This guide provides step-by-step instructions for configuring the orb-worker-scvmm worker to discover SCVMM clusters, hosts, and VMs, and transform them into Orb entities. The worker is highly customizable via policy scope configuration, allowing you to define site mappings, environment mappings, VLAN mappings, and WinRM connection parameters.
If you only provide hostname, username, and password, the worker uses built-in defaults:
hostname: scvmm-server.example.com
username: domainuser
password: password123Result: Uses HTTP port 5985, NTLM authentication, and built-in site/environment mappings.
Define how cluster names map to physical sites and environments:
hostname: scvmm-server.example.com
username: domainuser
password: password123
organization_config:
site_mappings:
- code: boi
name: Boise
match_type: prefix
- code: ptl
name: Portland
match_type: prefix
- code: hq
name: Headquarters
match_type: prefix
environment_mappings:
- code: prd
name: Production
match_type: prefix
- code: dev
name: Development
match_type: prefix
- code: inf
name: Infrastructure
match_type: prefixResult:
- Cluster "boi-prod-01" → Site: "Boise", Env: "Production"
- Cluster "ptl-dev-01" → Site: "Portland", Env: "Development"
- Cluster "hq-inf-01" → Site: "Headquarters", Env: "Infrastructure"
Checks if the code appears anywhere in the cluster name (case-insensitive):
code: boi
name: Boise
match_type: prefixMatches: boi-cluster, BOI-CLUSTER, cluster-boi-01
Requires the entire cluster name to match exactly (case-insensitive):
code: cluster-production
name: Production
match_type: exactMatches: cluster-production (exact only)
Uses regular expression patterns for complex matching:
code: ^cluster-[a-z]+-\d{2}$
name: Corporate
match_type: regexMatches: cluster-boi-01, cluster-ptl-99
If your SCVMM server uses HTTPS or non-standard settings:
hostname: scvmm.example.com
username: admin@domain.com
password: secret
winrm_config:
port: 5986
protocol: https
path: /wsman
transport: kerberos
server_certificate_validation: validate
organization_config:
site_mappings: [...]
environment_mappings: [...]WinRM Config Fields:
- port: 1-65535 (default: 5985 for HTTP, 5986 for HTTPS)
- protocol: "http" or "https" (default: "http")
- path: WinRM endpoint path (default: "/wsman")
- transport: "ntlm", "kerberos", "basic", "certificate" (default: "ntlm")
- server_certificate_validation: "ignore", "validate", "self-signed" (default: "ignore")
Map VLAN IDs discovered in SCVMM to NetBox VLAN attributes. When a VLAN ID from SCVMM matches a configured mapping, all specified attributes will be applied to the VLAN in NetBox.
The simplest configuration requires only a VLAN ID and Name:
organization_config:
vlan_mappings:
- vid: 100
name: Management
- vid: 200
name: Production
- vid: 300
name: DevelopmentResult:
- VLAN 100 will be created in NetBox as "Management" with Status: "Active"
- VLAN 200 will be created in NetBox as "Production" with Status: "Active"
- VLAN 300 will be created in NetBox as "Development" with Status: "Active"
- Any other VLAN IDs found in SCVMM will use the VLAN ID as the name with Status: "Active"
You can also specify optional attributes like role, description, tags, and VLAN Group:
organization_config:
vlan_mappings:
- vid: 100
name: Management
status: active
description: Out-of-band management network
role: management
- vid: 200
name: Production
status: active
role: production
description: Production workload network
tags:
- prod
- monitored
- vid: 300
name: Development
status: planned
role: development
description: Development workload network
tags:
- dev
vlan_group: AppVLANs
- vid: 400
name: GuestVLAN Mapping Fields:
- vid (required): VLAN ID integer (1-4094+)
- name (required): NetBox VLAN name/description
- status (optional): NetBox VLAN status - "active", "planned", or "deprecated" (defaults to "active")
- role (optional): NetBox VLAN role (e.g., "management", "production", "development")
- description (optional): Additional description for the VLAN
- tags (optional): List of NetBox tag names to apply to this VLAN
- vlan_group (optional): NetBox VLAN Group name this VLAN belongs to
If a VLAN is discovered in SCVMM but no mapping is configured for its ID:
- Name: The VLAN ID (e.g., "100" for VLAN 100)
- Status: "active" (unless overridden in config)
- Other fields: Not set
This ensures all discovered VLANs are created in NetBox, even if they don't have explicit configurations.
You can use VLAN mappings together with site and environment mappings in one configuration:
hostname: scvmm.example.com
username: admin
password: secret
organization_config:
site_mappings:
- code: boi
name: Boise
environment_mappings:
- code: prd
name: Production
vlan_mappings:
- vid: 100
name: Management
- vid: 200
name: Production
role: productionWhen resolving cluster names, the worker tries matches in this order:
- Exact Match - Full cluster name match
- Prefix Match - Substring in cluster name
- Regex Match - Regular expression pattern
- Default - If no match found, use
default_siteordefault_group
Example:
{
"site_mappings": [
{"code": "cluster-boise", "name": "Boise Commercial", "match_type": "exact"},
{"code": "boi", "name": "Boise Data Center", "match_type": "prefix"},
{"code": "^boi-.*", "name": "Boise Regional", "match_type": "regex"}
],
"default_site": "Uncatalogued"
}| Cluster Name | Matched By | Result |
|---|---|---|
cluster-boise |
Exact | Boise Commercial |
boi-cluster-01 |
Prefix (no exact match) | Boise Data Center |
boi-remote-site |
Regex (no exact/prefix) | Boise Regional |
unknown-cluster |
Default | Uncatalogued |
For a company with these conventions:
- Sites:
{boi}= Boise,{ptl}= Portland,{hq}= Headquarters - Environments:
{prd}= Production,{dev}= Dev,{inf}= Infrastructure
Configuration:
hostname: scvmm-prod.internal
username: svc_scvmm
password: ServicePassword123!
organization_config:
site_mappings:
- code: boi
name: Boise
match_type: prefix
description: Boise data center
- code: ptl
name: Portland
match_type: prefix
description: Portland data center
- code: hq
name: Headquarters
match_type: prefix
description: Corporate HQ
environment_mappings:
- code: prd
name: Production Clusters
match_type: prefix
- code: dev
name: Development Clusters
match_type: prefix
- code: inf
name: Infrastructure Clusters
match_type: prefix
default_site: Unknown Location
default_group: UnclassifiedThis will correctly classify clusters like:
boi-prd-cluster-01→ Boise, Productionptl-dev-app-01→ Portland, Developmenthq-inf-services→ Headquarters, Infrastructure
This is a complete Orb configuration file showing how to integrate the SCVMM worker with NetBox Labs Diode:
orb:
config_manager:
active: local
backends:
worker:
common:
diode:
target: grpc://netbox.internal.example.com:8080/diode
client_id: ${DIODE_CLIENT_ID}
client_secret: ${DIODE_CLIENT_SECRET}
agent_name: scvmm-worker
policies:
worker:
scvmm_infrastructure:
config:
package: scvmm
scope:
hostname: scvmm-infra.internal.example.com
username: ${SCVMM_USERNAME}
password: ${SCVMM_PASSWORD}
organization_config:
site_mappings:
- code: "boi"
name: "Boise"
match_type: "prefix"
description: "Primary data center - Boise, ID"
- code: "ptl"
name: "Portland"
match_type: "prefix"
description: "Secondary data center - Portland, OR"
- code: "hq"
name: "Corporate Headquarters"
match_type: "prefix"
description: "Main office IT infrastructure"
- code: "inf"
name: "Infrastructure"
match_type: "prefix"
description: "Infrastructure-focused clusters"
environment_mappings:
- code: "prd"
name: "Production Clusters"
match_type: "prefix"
- code: "dev"
name: "Development Clusters"
match_type: "prefix"
- code: "inf"
name: "Infrastructure Clusters"
match_type: "prefix"
default_site: "Unknown Location"
default_group: "Unclassified"
scvmm_production:
config:
package: scvmm
scope:
hostname: scvmm-prod.internal.example.com
username: ${SCVMM_USERNAME}
password: ${SCVMM_PASSWORD}
winrm_config:
port: 5986
protocol: "https"
path: "/wsman"
transport: "kerberos"
server_certificate_validation: "validate"
organization_config:
site_mappings:
- code: "us-east-boi"
name: "US East - Boise"
match_type: "exact"
- code: "us-west-ptl"
name: "US West - Portland"
match_type: "exact"
- code: "us-"
name: "United States"
match_type: "prefix"
environment_mappings:
- code: "prod-"
name: "Production"
match_type: "prefix"
- code: "nonprod-"
name: "Non-Production"
match_type: "prefix"
default_site: "Unknown"
default_group: "Other"Environment Variables Required:
${DIODE_CLIENT_ID}: NetBox Labs Diode client ID for authentication${DIODE_CLIENT_SECRET}: NetBox Labs Diode client secret for authentication${SCVMM_USERNAME}: Service account username for SCVMM access${SCVMM_PASSWORD}: Service account password for SCVMM access
Key Observations:
- Multiple policies can be configured for different SCVMM servers (e.g., infrastructure vs. production)
- Each policy has its own scope with SCVMM credentials and organization configuration
- Optional
winrm_configsection can customize connection parameters (shown in second policy) - All sensitive values use environment variables (${...}) for security
Check the logs for debug output showing which mapping rule matched. The resolver logs each resolution attempt.
The resolver will log an error and skip the invalid pattern. Verify regex syntax before using.
If no organization_config is provided, some basic defaults will be used. Add organization_config to your scope to use custom mappings.