VMware Aria Operations
Disclaimer: This is a community-maintained open-source project and is not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc. "VMware" and "Aria" are trademarks of Broadcom. Source code is publicly auditable at github.com/zw008/VMware-Aria under the MIT license.
VMware Aria Operations (vRealize Operations) AI-assisted monitoring — 27 MCP tools for resources, alerts, alert definitions, capacity planning, anomaly detection, report automation, and platform health.
Domain-focused monitoring skill for Aria Operations 8.x / vRealize Operations 8.x. Companion skills: vmware-nsx (networking), vmware-aiops (VM lifecycle), vmware-monitor (read-only vSphere), vmware-avi (AVI/ALB/AKO). | vmware-pilot (workflow orchestration) | vmware-policy (audit/policy)
What This Skill Does
| Category | Tools | Count |
|---|---|---|
| Resources | list, get details, metrics, health badge, top consumers | 5 |
| Alerts | list, get details, acknowledge, cancel, list definitions | 5 |
| Alert Definitions | list symptoms, create definition, enable/disable, delete | 4 |
| Capacity | cluster overview, remaining capacity, time remaining, rightsizing | 4 |
| Reports | list templates, generate, list, get status+download URL, delete | 5 |
| Anomaly | list anomalies, risk badge | 2 |
| Health | Aria platform health, collector group status | 2 |
Total: 27 tools (23 read-only + 4 write)
Quick Install
uv tool install vmware-aria
vmware-aria doctor
When to Use This Skill
Performance monitoring (daily proactive checks):
- Check VM contention: CPU Ready %, Memory Balloon, Swap usage
- Fetch time-series metrics for any resource (CPU, memory, disk, network)
- Find top consumers by CPU/memory/disk/network
- Detect ML-based anomalies and risk scores
Alert management:
- List, investigate, acknowledge, or cancel active alerts
- List or filter alert definitions (templates)
- Create new alert definitions from symptom definitions (post-RCA)
- Enable or disable alert definitions; delete obsolete ones
Capacity planning:
- Cluster capacity remaining (CPU, memory, disk headroom)
- Time-until-full prediction per cluster
- Right-sizing: find over-provisioned or under-utilized VMs
- Capacity overview with Aria's built-in recommendations
Report automation:
- Generate scheduled or on-demand reports (capacity, performance, SLA)
- Poll report status until COMPLETED; get PDF/CSV download URL
- Delete generated reports after download
Use companion skills for:
- VM lifecycle: create, clone, snapshot, power →
vmware-aiops - NSX networking: segments, gateways, NAT, routing →
vmware-nsx - vSphere inventory, real-time alarms, events →
vmware-monitor - Storage: iSCSI, vSAN, datastores →
vmware-storage - Load balancing, AVI/ALB, AKO, Ingress →
vmware-avi
Related Skills — Skill Routing
| User Intent | Recommended Skill |
|---|---|
| Aria Operations monitoring, alerts, capacity | vmware-aria ← this skill |
| VM lifecycle, deployment, guest ops | vmware-aiops |
| NSX networking: segments, gateways, NAT, routing | vmware-nsx |
| Read-only vSphere inventory, events, alarms | vmware-monitor |
| Storage: iSCSI, vSAN, datastores | vmware-storage |
| Multi-step workflows with approval | vmware-pilot |
| Load balancer, AVI, ALB, AKO, Ingress | vmware-avi (uv tool install vmware-avi) |
| Audit log query | vmware-policy (vmware-audit CLI) |
Common Workflows
Diagnostic investigations: Before running any "why is X slow / failing / down" workflow, follow
references/investigation-protocol.md. It enforces the four root-cause completeness criteria (falsifiability / sufficiency / necessity / mechanism) and the up-to-three-rounds deepening loop. Stopping at a partial conclusion is an anti-pattern — always self-check against the criteria before outputting a report.
Daily VM Health Check (Proactive Ops)
Judgment: don't chase the highest CPU consumer — chase the highest contention consumer. A VM at 90% CPU on a quiet host is healthy; a VM at 30% CPU but 15% Ready is starving. Key metrics: CPU Ready, Memory Balloon, Disk Latency.
- Find top CPU consumers →
vmware-aria resource top --metric cpu|usage_average --top 20(this is the starting set, not the answer) - Check CPU Ready on hot VMs →
vmware-aria resource metrics <vm-id> --metrics cpu.ready.summation --hours 24-
5% = warning, >10% = problem, >20% = critical
-
- Check memory pressure →
vmware-aria resource metrics <vm-id> --metrics mem.balloon.average,mem.swapped.average --hours 24- Balloon >0 = ESXi reclaiming memory; Swap >0 = severe — act immediately
- List active CRITICAL/IMMEDIATE alerts →
vmware-aria alert list --criticality CRITICAL - Check ML anomalies →
vmware-aria anomaly list - Cross-validate against the investigation protocol before reporting any "root cause" — high consumption is rarely the root, usually a downstream symptom
Investigate High CPU Alert
- List active CRITICAL alerts →
vmware-aria alert list --criticality CRITICAL - Get alert details + symptoms →
vmware-aria alert get <alert-id> - Find top CPU consumers →
vmware-aria resource top --metric cpu|usage_average - Fetch 24h CPU metrics for the hot VM →
vmware-aria resource metrics <vm-id> --metrics cpu|usage_average --hours 24 - Check risk badge →
vmware-aria anomaly risk <vm-id> - Acknowledge the alert →
vmware-aria alert acknowledge <alert-id>
Capacity Planning
- List clusters →
vmware-aria resource list --kind ClusterComputeResource - Get remaining capacity →
vmware-aria capacity remaining <cluster-id> - Predict time until full →
vmware-aria capacity time-remaining <cluster-id> - Get capacity overview with recommendations →
vmware-aria capacity overview <cluster-id> - Find rightsizing candidates →
vmware-aria capacity rightsizing
Post-Incident: Create Detection Alert (RCA Follow-up)
After resolving an incident, create an early-warning alert to prevent recurrence:
- Find matching symptom definition →
vmware-aria alert symptom-definitions --name <keyword> - Create alert definition referencing symptoms →
vmware-aria alertdef create --name "Gold VM CPU Contention" --resource-kind VirtualMachine --symptom-ids <id1>,<id2> --criticality IMMEDIATE - Verify it appears in definitions →
vmware-aria alertdef list --name "Gold VM CPU" - Enable it →
vmware-aria alertdef enable <definition-id>
Generate Capacity Report
- Find report template →
vmware-aria report definitions --name "Capacity" - Trigger report generation →
vmware-aria report generate <definition-id> - Poll until completed →
vmware-aria report get <report-id>(repeat untilstatus == COMPLETED) - Download via the returned
download_url(PDF) orcsv_url - Clean up →
vmware-aria report delete <report-id>
Multi-Target Operations
All commands accept --target <name> to operate against a specific Aria Ops instance:
vmware-aria alert list --target prod
vmware-aria resource top --target lab
Usage Mode
| Scenario | Recommended | Why |
|---|---|---|
| Local/small models (Ollama, Qwen) | CLI | ~2K tokens vs ~8K for MCP |
| Cloud models (Claude, GPT-4o) | Either | MCP gives structured JSON I/O |
| Automated pipelines | MCP | Type-safe parameters, structured output |
MCP Tools (27 — 21 read, 6 write)
All MCP tools accept an optional target parameter to select which Aria Operations instance to connect to.
| Category | Tool | Type | Description |
|---|---|---|---|
| Resource | list_resources | Read | List VMs, hosts, clusters by resource kind |
get_resource | Read | Get resource details with health, risk, efficiency badges | |
get_resource_metrics | Read | Fetch time-series metric stats for any resource | |
get_resource_health | Read | Get health badge score (0–100) | |
get_top_consumers | Read | Rank resources by CPU, memory, disk, or network usage | |
| Alerts | list_alerts | Read | List active alerts with criticality and resource info |
get_alert | Read | Get alert details: symptoms and recommendations | |
acknowledge_alert | Write | Mark an alert as acknowledged (does not close it) | |
cancel_alert | Write | Cancel (dismiss) an active alert | |
list_alert_definitions | Read | List alert templates configured in Aria Ops | |
| Alert Defs | list_symptom_definitions | Read | List symptom definitions — use IDs when creating alert defs |
create_alert_definition | Write | Create new alert definition from symptom definition IDs | |
set_alert_definition_state | Write | Enable or disable an alert definition | |
delete_alert_definition | Write | Delete an alert definition permanently | |
| Capacity | get_capacity_overview | Read | Cluster capacity recommendations from Aria |
get_remaining_capacity | Read | Remaining CPU, memory, disk before hitting limits | |
get_time_remaining | Read | Days until cluster capacity is exhausted | |
list_rightsizing_recommendations | Read | VMs to resize: over/under-provisioned | |
| Reports | list_report_definitions | Read | List available report definition templates |
generate_report | Write | Trigger report generation (async; returns report_id) | |
list_reports | Read | List generated reports, optionally by definition | |
get_report | Read | Poll report status + get PDF/CSV download URLs | |
delete_report | Write | Delete a generated report | |
| Anomaly | list_anomalies | Read | Machine-learning anomalies across monitored resources |
get_resource_riskbadge | Read | Risk score (0–100): likelihood of future problems | |
| Health | get_aria_health | Read | Aria platform internal services health |
list_collector_groups | Read | Collector agents status and connectivity |
Read/write split: 21 read-only, 6 write. All write operations are audit-logged to ~/.vmware/audit.db (via vmware-policy).
CLI Quick Reference
# Resources
vmware-aria resource list [--kind VirtualMachine|HostSystem|ClusterComputeResource] [--name <filter>]
vmware-aria resource get <resource-id>
vmware-aria resource metrics <resource-id> --metrics cpu|usage_average,mem|usage_average --hours 4
vmware-aria resource metrics <vm-id> --metrics cpu.ready.summation,mem.balloon.average --hours 24
vmware-aria resource health <resource-id>
vmware-aria resource top --metric cpu|usage_average --kind VirtualMachine --top 10
# Alerts
vmware-aria alert list [--criticality CRITICAL|IMMEDIATE|WARNING|INFORMATION]
vmware-aria alert get <alert-id>
vmware-aria alert acknowledge <alert-id>
vmware-aria alert cancel <alert-id>
vmware-aria alert definitions [--name <filter>]
# Alert Definitions (create/manage alert templates)
vmware-aria alertdef symptom-definitions [--name <filter>] [--resource-kind VirtualMachine]
vmware-aria alertdef create --name <name> --description <desc> --resource-kind <kind> --symptom-ids <id1,id2> --criticality WARNING|IMMEDIATE|CRITICAL
vmware-aria alertdef list [--name <filter>]
vmware-aria alertdef enable <definition-id>
vmware-aria alertdef disable <definition-id>
vmware-aria alertdef delete <definition-id>
# Capacity
vmware-aria capacity overview <cluster-id>
vmware-aria capacity remaining <resource-id>
vmware-aria capacity time-remaining <resource-id>
vmware-aria capacity rightsizing [--resource-id <vm-id>]
# Reports (async: generate → poll get → download → delete)
vmware-aria report definitions [--name <filter>]
vmware-aria report generate <definition-id> [--resource-ids <id1,id2>]
vmware-aria report list [--definition-id <id>]
vmware-aria report get <report-id> # poll until status == COMPLETED; shows download_url
vmware-aria report delete <report-id>
# Anomaly
vmware-aria anomaly list [--resource-id <id>]
vmware-aria anomaly risk <resource-id>
# Health
vmware-aria health status
vmware-aria health collectors
# Diagnostics
vmware-aria doctor [--skip-auth]
Key Metric Names (for resource metrics command)
| Metric | API Key | What It Means |
|---|---|---|
| CPU Ready % | cpu.ready.summation | vCPU waiting for physical core; >5% = warning |
| CPU Used | cpu.used.summation | Actual CPU execution time |
| CPU Demand | cpu.demand.average | Total MHz requested by VM |
| Memory Active | mem.active.average | Actively used by guest OS (sizing) |
| Memory Consumed | mem.consumed.average | Footprint on host (capacity) |
| Memory Balloon | mem.balloon.average | >0 = ESXi reclaiming memory |
| Memory Swap | mem.swapped.average | >0 = severe pressure |
| Disk Read Latency | disk.read.average | Read I/O latency ms |
| Disk Write Latency | disk.write.average | Write I/O latency ms |
| Net Received | net.received.average | Inbound network KB/s |
| Net Transmitted | net.transmitted.average | Outbound network KB/s |
Full CLI reference with all options and output formats: see
references/cli-reference.md
Troubleshooting
"Token not found" error after setup
The token acquisition request failed. Verify:
- Aria Ops is reachable:
vmware-aria doctor - The
auth_sourcein config matches your environment (LOCAL, LDAP, AD) - The password env var follows the naming convention:
VMWARE_ARIA_<TARGET>_PASSWORD
Resources appear missing from list_resources
The collector agent may be offline. Check list_collector_groups for any collectors in a non-RUNNING state. Restart the affected collector from the Aria Ops UI under Administration > Collector Groups.
Metrics return empty data
The resource may not have metric collection configured, or the requested metric key is incorrect. Verify metric keys against the resource's available metrics in the Aria Ops UI (Metrics tab on the resource detail page).
"Password not found" error
Variable names follow the pattern VMWARE_ARIA_<TARGET_NAME_UPPER>_PASSWORD where hyphens become underscores. Example: target prod needs VMWARE_ARIA_PROD_PASSWORD. Check your ~/.vmware-aria/.env file.
invalid peer certificate: UnknownIssuer when running uvx (corporate TLS proxy)
uvx re-resolves dependencies from PyPI on every launch. Behind a corporate TLS-intercepting proxy whose CA is not in uv's bundled cert store, the handshake fails. Use the v1.5.15+ recommended single-command form vmware-aria mcp (after uv tool install vmware-aria — no network on launch), or set UV_NATIVE_TLS=true to make uv use the system cert store.
Safety
- Read-heavy: 21 of 27 tools are read-only
- Audit logging: Write operations logged to
~/.vmware/audit.db(SQLite WAL, via vmware-policy) with timestamp, user, target, operation, and result - Token expiry handling: OpsToken refreshed automatically 60 seconds before expiry (30-minute validity window)
- Prompt injection defense: API text values sanitized via
_sanitize()— strips control characters, truncates to 500 chars - Credential safety: Passwords loaded only from environment variables (
.envfile), never fromconfig.yaml - Input validation: resource_id and alert_id validated before API calls; criticality values validated against known enum
Setup
uv tool install vmware-aria
mkdir -p ~/.vmware-aria
cp config.example.yaml ~/.vmware-aria/config.yaml
# Edit config.yaml with your Aria Operations host details
# Add to ~/.vmware-aria/.env (create if missing, chmod 600):
# VMWARE_ARIA_PROD_PASSWORD=<your-password>
chmod 600 ~/.vmware-aria/.env
vmware-aria doctor
All tools are automatically audited via vmware-policy. Audit logs:
vmware-audit log --last 20
Full setup guide with multi-target config, MCP server setup, and Docker: see
references/setup-guide.md
Architecture
User (natural language)
|
AI Agent (Claude Code / Goose / Cursor)
| reads SKILL.md
vmware-aria CLI or MCP server (stdio transport)
| Aria Operations Suite API (REST/JSON over HTTPS)
| POST /suite-api/api/auth/token/acquire → OpsToken
Aria Operations Manager
|
VMs / Hosts / Clusters / Datastores / Alerts / Capacity
The MCP server uses stdio transport (local only, no network listener). Connections to Aria Ops use HTTPS on port 443 with OpsToken authentication (30-minute token validity, auto-refreshed).
Audit & Safety
All operations are automatically audited via vmware-policy (@vmware_tool decorator):
- Every tool call logged to
~/.vmware/audit.db(SQLite, framework-agnostic) - Policy rules enforced via
~/.vmware/rules.yaml(deny rules, maintenance windows, risk levels) - Risk classification: each tool tagged as low/medium/high/critical
- View recent operations:
vmware-audit log --last 20 - View denied operations:
vmware-audit log --status denied
vmware-policy is automatically installed as a dependency — no manual setup needed.