Home > Blogs > VMware vSphere Blog


What’s in a VIB?

Introduction

With the release of vShere 5.0 and the introduction of the new ESXi Image Builder CLI there’s naturally been a good deal of interest in how to create and maintain custom ESXi images.  Although I’ve always understood a “VIB” to be the basic building block of an ESXi image, I’ve never really understood what exactly a VIB is.  However, the more I work with vSphere 5.0 the more I have come realize that to be successful I need more than a cursory knowledge of VIBs.  It’s important to understand the make up of a VIB, how VIBs are created, and how VIBs are packaged and distributed.  As such I thought it would be good to write a blog post discussing the elusive ESXi “VIB”.

About VIBs

VIB stands for vSphere Installation Bundle.  At a conceptual level a VIB is somewhat similar to a tarball or ZIP archive in that it is a collection of files packaged into a single archive to facilitate distribution.  If we look under the covers we will find that a VIB is comprised of three parts:

  • A file archive
  • An XML descriptor file
  • A signature file

The file archive, also referred to as the VIB payload, contains the files that make up the VIB.  When a VIB is added to an ESXi image, the files in the VIB payload will be installed on the host.  When a VIB is removed from an ESXi image these files are removed. 

The XML descriptor file describes the contents of the VIB.  Included with the description is important information about the requirements for installing the VIB, to include any dependencies, any compatibility issues, and whether the VIB can be installed without rebooting.

The signature file is an electronic signature used to verify the level of trust associated with the VIB.  The acceptance level not only helps protect the integrity of the VIB, but it also identifies who created the VIB and the amount of testing and verification that has been done. There are four acceptance levels:

  • VMwareCertified:  VIBs created and tested by VMware.  VMware Certified VIBs undergo thorough testing by VMware.
  • VMwareAccepted:  VIBs created by a VMware partners that are approved by VMware.  VMware relies on partners to perform the testing, but VMware verifies the results.
  • PartnerSupported:  VIBs created and tested by a trusted VMware partner.  The partner performs all testing.  VMware does not verify the results.
  • CommunitySupported:  VIBs created by individuals or partners outside of the VMware partner program.  These VIBs do not undergo any VMware or trusted partner testing and are not supported by VMware or its partners. 

All VMware and partner supported VIBs must be signed by a VMware trusted authority, this helps ensure the security of the VIB by preventing any unauthorized tampering of its contents.   Community supported VIBs do not need to be signed, but they are still required to have an empty signature file.  Be careful when using CommunitySupported VIBs as their contents are not tested, monitored or controlled. 

Coinciding with the VIB acceptance levels, ESXi Image Profiles also have an acceptance level.  When the image is created it is assigned one of the four acceptance levels.  Any VIBs added to the image must be at the same acceptance level or higher.  This helps ensure that non-supported VIBs don’t get mixed in with supported VIBs when creating and maintaining ESXi images.

How are VIBs created and distributed?

VMware provides its partners with software tools they can use to create VIBs.  Once VIBs are created they are packaged into one of two user consumable formats.  

Individual VIBs

Vendors can publish individual VIBs.  Users can use the ESXCLI command to add and remove individual VIBs to/from their ESXi hosts.  However, distributing individual VIBs has a major drawback – the only user-level tool that supports working with individual VIBs is the ESXCLI command. Update Manager and Image Builder cannot work with individual VIBs as they require additional metadata that only comes when VIBs are added to a software bundle. 

Software bundle/depot

VIBs are more often distributed as part of a software bundle.  Software Bundles include additional metadata that allows the VIBs to be managed not only with the ESXCLI command, but also with Update Manager and the Image Builder CLI.  Software bundles can be distributed as a ZIP archive that users download (referred to as an offline bundle or offline depot), or they can be hosted on a web server and accessed remotely using HTTP/FTP (referred to as an online bundle or online depot).

How do I add or remove VIBs from an active ESXi host?

You can use the ESXCLI command to interactively query and manage the VIBs installed on a host.  In addition, you can also import a software bundle into Update Manager and use it to manage the VIBs installed on the host. 

How do I create a custom ESXi 5.0 image that I can use to install new hosts?

To create a custom ISO image that can be used to install new ESXi hosts you will need to use the ESXi Image Builder CLI.  The Image Builder CLI is bundled as part of the vSphere PowerCLI and provides several commands (referred to as cmdlets) that can be used to modify the VIBs that make up an ESXi Image profile, which can then be saved as ISO image.  

The typical workflow involves:

  1. Download the default ESXi offline bundle from VMware.
  2. Downloading any additional offline bundle(s) from any partners or 3rd party vendors.
  3. Use the Image Builder CLI to combine the vendor VIBs together with the VIBs provided by VMware.
  4. Save/Export the resultant Image Profile as a custom ISO file.
  5. Use the custom ISO to install new ESXi hosts.

Conclusion

As you can see there is a lot that goes into the making of a VIB, and while most of us will never actually create a VIB it is helpful to understand the underlying components.  Of particular importance are the VIB’s XML descriptor file, as this is where we find information about any dependencies or compatibility requirements, and the VIB acceptance level as this is how we now if a VIB is supported.  In addition, it’s important to understand the distribution format of the VIB as different tools (i.e. ESXCLI, Update Manager, Image Builder) have different requirements. 

14 thoughts on “What’s in a VIB?

  1. AFidel

    So I guess my question is why isn’t the VIB self describing? It’s not like putting the manifest and signature in the archive would have been difficult or consumed any appreciable amount of space.
    Also does having a CommunitySupported VIB installed remove the supportable status of the install or will support simply ask you to uninstall it if they suspect it is the cause of the issue you are experiencing?

    Reply
  2. Kyle Gleed

    Sorry, I don’t know the history of why they chose to do it they way the did and therefore I can’t really comment.
    As to your question about support and CommunitySupported VIBs. I would expect they would just ask you to remove any suspect VIBs if they felt they might be related to an issue at hand.

    Reply
    1. Kyle GleedKyle Gleed Post author

      Hi JS,

      VIBs are used to package and distribute ESXi software. If you want to add drivers or other software to an ESXi host you would first need to package it into a VIB and then use the Image Builder CLI, esxcli, or update manager to install the VIB onto the vSphere host.

      Reply
  3. Pingback: vSphere 5.1 sans le webclient : DVS Rollback - Hypervisor.fr

  4. Pingback: Minimum Privileges To Query VIBs On An ESXi Host | VMware vSphere Blog - VMware Blogs

  5. Pingback: Understanding ESXi Patches – Size & Patch Bundles | VMware vSphere Blog - VMware Blogs

  6. Pingback: Checkpoint: VMWare ESXi Out. Hyper-V In? Edition |

  7. Pingback: Установка патчей на ESXi | Админские будни

  8. Pingback: Adding HP & Dell VIB to VUM | VMFocus

  9. Pingback: VMware Tools For Nested vSphere ESXi Instances

  10. Steven

    Hi Kyle,

    First of all, I want to thank you and the other engineers for this piece of software!
    I’m using vibauthor for a while, and it’s working very well. But I have a question about the XML-scheme:

    Is it possible to “inject” a or method as used in the VMware VMvisor 5.1 ISO?
    I want to execute a script or binary during the installation / distribution process of the custom VIB.

    Could you give me some input here? ;-)

    Best regards,
    Steven

    Reply
  11. Pingback: Useful VMware Terminology | 0DDK3Y

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>