, 2049, 46666, 42955, 875. With some storage solutions,
you may need to enable insecure, unprivileged ports, or allow non-root on the export before HPE VM Essentials is able
to successfully mount the share.

To Add a NFSv3 File Share:

5.5. Storage 101

Morpheus Documentation

1. Select the Infrastructure link in the navigation bar.

2. Select the Storage link in the sub navigation bar.
3. In the FILE SHARES tab, Click the + ADD button.
4. Select NFSv3 from the dropdown list
5. From the NEW FILE SHARE Wizard input the following:
NAME Name of the File Share in HPE VM Essentials.
HOST Enter the File Share path on the local HPE VM Essentials Appliance.
EXPORT FOLDER Enter the NFSv3 Folder
Default Backup Target Sets this File Share as the default backup target when creating Backups. If selected the
option to update existing Backup configuration to use this File Share will be presented.
Archive Snapshots Enabled to export VM snapshots to this File Share when creating VMware Backups, after
which the snapshot will be removed from the source Cloud.
Default Deployment Archive Target Sets this File Share as the default storage target when uploading Deploy-
ment files in the Deployments section.
Default Virtual Image Store Sets this File Share as the default storage target when uploading Virtual Images
from the Virtual Images section, importing Images from Instance Actions, creating Images with the Image
Builder and when creating new images from Migrations.
RETENTION POLICY
None Files in the File Share will not be automatically deleted or backed up.
Backup Old Files
This option will backup files after a set amount if time and remove them from the File Share.
DAYS OLD Files older than the set number of days will be automatically backed up to the selected
Backup File Share.
BACKUP File Share Search for and select the File Share the files will be backed up to.
DELETE OLD FILES
This option will delete files from this File Share after a set amount of days.
DAYS OLD Files older than the set number of days will be automatically deleted from the File
Share.
6. Select SAVE CHANGES
The File Share will be created and displayed in the File Shares tab.
• To browse, upload, download, or delete files from this File Share, select the name of the File Share.
• To edit the File Share, select the edit icon or select the name of the File Share and select ACTIONS - EDIT.

Warning: Repointing a File Share that is in use may cause loss of file references. Ensure data is mirrored
first.

• To delete a File Share, select the trash icon or select the name of the File Share and select DELETE.

102 Chapter 5. Infrastructure

 Morpheus Documentation

Warning: When deleting a File Share, all Deployment Versions and Backups associated with the File Share
will be deleted.

Data Stores

Data Stores are logical divisions of underlying storage disk. Organizations may use them to divide and track cloud
resources by team or department. When integrating certain Cloud types, HPE VM Essentials will onboard all existing
data stores and administrators can then make them available to Groups as needed. At provision time, when applicable
based on Cloud and Layout, users can select the datastore they wish to provision to.
Here within the Data Store view in the storage section, users can see a list of data stores for each Cloud. In the row for
each Cloud, the storage type, associated Cloud, and permissions information are shown.

5.5.15 Create Data Stores

To a limited extent, data stores can be created from this view. Currently, data store creation is restricted to VMware
data store creation on 3Par volumes. In order to create such a data store you would need to first have an integrated 3Par
server. See the section on storage servers for more information on setting up this integration.

Note: For all other data store types, create the needed data store within the target Cloud and HPE VM Essentials will
automatically sync in the data store on the next Cloud sync. You can force a Cloud sync from the Cloud Detail Page
(Infrastructure > Clouds > Selected Cloud > Refresh Menu > Short).

• Navigate to Infrastructure > Storage > Data Stores

• Click +ADD
• Enter a Name, select a VMware Cloud, select a 3Par Volume, and select a Host Group
• Manage permissions in the Group Access and Tenant Permissions sections, if needed
• Click SAVE CHANGES

5.5.16 Manage Permissions

From this view, users can manage permissions for any data store synced from integrated Clouds. This includes setting
which Groups have access to the data store. To edit data store permissions:
• Navigate to Infrastructure > Storage > Data Stores
• Click ACTIONS > Edit
• Groups: Select “all” Groups or select specific Groups which should have access to the data store
• Active: When marked, the data store is active and available for provisioning
• Click SAVE CHANGES

5.5. Storage 103

Morpheus Documentation

Servers

5.5.17 Add Storage Server

1. Select the Infrastructure link in the navigation bar.

2. Select the Storage link in the sub navigation bar.
3. In the SERVERS tab, Click the + ADD button.
4. From the ADD STORAGE SERVER wizard input the following:
NAME Name of the Storage Server in HPE VM Essentials
TYPE Select 3Par
URL URL Of 3Par Server Example : https://192.168.190.201:8008
USERNAME Add your administrative user account.
PASSWORD Add your administrative password.
5. Select SAVE CHANGES
The 3Par Storage Server will be added and displayed in the Buckets tab. Buckets, Files Shares and Storage Groups will
be synced in.
1. Select the Infrastructure link in the navigation bar.
2. Select the Storage link in the sub navigation bar.
3. In the SERVERS tab, Click the + ADD button.
4. From the ADD STORAGE SERVER wizard input the following:
NAME Name of the Storage Server in HPE VM Essentials
TYPE Select Dell EMC ECS
URL
URL Of DELL EMC ECS Server Example : https://192.168.190.200:4443

Tip: The port 4443 is the api port for ECS api. This may be different depending on your configuration

USERNAME Add your administrative user account.

PASSWORD Add your administrative password.
S3 SERVICE URL (Optional) Add your S3 service url Example: http://192.168.190.220:9020

Note: S3 SERVICE URL is not required if you are not planning on using ECS S3.

5. Select SAVE CHANGES

The Dell EMC ECS Storage Server will be added and displayed in the Buckets tab. Buckets, Files Shares and Storage
Groups will be synced in.
1. Select the Infrastructure link in the navigation bar.
2. Select the Storage link in the sub navigation bar.
3. In the SERVERS tab, Click the + ADD button.

104 Chapter 5. Infrastructure

 Morpheus Documentation

4. From the ADD STORAGE SERVER wizard input the following:

NAME Name of the Storage Server in HPE VM Essentials
TYPE Select Dell EMC Isilon
URL URL Of Dell EMC Isilon Server Example : https://192.168.190.202:8080
USERNAME Add your administrative user account.
PASSWORD Add your administrative password.
PROVISION USER Select Provision User
PROVISION GROUP Select Provision Group
ROOT PATH
Enter Root Path Example : \
5. Select SAVE CHANGES
The Dell EMC Isilon Storage Server will be added and displayed in the Buckets tab. Buckets, Files Shares and Storage
Groups will be synced in.

5.6 Trust

The Trust section is where credentials and SSH keypairs are stored. Stored credentials are useful for easy integration
with VMware Clouds or other third party technologies using stored credential sets. In the keypairs section, generate
SSH keypairs which can be associated with your user account so that your public key is automatically added to the
authorized keys file on provisioned workloads for easy access.

5.6.1 Credentials

The credentials section allows for various credential types to be securely stored and called back when necessary, such
as when creating new integrations with Cloud accounts or other outside technologies. Credentials can also be used to
populate REST-based Option Lists sourced from data behind an authentication wall, as well as to run automation Tasks
on remote targets that require authentication. Credentials are stored internally and securely on the HPE VM Essentials
appliance. The following credential pair types are currently supported:
• Access Key and Secret Key
• Client ID and Secret
• Email and Private Key
• OAuth 2.0
• Tenant, Username, and Keypair
• Username and API Key
• Username and Keypair
• Username and Password
• Username, Password, and Keypair
To create a new credential set, click + ADD and then select the type of credential set you’d like to store. Complete the
following:

5.6. Trust 105

Morpheus Documentation

• CREDENTIAL STORE: Select “Internal”, an integrated external Cypher store (if any), or an integrated
Hashicorp Vault server (if any). See the section below for instructions on integrating with Vault or standing
up and integrating with an external Cypher store.
• NAME: A name for the credential set in HPE VM Essentials
• DESCRIPTION: An optional description for the credential set
• ENABLED: If checked, the credential set will be available for use
• CREDENTIAL VALUES: Depending on the credential pair type selected (listed above), the remaining fields
will be specific to the chosen type. See the next section for a more complete walkthrough on storing and using
OAuth 2.0 credentials

Finally, click ADD CREDENTIALS. Once saved, the credential set will be available for selection where appropriate
in HPE VM Essentials UI. In the screenshot below, I’m integrating a new VMware Cloud. In the credentials section,
I have the following options: Creating (and using) a new Username and Password credential set (which includes the
option to save internally or to an external Cypher store), choosing a previously-stored credential set, or simply entering
my credentials locally and not saving them for reuse.

106 Chapter 5. Infrastructure

 Morpheus Documentation

5.6.2 OAuth 2.0 Credentials

HPE VM Essentials supports storage of credential sets for retrieving temporary access tokens, through OAuth 2.0, and
using the tokens to access some resource. These credential sets can be used with REST-type Option Lists to retrieve
information behind this type of authentication wall. Once stored, the credential can be used with as many Option Lists
as needed and potentially in other areas of the product in the future.
To create a new credential set, click + ADD and then select “OAuth 2.0”. Complete the following, not all fields are
present or required in every context:
• CREDENTIAL STORE: Select “Internal” or an integrated external Cypher store (if any). See the next section
for instructions on standing up and integrating with an external Cypher store
• NAME: A name for the credential set in HPE VM Essentials
• DESCRIPTION: An optional description for the credential set
• ENABLED: If checked, the credential set will be available for use
• GRANT TYPE: Client Credentials or Password Credentials
• ACCESS TOKEN URL: The authorization server’s token endpoint
• CLIENT ID: The client ID for an app registered with the target service
• CLIENT SECRET: The client secret, often needed when requesting access outside the context of a specific user
• USERNAME: (Only present with “Password Credentials” Grant Type) The username for a user with target data
access
• PASSWORD: (Only present with “Password Credentials” Grant Type) The password for the user indicated above
• SCOPE: The scope of access requested to the target resource
• CLIENT AUTHENTICATION: “Send as basic auth header” or “Send client credentials in body” - Indicates
how HPE VM Essentials should issue the token received in requests to the target resource
Once done, click ADD CREDENTIALS.

Add Existing Key Pair

To generate a existing Key Pair:

1. Navigate to Infrastructure > Trust > Key Pairs
2. On the Key Pairs tab, click + ADD and select “Existing Key Pair”
3. From the Add Key Pair modal input the following as needed:
• Name
• Public Key
• Private Key
• Passphrase

Note: Certain features do not require storage of the private key.

5.6. Trust 107

Morpheus Documentation

Generate Key Pair

To generate a Key Pair:

1. Navigate to Infrastructure > Trust > Key Pairs
2. On the Key Pairs tab, click + ADD and select “Existing Key Pair”
3. After naming the new key pair, HPE VM Essentials will reveal both the public and private key

Note: After the private key is initially revealed it will not be shown again. If needed, you may view the public key
from the Keypairs list page at any time going forward. This key pair can be associated with your Linux user details in
HPE VM Essentials user settings. The public key will be added to the authorized_keys file on provisioned workloads
where your Linux user is added at provision time.

Delete Key Pair

To Delete Key Pair:

1. Navigate to Infrastructure > Keys & Certs
2. On the Key Pairs tab, select the trash can icon at the end of any row
3. Acknowledge that you wish to delete the selected key pair

108 Chapter 5. Infrastructure

 CHAPTER

SIX

BACKUPS

The HPE VM Essentials built-in Backup solution provides VM, Container, Host, Database, File, Directory, Volume
and Storage Provider Backup, Snapshot and Replication capabilities. Backups can be automatically configured during
provisioning or manually created at any time. Backup Jobs with custom Execution Schedules and retention counts can
be created and used across all environments in conjunction with configured Storage Providers. Backups can be restored
over current Instances or as new Instances, and downloaded or deleted from HPE VM Essentials.
HPE VM Essentials also integrates with external services to automate availability with other providers.

6.1 Initial Backups Setup

Global Backup settings (Administration > Settings > Backups), Storage Providers (Infrastructure > Storage) and Exe-
cution Schedules (Library > Automation > Execute Scheduling) should be configured prior to creating backups. Global
backup settings are where scheduled backups can be globally enabled or disabled and certain global backup default
settings can be configured. Storage providers include local and remote configured storage locations that can be used
as backup targets. Execution schedules are timed intervals at which individual automated backup jobs will run. See
the next two sections for full details on global backup settings and configuring execution schedules. See HPE VM
Essentials UI storage documentation for more information about configuring local and remote storage targets and/or
integrating with third party storage providers.

6.1.1 Global Backups Settings

HPE VM Essentials Backups can be enabled under Administration > Settings > Backups.
Scheduled Backups When enabled, configured Backups will automatically run on their configured schedules. If dis-
abled, backups need to be manually run.
Create Backups When enabled, HPE VM Essentials will automatically configure backup jobs for Instances at provi-
sion time.
Backup Appliance When enabled, a Backup will be created to backup the HPE VM Essentials appliance database.
Select the Backup text link to edit the Appliance Backup Settings and view existing Appliance Backups.
Default Backup Bucket From this dropdown, select the default storage bucket to be used for future created Backups.
If needed, new storage providers can be configured and managed in the Infrastructure > Storage section.
Default Backup Schedule From this dropdown, select a default execution schedule for future created Backups. If
needed, new schedules can be configured in Library > Automation > Execute Scheduling.
Backup Retention Count The default maximum number of successful backups to retain.
Default Synthetic Full Backup Enabled When enabled, supported workload types will have periodic full synthetic
backups scheduled by default in addition to any typical backups (full backup followed by incremental backups)
that may also be scheduled.

109
Morpheus Documentation

Default Synthetic Full Backups Schedule From this dropdown, select a default execution schedule for future full
synthetic backups. In general, this should be at a longer internal than incremental backups that are also scheduled.
If needed, new schedules can be configured in Library > Automation > Execute Scheduling.

6.1.2 Execution Schedules

Backup Execution Schedules can be configured and managed in Library > Automation > Execute Scheduling. An
execution schedule stores only the interval at which some execution should be run and they can apply to both backups
and automation scripts. To create a new backup job with this schedule, navigate to Backups > Backups and click
“+ADD”. In the final step of creating the backup job we are able to select any of our created execution schedules. The
Default Backup Schedule set in Administration > Settings > Backups will be selected when creating a backup job and
not specifying an execution schedule.

6.2 Configuring Backups during Provisioning

When Backups are enabled, Backup options are presented in the AUTOMATION tab of the provisioning wizard. Note
that your default backup bucket and default backup schedule will be set according to your global backup settings as
mentioned in the previous sections.

Note: The Backup options presented in the Automation tab can be disabled using a “Create Backup” Policy. See
../administration/policies/policies

BACKUP TYPE Select the type for the Backup. Backup Types displayed will be filtered by available options for the
selected Instance Layout
BACKUP NAME Defaults to the Instance name
BACKUP TARGET Select the Storage Provider target for the Backup (when applicable)
BACKUP JOB TYPE Create a new job, clone an existing job, or Add to existing job
JOB NAME Defaults to the Instance name
RETENTION COUNT Maximum number of successful backups to retain
BACKUP SCHEDULE Select the schedule for the backup job from the list of existing execution schedules
SYNTHETIC FULL (Currently only available for KVM VM Snapshot-type backups, such as those used with MVM Instances. M
When checked, an additional schedule is configured for the backup job during which a synthetic full backup will
be taken. In general, this should be on a longer time period than that at which standard backups (full backup
followed by incremental backups) are configured
SYNTHETIC FULL SCHEDULE Select the schedule for the backup job on which synthetic full backups should be
taken
Backup Types displayed will be filtered by available options per selected Instance Layout.

110 Chapter 6. Backups

 Morpheus Documentation

6.3 Summary

The Backups Summary section shows the following metrics:

• Number of Configured Backups trend
• Backup Success Rate
• Number of Completed Backups
• Number of Failed Backups
• Total Size of Backups (MB) trend
• Upcoming and In Progress Backups
If a User’s Role permission for Backups is set to User, the user will only see metrics for backups they own.

6.4 Backups

In the Backups > Backups section, currently-configured Backups can be viewed and managed, and new Instance, Host
and Provider backups be configured. Backups must be tied to a Backup Job, which holds the retention count and the
schedule on which the backup should automatically be run. You can create a new Job at the same time as the backup
is created or you can create the job ahead of time and associate any new backups to the existing job.

Note: Role permissions for Backups determine which backups will be accessible to the individual user.

6.4.1 Create an Instance Backup

To create Instance backup:

1. Navigate to Backups > Backups
2. Click + ADD
3. From the Create Backup Wizard select the radio button for Instance, then click NEXT
4. Input the following:
Instance Select an Instance to backup from the typeahead menu
Name Enter a name for the backup job being created
5. Click NEXT
6. Depending on the Instance Type selected in the previous step, enter additional details. These can include a
specific container, backup type, database name, username and password, or a number of other things depending
on the Instance Type
7. Configure the storage bucket and retention details:
Storage Select a configured storage bucket as the backup target
Backup Job Type Create a new backup job, add this backup to an existing job, or clone an existing job to handle
this backup
Job Name If creating a new job, enter a name for the job
Retention Count If creating a new job, enter the number of backups which should be simultaneously retained

6.3. Summary 111

Morpheus Documentation

Schedule If creating a new job, select an execution schedule of which to run the backup
Synthetic Full When the backup is targeting an MVM Instance, check this box to schedule synthetic full backups
in addition to the normal full and incremental backups
Synthetic Full Schedule If synthetic full backups are enabled, select an execution schedule on which to run the
synthetic full backups
8. Click COMPLETE.

Note: On VMware Cloud types, HPE VM Essentials will merge and consolidate the snapshots held against a VM
before exporting the OVF to the storage location or share. This is so HPE VM Essentials has a full and consistent copy
of the VM state.

Tip: To edit an existing backup, click on the hyperlinked name of the backup job from the list of backups at Backups
> Backups.

112 Chapter 6. Backups

 CHAPTER

SEVEN

TOOLS

7.1 Cypher

7.1.1 Overview

Cypher at its core is a secure Key/Value store. But what makes Cypher useful is the ability to securely store or generate
credentials to connect to your Instances. Not only are these credentials encrypted but by using Cypher you don’t have
to burn in connection credentials between Instances into your apps.
Cypher keys can be revoked, either through lease timeouts or manually. So, even if somebody were to gain access to
your keys you could revoke access to the keys and generate new ones for your applications.
Keys can have different behaviors depending on the specified mountpoint.

7.1.2 Mountpoints

password Generates a secure password of specified character length in the key pattern (or 15) with symbols, numbers,
upper case, and lower case letters (i.e. password/15/mypass generates a 15 character password).
tfvars This is a module to store a tfvars file for terraform app blueprints.
secret This is the standard secret module that stores a key/value in encrypted form.
uuid Returns a new UUID by key name when requested and stores the generated UUID by key name for a given lease
timeout period.
key Generates a Base 64 encoded AES Key of specified bit length in the key pattern (i.e. key/128/mykey generates a
128-bit key)
vault Configures an integration between HPE VM Essentials and a Hashicorp Vault server. See below for additional
configuration instructions.
• Key lease times are entered in seconds and default to 32 days (2764800 s).
– Quick Time Reference:
– Day: 86400
– Week: 604800
– Month (30 days): 2592000
– Year: 31536000

113
Morpheus Documentation

7.1.3 Creating Cypher Keys

1. Navigate to Tools > Cypher and select + ADD

2. Configure one of the following types of Keys:

7.1.4 Password

A Cypher password generates a secure password of specified character length in the key pattern (or 15) with symbols,
numbers, upper case, and lower case letters (i.e. password/15/mypass generates a 15 character password).
Key Pattern “password/character_length/key”
Example: password/10/mypassword
Value Leave the Value filed blank for a password, as it will be generated.
Lease Enter lease time in seconds (ex. 604800 for one week)
Save changes and the password will be generated and available for use.
If your user role has Cypher: Decrypt permissions, a “DECRYPT” button will be available in the Cypher section to
view the generated password.
To delete the password key, select Actions > Remove and confirm.

7.1.5 tfvars

A mountpoint to store tfvars files for Terraform App Blueprints.

Key Pattern “tfvars/key”
Example: tfvars/my-aws-account
Value The values for your tfvars file to be encrypted
Lease Enter lease time in seconds (ex. 604800 for one week)
Click SAVE CHANGES and the stored values will be available for use.

Note: You may also see Cloud profiles stored at the tfvars mountpoint. They will have a key pattern like: “tf-
vars/profile/cloud/$cloudCode/variables”. Terraform Cloud profiles are created on the Cloud detail page (Infrastruc-
ture > Clouds > selected Cloud) under the Profiles tab. They allow Terraform apps and specs to be provisioned across
multiple Clouds that require differed tfvars. See the Cloud profiles page for more.

7.1.6 Secret

A Cypher secret is the standard secret module that stores a key/value in encrypted form.
Key Pattern “secret/key”
• EXAMPLE: secret/mysecret
Value Add the secret value to be encrypted
Lease Enter lease time in seconds (ex. 604800 for one week)

114 Chapter 7. Tools

 Morpheus Documentation

Save changes and the secret will be encrypted and available for use.
If your HPE VM Essentials user role has Cypher: Decrypt permissions, a “DECRYPT” button will be available in the
Cypher section to view the secret.
To delete the secret, select Actions > Remove and confirm.

7.1.7 UUID

A Cypher UUID Returns a new UUID by key name when requested and stores the generated UUID by key name for a
given lease timeout period.
Key Pattern “uuid/key”
• Example: uuid/myuuid
Value Leave the Value filed blank for UUID, as it will be generated.
Lease Enter lease time in seconds (ex. 604800 for one week)
Save changes and the UUID will be generate and available for use.
If your user role has Cypher: Decrypt permissions, a “DECRYPT” button will be available in the Cypher section to
view the generate UUID.
To delete the UUID, select Actions > Remove and confirm.

7.1.8 Key

A Cypher Key generates a Base 64 encoded AES Key of specified bit length in the key pattern (i.e. key/128/mykey
generates a 128-bit key).
Key Pattern “key/bit_length/key”
• Example: key/256/mykey
Value Leave the Value filed blank for key, as it will be generated.
Lease Enter lease time in seconds (ex. 604800 for one week)
Save changes and the AES Key will be generate and available for use.
If your user role has Cypher: Decrypt permissions, a “DECRYPT” button will be available in the Cypher section to
view the generate AES Key.
To delete the UUID, select Actions > Remove and confirm.

7.1.9 Vault

Use this mountpoint to store Cypher secrets in a Hashicorp Vault server backend rather than HPE VM Essentials.
Additionally, you can call secrets stored in Vault from this Cypher mountpoint even if they are only saved there and
not listed in the HPE VM Essentials Cypher UI. This requires installation and configuration of the Hashicorp Vault
plugin. See the YouTube video embedded in this section for more information on adding the plugin, configuration, and
a demonstration of its capabilities.

Note: It’s recommended that you use a long-lived token as attempts to call Vault-stored values into Tasks will stop
working if the token is no longer good. In such a case you’d have to obtain a new token, delete the Cypher entry with

7.1. Cypher 115

Morpheus Documentation

the old token, and create a new one to restore functionality once again. Using a long-lived token will prevent the need
to do this often.

Key Pattern “vault/<engineMount>/<secretPath>/data/<key>” (ex. vault/KV2/secret/data/morpheus/lab)

Value Enter your key/value pair here in valid JSON (ex. {“hello”: “world”} )
Lease Enter lease time in seconds (ex. 604800 for one week)
Click SAVE CHANGES. The example BASH script below onboards the value stored in Vault from the se-
cret/data/morpheus/lab mountpoint:

from_vault="<%= cypher.read('vault/KV2/secret/data/morpheus/lab') %>"

echo $from_vault

7.1.10 Editing Cypher Keys

Cypher key types which accept user-entered values (not generated values) are editable. To edit, click the “ACTIONS”
button at the end of the row for the appropriate Cypher key and then click “Edit.” Edit the values and click SAVE
CHANGES.

7.1.11 Using Cypher Keys in Scripts

To use a Cypher key in a script, use the following syntax:

<%=cypher.read('var_name')%>
Example: PASSWORD=<%=cypher.read('secret/myuserpassword')%>
Cypher also includes an option to read a value from the password/* mountpoint or create one if it doesn’t already
exist. Use the following syntax:
<%=cypher.readPassword('var_name')%>
Example: PASSWORD=<%=cypher.readPassword('myuserpassword')%>`
It should be noted that when Cypher keys are created using the readPassword function, the subsequent reads can
only come from the same user. If another HPE VM Essentials user attempts to run the automation script containing
the readPassword call, the secret value will not be read and it’s very likely the script will fail. For Tasks that need
to be run by multiple users, use a pre-existing Cypher key and reference it back in the script using read rather than
readPassword.

7.2 Archives

7.2.1 Overview

Archives provides a way to store your files and make them available for download by your scripts and Users. Archives
are organized by buckets and can be tied to any existing Bucket or File Share that may be currently integrated (for more
on integrating new storage targets, see storage documentation). Thus, storage buckets in public clouds, on networked
storage, or even on the appliance itself may be used to host files.

116 Chapter 7. Tools

 Morpheus Documentation

7.2.2 Archives List Page

To view or create Archives, navigate to Tools > Archives. At the Archives list page is a list of all currently-configured
Archives. From the list view, the following details about each Archive are shown:
• NAME: The name for the Archive in HPE VM Essentials
• BUCKET: The integrated bucket or file share where files in this Archive are stored
• # Files: The number of files in the Archive
• SIZE: The total size of all files in the Archive
• TENANTS: When Archive visibility is set to Private, only the Tenants listed here have access to the Archive
• VISIBILITY: Public or Private, public Archives are available in all Tenants
• PUBLIC URL: Indicates whether HPE VM Essentials is automatically generating a public download URL for
files in this Archive
• ACTIONS: Within the ACTIONS menu users may download a ZIP folder containing all files in the Archive,
edit the Archive, or remove it

7.2.3 Adding an Archive

To add a new Archive, click + ADD from the Archives list page. Configure the following:
• NAME: A friendly name for the Archive in HPE VM Essentials
• DESCRIPTION: An optional description for the Archive
• BUCKET: Select an existing bucket or file share to store files in for this Archive. To integrate a new bucket or
file share to use for an Archive, navigate to Infrastructure > Storage
• VISIBILITY: Public or Private, public Archives are available in all Tenants
• TENANTS: When Archive visibility is set to Private, only the Tenants selected will have access to the Archive
• PUBLIC URL: When marked, HPE VM Essentials will create a public download URL for all files in the Archive

Warning: Be sure that no sensitive data will be stored in the Archive if it will be configured to generate public
URLs. Anyone with the public URL will be able to download the file without authentication.

Once done, click SAVE CHANGES

7.2.4 Archive Detail Page

The Archive detail contains information about the Archive configuration as well as a list of files currently stored in the
Archive. The Archive detail is accessed by navigating to the Archives list page (Tools > Archives) and selecting an
existing Archive. As on the Archives List Page, users can download a ZIP folder containing all files in the Archive and
edit the Archive from the ACTIONS menu.
To delete the Archive, click DELETE. New files are added by clicking + ADD. When adding a new file, users may
browse the file system on the local computer to select a file.
From the files list, download or delete individual files by clicking on the appropriate selection from the ACTIONS
menu.

7.2. Archives 117

Morpheus Documentation

7.2.5 File Detail Page

The File Detail Page contains details about the file itself as well as private and public (if available) URLs. In the lower
section are three tabs. The Links tab contains any download links which have been generated (both active and expired).
The History tab contains historical information about the file including creation and deletion of download links and
download events. The scripts tab contains a guide for getting started using Archive-stored files in scripts.

118 Chapter 7. Tools

 CHAPTER

EIGHT

ADMINISTRATION

There are several administrative integrations built into HPE VM Essentials that make it great to work with within any
organization ranging from small to large. Especially, with its built in white label support and multitenancy capabilities,
managed service providers have a wide range of capabilities when it comes to managing customer accounts and users.

8.1 Identity Sources

Administration > Tenants > (Selected Tenant) > Identity Sources Administration > Users > Identity Sources

8.1.1 Overview

HPE VM Essentials can integrate with many of the most common identity source technologies, such as Active Directory,
Okta, and many others. These can be configured via the Identity Sources button on the Users list page (Administration
> Users). These integrations map roles within these sign-on tools to equivalent roles in HPE VM Essentials so at first
log in users are assigned the appropriate role.

8.2 Plans & Pricing

8.2.1 Overview

Service Plans determine the amount of compute resources available to each Instance. When provisioning new Instances
from HPE VM Essentials, a plan is selected which determines the number of CPU cores, amount of memory and
the amount of storage available to the associated machines. Additionally, when converting discovered instances in
integrated clouds to HPE VM Essentials-managed Instances, the user selects a plan which best fits the instance as it
is currently configured. When Instances are reconfigured, a new plan may be selected which redefines the compute
resources which should be available to the Instance. Plans can be as specific or open-ended as the user would like,
restricting the user to the resources defined in the plan or allowing the user to increase those amounts at provision time.
The Plans section (Administration > Plans & Pricing) is where Plans are managed. A set of Service Plans are seeded
by HPE VM Essentials for immediate use with supported Cloud type out of the box. Additional Plans may be synced in
on integrating additional Clouds depending on the type. Users can create new Service Plans or edit the system-seeded
Service Plans for Private Cloud types.

119
Morpheus Documentation

Create Service Plan

Price Sets can be added to the Plan at creation time so often it makes sense to create the Prices and associate them with
Price Sets before creating the Plan. Additional instructions for creating Prices and Price Sets are in the next section.
With the Price Sets ready, continue with the instructions below to create Price Plans of various types.
1. Navigate to Administration > Plans & Pricing (/admin/service-plans)
2. Click the + ADD dropdown and select the appropriate Plan type
3. Configure details for the Plan on the General tab, the configuration options will depend on the Plan type. See the
section above for a detailed description of each configuration option available for Service Plans
4. On the Price Sets tab, associate all relevant Price Sets with the Plan. The desired Price Sets must already exist.
If needed, you may save the Plan at this point and come back to associate Price Sets later
5. Click SAVE CHANGES

Service Plan Permissions

Group Access permissions determine availability of a Service Plan to Users based on their associated Roles.
• Group Access determines which Groups the Service Plan will be available in for Provisioning and Reconfigure.

Service Plan Configuration

Note: Not all fields listed below are available for every provision type. After selecting the provision type, the correct
fields for that type of Service Plan will be revealed. Not all fields are required to save a valid Service Plan

• NAME: The name of the Service Plan in HPE VM Essentials

• ACTIVE: Inactive Service Plans are not available for selection during provisioning or reconfigure. New discov-
ered records cannot be associated with deactivated Plans when converting to managed resources. Any resources
attached to a Plan will continue to be associated if the Plan is later deactivated
• CODE: A unique identifier for use in HPE VM Essentials API and CLI
• DISPLAY ORDER: Configures the order in which plans are displayed relative to other plans associated with the
same provision type. Note that Plans will be displayed in low-to-high order based on the Display Order property.
This is reversed from Layouts which are displayed in high-to-low order
• PROVISION TYPE: Determines the resource Provision Type this Service Plan is available for when provision-
ing, reconfiguring and converting discovered resources to managed
• REGION CODE: (Optional) Limits availability of the Service Plan to Clouds with the specified Region Code
• STORAGE: The default storage size of the root volume (in MB or GB)
• CUSTOMIZE ROOT VOLUME: Allows the root volume size to be customized during provisioning or recon-
figure. Custom Range limits, if set, will apply
• CUSTOMIZE EXTRA VOLUMES: Allows the extra volume sizes to be customized during provisioning or
reconfigure. Custom Range limits, if set, will apply
• ADD VOLUMES: Allows additional volumes to be added during provisioning or reconfigure
• MEMORY: The amount of memory included with the plan (in MB or GB)

120 Chapter 8. Administration

 Morpheus Documentation

• CUSTOM MEMORY: Allows the amount of memory to be customized during provisioning or reconfigure.
Custom Range limits, if set, will apply
• CORE COUNT: The number of virtual CPU cores included with the plan
• CUSTOM CORES: Allows the number of virtual CPU cores to be customized during provisioning or reconfig-
ure. Custom Range limits, if set, will apply
• CORES PER SOCKET: Determines core distribution across sockets. CORES PER SOCKET cannot be larger
than CORE COUNT, and CORE COUNT must be divisible by CORES PER SOCKET. For example four CORES
with two CORES PER SOCKET means two sockets would have two cores each assigned. Four CORES with one
CORE PER SOCKET would have four sockets with one core each assigned, and four CORES with four CORES
PER SOCKET would have one socket with four cores assigned
• TOTAL STORAGE: When custom storage is enabled for the plan, this sets a minimum and maximum total
storage allowed (all disks combined)
• PER DISK SIZE: When custom storage is enabled for the plan, this sets the minimum and maximum storage
for each disk
• CUSTOM MEMORY RANGE: The minimum and maximum allowed amount of memory for the Plan when
CUSTOM MEMORY is enabled for the Plan
• CUSTOM CORES RANGE: The minimum and maximum allowed amount of virtual CPU cores for the Plan
when CUSTOM CORES is enabled for the Plan
• SOCKETS: The minimum and maximum allowed sockets range for the Plan when CUSTOM CORES is enabled
for the Plan
• CORES PER SOCKET: The minimum and maximum allowed cores per socket for the Plan when CUSTOM
CORES is enabled for the Plan
• PRICE SETS: In the Price Sets tab, associate Price Sets with the Plan. See Adding Price Sets to Plans

Tip: Custom Range storage and memory values units (GB/MB) are inherited from the :STORAGE:: and :MEMORY::
GB/MB settings in the same Plan. For example, if :STORAGE: is configured for for 40 GB, a custom range for Storage
would also be in GB.

8.3 Roles

8.3.1 Overview

Within HPE VM Essentials is a wide array of role-based access control capabilities. These roles can be managed within
the Administration > Roles section of the HPE VM Essentials UI as well as through the API or CLI. Entire sections
within the appliance UI can be hidden based on the specified access levels for features within HPE VM Essentials.
Features have different access scopes that can be selected from and can range depending on the specific feature. The
most common scope set involves none, read, and full.
There are several handy tricks for creating new roles within HPE VM Essentials and users can be assigned more than
one role. When a user is assigned more than one role, permissions are granted by the role with the highest level of scope
access. This allows roles to be built with small subsets of features and combined to grant different individuals relevant
permission control. With resource permissions (that is, all types of permissions other than Feature permissions), a
default access can be given as opposed to a specific (Full or None) permission for any resource. A specific permission
will always supersede a default permission regardless of whether it’s more permissive or more restrictive. In other
cases (default vs default OR specific vs specific) the more permissive access will be given.

8.3. Roles 121

Morpheus Documentation

It’s also important to note that built-in Roles, such as the System Admin “Superuser” Role carry no special prominence.
For resource permissions, the System Admin user has defaults set to Full in each section. Thus, pairing the System
Admin Role with another Role that may include specific line item permissions for various resource categories may
cause your System Admin users to take on a reduced permission set.

Note: Feature access control not only applies to the HPE VM Essentials UI but also applies to the public developer
API. It is sometimes necessary to logout and back in for changes to a users feature access level to be respected.

Role Creation

Roles are created within Administration > Roles. Creating a Role requires minimal information, just a Name for the
Role in HPE VM Essentials. You can optionally add a Description and a Landing URL as well. The landing URL
determines the starting page for the User on initial login (such as the Instances list page or perhaps the detail page for
a primary HPE VME cluster). Following creation, click into the Role from the Roles list page and you will see the
granular controls available to Roles. These controls include access permissions for UI feature sections, Groups, Cluster
types, and configured Tasks. Changes are automatically saved for the Role, there is no need to click a button to save
any updates. See the next section for a detailed breakdown of individual feature permissions.
Master tenant users are able to create a special type of user role called a multi-tenant user role. A multi-tenant user role
is copied / duplicated down to all subtenants within HPE VM Essentials. These can be viewed as canned role templates
available to new tenants when their account is first created. Any changes made to the main role are propagated down
to the subtenants version of the shared role so long as the subtenant users have not previously adjusted/changed that
role. The moment a subtenant makes adjustments to the shared role within their account, it is unlinked from the parent
role and treated entirely independently. In order to relink the Role in the Subtenant, a Master Tenant user would have
to edit the Role, uncheck MULTITENANT USER ROLE, save the Role, check MULTITENANT USER ROLE once
again, then save the Role once again.
Another note about user roles is that when a user role is copied down to a subtenant, the permission scopes cannot
supersede the tenant’s assigned tenant role. If they do they are automatically downgraded when propagated to the
specific tenant. Any changes made to the tenant role will automatically ensure roles within the tenant are downgraded
appropriately.

Note: Master Tenant administrators may edit permissions for Roles in other Tenants by viewing the Tenant detail page
(Administration > Tenants > Selected Tenant) and accessing the Roles tab. From there, select the Role to edit and make
changes on the resulting Role detail page.

8.3.2 Roles and Identity Sources

It is very common for large Enterprises to have an existing identity source that they would like to plug in to HPE VM
Essentials for authentication. This includes services like LDAP, Active Directory, OKTA, Jump Cloud, One Login, and
SAML. When using these services it becomes important to configure a role mapping between the HPE VM Essentials
role assignments to the equivalent identity source groups/roles the user belongs to. This is configurable within the
identity source management UI. Sections are provided allowing things like LDAP groups to be directly mapped to
specific roles within HPE VM Essentials. If a user matches more than one LDAP/role group then both sets of roles
are applied to the user automatically. Configuring Identity Sources is done in Administration > Users. Additionally,
administrators may opt to lock users to their mapped role in HPE VM Essentials or keep the roles unlocked to manually
administer roles in one-off scenarios. See the docs section dedicated to identity sources for more information on
configuring the specific SSO technologies HPE VM Essentials supports.

122 Chapter 8. Administration

 Morpheus Documentation

8.3.3 Role Permissions

Note: Permission options for sub-tenant user roles will only list options permitted by the Tenant role applied to the
sub-tenant. Sub-Tenant user roles permissions cannot exceed permissions set by the overriding Tenant Role.

Role Permission Sections

Features Controls User access level for UI sections and features in HPE VM Essentials. The complete feature per-
missions grid is included below.
Groups Controls User access level for Groups. Groups are not a Multi-Tenant construct, only Groups created in the
current Tenant will be visible.
Cluster Types Controls user access to Cluster types. Only Cluster types allowed for the Role may be added in In-
frastructure > Clusters (assuming the Role also has feature access to applicable permissions related to adding
Clusters) VDI Pools
Controls User access to VDI Pools which are currently configured (Tools > VDI Pools) via the Virtual
Desktops Persona view
Workflows Controls User access to configured Workflows, including the ability to view, edit, execute, or apply
to Library item configurations
Tasks Controls User access to configured Tasks, including the ability to view, edit, execute, or apply to Workflows

Feature Access Permissions

Feature Access settings control permissions for sections and objects in HPE VM Essentials. Permission options include:
None Hidden or inaccessible for user
Read User can view but cannot edit or create
Full User has full access
User User can access Objects they have created or own
Group User can access Objects assigned to or shared with Groups the User has access to
Remote Console: Provisioned Remote Console tab will only appear after instance is successfully provisioned.
Remote Console: Auto Login RDP and SSH only, controls if user is auto-logged in to Remote Console or presented
with login prompt.
Role Mappings Gives User Access to Role Mappings config in /admin/roles for configuring Identity Source Role
Mappings without providing Access to other Identity Source configuration settings.
• Admin Permission Options

8.3. Roles 123

Morpheus Documentation

Per- Per- Feature Access Description Recommenda- Tenant

mis- mis- tions Role
sion sion Recom-
Name Op- menda-
tions tions
Ad- None, Allows or disallows the Ansible integrations are shown on This permission
min: Full ability to edit existing the Integrations list page (Admin- is recommended
An- Ansible integrations istration > Integrations). Users for those re-
si- with access may view and edit sponsible for
ble them here. administer-
ing HPE VM
Essentials, in-
cluding creating
integrations
with third-party
technologies,
specifically An-
sible
Ad- None, Allows or disallows ac- The Appliance tab in Administra- This permission This per-
min: Full cess to the Appliance tion > Settings is where HPE VM is recommended mission
Ap- and License tabs in Ad- Essentials administrators would to only be as- is recom-
pli- ministration > Settings configure the appliance URL, Ten- signed to Roles mended
ance ant and User management, email, utilized within to be set
Set- proxy, and currency settings. Ad- the Master to None
tings ditionally, defining which Clouds Tenant. Those on the
are available for integration within responsible for Tenant
HPE VM Essentials is done on this configuring cur- Role to
page. On the License tab informa- rency, email, and restrict
tion about the current HPE VM Es- proxy settings this ac-
sentials license may be viewed and for Cloud API cess for
a new license may be applied when access will need all Sub-
needed. this permission. tenant
Users.
Ad- None, Allows or disallows ac- The Backup Settings page is where This permission
min: Full cess to Administration users define the default HPE VM is recommended
Backup > Settings > Backups. Essentials backup bucket, backup for those respon-
Set- Master Tenant adminis- schedule, and retention count. Ad- sible for enabling
tings trators have additional ditionally, if given to a Master Ten- backups and set-
settings for appliance ant user they will have the ability to ting default
backups and defaults on enable scheduled backups, create backup buckets
this page. backups, and backup appliance. within HPE VM
Essentials.
Ad- None, Allows or disallows ac- The Clients settings section is This permission
min: Full cess to the Clients tab in where API clients are created and is recommended
Clients global settings (Admin- edited. Default clients may have for those respon-
istration > Settings) their validity and refresh periods sible for admin-
edited but cannot be deleted. User- istering API ac-
created API clients may be edited cess.
or deleted
Ad- None, Allows or disallows ac-
min: Full cess to Administration
Dis- > Integrations > Dis-
tributed tributed Workers Tab
Work-
ers
124 Ad- None, Allows or disallows ac- The Environments tab is where This permission
Chapter 8. Administration
min: Full cess to the Environ- named environments such as de- is recommended
En- ments tab in Adminis- velopment or production are cre- for those respon-
vi- tration > Settings > Pro- ated and given a description as sible for defining
 Morpheus Documentation

• API Permission Options

Per- Per- Feature Ac- Description Recommen- Tenant Role

mis- mis- cess dations Recommenda-
sion sion tions
Name Op-
tions
API: None, Allows or dis- The invoices API/CLI is used to This per- It is recommended
Billing Read, allows access generate bills and gather highly- mission is this setting be set
Full to invoices granular costing data for supported recommended to None on the
and projects Clouds. Read access allows list for those re- Tenant Role to
via HPE VM and get functions and Full allows sponsible for restrict access for
Essentials access to post (refresh). generating Subtenant users.
API/CLI. invoices or
projects.
API: None, Allows or dis- This endpoint allows users to exe- This permission It is recommended
Ex- Full allows access cute scripts on Instances, contain- is recom- this setting be set
ecu- to an API ers, or hosts and then polls for a re- mended for to None on the
tion endpoint. sponse. those responsi- Tenant Role to
Re- ble for arbitrary restrict access for
quest API script exe- Subtenant users.
cution.

• Backups Permission Options

8.3. Roles 125

Morpheus Documentation

Per- Per- Feature Ac- Description Rec- Ten-

mis- mis- cess om- ant
sion sion men- Role
Name Op- da- Rec-
tions tions om-
men-
da-
tions
Back- None, Determines The Summary subpage allows the user to see the number of This
ups View, access to configured backups, the success rate, recent failures, and permis-
Read, the Back- the size of the backups, as well as, the upcoming and in- sion is
User, ups secton progress backups. The Jobs subpage is where backup jobs recom-
Full of HPE may be created, cloned, edited or deleted. On create, a mended
VM Essen- name, code (for use within the API), retention count, and for
tials UI, schedule are selected (Note: Selectable schedules are de- those
including fined Execution Schedules which are created in the Library respon-
the Sum- > Automation). On the backups subpage, a list of config- sible
mary, Jobs, ured backups is provided and new backups may be created for per-
Backups, or on-demand backups may be executed. On create, the forming
and History place where the target exists is selected (Instance, Host, the
subpages. or Provider), the source is selected and a name is defined backup
The “User” as well as the selected execution schedule. On the His- and
permission tory subpage both the backups and restores tabs are avail- restora-
allows ac- able. Names, statuses, start times, durations and size may tion of
cess only be viewed. work-
to backup loads.
objects the
user owns.
Back- None, Determines From this page, backup integrations may be created, This It is
ups: Read, access to the edited, or deleted. The page also provides the status of permis- rec-
In- Full Backups > existing integrations. On create the integration product is sion is om-
te- Integrations selected and all associated connection and authentication recom- mended
gra- page. information must be provided. Additionally, visibility is mended this
tions set to either public or private. Integrations available in- for set-
clude Avamar, Commvault, Rubrik, Veeam, and Zerto. those ting
respon- be
sible set to
for the None
inte- on the
gration Ten-
be- ant
tween Role
HPE to re-
VM Es- strict
sentials ac-
and cess
backup for
tech- Sub-
nolo- tenant
gies. users.

• Catalog Permission Options

126 Chapter 8. Administration

 Morpheus Documentation

Permis- Per- Feature Ac- Description Recommendations Ten-

sion mis- cess ant
Name sion Role
Op- Rec-
tions om-
men-
da-
tions
Catalog None, Determines The Catalog page displays the This permission is recom-
(For- Full access to Pro- complete list of Catalog Items mended for users who will
merly visioning > that can be ordered from the Ser- order items from the Ser-
Service Catalog and vice Catalog vice Catalog
Catalog: Catalog in the
Catalog) Service Cat-
alog Persona
view
Catalog: None, Determines The Catalog Dashboard con- This permission is recom-
Dash- Read access to |Pro- tains featured Catalog Items, mended for users who will
board CatDas| and recently-ordered Catalog items use the Service Catalog
(For- Dashboard in and Inventory items. The Cat-
merly Service Cat- alog Dashboard is the default
Service alog Persona landing page for the Service Cat-
Catalog: view alog Persona view
Dash-
board)
Catalog: None, Determines The Inventory is the complete This permission is recom-
Inventory Full access to |Pro- list of user-owned items provi- mended for users who will
(For- CatDas| and sioned from the Service Catalog use the Service Catalog
merly Dashboard in and need to be able to
Service Service Cat- view details on the items
Catalog: alog Persona they’ve provisioned from
Inven- view the Catalog
tory)

• Infrastructure Permission Options

8.3. Roles 127

Morpheus Documentation

Per- Per- Feature Ac- Description Recom- Ten-

mis- mis- cess menda- ant
sion sion tions Role
Name Op- Rec-
tions om-
men-
da-
tions
In- None, Determines HPE VM Essentials includes a PXE Server to pro- This per-
fras- Read, access to the vide for rapid bare metal provisioning. The Boot mission is
truc- Full Integrations page is where users may add, edit, or delete answer recommend
ture: > Boot page, files, as well as, manage their own images or use for those
Boot including the existing ones. Boot menus and mappings are also responsible
Mapping, managed here and discovered MAC addresses are for bare
Boot Menus, displayed. metal provi-
Answer Files, sioning.
Images, and
Discovered
MAC Ad-
dresses tabs.
In- None, Determines ac- The SSL Certificates page is where certificates may This per-
fras- Read, cess to the SSL be uploaded and managed. These certificates may mission
truc- Full Certificates tab then be used within HPE VM Essentials when or- is recom-
ture: on the Infras- chestrating load balancers. mended for
Cer- tructure > Keys personnel
tifi- & Certs page. who will
cates be orches-
trating and
provision-
ing load
balancers.
In- None, Determines The Cloud page is where new Clouds are integrated This per-
fras- Read, access to the with HPE VM Essentials and existing Cloud in- mission
truc- Group,Infrastructure tegrations are managed. This includes creating a is recom-
ture: Full > Clouds page. code for use within the API, the location, visibility, mended
Clouds The “Group” tenant, whether or not it should be enabled, and if for those
permission VMs should be automatically powered on. Addi- responsible
limits the tionally, Clouds may be integrated from the Clouds for con-
Cloud list page tab of a Group detail page. figuring
(Infrastructure RBAC as
> Clouds) to well as
show only those re-
Clouds in sponsible
their assigned for HPE
Groups. VM Essen-
tials Cloud
Integra-
tions.
In- None, Determines The Clusters page allows you to create and manage This per-
fras- Read, access to the Kubernetes, Docker, and KVM Clusters, as well as mission is
truc- Group,Infrastructure Cloud-specific Kubernetes services such as EKS. recommend
ture: Full > Clusters for those
Clus- page. creating and
ters managing
containers
128 or container
Chapter 8. Administration
services.
In- None, Determines The Hosts page provides for viewing and manag- This per-
fras- Read, access to the ing hosts, virtual machines, and bare metal hosts. mission is
 Morpheus Documentation

• Library Permission Options

8.3. Roles 129

Morpheus Documentation

Permis- Per- Feature Access Description Recommenda- Tenant

sion mis- tions Role Rec-
Name sion ommenda-
Op- tions
tions
Library: None, Determines access to the The Blueprints page This permission
App Read, Library > Blueprints > allows for the creation is recommended
Blueprints Full App Blueprints page. of pre-configured, for those re-
(For- multi-tier application sponsible for
merly definitions which can be defining HPE
Provi- deployed via the Apps VM Essentials-
sioning: page. With this permis- type Blueprints.
Blueprints) sion the blueprint type
of HPE VM Essentials
is available.
Library: None, Determines access to The Blueprints page This permission
Blueprints Pro- ARM-type Blueprints on allows for the creation is recommended
- ARM vi- the Library > Blueprints of pre-configured, for those re-
(For- sion, > App Blueprints page. multi-tier application sponsible for
merly Full The “Provision” per- definitions which can be defining ARM
Provi- mission allows for deployed via the Apps blueprints.
sioning: provisioning Apps from page. With this permis-
Blueprints ARM Blueprints without sion the blueprint type
- ARM) the ability to create or of ARM is available.
edit them.
Library: None, Determines access to The Blueprints page This permission
Blueprints Pro- CloudFormation-type allows for the creation is recommended
- Cloud- vi- Blueprints on the Library of pre-configured, for those re-
For- sion, > Blueprints > App multi-tier application sponsible for
mation Full Blueprints page. The definitions which can defining Cloud-
(For- “Provision” permission be deployed via the Formation
merly allows for provisioning Apps page. With this blueprints.
Provi- Apps from CloudForma- permission the blueprint
sioning: tion Blueprints without type of CloudFormation
Blueprints the ability to create or is available.
- Cloud- edit them.
Forma-
tion)
Library: None, Determines access to The Blueprints page This permission
Blueprints Pro- Helm-type Blueprints on allows for the creation is recommended
- Helm vi- the Library > Blueprints of pre-configured, for those re-
(For- sion, > App Blueprints page. multi-tier application sponsible for
merly Full The “Provision” per- definitions which can be defining Helm
Provi- mission allows for deployed via the Apps blueprints.
sioning: provisioning Apps from page. With this permis-
Blueprints Helm Blueprints without sion the blueprint type
- Helm) the ability to create or of Helm is available.
edit them.
Library: None, Determines access The Blueprints page This permission
Blueprints Pro- to Kubernetes-type allows for the creation is recommended
- Kuber- vi- Blueprints on the Library of pre-configured, for those respon-
netes sion, > Blueprints > App multi-tier application sible for defin-
(For- Full Blueprints page. The definitions which can ing Kubernetes
merly “Provision” permission be deployed via the blueprints.
Provi- allows for provisioning Apps page. With this
130 sioning: Apps from Kubernetes permission the blueprint Chapter 8. Administration
Blueprints Blueprints without the type of Kubernetes is
- Kuber- ability to create or edit available.
netes) them.
 Morpheus Documentation

• Lifecycle Permission Options

8.3. Roles 131

Morpheus Documentation

Per- Per- Feature Access Description Recommendations Ten-

mis- mis- ant
sion sion Role
Name Op- Rec-
tions om-
men-
da-
tions
En- None, Allows access to the En- Allows Instance environment This permission is rec-
vi- User, vironments tab of the In- variables to be edited. If set to ommended for those
ron- Read, stance detail page “User” level only environment needing management
ment Full variables of Instances owned control over Instances
Vari- by the currently logged in user
ables may be edited.
Life- None, Determines if the user can Allows the user to extend au- This permission is
cy- User, extend an expiration or tomated shutdown or expira- recommended for
cle: Full shutdown Policy tion policies set against any administrators or
Ex- workload (“full” permission) those who need to be
tend or against the user’s own work- able to extend Policies
Ex- loads (“user” permission) set against their own
pi- workloads (“user”
ra- level permission)
tions
Power None, Allows access to power Allows the user to change This permission is rec-
Con- User, state controls for Instances the current power state of In- ommended for those
trol Full and servers, including stances and servers needing management
stopping, starting, restart- control over Instances
ing and suspending.
Re- None, Allows general access to Allows general access to This permission is rec-
con- User, Instance and server recon- reconfigure features for In- ommended for those
fig- Full figure (resize) feature. See stances and servers. “User” needing management
ure additional reconfigure per- level permission allows only control over Instances
missions below for more Instances and servers owned
granular control over spe- by the currently logged in user
cific reconfigure function- to be reconfigured.
ality.
Re- None, Allows the user to change When reconfiguring, the user This permission is rec-
con- User, the Instance service plan may change the service plan ommended for those
fig- Full associated with the Instance. needing management
ure: “User” level permission al- control over Instances
Change lows only Instances owned by
Plan the currently logged in user to
have their plans changed.
Re- None, Allows the user to add When reconfiguring, the user This permission is rec-
con- User, disks to an Instance or may add disks to the selected ommended for those
fig- Full server during reconfigure. Instance or server. “User” needing management
ure: level permission allows only control over Instances
Disk Instances owned by the cur-
Add rently logged in user to have
their disks changed.
Re- None, Allows the user to change When reconfiguring, the user This permission is rec-
con- User, the datastore or volume may update datastore or vol- ommended for those
fig- Full type during reconfigure. ume types. “User” level per- needing management
ure: mission allows only Instances control over Instances
Disk owned by the currently logged
132 Change in user to have their disk types Chapter 8. Administration
Type changed.
Re- None, Allows the user to modify When reconfiguring, the user This permission is rec-
con- User, an attached disk during re- may modify disks attached to ommended for those
 Morpheus Documentation

• Monitoring Permission Options

Per- Per- Feature Access Description Recom- Tenant Role Recommen-

mis- mis- menda- dations
sion sion tions
Name Op-
tions
Mon- None, Determines level The Checks page is where This per-
i- Read, of access to the automatically-created mission
tor- User, Monitoring sec- checks are customized or is recom-
ing Full tion of HPE VM new checks are created. mended
Essentials UI, in- The Groups and Apps for those
cluding the Status, pages are where checks respon-
Apps, Checks, may be grouped. The sible for
Groups, Incidents, Incidents page is where moni-
Contacts, and incidents are created upon toring
Alert Rules sub- Check failure. The Con- appli-
pages. The “User” tacts page is where contacts cations,
permission will may be added for notifica- inci-
allow access only tions. The Alert Rules page dents,
to objects the user is where notification are or con-
owns. configured. figuring
notifica-
tions.
Mon- None, Determines level Monitoring > Logs is This per- Setting permission to Full on
i- Read, of access to the where Instance and Server mission the Tenant Role will give Sub-
tor- User, Logs section of logs may be viewed (also is recom- tenant users full access to all
ing: Full HPE VM Es- must be enabled in order to mended logs appliance-wide, includ-
Logs sentials UI. The view Appliance logs from for those ing to workloads living in
(For- “User” permission Administration > Health > who other Tenants, for any Sub-
merly will allow access Morpheus Logs Logs when should tenant users who also have
Logs) only to objects the health permission is also have Full permission on their User
user owns. enabled). access to Role. It’s recommended that
Instance you set this permission to
and User on the Tenant Role so
Server that Subtenant users are not
logs. able to see logs for workloads
other than their own.

• Networks Permission Options

8.3. Roles 133

Morpheus Documentation

Per- Per- Feature Access Description Recommen- Ten-

mis- mis- dations ant
sion sion Role
Name Op- Rec-
tions om-
men-
da-
tions
Net- None, Determines access to the DHCP Allows DHCP Relays to be This per-
works: Read, Relays in applicable network in- viewed, created and managed mission is
DHCP Full tegrations recommended
Re- for those tasked
lays with network
management
Net- None, Determines access to the DHCP Allows DHCP Servers to be This per-
works: Read, Servers in applicable network in- viewed, created and managed mission is
DHCP Full tegrations recommended
Servers for those tasked
with network
management
Net- None, Determines access to the Do- The Domains page is where This per-
works: Read, mains tab on the Infrastructure network domains are managed. mission is
Do- Group,> Network page. Domains may Domains are used for setting recommended
mains Full be scoped for specific Group ac- FQDNs, joining Windows In- for those
cess. If the Group-level per- stances to domains, and creat- responsible
mission is selected here, users ing A-Records with DNS inte- for HPE VM
will only have visibility into Do- grations. On create the domain Essentials
mains scoped to Groups they can controller and credentials for do- DNS and
access. main join must be provided. domain-join
integrations.
Net- None, Determines access to the Fire- The Firewall tab is where net- This per-
works: Read, wall tab on applicable network work firewall groups and rules mission is
Fire- Man- integrations detail pages. When are viewed, created and managed recommended
walls age the “Manage Rules” permission for those tasked
Rules,is given, users have read-only ac- with network
Full cess to firewall groups and the security man-
ability to create and manage fire- agement
wall rules on those groups
Net- None, Determines access to the Float- The Floating IPs tab is where This per-
works: Read, ing IPs tab on the Network list Floating IPs from supported mission is
Float- Full page (Infrastructure > Network) Clouds are listed once synced recommended
ing into HPE VM Essentials Users for those tasked
IPs may also release unattached with network
Floating IPs from this page and management
link through to any workloads
which have Floating IPs attached
Net- None, Determines access to the IP The IP Pools tab is where IP This per-
works: Read, Pools tab on the Network list pools from various networks are mission is
IP Group,page (Infrastructure > Network). displayed. Detail pages for IP recommended
Pools Full IP Pools may be scoped for spe- pools can also be accessed here for those tasked
cific Group access. If the Group- with IP address
level permission is selected here, management
users will only have visibility
into IP Pools scoped to Groups
they can access.
134 Net- None, Determines access to the Inte- The integrations tab is where Chapter
net- This per-
8. Administration
works: Read, grations tab on the Network list work integrations can be viewed, mission is
In- Full page (Infrastructure > Network) added and managed. Addition- recommended
te- ally, the detail pages for network for those tasked
 Morpheus Documentation

• Operations Permission Options

8.3. Roles 135

Morpheus Documentation

Per- Per- Feature Description Recommendations Ten-

mis- mis- Access ant
sion sion Role
Name Op- Rec-
tions om-
men-
da-
tions
Op- None, Determines The Activity page displays four types of re- This permission is rec-
er- Read access to cent activities: Provisioning, Alerts, Back- ommended for those re-
a- the Activity ups, and Permissions. sponsible to monitor or
tions: and History view activities and their
Ac- tabs on the statuses within HPE VM
tiv- Operations Essentials.
ity > Activity
page.
Op- None, Determines The Alarms tab is where alarms are listed This permission is rec-
er- Read, access to and acknowledgement actions can be taken ommended for those re-
a- Full the Alarms against them sponsible for monitoring
tions: tab in the
Alarms Activity
section
(Opera-
tions >
Health)
Op- None, Determines The Analytics page gives administrators the This permission is
er- Read, access to ability to break down costs and usage, then recommended for those
a- Full the Oper- filter the results by relevant delineations in- responsible for under-
tions: ations > cluding Groups, Clouds, Tenants or even tag standing utilization and
An- Analytics values. costs.
a- page.
lyt-
ics
Op- None, Determines When a Provision Approval-type Policy is This permission is
er- Read, access to enabled for a Group or Cloud, an approval re- recommended for those
a- Full the Oper- quest will be created on each relevant provi- responsible for ap-
tions: ations > sion attempt. These approvals can be handled proving, denying, or
Ap- Approvals directly in HPE VM Essentials or dealt with canceling approval
provals page. in ServiceNow with a properly-configured in- requests.
tegration.
Op- None, Determines The Budgets page is where budgets are cre- This permission is rec-
er- Read, access to ated and applied to clouds, tenants, users, or ommended for those re-
a- Full the Oper- groups. sponsible for managing
tions: ations > budgets.
Bud- Budgets
gets page.
Op- None, Determines The Dashboard page is a single pane of “Read” permission is
er- Read access to glass showing quick, easy-to-read perfor- recommended for all
a- the Op- mance and configuration information about users. When set to
tions: erations the HPE VM Essentials environment. None, Operations >
Dash- > Dash- Reports becomes the
board board page default landing page
(default and attempts to go to
HPE VM the Dashboard will
Essentials redirect users to their
136 landing User Settings
Chapter 8.page.
Administration
page).
Op- None, Determines The Guidance page shows recommendations This permission is
er- Read, access to for resource and cost-utilization optimiza- recommended for those
 Morpheus Documentation

• Projects Permission Options

Per- Per- Feature Access Description Recommendations Tenant

mis- mis- Role
sion sion Recom-
Name Op- menda-
tions tions
Projects None, Determines ac- Projects are used to as- This permission is recom-
Read, cess to Projects sociate resources together mended for those responsi-
Full through HPE VM and apply common tags to ble for cost analysis and in-
Essentials API their invoices voice reporting

• Provisioning Permission Options

8.3. Roles 137

Morpheus Documentation

Per- Per- Feature Access Description Recommenda- Ten-

mis- mis- tions ant
sion sion Role
Name Op- Rec-
tions om-
men-
da-
tions
Pro- None, When editing an In- Allows you to change the owning This permission is
vi- Full stance (Provisioning user of an Instance. recommended for
sion- > Instances > selected those responsible
ing: Instance > EDIT button), to ensure all in-
Ad- this permission deter- stances are owned
min- mines access to changing by appropriate
is- the owner of an Instance. personnel.
tra-
tor
Pro- None, This allows or disallows When VMware technology type is This permission is
vi- Full access to the “Extra Op- selected for a new or existing Node recommended for
sion- tions” field of the Node Type (Library > Blueprints > Node those responsible
ing: Types tab on the Library Types), the “Extra Options” field for managing
Ad- page when the Node will be available in the VMware VM VMware Node
vanced Type Technology value Options section. These allow defin- Types (images).
Node is set to “VMware”. ing advanced vmx-file parameters
Type during provisioning.
Op-
tions
Pro- None, Determines access to The Apps page allows Instances to This permission is
vi- Read, the Provisioning > be grouped and tiered logically into recommended for
sion- User, Apps page. The “User” Apps. From this page, Apps can be those responsible
ing: Full permission will allow deployed from existing Blueprints for provisioning.
Apps access to only object the and Instances can be added to exist-
user owns. ing Apps. Security groups and en-
vironmental variables (Linux Only)
may be added and edited. The App
log, history, and monitoring tabs
may be viewed.
Pro- None, Determines access to The Deployments page provides the This permission is
vi- Read, the Deployments tab on ability to use git, fetch from a url, recommended for
sion- Full the Provisioning > Code or upload a file to be utilized dur- those responsible
ing: page. ing the provisioning of an Instance for providing and
Code or pushed to an existing Instance. managing soft-
De- ware.
ploy-
ments
Pro- None, Determines access to From this page code integrations This permission is
vi- Read, the Integrations tab on may be created, edited, or deleted. recommended for
sion- Full the Provisioning > Code Integrations available include Git, those responsible
ing: page. Github, and Jenkins. for the integration
Code between HPE VM
Inte- Essentials and
gra- code repositories
tions and services.
Pro- None, Determines access to The Code Repositories contains the This permission is
vi- List the Deployments tab on repositories integrated with HPE recommended for
138 sion- Files, the Provisioning > Code VM Essentials allowing users toChapterthose 8.responsible
Administration
ing: Read, page. browse repositories folders and files for providing and
Code Full and view file contents from any managing soft-
Repos- branch, trigger a refresh, and create ware.
 Morpheus Documentation

• Security Permission Options

Per- Per- Feature Access Description Recommenda- Ten-

mis- mis- tions ant
sion sion Role
Name Op- Rec-
tions om-
men-
da-
tions
Se- None, Determines access to the Security Pack- Allows access to This permission
cu- Read, ages tab on the Jobs list page (Provision- view, create, and is recommended
rity: Full ing > Jobs), Security Scanning type Jobs, run security scans for those respon-
Scan- and Security Subtab inside the Software on existing systems, sible for security
ning tab on a server detail page where the re- as well as view the compliance of
sults of security scans are viewed results of previously- existing systems
run scans

• Snapshots Permission Options

Per- Per- Feature Access Description Recommenda- Ten-

mis- mis- tions ant
sion sion Role
Name Op- Rec-
tions om-
men-
da-
tions
Snap- None, Determines access to the If utilizing a VMware Cloud, This permission is
shots Read, “Create Snapshot” function the ability to create snap- recommended for
Full in the Actions menu on an shots is available on the In- Instance owners
Instance detail page (Provi- stance detail page (Provison- who should be
soning > Instances > selected ing > Instances > selected In- allowed to take
Instance). stance). snapshots.
Snap- None, For VMware Cloud In-
shots: Full stances, this controls access
Linked to the ability to create linked
Clone clone snapshots on the In-
stance detail page

• Tools Permission Options

8.3. Roles 139

Morpheus Documentation

Per- Per- Feature Access Description Recom- Tenant

mis- mis- menda- Role
sion sion tions Recom-
Name Op- menda-
tions tions
Tools: None, Determines access Archives provides a way to store files and This per-
Archives
Read, to the Tools > make them available for download by scripts mission
Full Archives page. and users. Archives are organized by buckets. is recom-
Each bucket has a unique name that is used to mended
identify it in URLs and Scripts. for those
respon-
sible for
storage
or scripts
which
will
use the
Archive.
Tools: None, Determines access Secure key/value store. Cypher keys can be Recom-
CypherRead, to the Tools > used in scripts. mended
User, Cypher page. The for those
Full, “User” permission who need
Full will allow access to store
De- only to objects the or use
crypt user owns. The security
“Full Decrypt” key value
permission will pairs.
allow for decryp-
tion of secrets.
Tools: None, Determines access The HPE VM Essentials Image Builder tool Recom-
Im- Read, to the Tools > Im- creates vmdk, qcow2, vhd and raw images. mended
age Full age Builder page, The Image Builder creates a blank VM in for those
Builder Image Builds, VMware, attaches an OS ISO, executes a boot who are
Boot Scripts, and script on the VM at startup via VNC, which respon-
Preseed Scripts calls a preseed script that runs the unattended sible for
tabs. OS installation and configuration. HPE VM image
Essentials then executes an OVA export of the creation.
completed vmdk to the target storage provider
and converts the image to all other specified
formats.
Tools: None, Allows for the Allows for the management of Kubernetes This per- It is
Ku- Read, management of clusters via the API mission recom-
ber- User, Kubernetes clus- is recom- mended
netes Full ters via the API mended this per-
(may be depre- for those mission
cated in the near who need is set to
future). to manage None on
Kuber- the Tenant
netes Role to
clusters restrict
via the access for
API. Subtenant
users.

140 Chapter 8. Administration

 Morpheus Documentation

• Virtual Desktop Permission Options

Per- Per- Feature Ac- Description Recommen- Ten-

mis- mis- cess dations ant
sion sion Role
Name Op- Rec-
tions om-
men-
da-
tions
Vir- None, Allows copy Enables the user to copy and paste values from
tual Full and paste ac- a virtual desktop session into the paste buffer
Desk- cess from the of their local computer
top: virtual desk-
Copy/Paste top terminal
Vir- None, Enables print-
tual Full ing from a
Desk- virtual desk-
top: top session to
Local a locally in-
Printer stalled printer
Tools: None, Allows for the Enables the user to access the VDI Pools sec- This per-
VDI Read, management tion (Tools > VDI Pools) and view existing mission is
Pools Full of virtual pools (with “read” permission) or create and recommended
desktop (VDI) edit pools (with “full” permission). Related for those
pools. API functions are also granted with this feature needing to
permission. manage VDI
pools

8.4 Users

8.4.1 Users

Overview

The Users page displays a list of all Users. The following fields are surfaced for each User:
• Display Name
• Username
• Email
• Role
Users which are grayed out in the list are currently inactive and cannot log in. The pencil and trash icons at the end of
each row allow for editing or deleting Users. Click MORE to see the “impersonate” button. This allows administrators
to impersonate any User, which may help confirm their Role permissions meet and do not exceed the desired result.
Click on the hyperlinked Display Name of the User to see a page detailing their effective Role permissions. This is
especially useful for Users in multiple Roles where it might otherwise be difficult to determine their exact rights. This
page looks identical to a User Role detail page except none of the fields are editable. Edit the User Role permissions
for the User if changes need to be made.

8.4. Users 141

Morpheus Documentation

Note: Some User data created through an Identity Source integration (such as Active Directory) is not editable in HPE
VM Essentials, as it is synced from the Identity Source.

Create User

Users are created in Administration > Users.

Note: Authorized Identity Source Users will be automatically created upon first sign in.

To create a User:
1. Navigate to Administration > Users
2. Select + CREATE USER.
3. From the New User Wizard input:
Username & Email
• First Name
• Last Name
• Username
• Email address
Receive Notifications Enable to receive provisioning email notifications.
Roles Role(s) to be inherited by the user. If multiple roles are selected, the higher permission levels of one
role will override the other role(s). See the Roles section of this documentation for more information on
stacking Roles and specific Role permissions.
Password Password must contain at least one uppercase letter, one lowercase letter, a number, and a symbol.
Enabled If unchecked, the user will no longer be able to sign into HPE VM Essentials, but their user data will
remain.
Account Locked This box is checked when a User has tried unsuccessfully to log in too many times. An ad-
ministrator will need to uncheck this box in order for the User to be able to make another login attempt.
Password Expired If enabled, the User will be forced to create a new password upon next login. The expired
password cannot be used again.
Linux Settings Creates a User with the supplied Username, Password and/or Key-pair on Linux Instances when
“Create my User” is selected during provisioning, or a User Group is added to an Instance of which this
HPE VM Essentials user is a member of.
Windows Settings Creates a User with the supplied Username, Password and/or Key-pair on Windows Instances
when “Create my User” is selected during provisioning, or a User Group is added to an Instance of which
this HPE VM Essentials user is a member of.

Important: Please ensure password entered is allowable by Windows.

4. Select SAVE CHANGES.

142 Chapter 8. Administration

 Morpheus Documentation

Edit User

User settings can be edited from Administration > Users.

Note: Some User data from Users created via an Identity Source Integration such as Active Directory is not editable
in HPE VM Essentials, as it is synced with the Identity Source.

To edit a User from the Administration > Users Section:

1. Select the Administration link in the navigation bar.
2. Select the Users link in the sub navigation bar.
3. Click the edit (pencil) icon from within the row of the selected User
4. Make changes and select SAVE CHANGES.

User Settings

Additional settings for a User can be found in the User Settings section, including a user photo, API access, two-factor
authentication settings, default Groups and Clouds, and more. User Settings is accessed by clicking on the name of the
User in the upper-right corner of the application window and selecting “User Settings.” See the dedicated section on
User Settings elsewhere in this documentation for a more in-depth description of User Settings.

8.5 Health

8.5.1 HPE VM Essentials Health

The HPE VM Essentials Health section provides an overview of the health of your HPE VM Essentials appliance. It
includes an appliance health summary in the following areas:
• CPU: Appliance CPU usage is checked. If usage is greater than 50%, this indicator will be in a yellow or warning
state. If HPE VM Essentials is unable to complete the check, it will be in a red or error state. Depending on
appliance performance and how frequently this indicator is in a warning state, it may be necessary to upgrade to
increase CPU. The Overall health indicator will mirror the CPU health indicator
• Memory: If swap usage is above 60% or HPE VM Essentials memory usage is above 95%, this indicator will be
in a yellow or warning state. If HPE VM Essentials is unable to complete the check for any reason, it will be in
a red or error state. Depending on appliance performance and how frequently this indicator is in a warning state,
it may be necessary to increase swap, upgrade the appliance to add memory, or consider a different appliance
architecture for those using single-node appliances
• Storage: If utilization of the filesystem mounted at “/” exceeds 80%, this indicator will be in a yellow warned
status. Above 90% will put this indicator in red or error status
• Database: The database is checked. If the number of database connections exceeds the configured maximum
number of connections or if any test queries are reported as being slow, this indicator will be in a yellow or
warning state. If HPE VM Essentials is unable to communicate with the database, it will be in a red or error
state. In the database section further down the page, you can check the number of maximum used connections
against the number of max connections. In the case of database connections exceeding the maximum, consider
increasing the maximum settings connection
• Elastic: Elasticsearch is polled for the health status of each index. If any indices are not reporting a “green”
health status, this indicator will be in a yellow or warning state.

8.5. Health 143

Morpheus Documentation

• Queues: RabbitMQ queues are checked. Any queues containing more than 1000 messages are considered to be
in an error state. Appliance Queue health is given in a yellow or warning status when any queues are in such an
error state. In the Queues section further down the page you can see the individual Queues listed and which have
messages piling up. When the appliance is unable to complete the check for any reason, this indicator will be in
a red or error state

Health Levels

Health levels provide a live representation of the current memory and CPU load on the appliance. Bear in mind that
in an HA appliance, this data will be specific to the appliance node you happen to be using. By default, HPE VM
Essentials does not include any endpoint or UI tool which can show you the currently used app node. However, a
plugin has been developed which can surface this information if needed. See this thread in the HPE VM Essentials
official forums for additional details about accessing and using the plugin.
• Morpheus CPU: Instantaneous amount of CPU capacity in use by HPE VM Essentials processes
• System CPU: Instantaneous amount of CPU capacity in use by all processes
• Morpheus Memory: Instantaneous amount of system memory currently in use by HPE VM Essentials processes
(see the Knowledge Base article linked in the TIP box below for more information on how HPE VM Essentials
claims and manages available memory)
• System Memory: Instantaneous amount of total system memory currently claimed (this is commonly a high
percentage, see the TIP box below)
• Used Swap: Instantaneous amount of total available system swap in use
• Storage: The instantaneous percentage utilization of the filesystem mounted at “/”

Additional System Health Indices

CPU
• Processor Count
• Process Time
• Morpheus CPU
• System CPU
• System Load
MEMORY
• Morpheus Memory
• Morpheus Used Memory
• Morpheus Free Memory
• Morpheus Memory Usage
• System Memory
• System Used Memory
• System Free Memory
• System Memory Usage
• System Swap
• Free Swap

144 Chapter 8. Administration

 Morpheus Documentation

DATABASE
• Lifetime Connections
• Aborted Connections
• Max Used Connections
• Max Connections
• Threads Running
• Threads Connected
• Slow Queries
• Temp Tables
• Key Reads
• Handler Reads
• Buffer Pool Free
• Open Tables
• Table Scans
• Full Joins
• Key Read Requests
• Key Reads
• Engine Waits
• Lock Waits
• Handler Reads
• Engine IO Writes
• Engine IO Reads
• Engine IO Double Writes
• Engine Log Writes
• Engine Memory
• Dictionary Memory
• Buffer Pool Size
• Free Buffers
• Database Pages
• Old Pages
• Dirty Page Percent
• Max Dirty Pages
• Pending Reads
• Insert Rate
• Update Rate
• Delete Rate

8.5. Health 145

Morpheus Documentation

• Read Rate
• Buffer Hit Rate
• Read Write Ratio
• Uptime
ELASTIC
• Status
• Cluster
• Node Count
• Data Nodes
• Shards
• Primary Shards
• Relocating Shards
• Initializing
• Unassigned
• Pending Tasks
• Active Shards

Note: Warning status is typical for Elasticsearch

Elastic Nodes
• Node
• Master
• Location
• Heap Usage
• Memory Usage
• CPU Usage
• 1M Load
• 5M Load
• 15M Load
Elastic Indices
• Health
• Index
• Status
• Primary
• Replicas
• Doc
• Count

146 Chapter 8. Administration

 Morpheus Documentation

• Primary
• Size
• Total Size
Queues
• Queue Count
• Busy Queues
• Error Queues

8.5.2 Logs

The HPE VM Essentials logs tab aggregates appliance-specific logs into one list. If needed, users can export the logs
by clicking EXPORT. This action triggers a download containing the last 10,000 log entries as a .log file.

8.6 Settings

The Administration > Settings section sets global configuration parameters for the HPE VM Essentials appliance,
whitelabeling, provisioning, monitoring, backups, logs, software licenses, and the license for HPE VM Essentials
itself.

8.6.1 Appliance

Appliance Settings

Appliance URL The default URL used for Agent install and Agent functionality. All Instances and Hosts must be
able to resolve and reach this URL over 443 for successful agent install and communication.

Note: Alternate Appliance URLs can be configured per Cloud in the Edit Cloud > Advanced Options section.

Internal Appliance URL (PXE) For PXE-Boot your appliance needs to be routable directly with minimal NAT mas-
querading. This allows one to override the default appliance url endpoint for use by the PXE Server. If this is
unset, the default appliance url will be used instead.
API Allowed Origins A CORS-related field which specifies the origins that are allowed to access the HPE VM Es-
sentials API. For example, if you were designing a web application which needed to make AJAX calls to HPE
VM Essentials API. The origins should be specified here. By default, all origins are allowed. When this field is
filled, an exclusive whitelist of allowed origins is established.
Cloud Sync Interval Data is refreshed through cloud integrations at the interval specified here in seconds, the default
value is 300 seconds (five minutes). Appliances managing a very large number of clouds may be adversely
affected by setting this value too low.
Cluster Sync Interval Data is refreshed through provisioned Clusters at the interval specified here in seconds, the
default value is 60 seconds. Appliances managing a very large number of Clusters may be adversely affected by
setting this value too low.
Usage Retainment Determines how many days to keep account usage (metered costing data) records. Retainment
period is not set by default. Usage records will remain indefinitely if Usage Retainment is not set. Note this does
not affect generated Invoice records.

8.6. Settings 147

Morpheus Documentation

Invoice Retainment Enter the number of days HPE VM Essentials should keep invoice records in the database. In
general, this setting can be left alone but in certain cases may need to be adjusted as very large invoice database
tables can affect the stability of the application.
Incident Retainment Enter the number of days HPE VM Essentials should keep incident records in the database. In
general, this setting can be left alone but in certain cases may need to be adjusted as very large incident database
tables can affect the stability of the application.
Stats Retainment Select 30, 60 or 90 days period for stats retainment. Selecting a larger period gives the ability to
analyze stats, such as Instance metrics, over a longer period of time. For example, in the Monitoring tab of an
Instance detail page, users can select a 60 or 90-day analysis period if the stats have been retained that long
Denied Hosts A comma-delimited list of IP addresses and/or hostnames which should not be allowed sources for
HTTP Tasks or REST-populated Option Lists.
Approved Hosts A comma-delimited list of IP addresses and/or hostnames which are the only approved sources for
HTTP Tasks or REST-populated Option Lists. By entering any values here, all others are automatically denied.
Exchange URL Enter the URL which should be checked for updates to any installed plugins. The default exchange
is: https://share.morpheusdata.com
Skip Agent Install For appliances in which skipping the Agent install is the default selection, enable this global flag
to default to skipping the Agent install during provisioning
Enable SSL Verification of Agent (Communications) Enabling SSL Verification of Agent Communications re-
quires a valid Certificate be installed on the Appliance.
Disable SSH Password Authentication Only allow ssh login using SSH keys. When true, SSH Password Authenti-
cation will not be enabled for VM’s and Hosts provisioned after the setting is enabled.
Default Appliance Locale Sets the default language and region for all users on the HPE VM Essentials appliance.
Users with individual language preferences may also override this selection on their User Settings page
Default Console Gateway Select a configured HPE VM Essentials Worker as a console gateway or VDI gateway.
For more on installation and configuration of a gateway, see the VDI Gateways section of HPE VM Essentials
documentation.
Max Option List Size Sets the maximum size for Option Lists to ensure a very large Option List does not affect
performance of the appliance.

Tenant Management Settings

Registration Enabled If enabled, the appliance login screen will have a “NEED AN ACCOUNT? SIGN UP HERE”
link added, enabling new Tenant registration.
Default Tenant Role Sets the default Tenant Role applied to Tenants created from Tenant Registration.
Default User Role Sets the default User Role applied to the User created from a Tenant Registration.
Docker Privileged Mode Enable to allow Docker containers running on HPE VM Essentials Docker hosts to run in
privileged mode which adds additional access to the host hardware and resources but also comes with additional
security risks

148 Chapter 8. Administration

 Morpheus Documentation

User Management Settings

Min Password Length User passwords must at least be as many characters in length as the entered value
Min Password Uppercase User passwords must include at least as many uppercase characters as the entered value
Min Password Numbers User passwords must include at least as many numerals as the entered value
Min Password Symbols User passwords must include at least as many special characters as the entered value
Session Expires (Minutes) A user session is forcibly logged out after the entered number of minutes of inactivity
Session Warning (Minutes) A pop-up warning is shown to the user when they have been inactive for the number of
minutes entered. Example: If sessions are set to expire after 90 minutes, warn the user after 60 minutes if you
intend to provide 30 minutes advance warning
Expire Password After (Days) User account passwords will expire after the entered number of days. Enter 0 or leave
the field empty to opt out of this feature.
Disable User After Attempts (Number of Attempts) Disable a User account after a specified number of failed login
attempts. Enter 0 or leave the field empty to opt out of this feature.
Disable User If Inactive For (Days) Disable a User account if inactive for the entered number of days. The User will
not be able to log into the appliance again until another User with sufficient rights enables the account. Enter 0
or leave the field empty to opt out of this feature.
Send warning email before deactivating (Days) Enter the number of days prior to account deactivation that a warn-
ing email should be sent. For example, enter “5” to warn the User when they are five days short of the deactivation
time entered in the prior field. Enter 0 or leave the field empty to opt out of this feature.

Email Settings

In this section, you can configure an SMTP server for email notification delivery. You will need to provide HPE VM
Essentials the following information, your mail server systems administrator can assist you in filling these fields and
with the preferred encryption method.
• From Address
• SMTP Server
• SMTP Port
• SSL Enabled
• TLS Encryption
• SMTP User
• SMTP Password
We recommend that you add the HPE VM Essentials server to your SMTP whitelist as well as using user authentication
as an additional security measure.
Once you have added your SMTP server information into HPE VM Essentials, scroll down to the bottom of the page
and press the blue SAVE button which can be found under the Enabled Clouds section.
When you have saved your SMTP server settings in the HPE VM Essentials appliance you will then need to restart the
UI. To restart the morpheus-ui, connect to your HPE VM Essentials server via SSH and run the below command:
sudo morpheus-ctl restart morpheus-ui

8.6. Settings 149

Morpheus Documentation

Important: If you do not restart morpheus-ui, the notifications will not be sent. Please note it can take up to three
minutes for the UI to become reachable again.

Twilio SMS Settings

Configure SMS text message delivery for HPE VM Essentials alerts. Previously, customers could use HPE VM Es-
sentials’ own account for delivery, but for security reasons clients must now supply their own. Complete the fields
indicated below and then restart all HPE VM Essentials nodes to apply the changes.
• Account SID: Twilio Account SID
• SMS From #: The “From” number to receive the text message from
• Auth Token: The Twilio API authentication token for your account

Proxy Settings

The HPE VM Essentials Appliance can be configured to communicate through a Proxy server for Cloud API’s and
Agent communication back to the Appliance.

Note: Additional Proxy configuration is available in the Infrastructure > Network > Proxies section. Added Proxies
can be scoped to Clouds in the Edit Cloud > Advanced Options section of the Cloud.

Add a Global Proxy server by entering the following:

• Proxy Host
• Proxy Port
• Proxy User
• Proxy Password
• Proxy Domain
• Proxy Workstation
• No Proxy

Currency Settings

In HPE VM Essentials, Tenants are separate environments which can be defined as using currencies that are unique
from one Tenant to the next. In addition, these currencies may be different from the currency in which Price Sets have
been defined. In order to present pricing to Subtenant users in their designated currency, HPE VM Essentials allows
for integration with currency conversion services “open exchange rates” and “fixer.io”. This article goes through the
process of setting up the integration and how it works to determine pricing conversions.

150 Chapter 8. Administration

 Morpheus Documentation

Integrating With a Currency Exchange Provider

1. Navigate to Administration > Settings > Appliance

2. Under the Currency Settings heading, make a “Currency Provider” selection
3. Enter your “Provider API Key”
The service is now integrated and can be used as described in the next section.

Consuming Currency Exchange in HPE VM Essentials

Currency exchange data is synced from the integrated provider once every 12 hours. When needed, Morpheus will use
this cached data to present currency conversions rather than hitting the API directly each time. This limits the total
number of API hits and reduces costs.
Exchanged currency values will be shown under conditions similar to the following scenario:
A user is working in a Subtenant configured for Currency B. The user is attempting to provision an instance with pricing
sets that have only been defined in Currency A. Morpheus will convert the pricing data from currency A to Currency
B for this user (and all users in this Subtenant) since price conversion has been enabled.

Enabled Clouds (Types)

Controls which types of Cloud can be created.

• When a Cloud type is disabled, it will be removed from the available options when adding new Clouds in
Infrastructure > Clouds. Existing Clouds are not affected by changes to this setting.

8.6.2 Provisioning

Provisioning Settings

Allow Cloud Selection Displays or hides Cloud Selection dropdown in Provisioning wizard.
Allow Host Selection Displays or hides Host Selection dropdown in Provisioning wizard.
Require Environment Selection Forces users to select and Environment during provisioning
Hide Datastore Stats On Selection Hides Datastore utilization and size stats in provisioning and app wizards
Cross-Tenant Naming Policies Enable for the sequence value in naming policies to apply across tenants
Reuse Naming Sequence Numbers When selected, sequence numbers can be reused when Instances are removed.
Deselect this option and HPE VM Essentials will track issued sequence numbers and use the next available
number each time.
Show Console Keyboard Layout Settings When enabled Users will see keyboard layout settings in console sessions
Deployment Archive Store Default Storage Provider for storing Deployment Archives.

Note: Storage Providers can be configured and managed in the Infrastructure > Storage section.

8.6. Settings 151

Morpheus Documentation

Cloud-Init Settings

HPE VM Essentials can add global users for Linux and Windows at provision time. Cloud-init/Cloudbase-Init or
VMware Tools installed on the provisioned virtual images is required.
Linux
• Username: Enter User to be added to Linux Instances during provisioning.
• Password: Enter password to be set for the above Linux user.
• KeyPair: Select KeyPair to be added for the above Linux user.

Note: Either a password, keypair, or both can be populated for the Linux user. Keypairs can be added in the Infras-
tructure > Keys & Certs section.

Windows Settings

• Administrator Password: Enter password to be set for the Windows Administrator User during provisioning.

Library Settings

In this section, enable or disable access globally to provisioning sections of Catalog (self-service shopping cart provi-
sioning), Apps (apps deployed from configured App Blueprints), and Instances
• Enable Catalog
• Enable Apps
• Enable Instances
• Provisioning Order: Sets the order for Instances, Apps, and Catalog to appear in the Provisioning menu

PXE Boot Settings

Default Root Password Enter the default password to be set for Root during PXE Boots.

App Blueprint Settings

Determines the Default Blueprint Type selected in new App Wizard

• Morpheus
• ARM Template
• CloudFormation
• Terraform
• Kubernetes Spec
• Helm Chart

152 Chapter 8. Administration

 Morpheus Documentation

Terraform Settings

• Terraform Runtime: Select “auto” or “manual”. When selecting “auto”, HPE VM Essentials will automatically
download and use the Terraform version indicated in the VERSION field on the Spec Templates that make up
a Terraform Instance type or Blueprint. When selecting “manual”, HPE VM Essentials will use the version of
Terraform installed on your appliance.

8.6.3 Backups

Backup Settings

The Backup settings page allows you enable or disable scheduled backups, select a default backup bucket, and admin-
ister global settings related to backups. Changes to global settings only affect new backups going forward and do not
affect existing backups.

Note: Appliance backups are subject to a two-hour time limit to complete the backup. Automated backup attempts
will be abandoned and will fail once this time limit is exceeded.

HPE VM Essentials Backup Settings

Scheduled Backups Enable automatic scheduled backups for provisioned instances

Create Backups When enabled, HPE VM Essentials will automatically configure instances for manual or scheduled
backups
Backup Appliance When enabled, a backup will be created for the HPE VM Essentials appliance database. Select
the Backup text link to view or edit settings related to the appliance backup
Default Backup Bucket Select an existing bucket as the default for future backup runs. Click the Infrastructure
Storage text link to add a new storage bucket to HPE VM Essentials if needed
Default Backup Schedule Choose a default schedule interval for automated backups. The available selections in this
dropdown menu are Execution Schedules defined in Library > Automation > Execute Scheduling
Default Backup Retention Choose the default number of backups to be retained for automated Instance and appliance
backup jobs
Default Synthetic Full Backup enabled When enabled, full synthetic backups will be on by default in addition to
standard backups for supported workload types
Default Synthetic Full Backup Schedule Choose a default schedule interval for full synthetic backups. The avail-
able selections in this dropdown menu are Execution Schedules defined in Library > Automation > Execute
Scheduling

8.6. Settings 153

Morpheus Documentation

8.6.4 Environments

Overview

The Environments section is where you create and manage your environment labels, which are available in the Envi-
ronment dropdown during Instance or App provisioning. An Instance’s environment label can be changed by editing
the Instance.

Creating Environments

1. Select + Create Environment

2. Populate the following for the New Environment:
Name The friendly name for the environment in HPE VM Essentials
Code Shortcode used for API and CLI
Description Environment description displayed on the Environments list page
Display Order The order in which environments are presented when provisioning, a value of “0” will position
the environment at the top of the list

Note: User-created environments can be edited, hidden, or removed from the Actions menu on the environments list
page. HPE VM Essentials-default environments can only be hidden from users during provisioning.

8.6.5 License

Overview

HPE VM Essentials requires a valid license for provisioning new Instances, Apps and Hosts, and converting existing
Instances and Hosts to managed. Licenses can be applied and updated in this section, and the current license status can
be checked.

Note: HPE VM Essentials is licensed for a certain number of concurrent workload elements (WLEs) that may be
managed or inventoried at any one time. See our Knowledge Base for specific information on the types of WLEs that
count against HPE VM Essentials licensing.

Current License

If a License Key has already been applied, the License status is shown in the Current License section:
Tenant Name Company name the License was generated for.
Start Date Date and time the current License started.
End Date Date and time the current License expires.
Space Amount of used and unused Managed RAM under the current License.
EXAMPLE: On a 1 TB License with 182 GB of RAM under management, the Space section will show Used Space
182.9GB Unused Space 841.0GB

154 Chapter 8. Administration

 Morpheus Documentation

Note: Once a current License expires or has reached its Space limit, users will no longer be able to provision new In-
stances, Apps, Hosts, or Bare Metal, or convert existing Hosts, Virtual Machines, or Bare Metal to managed. Morpheus
will otherwise continue to function.

Upgrade License Key

To add a new or update an existing License:

1. Copy the License Key into the License Key field
2. Click UPDATE
If valid, the new License will be applied.

Request new License

Licenses can be requested at https://app.morpheushub.com, or by contacting support@ or sales@ morpheusdata.com.

8.6.6 Utilities

System administrators have access to a utilities panel with the following options:
• Reindex all searchable data: Execute
• Toggle Maintenance Mode: Enable

Note: Maintenance mode cleanly places HPE VM Essentials into a state where maintenance can be performed on the
appliance. This drains any active sessions and queues so an auto-scaling group can scale down. It also drains active
sessions across services. Restarting HPE VM Essentials UI disables maintenance mode.

Note: When using HPE VM Essentials in a Highly Available (HA) environment, it is important to navigate to a node
directly and enable maintenance mode, as opposed to using the load balancer virtual IP (VIP). A local host entry to the
specific node may be required to ensure the correct node enters mainteance mode. In fact, it is recommended to use the
analogous API endpoint to toggle a specific node into maintenance mode to avoid redirects back to the VIP address.

A HPE VM Essentials node in maintenance mode can still be accessible through the load balancer VIP/target group and
can queue requests but will not process anything in queue, while in maintenance mode. A node can be removed/paused
from the load balancer VIP or have VIP health checks implemented, if the node UI/API will become inaccessible due
to maintenance.

8.6. Settings 155

Morpheus Documentation

8.7 User Settings

User settings are accessed by clicking on your display name in the far upper-right corner of the application window. In
this dropdown menu, click on the “USER SETTINGS” link.

8.7.1 User Photo

Upload a custom image for your user avatar that is displayed in the top header and user administration sections. Sug-
gested Photo Dimensions: 128 x 128

8.7.2 User Settings

The fields included in this section are described below. By entering any new values in these fields and clicking SAVE,
the existing value will be overwritten.
• Theme: Default or Dark mode. The Theme setting is not available when Whitelabeling is enabled on the current
Tenant
• Username: Your HPE VM Essentials username
• First Name: Your first name (together with Last Name makes up your display name)
• Last Name: Your last name (together with First Name makes up your display name)
• Email: Your email address
• Password: Enter a value and save changes to update your password. The value in the Confirm field below must
match
• Confirm: Confirm the new password you’ve entered
• RECEIEVE NOTIFICATIONS Determines if provisioning notifications are emailed to this User

8.7.3 2 Factor Authentication

HPE VM Essentials supports two-factor authentication (2FA) for local user accounts as well as those authenticating
through Active Directory and LDAP identity sources. Authentication is handled through a 2FA app such as Authy or
Google Authenticator. Other common methods for handling 2FA, such as through email or SMS text message are not
currently supported. Two-factor authentication is handled on a per-user basis through the User Settings section. There
is not currently a way for an administrator to enforce the use of two-factor authentication appliance-wide.

Setting Up Two-Factor Authentication

When two-factor authentication isn’t yet set up, this section contains a single button: ENABLE 2FA. To get started,
click this button and HPE VM Essentials will prompt for your password. After entering the password, you’ll be shown
a QR code which can be scanned into your authenticator application of choice. Once the QR code is shown, 2FA is
active and the supplemental code will need to be entered each time the user logs in.

156 Chapter 8. Administration

 Morpheus Documentation

On subsequent login attempts, the user will be prompted to enter a 2FA code after successful entry of the username
and password. Retrieve this code from the 2FA app you set up in the prior section and enter it to complete the login
process.

Disabling Two-Factor Authentication

When two-factor authentication is set up, this section contains two buttons: DISABLE 2FA and GET 2FA CODE. To
generate a new QR code and configure an authenticator app, click GET 2FA CODE. Once you generate a new QR code,
the old one is no longer valid. At that point you must reconfigure your authenticator app or you will not be able to
access your account on the next login attempt. Generating a new QR code requires your password.
To disable 2FA, click DISABLE 2FA. This action does not require a password.

Handling User Lock-Out

If a user loses the device they’ve configured for authentication or if they cannot proceed through 2FA login for any other
reason, an administrator should impersonate the user’s account, reset their password, disable 2FA, then share the new
temporary password with the user. At that point, the user can login, reset their password to something more secure,
and re-enable 2FA (if desired).

8.7.4 Preferences

• Default Group: Sets the default Group selection when provisioning

• Default Cloud: Sets the default Cloud selection when provisioning
• Default Persona: Sets the default Persona used when logging in
• Default Locale: Sets the user’s preferred language and region, this setting will override the global locale for the
individual user

8.7. User Settings 157

Morpheus Documentation

8.7.5 Linux Settings

When provisioning a Linux-based resource and opting to have your user created during the provisioning process, the
credentials entered in this section will be used to seed that user into the provisioned resource.
• Username: The username that will be used with your Linux user
• Password: The password that will be used with your Linux user (optional if specifying key)
• Confirm: Confirm your entered password. These must match in order for the new password value to be saved
• SSH Key: Select a pre-existing SSH key pair object in Morpheus. Required of not specifying password and
creating your user during provisioning, or required if ssh password authentication has been disabled.

Warning: If your users Linux Settings password and/or key are not defined, and ‘Create User” is enabled during
provisioning (default), a random password will be generated but not exposed and you will not be able to login with
your user.

158 Chapter 8. Administration

 Morpheus Documentation

8.7.6 Windows Settings

When provisioning a Windows-based resource and opting to have your user created during the provisioning process,
the credentials entered in this section will be used to seed that user into the provisioned resource.
• Username: The username that will be used with your Windows accounts
• Password: The password that will be used with your Windows accounts
• Confirm: Confirm your entered password. These must match in order for the new password value to be saved

Warning: If your users Windows Settings password is not defined, and ‘Create User” is enabled during provi-
sioning (default), a random password will be generated but not exposed and you will not be able to login with your
user.

8.7.7 API Access

Click the API Access button to expand the “API ACCESS” modal. In this modal you can generate or refresh access
tokens that can be used with Morpheus API and Morpheus CLI.
If no token yet exists for a particular “CLIENT ID”, click ACTIONS and then Generate. If a token has expired, we can
also regenerate that token by clicking ACTIONS and then Regenerate. After regenerating a particular token, you would
need to ensure any scripts using those tokens are updated.
If needed, Primary Tenant administrators may configure the expiration periods for existing clients or create new clients
from HPE VM Essentials global settings (Administration > Settings > Clients). See client configuration documentation
for more details.
• morph-api: Used for HPE VM Essentials API access and should be the default token-type used
• morph-cli: Used for HPE VM Essentials CLI access
• morph-automation: Used by the internal Task engine and by jRuby-type Tasks to make API calls. It shouldn’t
be used externally for other types of access or in external automation. It is surfaced in the UI so users can see if
a token exists and can clear it when necessary
• morph-customer: This token is available for legacy implementations and was previously recommended for
custom API access (similar to the morph-api token). It’s not recommended for use but is still available to maintain
support for legacy custom automation which may still be in use on customer sites

8.7. User Settings 159

Morpheus Documentation

After navigating away from the User Settings page, the complete access and refresh tokens will be masked from view.
If these are lost or compromised, you can eliminate a token completely by clicking ACTIONS and then Clear. If you
need to generate a new token for the same Client ID, click ACTIONS and then Regenerate.

Note: Access Tokens are only displayed/available after generation. Copy new Tokens and store appropriately before
navigating from /user-settings, they will not be displayed again.

160 Chapter 8. Administration

 CHAPTER

NINE

INTEGRATION GUIDES

9.1 Clouds

9.1.1 VMware vCenter

Overview

VMware is a very common cloud integration choice supported by HPE VM Essentials . They have provided a top notch
virtualization solution and one might argue pioneered the virtualization space altogether. As such, many companies
utilize this technology and all the features that come with it, so HPE VM Essentials covers a broad feature set in vCenter.

Features

• Virtual Machine Provisioning

• Backups / Snapshots
• Resource Groups
• Datastores and DRS Clusters
• Distributed Switches
• Datacenter / Cluster scoping
• Brownfield VM management and migration
• VMware to VMware migrations
• VMDK/OVF image conversion support
• Hypervisor Remote Console
• Periodic Synchronization
• Veeam Backup Integration
• Lifecycle Management and Resize
• Metadata tag sync
On top of all these features, HPE VM Essentials also adds additional features to VMware that do not exist out of the
box to make it easier to manage in multitenant environments as well as hybrid cloud environments:
• Cloud-Init Support
• VHD to VMDK Image Conversion

161
Morpheus Documentation

• QCOW2 to VMDK Image Conversion

• Multitenancy resource allocation
• Virtual Image management (Blueprints)
• Auto-scaling and recovery

Getting Started

To get started with VMware, simply start by adding a Cloud in the Infrastructure > Clouds section.
To start adding a VMware cloud there will be some things you will need:
vCenter API Url Typically this is the url to the vCenter web client with a /sdk in the path
Username/Password A set of credentials with high level access to VMware (ensure the account has Datacenter level
access)
Once these fields are entered, some selections will start pre-populating. A cloud integration is scoped to a specific data
center, and can optionally be scoped down to a single cluster or even a single resource pool. If the drop downs do not
populate, please verify the api url is resolvable, morpheus has access to vCenter on 443, and the provided credentials
are correct and the user has sufficient permissions.
Another cool feature provided with the cloud integration is optional Resource Pool scoping. One can choose to allow
the cloud to provision into All Resource Pools or a singular Resource Pool. When choosing All, these Resource Pools
can be managed from a sub-account and visibility perspective via the Cloud Detail page (multi-tenancy).
The VMware cloud integration provides a few additional options including allowing users to make host selections or
keeping that aspect hidden such that the best host is automatically chosen for the requested provision.
The RPC Mode feature can be configured to allow HPE VM Essentials to install its agent on the Guest operating system
via either SSH/WinRM or Vmware Tools Guest Process feature. The VMware tools Guest Execution API can be tricky
so it is recommended to use SSH/WinRM if possible. However, if it is not possible for the Appliance to have outbound
access to all networks in which VMs are being provisioned to the SSH/WinRM ports (22, 5985 respectively) then Guest
Execution is the only option.
The Use VNC console option on the VMware cloud requires special configuration on each ESXI host but allowed
hypervisor level remote console support. (See the Advanced Section for details)
When following this add cloud wizard an option will be presented to create a group or add to an existing group. These
groups can be given provisioning permission via role based access control. It is normally recommended that groups
are organized such that one cloud exists in one group unless the networks are setup such that internal routing is possible
between the clouds. This is very useful for bursting, or hybrid cloud configurations.

Windows Provisioning Tips

By default when provisioning windows templates, HPE VM Essentials performs guest customizations which initiates
a sysprep. This resets the Administrator user and password. HPE VM Essentials will set the Administrator password
from Administration > Settings > Provisioning > Windows Settings > Password.
Users can also set the username on an image as Administrator and enter a different password if unique passwords are
required per image.
Guest customizations are required when assigning static IP’s manually or using IP pools. They can be disabled per
virtual image advanced settings under Library > Virtual Images > Edit Image > Advanced > Uncheck “Force Guest
Customization” if using DHCP. However the SID will not be changed from the source template. In addition, new VM’s
will not be able to join a domain that had already been joined by the source template or any other VM’s with that SID.

162 Chapter 9. Integration Guides

 Morpheus Documentation

Existing Instances

HPE VM Essentials provides several features regarding pulling in existing virtual machines and servers in an environ-
ment. Most cloud options contain a checkbox titled ‘Inventory Existing Instances’. When this option is selected, all
VMs found within the specified scope of the cloud integration will be scanned periodically and Virtual Machines will
be synced into HPE VM Essentials. Users may also choose to onboard only virtual machines that are running within
specific Resource Pools. Once the vCenter Cloud is integrated, navigate to the detail page for the specific Cloud (select
it from the list at Infrastructure > Clouds). From the Resources tab, locate the Pools section. Click ACTIONS > Edit
next to a selected Resource Pool. If INVENTORY is checked, HPE VM Essentials will automatically onboard virtual
machines from that Resource Pool.
By default these virtual machines are considered ‘unmanaged’ and do not appear in the Provisioning > Instances area
but rather Infrastructure > Compute > Virtual Machines. However, a few features are provided with regards
to unmanaged instances. They can be assigned to various accounts if using a multitenant master account, however it
may be best suited to instead assign the ‘Resource Pool’ to an account and optionally move all servers with regards to
that pool (more on this later).
A server can also be made into a managed server. During this process remote access is requested and an agent install
is performed on the guest operating system. This allows for guest operations regarding log acquisition and stats. If the
agent install fails, a server will still be marked as managed and an Instance will be created in Provisioning, however
certain features will not function. This includes stats collection and logs.

Note: All Cloud data is resynchronized on a 5 minute interval. This includes Datastores, Resource Pools, Networks,
Blueprints, and Virtual Machines.

Service Plans

A default set of Service Plans are created in HPE VM Essentials for the VMware provisioning engine. These Service
Plans can be considered akin to AWS Flavors or Openstack Flavors. They provide a means to set predefined tiers on
memory, storage, cores, and cpu. Price tables can also be applied to these so estimated cost per virtual machine can be
tracked as well as pricing for customers. By default, these options are fixed sizes but can be configured for dynamic
sizing. A service plan can be configured to allow a custom user entry for memory, storage, or cpu. To configure this,
simply edit an existing Service Plan tied to VMware or create a new one. These all can be easily managed from the
Admin > Plans & Pricing section.

Virtual Images / Blueprints

HPE VM Essentials will automatically take an inventory of all blueprints configured in vCenter and present them as
options during provisioning. However, in order for HPE VM Essentials to properly provision these virtual machines
and provide accurate stats and health of these virtual machines, an agent must be installed during virtual machine
startup. This means remote access needs to be granted at the guest operating system level to HPE VM Essentials . To
properly configure these virtual images, find the relevant images in Library > Virtual Images and edit the entry. On this
form, a few options are presented. The first is a check box asking whether or not cloud-init is enabled. If cloud-init is
enabled, simply provide the default OS username configured (for Ubuntu the username is ubuntu and for CentOS the
username is centos). For those looking to add cloud-init to existing blueprints HPE VM Essentials requires no special
configuration and can use the default cloud.cfg settings.
A global cloud-init username/password can also be configured per account as well as a keypair via the
Admin->Provisioning settings section. The great benefit of utilizing cloud-init is default blueprints do not need
common credential sets thereby increasing provisioning security.
Windows systems do not typically support cloud-init. So simply turn this checkbox off and provide the Administrator
credentials. It should be noted that these credentials are encrypted in the database. If using WinRM for the RPC Mode

9.1. Clouds 163

Morpheus Documentation

instead of VMware tools, a Local or Domain Administrator account credential set can be provided instead.

Snapshots

HPE VM Essentials allows the ability to create a snapshot of a VM in VMware vCenter. From the instance detail page,
simply select Actions > Create Snapshot to begin creation of a new Snapshot. Existing snapshots can be viewed
in the BACKUPS tab on the instance detail page. Snapshots taken in vCenter will sync into HPE VM Essentials every five
minutes. To revert to a previous snapshot, click on the revert icon located on the right side of the Snapshot. Snapshots
can be deleted by clicking on the trash can icon.

Note: Access to Snapshots can be limited or removed entirely for specific user roles as needed. To edit a role’s
Snapshots permissions, go to Administration > Roles > (Your selected role) > Snapshots. Users can be given Full,
Read-only, or No access.

Important: HPE VM Essentials supports the use of SR-IOV network adapters with VMware Clouds. Bear in mind
that VMware does not support Snapshots for this network adapter type and for that reason Snapshot and backup-related
features will also fail in HPE VM Essentials for VMs using SR-IOV network adapters.

Tagging and Metadata

As of Morpheus version 4.1.0, tagging support is included for vCenter in addition to the other clouds that have already
supported it in past versions. Tags will sync to vCenter from Morpheus and existing tags are also inventoried from
vCenter into Morpheus.

Note: This feature requires a minimum API version of vCenter 6.5. The API version can be edited by navigating to
‘Infrastructure > Clouds’ and clicking the edit (pencil) button in the row for the relevant cloud. The field is labeled
‘VERSION’.

Tags can be created on-demand when provisioning from the ‘CONFIGURE’ tab of the ‘CREATE INSTANCE’ wizard
(Provisioning > Instances). Within the ‘Metadata’ drawer, you will see sets of fields to enter key/value pairs. On
creation of the instance, this metadata will be synced into vCenter.
‘Inputs’ from your library can also be exported as metadata for use with vCenter. When adding or editing a new Input
(Library > Options > Inputs), simply mark the box labeled ‘EXPORT AS METADATA’. The ‘FIELD NAME’ becomes
the tag category in VMWare.

164 Chapter 9. Integration Guides

 Morpheus Documentation

Docker

So far this document has covered how to add the VMware cloud integration and has enabled users the ability to provision
virtual machine based instances via the Add Instance catalog in Provisioning. Another great feature provided by HPE
VM Essentials out of the box is the ability to use Docker containers and even support multiple containers per Docker
host. To do this a Docker Host must first be provisioned into VMware (multiple are needed when dealing with horizontal
scaling scenarios).
To provision a Docker Host simply navigate to the Clusters tab of the Cloud detail page or Infrastructure > Clusters
section. From there, click + ADD CLUSTER to add a VMware Docker Host. This host will show up in the Hosts tab
next to other ESXi servers that were inventoried by the VMware cloud integration. HPE VM Essentials views a Docker
host just like any other Hypervisor with the caveat being that it is used for running containerized images instead of
virtualized ones. Once a Docker Host is successfully provisioned a green checkmark will appear to the right of the host
marking it as available for use. In the event of a failure click into the relevant host that failed and an error explaining
the failure will be displayed in red at the top.
Some common error scenarios include network connectivity. For a Docker Host to function properly, it must be able
to resolve the HPE VM Essentials appliance url which can be configured in Administration > Settings. If it is unable
to resolve and negotiate with the appliance than the agent installation will fail and provisioning instructions will not be
able to be issued to the host.

9.1. Clouds 165

Morpheus Documentation

Multitenancy

A very common scenario for Managed Service Providers is the need to provide access to VMware resources on a cus-
tomer by customer basis. With VMware several administrative features have been added to ensure customer resources
are properly scoped and isolated. For VMware it is possible to assign specific Networks, Datastores, and Resource
Pools to customer accounts or even set the public visibility of certain resources, therefore allowing all sub accounts
access to the resource.

Advanced

There are several advanced features provided within HPE VM Essentials that can leverage some cool aspects of
VMware. One of these features is Remote Console support directly to the hypervisor. To enable this feature a few
prerequisites must be met. First, the HPE VM Essentials appliance must have network access to the ESXi hosts within
VCenter. Secondly, firewall settings need to be adjusted on each ESXi host. This can be done in VSphere under firewall
configuration on the host. Simply check the gdbserver option, which will open up the necessary ports (starting at 5900
range).

Important: Hypervisor Console for vCenter 6.5 requires HPE VM Essentials v3.2.0+

Now that the ESXi hosts are ready to utilize remote console, simply edit the cloud in HPE VM Essentials via
Infrastructure > Clouds. Check the option that says Enable Hypervisor Console. It is important to note that
currently this functionality only works for newly provisioned vm’s provisioned directly via HPE VM Essentials. This
should change soon however.
It is also possible to import vm snapshots for backup or conversion purposes from VCenter and also an ESXi host.
However, this does require that the ESXi host license has an enterprise level license as it will not allow the appliance
to download a virtual image if it is not a paid VMware license.

VMware Permissions

When integrating VMware vCenter with HPE VM Essentials, users must supply credentials for a vCenter account
and HPE VM Essentials will only have access privileges equal to the integrated account. Many users will choose
to use a vCenter administrator account so that HPE VM Essentials can freely do any function in vCenter without
worrying about hitting access limits. Others, for security reasons, may want to restrict HPE VM Essentials only to
the minimum permissions it needs to perform its functions. Follow the guide in this section to configure a user with
minimal permissions and associate it with the appropriate usage levels before using it to create a HPE VM Essentials
Cloud integration.

Create vCenter Users and Roles

For this example, I’ve added a new local user to be my HPE VM Essentials integration user (Menu > Administration
> Users and Groups) but any existing user, whether locally-created or sourced from an identity integration (like Active
Directory), works fine.

166 Chapter 9. Integration Guides

 Morpheus Documentation

The next step is to create a Role (Menu > Administration > Roles). You can edit an existing Role to be sure it has the
correct privileges, I’ve opted to create a new role and assign the correct privileges. Below the screenshot, take note of
the complete set of required privileges. Once all privileges are set, name the Role (if it’s a new one) and click Finish.

9.1. Clouds 167

Morpheus Documentation

Privileges

Content Library
• All Content Library privileges
Datastore/Datastore Cluster
• Allocate Space
• Browse Datastore
• Low Level file Operations
• Remove File
• Update virtual machine files
• Update virtual machine metadata
Distributed Switch
• Port configuration operation
• Port setting operation
Global
• Log Event
• Manage custom attributes
• Set custom attribute
Network
• Assign Network
• Configure
• Remove
Resource
• Apply recommendation
• Assign vApp to resource pool
• Assign virtual machine to resource pool
• Migrate powered off virtual machine
• Migrate powered on virtual machine
Scheduled task
• Create tasks
• Modify task
• Remove task
• Run task
Tasks
• Create task
• Update task
Virtual Machine

168 Chapter 9. Integration Guides

 Morpheus Documentation

• Configuration (all)
• Guest Operations (all)
• Interaction (all)
• Inventory (all)
• Provisioning (all)
• Service configuration (all)
• Snapshot management (all)
• vSphere Replication (all)
vApp
• Clone
• Export
• Import
vSphere Tagging
• Assign or Unassign vSphere Tag
• Assign or Unassign vSphere Tag on Object
• Create vSphere Tag
• Create vSphere Tag Category
• Delete vSphere Tag
• Delete vSphere Tag Category
• Edit vSphere Tag
• Edit vSphere Tag Category
• Modify UsedBy Field For Category
• Modify UsedBy Field For Tag
• privilege.InventoryService.Tagging.CreateScope.label
• privilege.InventoryService.Tagging.DeleteScope.label
With the User and Role created, add permissions to associate the User and Role to the appropriate usage constructs.
Navigate to the usage construct you wish to work with, navigate to the permissions tab, click the plus (+) button. In the
screenshot below, I’m adding the permission for the vCenter usage construct. The complete list of usages and whether
or not to mark the propagation box is below the image.

Note: For organization and security purposes, permissions can also be added to folders. This allows HPE VM
Essentials to see the folders and onboard any resources within them (if desired). Once the vCenter Cloud integration
has been created in HPE VM Essentials, you can view folders from the Cloud Detail Page (Infrastructure > Clouds >
Selected Cloud > Resources Tab). By editing the folder here (Actions > Edit), folders can be set as the “Default” and/or
the “Image Target”. When a folder is set as Default, this folder is pre-selected when provisioning new Instances into
the Cloud. When a folder is set as the Image Target, HPE VM Essentials will look into this folder to onboard VMware
images into HPE VM Essentials.

9.1. Clouds 169

Morpheus Documentation

Usage

vCenter
• Non-Propagating
Datacenter
• Non-Propagating
Cluster
• Non-Propagating
Host
• Non-Propagating
Datastore/Datastore Cluster
• Propagating
After completing the above steps, all VMware Cloud functionality should be available in HPE VM Essentials without
running into permissions errors.

Creating a HPE VM Essentials VMware Image

HPE VM Essentials comes out of the box with a default set of blueprints for use in many modern deployment scenarios.
These consist mostly of base operating system images with a few additional adjustments. These adjustments typically
include the addition of cloud-init (which is highly recommended to be used in most environments, but not mandatory).
However, in many on-premise deployments there are custom image requirements as well as networking requirements.
This guide will go over how to create a VMware Images for use within HPE VM Essentials.

Note: A HPE VM Essentials appliance may have many vCenter Clouds tied to any number of vCenter appliances. If
the same images need to be available to multiple vCenter Clouds, you will need to download the OVF from one vCenter
and upload it into the others. At that point you can make multiple HPE VM Essentials Node Types from the images

170 Chapter 9. Integration Guides

 Morpheus Documentation

and it will be available to all needed vCenter Clouds. This is a vCenter limitation but one which may not be obvious
when provisioning via HPE VM Essentials.

Creating a Windows Image

Supported Versions

2008R2, 2012, 2012R2, 2016, 2019, 2022

Image Preparation

Create a new machine in VMware vCenter and install a base version of your preferred Windows build. The smaller
the VMDK drive, typically the faster you can clone and deploy. Utilizing HPE VM Essentials, provisioning and post
deploy scripts can expand drives to desired sizing.
1. Ensure VMware Tools is installed on the operating system.
2. Apply any service packs / updates to the operating system.
3. Configure WinRM to allow remote management and open the firewall. This is optional if using VMware Tools
RPC mode for agent install and HPE VM Essentials Agent for guest exec. To enable this, under local computer
Administrator, open a command prompt and run

winrm quickconfig

4. Install .Net at least 4.5.2

5. Ensure Windows Firewall will allow WinRM connections.
6. Shutdown the virtual machine and convert to a template.

Note: WinRM is not required and is used as a fallback when using vmtools guest exec and customizations

Note: Morpheus will sysprep images based on the “Force Guest Customizations” flag under the Virtual Image’s
settings when using DHCP. Ensure a sysprep has not been performed on the template if this flag is enabled or if using
Static IPs/IP Pools when provisioning, which will always use Guest Customizations and trigger a sysprep.

Important: HPE VM Essentials supports the use of SR-IOV network adapters with VMware Clouds. Windows
images must have SR-IOV network drivers installed to work with this adapter type. If they do not, provisioning will
fail.

9.1. Clouds 171

Morpheus Documentation

Creating a CentOS/RHEL 7 Image

Create a new virtual machine in VMware vCenter and install a base version of your preferred Linux distro build. If you
are using cloud init as part of your image you will need to ensure your virtual machine has a cdrom.
1. Before installing the operating system setup a single ext or xfs partition without a swap disk (This is so that
growpart can extend the disk. growpart currently does not support lvm)
2. Install the distro and apply any updates to the operating system and security updates
3. Install cloud-init using command yum install cloud-init
4. Install cloud-utils-growpart using command yum install cloud-utils-growpart
5. Install open-vm-tools using command yum install open-vm-tools
6. Install git by running yum install git
7. Install epel-release repo using command yum install epel-release
8. selinux set to permissive (enforced can cause problems with cloud-init) sudo vi /etc/selinux/config

Cloud-Init

To get started with a base CentOS image we first install cloud-init. This is a relatively simple process using yum:

yum -y install epel-release

yum -y install git wget ntp curl cloud-init dracut-modules-growroot
rpm -qa kernel | sed 's/^kernel-//' | xargs -I {} dracut -f /boot/initramfs-{}.img {}

There are two parts to this yum installation. We are first ensuring some core dependencies are installed for automation
as well as cloud-init. git for example is installed for use by ansible playbook automation down the line and is therefore
optional if not using ansible. The dracut-modules-growroot is responsible for resizing the root partition upon first boot
to match the virtual disk size that was potentially adjusted during provisioning.
A great benefit to using cloud-init is credentials don’t have to be locked into the blueprint. It is advisable, within HPE
VM Essentials , to configure the default cloud-init user that gets created when the vm boots automatically by cloud-init.
This is located in Administration > Settings > Provisioning, within the Cloud-Init Settings section.

Network Interfaces

A slightly annoying change with centOS 7 is that the network interfaces have changed naming convention. You may
notice when running ifconfig that the primary network interface is set to something like ens2344 or some other random
number. This naming is dynamic typically by hardware id and we don’t want this to fluctuate when provisioning the
blueprint in various VMware environments. Fortunately, there is a way to turn this functionality off and restore the
interface back to eth0.
Firstly we need to adjust our bootloader to disable interface naming like this.

sed -i -e 's/quiet/quiet net.ifnames=0 biosdevname=0/' /etc/default/grub

grub2-mkconfig -o /boot/grub2/grub.cfg

The above command adds a few arguments to the kernel args list (namely net.ifnames=0 and biosdevname=0. It
may be useful to view the /etc/default/grub file and ensure these settings were indeed applied.
The next step is to adjust the network-scripts in centOS. we need to ensure we have a file called /etc/sysconfig/
network-scripts/ifcfg-eth0

172 Chapter 9. Integration Guides

 Morpheus Documentation

Below is a script that we run on our packer builds to prepare the machines network configuration files.

export iface_file=$(basename "$(find /etc/sysconfig/network-scripts/ -name 'ifcfg*' -not␣

˓→-name 'ifcfg-lo' | head -n 1)")

export iface_name=${iface_file:6}
echo $iface_file
echo $iface_name
sudo mv /etc/sysconfig/network-scripts/$iface_file /etc/sysconfig/network-scripts/ifcfg-
˓→eth0

sudo sed -i -e "s/$iface_name/eth0/" /etc/sysconfig/network-scripts/ifcfg-eth0

sudo bash -c 'echo NM_CONTROLLED=\"no\" >> /etc/sysconfig/network-scripts/ifcfg-eth0'

This script tries to ensure there is a new ifcfg-eth0 config created to replace the old ens config file. Please do verify
this config exists after running. If it does not you will have to be sure to build one on your own.

TYPE=Ethernet
DEVICE=eth0
NAME=eth0
ONBOOT=yes
NM_CONTROLLED="no"
BOOTPROTO="dhcp"
DEFROUTE=yes

Creating a CentOS/RHEL 8 Image

Create a new virtual machine in VMware vCenter and install a base version of your preferred Linux build. You must
be running ESXi 6.7 Update 2 or later.

Prepare The New CentOS 8/RHEL8 Image

1. Install epel-release: yum -y install epel-release (This step is not necessary for RHEL)
2. Install git, wget, curl, cloud-init, cloud-utils-gropart, and open-vm-tools: yum -y install git wget curl
cloud-init cloud-utils-growpart open-vm-tools
3. Update: yum -y update
4. Finally run: rpm -qa kernel | sed 's/^kernel-//' | xargs -I {} dracut -f /boot/
initramfs-{}.img {}

SELinux Settings

If allowed by your internal IT policies, set SELinux to permissive to avoid potential issues with cloud-init down the
road.
1. Edit the following: vi /etc/selinux/config
2. Make the following change: setenforce 0

9.1. Clouds 173

Morpheus Documentation

Network Interfaces

Run the following to rename the network NIC. Values inside angle brackets should be filled in with the appropriate
value for your environment (ex. <varname>):
1. sed -i -e 's/quiet/quiet net.ifnames=0 biosdevname=0/' /etc/default/grub
2. grub2-mkconfig -o /boot/grub2/grub.cfg (location may be different, could be located at
/boot/efi/EFI/centos/grub.cfg)
3. ifdown <orginal-nic>
4. mv /etc/sysconfig/network-scripts/<orginal-nic> /etc/sysconfig/network-scripts/
ifcfg-eth0 (this changes name/device to eth0)
5. Edit ifcfg-eth0 and change the NAME to eth0
6. bash -c 'echo NM_CONTROLLED=\"no\" >> /etc/sysconfig/network-scripts/ifcfg-eth0'
7. ip link set <orginal-nic> down
8. ip link set <orginal-nic> name eth0
9. ip link set eth0 up
10. ifup eth0

Final VMWare Tasks

1. Detach any install media

2. Shutdown the VM
3. Convert the VM to template on the HPE VM Essentials side
4. Refresh the HPE VM Essentials Cloud to allow the new template to sync

Creating an Ubuntu 20.04 Image

Download the Ubuntu 20.04 ISO from Canonical, and upload the base image to vCetner. Then, create a new virtual
machine in vCenter.

Note: Since we’ll include cloud-init with our image, we will need to ensure the virtual machine has a cdrom. Select
the Ubuntu 20.04 ISO we just downloaded from the CD/DVD drive dropdown menu when creating the new virtual
machine.

Before installing the operating system, set up a single ext partition without a swap disk. Then, continue on installing
Ubuntu making the following selections during the setup process:
• Update to the latest installer if a later version is available
• Use the entire disk and deselect the option to set up the disk as an LVM group
• Configure an account and set a password
• Opt to install OpenSSH Server
• Other optional packages aren’t needed for this basic Ubuntu image
Complete the installation process and reboot the machine. Update the package list and apply any upgrades:

174 Chapter 9. Integration Guides

 Morpheus Documentation

apt-get update
apt-get upgrade

Change the network interface to eth0 by editing /etc/default/grub. The line GRUB_CMDLINE_LINUX="" should
be edited to GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0".
Update GRUB:

update-grub

Update the 70-persistent-net.rules file:

cat << EOF > /etc/udev/rules.d/70-persistent-net.rules

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1",␣
˓→NAME="eth0"

EOF

Remove subiquity-disable-cloudinit-networking.cfg as cloud-init will skip network configuration if it’s

present:

rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg

Update 99-pve.cfg:

cat << EOF > /etc/cloud/cloud.cfg.d/99-pve.cfg

datasource_list: [ConfigDrive, NoCloud]
EOF

Remove Netplan files, they will not be regenerated if they exist:

rm -f /etc/netplan/00-installer-config.yaml
rm -f /etc/netplan/50-cloud-init.yaml

Run cloud-init clean:

cloud-init clean

Next, reboot the system and confirm the network interface is labeled eth0 once the machine comes back up. Then,
clear BASH history for root. The history entry has a copy in the memory and it will flush back to the file when you log
out. You can avoid this with the following command:

cat /dev/null > ~/.bash_history && history -c && exit

Shutdown the system:

shutdown -h now

Convert the VM to a template in vCenter before moving back to HPE VM Essentials to onboard the image and use it
to begin building your provisioning library.

9.1. Clouds 175

Morpheus Documentation

Gotchas

SELinux can cause issues with cloud-init when in enforced mode. It may be advisable to set this to permissive unless
it is mandatory within your organization to use an enforced SELinux configuration. If that is the case please see the
documentation for the cloud_init_t security policies.
Network Manager will also prevent the required restart of the Network Service when assigning static IP’s. Disable
Network Manager when possible or Static IP assignment may not work until the Network Service is restarted manually.

A Note on Proxies

Proxy configurations are known to vary in some organizations and makes building a base blueprint a little more difficult.
In order to fully configure proxies a few environment variables must be set in the /etc/environment file (This can be
done automatically in a default user-data script for cloud-init as well in edit cloud).

http_proxy="http://myproxyaddress:8080"
https_proxy="http://myproxyaddress:8080"
ftp_proxy="http://myproxyaddress:8080"
no_proxy=127.0.0.1,localhost,applianceUrl
https_no_proxy=127.0.0.1,localhost,applianceUrl

Important: It is very important to properly set the no_proxy list (applianceUrl) should be replaced with the actual
appliance url. In future releases, morpheus plans to automatically take care of this.

Note: If using cloud-init agent install mode these settings need to be set in the custom Cloud-Init User data section of
“Edit Cloud” or “Edit Virtual Image”

Important: If using this virtual machine as a docker host, proxy settings must also be configured in the docker config.
See Docker guides for instructions on how to properly set this. If necessary this can be wrapped in a task automation
workflow for your own use.

176 Chapter 9. Integration Guides