Home > Blogs > VMware vSphere Blog > Tag Archives: ESXi

Tag Archives: ESXi

vSphere 6.0 Update 2 – What’s New

VMware just recently released Update 2 for vSphere 6.0. Update 2 is full of new features and bug fixes for both ESXi and vCenter Server. For a complete list of features and bug fixes make sure to review the release notes for ESXi and vCenter Server. There are few features that stood out to me in this update. The Embedded Host Client is now integrated into ESXi and fully supported as of Update 2. VSAN 6.2 is feature rich with everything but the kitchen sink in this release. Two factor authentication support for the vSphere Web Client is now available in the PSC UI. Here’s a breakdown of what’s new in vSphere 6.0 Update 2.​

ESXi

VMware Embedded Host Client (EHC)

The Embedded Host Client (EHC) started out as a fling and now is a supported product in vSphere 6.0 Update 2. The EHC is now installed as part of ESXi 6.0U2 and provides the ability to manage any ESXi host using a web browser. After a host is installed with or upgraded to 6.0 U2, open a web browser and enter https://<FQDN or IP of host>/ui.  More information on the Embedded Host Client can be found by reviewing the release notes.

vSphere 6.0 Update 2 - What's New ESXi EHC

Virtual SAN 6.2 (VSAN)

Note: VSAN is a separate product and is licensed separately

If you thought this update couldn’t get any bigger, think again. Virtual SAN 6.2 is here and Jam-packed with new features. This release of VSAN now supports compression and deduplication. When enabled on a disk group redundant copies of data are reduced to single copy. There’re also new services related to performance, space savings and health of the cluster.  The Health service monitors the VSAN cluster for issues and provides diagnostics. Performance service collects and analyzes performance statistics.  Performance service starts at the cluster down the to the disk level. You want space savings reports, that’s included. Space reporting displays information of used and free space with a detailed breakdown. These are just a few of the new features in Virtual SAN 6.2. For more information check out the Virtual Blocks blog.

vSphere APIs for I/O filtering (VAIO) Enhancement

vSphere 6.0 Update 2 also includes updates to vSphere APIs for I/O filtering (VAIO). If you are not familiar with VAIO I highly recommend you read the following blog post by Ken Werneburg.

  • VASA provider in a pure IPv6 environment
  • VMIOF 1.0 and 1.1

High Ethernet Link Speed

ESXi hosts can now support 25G and 50G ethernet speeds.

vCenter Server

Two-factor authentication for vSphere Web client

vCenter Single Sign On allows authentication to the vSphere Web Client via username and password. vSphere 6.0 Update 2 introduces two-factor authentication supporting RSA SecurID and Smart card.  RSA SecurID is configured using the SSO-Config utility. It also requires RSA Authentication Manager in your environment. Once setup, login to the vSphere Web Client with your username and RSA passcode.  Mike Foley has an excellent two part blog post walking through RSA SecurID setup.

Smart card authentication as mentioned above is also supported. Many large enterprises and government agencies use smart cards to meet security regulations. Smart Cards such as Common Access Card (CAC) are used at a machines with a smart card reader. Smart Card Authentication can be configured from the Platform Services Controller UI or using SSO-Config utility. Stay tuned as Mike Foley will be discussing Smart card authentication in a future post.

vSphere 6.0 Update 2 - What's New Smart Card

In addition to two factor authentication, the vSphere Web Client now supports the ability to add a login banner.  The Login Banner can be configured from the Platform Services Controller UI by adding a title and message.

vSphere 6.0 Update 2 - What's New Login Banner

An added layer of consent ensures the user can not login without acknowledging the Login Banner.

vSphere 6.0 Update 2 - What's New Login Banner Consent

vCenter Server Appliance update status might be stuck at 70 percent

vSphere 6.0 Update 1b had a bug when using the virtual appliance management interface (VAMI) to update. The UI would hang at 70 percent, although the update had completed. The only way to verify the status of the upgrade was by checking the update log – /var/log/vmware/applmgmt/software-packages.log. This bug has been fixed in vSphere 6.0 Update 2 displaying 100 percent in the VAMI when the update is complete.

Support to change vSphere ESX Agent Manger Logging Level

vSphere Web Client support for Windows 10 operating system

vCenter Server now supports the following external databases

  • Microsoft SQL Server 2012 Service Pack 3
  • Microsoft SQL Server 2014 Service Pack 1

vCenter Server now supports multiple embedded to multiple PSC migrations in a single SSO domain

vSphere 6.0 Update 1 introduced the ability to reconfigure and repoint using CMSSO-UTIL. This is handy when going from a vCenter with an embedded PSC to an external PSC deployment in the same SSO domain. vSphere 6.0 Update 1 would not allow having two external PSCs and trying to repoint. The result was the following error:

vSphere 6.0 Update 2 - What's New ESXi EHC Repoint Error

vSphere 6.0 U2 now allows having multiple external PSCs with the use of the repoint command. The diagram below represent two embedded deployments replicating to each other. This deployment model is considered deprecated. The term deprecated means the topology will be supported in vSphere 6.0 but not in future releases. To get out of this deprecated topology two external Platform Services Controllers have been deployed. Now we can using the reconfigure command in CMSSO-Util to remove the embedded PSC and repoint vCenter Server to the external PSC.

vSphere 6.0 Update 2 - What's New Deprecated Embedded to External PSC

As you can see vSphere 6.0 U2 is loaded with lots of new features, go download and give them a try.

Authorized Keys and ESXi 6.0 Update 2 – Changes to OpenSSH

sshWilliam Lam brought up some feedback on Socialcast the other day. The story was of a customer who updated to ESXi 6.0 Update 2 and the SSH keys he was using no longer worked. The customer was advocating for changing the file /etc/sshd_config so that he could continue to use the keys on his ESXi server. IMHO, that’s the wrong course of action.

ESXi 6.0 Update 2 has shipped with an updated version of OpenSSH. The version has been updated to 7.1p1. One of the major changes in this release is the disablement of “ssh-dss” and “ssh-dss-cert-*” (a.k.a DSA) keys. They have also announced the future deprecation of legacy cryptography. I urge you to read more about these changes as they may impact you in other places in your infrastructure.

Now, the customer had added dss keys to the /etc/authorized_keys file so that he could easily log into his ESXi system. Ok, I get that. Adding authorized keys is a supported configuration outlined in this KB.

What happened is that now that ESXi 6.0 U2 is running the new OpenSSH bits his SSH connections were refused. This is expected behavior! This issue could be remediated by generating new keys using RSA keys. As I said above, that is the wrong course of action. You put your ESXi host at risk for convenience?

Please don’t bring up the “but DSA keys are faster/less overhead/etc” argument. I’m pretty darned sure that OpenSSH is using AES-NI instructions (I looked) that are plenty fast for a simple SSH session. Performance is no longer an excuse to use less security! It’s 2016.

Bottom line, if you are using Authorized Keys on your ESXi server and they were generated with DSA keys, it’s time to be proactive and re-generate them with RSA keys.

Final note: Limit who can log into your ESXi host. Only those you trust the most should have access. If you are logging in to “run scripts and stuff” (as many customers tell me they do) then you might want to look into using tools like the vSphere API and scripting tools like PowerCLI or Python.

If you have something you CAN’T do via API or scripting, please let us know! Reply here or send email.

Thanks for reading!

If you liked these posts, please let me know! If you have comments, please reply here, to @vspheresecurity or @mikefoley on Twitter or via email to mfoley@VMware.com or mike@yelof.com

VMware Host Client 1.0 is now GA

On behalf of the VMware Host Client team, I am pleased to announce that the VMware Host Client v1.0 is GA and shipping with vSphere update 6.0U2.

VMware Host Client overview

The VMware Host Client is an HTML5-based UI client that is used to connect to and manage single ESXi hosts. It can be used to perform administrative tasks to manage host resources such as VMs, Networking and Storage. This UI client is also designed for troubleshooting individual VMs or hosts during times when vCenter and the vSphere Web Client are unavailable.

vSphere 6.0 continues to support the Windows-based vSphere Client (also known as C# Client, or the VI Client.) Customers now also have the option to use the HTML5-based VMware Host Client to perform host-based operations in its place.

What’s available in v1.0?

  • Support for hardware version 4 through 11
  • Support for VM lifecycle operations, such as deploying, configuring, and editing virtual machines of various complexity, including console access and snapshot management
  • Creating and managing network resources such as port groups, switches, NICs and firewalls.
  • Creating and managing storage resources such as datastores, adapters and devices
  • Managing host configurations such as running/stopping services and tuning of advanced host parameters to improve performance
  • Display of resource settings and graphs of cpu, memory, disk and network utilization
  • Display of events, tasks and logs of resource components to aid in troubleshooting
  • And most importantly, nothing to INSTALL – just point your browser (Chrome, IE, Firefox or Safari) to your host’s IP address and you’re up and running!

Links and additional resources:

VMware vSphere Beta – Indicate your interest!

We are excited to announce the upcoming VMware vSphere Beta Program. This program enables participants to help define the direction of the most widely adopted industry-leading virtualization platform.

Folks who want to participate in the program can now indicate their interest by filling out this simple form. The vSphere team will grant access to the program to selected candidates in stages.

This vSphere Beta Program leverages a private Beta community to download software and share information. We will provide discussion forums, webinars, and service requests to enable you to share your feedback with us.

You can expect to download, install, and test vSphere Beta software in your environment or get invited to try new features in a VMware hosted environment. All testing is free-form and we encourage you to use our software in ways that interest you. This will provide us with valuable insight into how you use vSphere in real-world conditions and with real-world test cases, enabling us to better align our product with your business needs.

Some of the many reasons to participate in this vSphere Beta Program include:

  • Receive early access to the vSphere Beta products
  • Interact with the vSphere Beta team consisting of Product Managers, Engineers, Technical Support, and Technical Writers
  • Provide direct input on product functionality, configurability, usability, and performance
  • Provide feedback influencing future products, training, documentation, and services
  • Collaborate with other participants, learn about their use cases, and share advice and learnings

We welcome you to indicate your interest today at: VMware vSphere Beta Interest Capture

Technical Paper: Installing VMware ESXi 6 Using PXE

It’s 2016, are you still installing VMware ESXi by mounting ISO images in a browser-based console? That’s probably fine for one-off efforts, and it sure beats making a trip to the datacenter with physical CDs, but network deployments are the way of the future.

If you have not yet made the move to PXE deployments, then a new guide from VMware may be the catalyst needed to get your environment moving towards greater operational maturity:

maturity-sequence-diagram

Today, there are a number of large-scale VMware deployments leveraging Auto Deploy to centrally install, patch, and upgrade ESXi hosts that do not utilize local disks. For environments not quite ready to dive into this world of highly automated, stateless deployments, then network installs via PXE – either interactive or scripted – are a good starting point.   Getting familiar with the required infrastructure, such as DHCP, TFTP, and properly configured DNS today can pave the way for future automation with Auto Deploy technology.

This new technical paper from VMware is a very thorough guide on PXE installation of ESXi 6, including differences between the two major hardware architectures: legacy BIOS and UEFI. Also note that UEFI even supports IPv6 – if you’re into that kind of thing. In addition to that, advice is offered on how to control, on a per-host basis, which configuration files are booted, which can enable a gradual transition.  Details, such as the following boot sequence diagram, contribute to a better understanding in the event troubleshooting is needed.

esxi6_pxe_sequence

So take a look and consider how your environment may benefit by reducing manual tasks required for ESXi host deployment. Speaking of reducing manual tasks – this small script that can automatically prepare the contents of an ISO image for PXE use may also be of interest.

SSLv3 Protocol Disabled by Default in vSphere 5.5 Update 3b

Background

Why has the SSLv3 protocol been disabled by default in vSphere 5.5 Update 3b?

Across the industry, enterprise software products and solutions are dropping use of and support for the SSLv3 protocol. The Internet Engineering Task Force (IETF) officially deprecated the SSLv3 protocol in RFC 7568 due to its obsolescence and inherent unfixability. Instead, IETF recommends the latest version of TLS.

VMware is therefore dropping support for SSLv3 on both the server side and the client side in vSphere. The release of vSphere 5.5 Update 3b from VMware disables SSLv3 by default to meet current standards and compliance.

Continue reading

Architecting Virtual SAP HANA Using VMware Virtual Volumes And Hitachi Storage

VMWorld Recap: SAP HANA and VMware Virtual Volumes

This is a follow up to my earlier VMWorld blog; “Virtualizing SAP HANA Databases Greater Than-1TB On vSphere-5-5”, where I discussed SAP Multi-Temperature Data Management strategies and techniques which can significantly reduce the size and cost associated with SAP HANA’s in-memory footprint. This blog will focus on Software-Defined Storage and the need for VMware Virtual volumes when deploying Mission Critical Applications/Databases like SAP HANA as discussed in my VMWorld session.

Multi-Temperature Data Management Is By Definition Software-Defined Storage

SAP and VMware customers who plan on leveraging multi-temperature strategies, where data is classified by frequency of access as either hot, warm or cold depending on data usage is the essence of Software-Defined Storage. This can also be equated to EMC’s Information Lifecycle Management which examines the value of data to the business over time. To bring the concept of the Software-Defined Data Center and more precisely Software-Defined Storage to reality, see Table 1. This table depicts the various storage options for SAP HANA so customers can create an architecture that aligns with the business and its applications demands.

Table 1: Multi-Temperature Storage Options with SAP HANA

table-j

Planning Your Journey To Software-Defined Storage

As we get into the various storage options for SAP HANA, VMware has made it very easy to create and deploy software defined storage in the form of Virtual Volumes. However I want to stress the actual definitions of how the storage should be abstracted is a collaborative task, at a minimum you must involve the storage team, VI-Admins, application owners, and dba’s in order to create an optimized virtual architecture; this should not be a siloed task.

In my previous post I discussed the storage requirements for SAP HANA In-Memory, Dynamic Tiering, Near-Line Storage, and the Archiving Components; one last option I did not cover in Table 1 is Data Aging which is specific to SAP Business Suite. Under normal operations SAP HANA does not preload data into memory, data is loaded upon first access, so the first time you access data its always off disk.

With Data Aging you can essentially mark data so its never loaded into memory and will always reside on disk. This is not available on all modules for Business Suite, so please check with SAP for availability and roadmap with respect to Data Aging.

Essentially this is another SAP HANA feature which enables customers to reduce and manage their memory footprint more efficiently and effectively. The use of Data Aging can change the design requirements of your Software-Defined Storage, if Data Aging becomes more prevalent in your SAP Landscape, VMware Virtual Volumes can be used to address the changing storage requirements of the application by seamlessly migrating data between different classes of software-defined storage or VMDKs.

VMware Virtual Volumes Transform Storage By Aligning With SAP HANA’s Requirements

Now lets get into Virtual Volumes and the problems they solve, with Virtual Volumes the fundamental model is centered around provisioning storage based on the application needs rather than the underlying infrastructure. When deploying SAP HANA using the Tailored Data Center Integration model, the storage KPIs can be quite complex, so how do customers translate latency, throughput for reads – writes – and updates, at various block sizes to the storage layer?

Plus how does a customer address the storage requirements for SAP HANA’s entire data life cycle, whether you are planning on using Dynamic Tiering, with or without Near-Line-Storage and what is the archiving strategy storage requirements as well. Also some of the storage requirements do tie back to the compute layer, as an example with Dynamic Tiering if you plan on using Row Level Versioning there is a compute to memory relationship for storage that comes into play when sizing

Addressing and achieving these design goals using an infrastructure centric model can be quite difficult because you are tied to physical LUNs and trust me, with mission critical databases, you will always have database administrators fighting over LUNs with the lowest numbers because of the concerns around radial density. This leads to tremendous waste when provisioning storage using an infrastructure centric model.

VMware Virtual Volumes significantly reduces the storage design complexity by using an Application Centric model because you are not dealing with storage at the LUN level, instead vSphere admins use policies to express the application requirements to the storage array, then the storage array maps storage containers to the application requirements.

What are VMware Virtual Volumes?

At a high level I’ll go over the architecture and components of Virtual Volumes, this blog is not intended to be a deep dive into Virtual Volumes, instead my goal is to convey that mission critical uses cases for VVOLS and software-defined storage are real. For an excellent white paper on Virtual Volumes see; “VMware vSphere Virtual Volumes Getting Started Guide”.

As shown in Figure 1., Virtual Volumes are a new type of virtual machine object which are created and stored natively on the storage array. The Vendor Provider also known as the VASA Provider, which are the vSphere Storage APIs for Storage Awareness (VASA) that provide the storage awareness services and mediates out of the box communications between vCenterServer and EXi Hosts on one side and the storage system on the other side.

The storage containers are pools of raw storage that a storage system can provide to virtual volumes and unlike LUNS and NFS, they do not require pre-configured volumes on the storage side. Also with virtual volumes you still have the functionality you would expect when using native VMDKs

Virtual Datastores represents a storage container in a vCenter Server instance, so it’s a 1:1 mapping to the storage systems storage container. The ESXi Hosts have no direct access to the virtual volumes on the storage side, so they use a logical I/O proxy called a protocol endpoint and as you would expect VVOLs are compatible with industry standard protocols, iSCSI, NFS, FC, and FCoE

The Published Storage Capabilities will vary by storage vendor depending on which capabilities have been exposed and implemented. In this blog we will be looking at the exposed capabilities of Hitachi Data Systems like latency, throughput, Raid Level, Drive Type/Speed, IOPS, and Snapshot frequency to mention a few.

Figure 1: vSphere Virtual Volumes Architecture and Components

vv

VMware HDS: Creating Storage Containers, Virtual Volumes, and Profiles for Virtual SAP HANA

Now Virtual Volumes are an Industry-wide Initiative, essentially a who’s who of the storage industry are participating in this initiative, however this next section will be representative of the work done with Hitachi Data Systems

And again the guidance here is collaboration when architecting software-defined storage for SAP HANA landscapes and for that matter any mission critical application or database. Because the beauty of software defined storage is once created and architecture correctly you can then provision your virtual machines in an automated and consistent manner.

So in the spirit of collaboration, I got together with Hitachi’s SAP alliance team, their storage team, and database architects and we came up with these profiles, policies, and containers to use when deploying SAP HANA landscapes.

We had several goals when designing this architecture; one was to use virtual volumes to address the entire data life cycle of SAP HANA, the in-memory component, Dynamic Tiering, Near-Line storage, and archiving or any supported combination of the above when creating a SAP HANA landscape. And secondly we wanted to enable rapidly provisioning of SAP HANA landscapes, so we created profiles, policies, and containers which could be used to deploy SAP HANA databases whose in-memory component could range from 512GB to 1TB in size.

I’ll review some of the capabilities HDS exposed which were used for this architecture:

  • Interestingly enough we were able to meet the SAP HANA in-memory KPIs using Hitachi Tier 2 storage which consisted of 10K SAS drives for both log and data files, as well as for the Operating System and the SAP HANA shared file system. This also simplified the design. We then used high density SAS drives for the backup areas
  • We enabled automatic storage managed snapshots for HANA data, log and the OS; and set the Snapshot frequency based on the classifications of Critical, Important, or Best Effort.
  • So snapshots for the data and log were classified as Critical while the OS was classified as Important and the backup area we didn’t snapshot at all
  • We also tagged this storage as certified, capturing the model and serial number, since the SAP HANA in-memory component requires certified storage. We wanted to make sure that when creating HANA VM’s you’re always pulling from certified storage containers.
  • The Dynamic Tiering and NLS storage had similar requirements so could be provisioned from the same containers and since these are disk based columnar databases we selected Tier 1 storage SSDs for the data files based on the random read/write patterns
  • And stuck with SAS drives for the log files since sequential workload don’t benefit much from SSDs. Again because of the disk based access we selected Tier 2 to satisfy the IOPS and Latency requirements.
  • Then finally for the archiving containers we used the lowest cost & highest density storage, pretty much just a file system.

Now there’s just too much information to cover in this effort with HDS but for those of you interested, VMware and Hitachi we will be publishing a Co-Logo White Paper which will be a much deeper dive into how we architected these landscapes so customers can do this almost out of the box.

Deploying VMware Software-Defined Storage With vSphere and Hitachi Command Suite

Example: SAP HANA Dynamic Tiering and Near-Line Storage Tiers. These next couple of screen captures will show how simple virtual volumes are to deploy once architected correctly

Figure 2: Storage Container Creation: SAP HANA DT and NLS Tier

ss1

Figure 3: Create Virtual Machine Storage Policies SAP HANA DT/NLS Data/Log File

ss2

Figure 4: Create New SAP HANA DT VM Using VVOLS Policies With Hitachi Storage

ss3

Addressing Mission Critical Use Cases with VMware Software-Defined Storage

SAP HANA and Multi-Temperature Data Management is the poster child for mission critical software-defined storage use cases. VMware Virtual Volumes solves the complexities and simplifies storage provisioning by using an application centric model rather than an infrastructure centric model.

The SAP HANA in-memory component is not yet certified for production use on vSphere 6.0, however Virtual Volumes can be used for SAP HANA Dynamic Teiring, Near-Line Storage, and Archiving. So my advice to our customers is to start architecting now, get together with your storage admins, VI Admins, application owners, and database administrators to create containers, policies, and profiles correctly so when vSphere 6.0 is certified you are ready to “Run SAP HANA Simple”.

 

 

Technology Preview: Enriching vSphere with hybrid capabilities

 

Today VMware is revealing a Technology Preview of Project SkyScraper, a new set of hybrid cloud capabilities for VMware vSphere that will enable customers to confidently extend their data center to the public cloud and vice-a-versa by seamlessly operating across boundaries while providing enterprise-level security and business continuity.

At VMworld, we will demonstrate live workload migration with Cross-Cloud vMotion and Content Sync between on-premises and vCloud Air.  These features will complement VMware vCloud® Air™ Hybrid Cloud Manager™ – a free, downloadable solution for vSphere Web Client users, with optional fee-based capabilities. Hybrid Cloud Manager consolidates various capabilities such as workload migration, network extension and improved hybrid management features into one easy-to-use solution for managing workloads in vCloud Air from the vSphere Web Client.

Cross-Cloud vMotion is a new technology based on vSphere vMotion that allows customers to seamlessly migrate running virtual machines between their on-premises environments and vCloud Air. Cross-cloud vMotion can be used via the vSphere Web Client, enabling rapid adoption with minimal training. The flexibility provided by this technology gives customers the ability to securely migrate virtual machines bi-directionally without compromising machine up-time; all vMotion guarantees are maintained.

Content Sync will allow customers to subscribe to an on-premise Content Library and seamlessly synchronize VM templates, vApps, ISOs, and scripts with their content catalog in vCloud Air with a single click of a button. This feature will ensure consistency of content between on-premise and the cloud, eliminating error prone manual sync process.

Learn more about these two capabilities under Project Skyscraper by visiting us the VMware booth at VMworld 2015.

Introducing the vSphere Host Client fling

Have you ever wanted to connect directly to your ESXi host via a web browser and take a quick look at the available resources on the host? How about checking on the status of the vCenter VM? Conduct host administrative tasks through the browser? Today I’m happy to introduce the vSphere Host Client fling, an HTML5-based UI client served directly from the ESXi host.

The Client is distributed as a VIB that once installed, allows you to point your web browser at the host IP, and begin directly managing the host. Underneath the covers, the Client interfaces with the host through the VIM API similar to other host access methods such as the Web Client or PowerCLI.

Screen Shot 2015-08-02 at 5.36.46 PM

The current Client feature set include:

  • Display host, VM, storage, and networking information
  • Execute tasks such as create/update/delete of host resources
  • Support of VM console access
  • Configure the host NTP
  • See summaries, events, tasks and notifications
  • Configure advanced host services and settings

The Client will work on ESXi 6.0 and 5.5U3 when the update release becomes available later this year. You can find browser requirements, download and installation instructions from our Fling website:

https://labs.vmware.com/flings/esxi-embedded-host-client

We’d love to get your feedback or if you have questions:

https://communities.vmware.com/community/vmtn/vsphere/hostclient

Many many folks contributed to this fling: George Estebe, Etienne LeSueur and Kevin MacDonell our development team for bringing the Client to life, Jehad Affoneh for the proof of concept that inspired what you see today, William Lam and Kevin Christopher for their ongoing (and vocal!) guidance each step of the way, and our ESXi leadership team for allocating the time and resources to make this all happen.

Going forward, we plan to add more features to the fling including additional VM and host resource management actions, datastore operations, performance charts and metrics. Based on your feedback/community support and resource prioritization, we hope to incorporate the Client into a future ESXi release as a formalized offering.

vSphere 6.0 Lockdown Mode Exception Users

In vSphere 6.0 we now have a new concept called Exception Users. The intent of Exception Users is that they are not general admin users. I would consider them more of a “Service Account” type of access.

As a matter of fact, just the other day I got an email from someone internal at VMware that brought up a great use case for Exception Users. They were talking to a customer that wanted to access ESXi via a PowerCLI cmdlet (Get-VMHostAccount) to list out the local accounts on an ESXi server as part of their normal security reporting.

But they also wanted to enable Lockdown Mode and were finding it difficult to comply with both things. In vSphere 6.0 this is now much easier to address. Let’s get started.

Continue reading