Kyle Gleed, Sr. Technical Marketing Manager, VMware
Duncan Epping recently posted some great info on creating custom VIB files (How to create your own .vib files, Some more nuggets about handling vib files). With custom VIBs making their way into the community this got me thinking that a quick refresher on VIB security would be helpful. A while back I posted a VIB overview blog in which I discussed how signature files are used to help not only identify if a VIB is officially supported, but also to protect the against any malicious tampering of the VIBs contents. While custom VIBs definitely have their place (see KB 2007381), do exercise caution when adding them to your ESXi image profiles. Here's a quick recap of the section on VIB security:
The signature fileis an electronic signature used to verify the level of trust associated with the VIB. The acceptance level not only helps protect the integrity of the VIB, but it also identifies who created the VIB and the amount of testing and verification that has been done. There are four acceptance levels:
- VMwareCertified: VIBs created and tested by VMware. VMware Certified VIBs undergo thorough testing by VMware.
- VMwareAccepted: VIBs created by a VMware partners that are approved by VMware. VMware relies on partners to perform the testing, but VMware verifies the results.
- PartnerSupported: VIBs created and tested by a trusted VMware partner. The partner performs all testing. VMware does not verify the results.
- CommunitySupported: VIBs created by individuals or partners outside of the VMware partner program. These VIBs do not undergo any VMware or trusted partner testing and are not supported by VMware or its partners.
All VMware and partner supported VIBs must be signed by a VMware trusted authority, this helps ensure the security of the VIB by preventing any unauthorized tampering of its contents. Community supported VIBs do not need to be signed, but they are still required to have an empty signature file. Be careful when using CommunitySupported VIBs as their contents are not tested, monitored or controlled.
Coinciding with the VIB acceptance levels, ESXi Image Profiles also have an acceptance level. When the image is created it is assigned one of the four acceptance levels. Any VIBs added to the image must be at the same acceptance level or higher. This helps ensure that non-supported VIBs don’t get mixed in with supported VIBs when creating and maintaining ESXi images.