Ctrlk

VMware vSphere

Firefly integrates with VMware vSphere to pull inventory from your vCenter environment — virtual machines, hosts, clusters, datastores, networks, folders, tags, and IAM — directly into your Firefly Inventory. This enables you to view, codify, and govern on-prem and hybrid-cloud workloads alongside your public cloud assets, applying the same IaC, policy, and drift detection practices across your entire estate.

Best Practices

  1. For governance, mark your production integrations using the "Mark as Production" option during setup (or edit later in the Integrations window).

  2. Use a dedicated vCenter service account for Firefly with read-only permissions rather than sharing an existing admin account.

  3. Store vCenter credentials securely — Firefly encrypts them at rest, but rotate the password periodically per your security policy.

Integration Method

vSphere is typically deployed on-prem or in a private network not directly reachable from Firefly's cloud. Integration is performed via the Firefly UI, with connectivity established through the Firefly Private Connector (relay tunnel) when vCenter is not internet-exposed.

Prerequisites

  • vCenter 7.0 or later

  • vCenter service account with read access to the inventory you want Firefly to scan (Datacenter, VM, Host, Datastore, Network, Tag read permissions)

  • Firefly Private Connector deployed in the network where vCenter is reachable — see Firefly Private Connector (required only if vCenter is not publicly reachable)

  • Network access from the connector host to vCenter on port 443

Setup Procedure

  1. In Firefly, go to Settings > Integrations.

  2. Select Add New > vSphere.

  3. Enter the following fields:

    • Name — Integration name as it will appear in Firefly

    • vCenter URL — Hostname or relay endpoint (e.g. https://vcenter.example.com or https://<tunnel-id>.relay.firefly.ai)

    • Username — vCenter service account (e.g. firefly-readonly@vsphere.local)

    • Password — Service account password

    • Mark as Production (optional) — Flags this integration as a production environment in Firefly

  4. Click Save. Firefly verifies the connection and begins scanning.

  5. View discovered assets in the Inventory after several minutes.

Editing Credentials

To rotate the password or update the vCenter URL:

  1. Go to Settings > Integrations > vSphere.

  2. On the integration menu, select Edit.

  3. Update the relevant fields. The password is masked — re-enter it to update.

  4. Click Save.

Supported Resources

Firefly currently supports 27 vSphere resource types:

Datacenter & Folder

  • vsphere_datacenter

  • vsphere_folder

Virtual Machine

  • vsphere_virtual_machine

  • vsphere_virtual_machine_snapshot

Datastore / Storage

  • vsphere_datastore_cluster

  • vsphere_vmfs_datastore

  • vsphere_nas_datastore

  • vsphere_vm_storage_policy

Network

  • vsphere_distributed_virtual_switch

  • vsphere_distributed_port_group

  • vsphere_host_port_group

  • vsphere_host_virtual_switch

Compute

  • vsphere_compute_cluster

  • vsphere_resource_pool

  • vsphere_host

  • vsphere_vapp_container

  • vsphere_compute_cluster_vm_group

  • vsphere_compute_cluster_host_group

  • vsphere_compute_cluster_vm_affinity_rule

  • vsphere_compute_cluster_vm_anti_affinity_rule

Tag

  • vsphere_tag

  • vsphere_tag_category

  • vsphere_custom_attribute

IAM

  • vsphere_role

  • vsphere_entity_permissions

Content Library

  • vsphere_content_library

  • vsphere_content_library_item

vSphere Discovery Status

To scan your integration for changes and discover new assets on-demand:

Procedure

  1. Go to Settings > Integrations > vSphere.

  2. Find the integration you want to scan.

  3. For asset changes, on the integration menu, select Scan Assets.

  4. For IaC stacks changes, on the integration menu, select Scan Stacks.

  5. View changes in the Inventory and/or IaC Explorer after several minutes.

Event-Driven Integration

Firefly polls the vCenter Events API to detect changes in your vSphere environment (VM lifecycle, power state, cluster events). A watermark mechanism ensures no events are missed or duplicated between polls.

Codification

vSphere resources discovered in Inventory can be codified into Terraform using the VMware vSphere Terraform provider. Select an unmanaged vSphere resource in Inventory and choose Codify to generate the corresponding Terraform configuration.

Additional Resources

PreviousNebius CloudNextKubernetes

Last updated

Was this helpful?