I’ve had a number of requests for recommendations on the “best way” to restrict access to the ESXi host console. While this is easily done using the ESXi Lockdown Mode feature I’m finding there are some admins who are still under the impression that lockdown mode doesn’t work, and in order to prevent access to the host console you need to disable the console service. While there were some challenges with lockdown mode in the past, things changed in ESXi 5.1.
Tag Archives: ESXi
Many of you have now kicked the tires with vSphere 5.5 either in your home lab or on some servers at work and you’re anxious to get all the new goodies running in your production environment. Perhaps some of you early adopters are already running in full production, but we’re guessing many of you are just contemplating your major upgrade now.
VMware’s Tech Support staff tend to see a surge during the month of March in number of calls to support. But guess what? Many of the issues we’re anticipating are already resolved, and we’ve been busy compiling and documenting solutions to common problems that you can handle yourself.
Those of you installing or upgrading your vSphere hosts, and vCenter Server instances to version 5.5 will find the following KB articles and Support Insider posts of great interest.
A great question crossed my desk today from a customer. “Can a VI Admin who has root access to ESXi “abuse” their privileges and “peek” inside the guests of VM’s hosted on the server?”
The short answer? If your ESXi admin has root or full administrator privileges, they can do anything. Nobody should be surprised by this! HOWEVER, you can mitigate, limit and monitor what is being done.
But first, let’s quickly review what is meant by “peek inside the guest”. In the human world, Continue reading
I’m often asked if you can use vCenter Server Heartbeat to protect the Auto Deploy Server. The answer is yes and I’m happy to announce that we now have some videos and product walkthroughs that show how this is done.
To view the product walkthrough visit http://vmwarewalkthroughs.com and select the recently added vCenter Server Heartbeat section. Here you will see the walkthrough showing how to use vCenter Server Heartbeat to protect your Auto Deploy server.
Updated based on feedback. Thanks for the comments!
I’d like to revisit the question “are ESXi patches cumulative”? This time I hope to hammer home the point with an example.
In short, the answer is yes, the ESXi patch bundles are cumulative. However, when applying patches from the command line using the ESXCLI command you do need to be careful to ensure you update the complete image profile and not just select VIBs.
There are two ways to update VIBs using the ESCLI command. You can use either the “esxcli software vib update …“ command or the “esxcli software profile update …” command. The “vib” namespace is typically used with the optional “-n <vib name>” parameter in order to update individual VIBs, where the “profile” namespace is typically used to update the host’s image profile, which may include multiple VIB updates. The key is when applying patches use the “profile” namespace to update the complete image profile opposed to using the “vib” namespace to update selected VIBs.
On August 26th at VMworld 2013 VMware announced vSphere 5.5, the latest release of VMware’s industry-leading virtualization platform. This latest release includes a lot of improvements and many new features and capabilities. In an effort to try and get my head around all this exciting new “stuff” I decided to go through the what’s new paper and compile a brief summary (well, relatively brief anyway).
Here’s the list I came up with. I’m sure I missed some things, but this list should help you get started with learning about what’s new in vSphere 5.5.
Summary of new features and capabilities available in vSphere 5.5 Continue reading
Recently I installed vCenter Log Insight, which by the way has one of the easiest and intuitive installers and configuration wizards ever!
After the Install and during the configuration you can easily add your vCenter server and vCOPs server so that monitoring can start straight away.
As an extra configuration step you can extend the default logging by setting up each ESXi host to use the Syslog server which is built into Log Insight, the process for this can be found in the documentation located here.
As per the documentation this means either going to each host and configuring the Syslog settings, configuring them manually through the shell or running the configure-esxi script through an SSH session.
As I already had a PowerCLI session open to my environment I wrote a quick PowerCLI script to achieve the same thing, the following script will configure the Syslog settings for each ESXi host to send their events to Log Insight…..
If you are an experienced vSphere admin then this post may not be for you. However, if you are new or just getting started on your journey to virtualization and vSphere with Operations Management (VSOM) then please keep reading…
I was once asked: “Explain how a brand new admin who wanted to install vSphere with Operations Management (VSOM) for the first time would go about doing that?”. While my initial thought was “Ah, that’s easy!”, in trying to answer this question it occurred to me that it’s actually quite involved, especially when you are new. You would need to do some research to understand the components, in the course of this research you would come across many new terms and acronyms and several different installation guides. Bottom line, a lot of time would be spent trying to figure out what the pieces are and how they fit together, and this is all before you install the first component.
This got me thinking about the challenges new IT professionals face and how it can be difficult having to sift through the vast amount of data trying to get answers to even the simple questions.
It’s in this spirit that we have created a new video series entitled “Getting Started – vSphere with Operations Management”. These videos are aimed specifically at helping new IT professionals get started with VSOM. The series starts by introducing you to the principals of virtualization and then guide you through the process of installing and configuring each VSOM component. The aim is to to help you spend less time researching and more time doing. These videos are basic, the goal was simple – to provide a series of introductory videos targeted at people who are new to vSphere in order to help get them through the initial learning curve.
Is there a good reason you don’t use VMware Auto Deploy?
Here at VMware we value our customers feedback and want to help make sure our product lines and features are in line with what is needed from your organization, as part of this we are trying to find out more details about how our customers use Auto Deploy, or if you don’t , how they don’t use Auto Deploy!
As part of this we have created a survey which will help prioritize efforts in the future and give us a clearer picture on how customers are or are not using Auto Deploy.
The survey takes you to different pages based upon your answers so please do not get scared by the number of pages at the top, this will quickly reduce and should take less than 5 minutes to complete.
As a thank you for filling this survey out, at the end you will have the chance to add your email address (optional) and be entered into a draw to receive 1 of 3 copies of VMware fusion, winners will be contacted after the end of the survey.
Thanks for taking the time to help make VMware products better.
A few weeks ago I saw on an internal email thread an ask from a customer via their VMware sale engineer. The customer was using AutoDeploy and Host Profiles. As part of this process, they were creating a local user on their ESXi hosts and when they connected to the host via the vSphere Client application on Windows, they were worried to see that the user was created with Shell Access already granted! As you can imagine, that’s probably not something you want done by default. Even more so when you’re in an environment that has compliance concerns. And especially when you have the Security Guy looking over your shoulder!
Well, like our friends from Down Under would say, “No Worries Mate”. What you are seeing here is a UI bug in the vSphere Windows Client. As you know, the vSphere Windows Client has been superseded by the new vSphere Web Client. But at the moment, it’s the main tool for configuration by those who connect to ESXi servers. With the vSphere Web Client being the current and future client user interface for vCenter Server managed objects and resources, the “old” vSphere Client may, at times, not be as current as we’d like.