looking for suggestion on FREE tool that I can use to map out a 60 + host vmware infrastructure
I dont need to show the VM's as their is about 3000
I'm basically just looking to show the clusters, the hosts , and the data-stores
does such tool exist:?
1. Built-in firewall rules:
As one of the first steps for ESXi hardening you can start from limitation of permitted connections "To / From" the host and restricting unused transmits or blocking suspected traffics. So you may need to revision firewall rules and control what is permitted and what is not? or are their usage permanent or temporary for a specific time duration? Check your list again and for example if you always want to have permanently SSH access to your hosts, limit allowed IP addresses to only your management system IP address.
2. Using SNMP version 3:
Because of security nature of SNMP protocol on version3 in comparison with older versions 1 & 2 (based on support of encryption, authentication & hashing algorithms) it's strongly recommended to use SNMPv3. Old versions are using only a community string for SNMP communication that is clear-text data and certainly is a security breach. So for monitoring ESXi hosts, it's better to configure only SNMPv3 settings by "esxcli system snmp set --v3targets ... (I will explain how to do it in another post)
3. VIB Verification:
VIB or vSphere Installation Bundle is a package file (like a ZIP) contains of some installation files related to the ESXi. As the Kylesaid there are 3 main parts of VIBs: Archive (Payload), XML (Descriptor) and a Signature file for trust level verification and you can configure it to each of 4 below mentioned acceptance level depends on your system management policies:
I. Partner: VIB creating and testing will be done by partner and there is no VMware verification.
II. VMware Certified: All processes will be done by VMware itself.
III. VMware Accepted: Testing will be done by partners but result verification rely on VMware.
IV. Community: All processes executed outside of VMware partner program and are not supported.
It's a good suggestion to don't trust to all community VIB packages
4. NTP configuration:
Time, Time and Time ... This is so important to remember to set it before doing every other configuration on your hosts. It's recommended to set at least one NTP server outside of your virtual infrastructure (like a router) for all of the hosts. ( I described it before on this post how to do it by CLI)
5. Versions of TLS:
It's always a real problem, Which version of TLS we should use on our managed hosts? and what version must be disabled? It's strongly recommended to use only TLS 1.2 but somehow maybe some of associated management products to the ESXi host can only communicate with older version. So before disable versions of 1.0 or 1.1, check this matter out.
Source of content inside my personal blog: Undercity of Virtualization: Security Recommendation and Hardening on Virtual Environments - Chapter I
routes inside the vCenter Server Shell. There is two ways to do that. One method is using "route add" command on shell access. For example:
# route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.100.1 dev eth0
Result of this method is not persistent and will be clean after VCSA restart, Then it's useful only for testing or temporary situations. But if you want to save it, the Second way is editing of file *.network (such as 10-eth0.network) in and path "/etc/systemd/network" add intended routes in this form:
[Routes]
Destination=10.10.20.0/24
Gateway=10.10.100.2
Remember to add each route line in separated [Routes] brackets, otherwise it's not working as you expected. Then restart the network interface:
# ifdown eth0 | ifup eth0
or restart the networkd with these commands:
# systemctl restart systemd-networkd
# service network restart
And now if you want to check the results, run:
# route -n
# ip route show
Without shell access if you only login to VCSA console, there is many CLI for routing check and config, so you can use of these. To check them and how to use:
> routes.list --help
> routes.add --help
> routes.delete --help
> routes.test --help
Note I: There is another file here: "/etc/sysconfig/network/routes", if you view it's content, it will show only the system default gateway, no more routes will be shown here.
Note II: If you want to add routing to your ESXi hosts, just do:
# esxcli network ip route ipv4 add -n 10.10.20.0/24 -g 10.10.100.2
Source of content inside my personal blog: Undercity of Virtualization: Set Manual Routing for VCSA
1. first of all, try SSH to your VCSA and stablish your session with root credentials or something like that privilege:)
2. Then after enable shell by this "shell.set --enabled True" and granting shell access, you can find-out vPostgres configuration and credential on these below files (by vi & less):
/etc/vmware-vpx/embedded_db.cfg
/etc/vmware-vpx/vcdb.properties
3. Now you can successfully connect to your DB by username: vc and gained password from mentioned files.
4.Consider some situations:
Maybe you cannot access to your database remotely , so edit file /storage/db/vpostgres/pg_hba.conf on VCSA and add following line to file. Be careful to do on right place to work correctly, exactly where IPv4 or IPv6 are mentioned.
host all all IPAddr/SubMsk md5
Then edit /storage/db/vpostgres/postgresql.conf and add this line to made database for listening on all IP addresses: listen_addresses = '*'
And at the end of all, execute one of these commands to restart vpostgres service on VCSA and commit the changes have been done:
/etc/init.d/vmware-vpostgres restart or service vmware-vpostgres restart
Also you can verify established connections on PostgreSQL port (TCP 5432) by running piping greps on netstat like this:
netstat -anp | grep LISTEN | grep tcp | grep 5432
But if your server don't listen on port 5432, Try this:
/usr/lib/applmgmt/networking/bin/firewall-reload
So you can verify your listening services by doing: iptables -L | grep postgres
Source of Content inside my personal blog: Undercity of Virtualization: Connect and Manage VCSA Database (PostgreSQL)
Hi VMwarers,
as much as I know that VCSA 6.7 U1 comes with enhanced features with VMtools that it stores it in a single place is that correct?
also while browing for the UserVars.ProductLockerLocation i can't find it neither following it's location absolute path nor relative tried to search also didn't get anything.
Hello !
I'm here because I got a problem while using the VMWare workstation 15 player ( 15.1.0 build-13591040 ) : I can't copy file to/from my Ubuntu guest ( I think it's for all Linux VMs ). I've tried by CTRL+C CTRL+V and by dragging them into the VM
I have VMWare tools at the last version , and tried to uninstall/reinstall VMWare Workstation 15 player.
Can someone help me ? Thanks
Has anyone experience this pink screen?
Dear All,
Have any one know where can set the TimeZone under ESXi 6.7?
i have following the command with VMware Knowledge Base , but can't find that file on ESXi 6.7.
Best Regards
Alan Cheng
Since we've upgraded to VCSA 6.7U1 (10244745) we seemt o have encountered a problem affecting our backups. We have HA configured and the interfaces need to reside on a different subnet. We have configured the static routes in "/etc/systemd/network/10-eth0.network" and they work fine without any probs at all.
However when we execute the backup we get this message in the backup log file : 2019-01-18T10:48:03.883 [MainProcess:PID-10257] ERROR: BackupManager encountered an exception: While reading from '/etc/systemd/network/10-eth0.network.manual' [line 17]: section 'Route' already exists
Upon commenting the route objects backup works fine.
We tested this again on 6.7U1b (11726888) and when we execute a backup with multiple routes we get the same result of backup failed. ( different outcome as backup doesnt even start, and a support dump is created).
Has anyone tried taking backups of 6.7U1 with multiple route statements in the network config ? We already have a support ticket open however investigation and reply is taking too long
My eth0 network file is as per below :
[Match]
Name=eth0
[Network]
Gateway=172.16.xxx.1
Address=172.16.145.10/24
DHCP=no
[DHCP]
UseDNS=false
[Route]
Gateway=xxxx
Destination=yyyy/32
[Route]
Gateway=xxxx.1
Destination=yyy/32
[Route]
Gateway=xxxx.1
Destination=yyy/32
Thanks!
mulae
Hi folks,
I have a local OVA file on my Local Datastore how can I deploy a new VM using it everytime I follow steps it open a GUI so I upload the OVA/OVF again from my local Desktop and the OVA file actually resides on my local datastore
I tried looking at their stylesheet but was very confused. I want my hot, trending, etc tags to be in the middle under my banner (I removed them currently because it looked terrible with my submission text box being moved up). Can anyone help me figure out what codes I need to center the tags but keep the submission text box near the top when people click on submit a new link or submit a new text post buttons.
When I click on this I get nothing...am I missing something?
Thanks
Hello everyone,
I have done several tryout before posting to the community forums but i need help. My computer is a Asus Striker Extreme with two networks cards built-in.
Those card are detected as PCNet Fast Family network adapter.
I am trying to make the network card to work in dos mode with MS-DOS 6.22. So i've found the packet driver and the network card driver as well. I've tried manual setup,
and MS Network client setup as well. Everything seem fine. No error on load for any of the drivers. It even start the DHCP request and receive a IP adress according to ipconfig from
the MS Client.
But if i ping the gateway i get a No response issue. The loopback ping work (127.0.0.1).
So the DHCP request seem to work correctly because i receive the DNS IP information, the gateway IP etc.
But if i try to ping a site.com or any other IP in the network i get no response.
I do not want to share my DOS drive with the network, all i want is able to make the network card to work, the packet driver to work and then a old software called The Major BBS with a module called Vircom TCP/IP. This software is a BBS which give you the possibility to some Internet feature like Telnet In/Out.
Im doing something wrong in the setup or something wrong with TCP/IP stack even if it receive DHCP informations. My setup in the VM is Network Bridged. I tried the other setup and got the same issues.
Can anyone help me with this?
Thank you.
We're updating our GEN10 HPe servers and we're getting errors now.
I've attached a screen shot, but we're seeing
[device] I/O module 1 ALOM_Link_P4
This wasn't here until we did the firmware upgrade on the server, and we had nothing but problems with the old firmware dropping connections to VMs, and causing network hell.
We obviously don't want warnings showing up, suggestions?
vRealize Build Tools and vRealize Developer Tools are released to support development with VS Code.
Watch On-Demand: Learn Why Now is the Time to Upgrade Your vSphere Environment
On-Demand
Duration:60 minutes
Thanks
Aziz Bin Aqeel
vExpert 2019
Linkedin: https://www.linkedin.com/in/binaqeel/
I have installed the Mint beta (19.2) on VMware Fusion 11 Pro (11.1) and everything seems to run fine.
It runs about as fast as Mint 19.1 - both using xfce window manager.
Hi All,
I am trying to add NSX license in vSphere 6.7 and facing issue “serial keys are not valid”.
I am using default administrator user which is a part of License administrators group.
Same license works perfectly on another vCenter running the same version.
I have tried to use both HTML and Flex clients. Could anyone help please. I am having hard time fixing this.
Raghav
Hi
I am trying to get the console working from my iPad Pro, I'm running against ESXi 6.7U1 with Safari, I get the console window but only with the text "Failed to connect". It works fine with Safar in MacOS but I need this when I'm mobile. Are there some way of getting this to work?
Thanks
When going to the vCloud Director tools download area and trying to download the Extender OVA, the website shows "couldn't complete the request". Does anyone have the same issue? Any help is appreciated.
Thanks!
Stephen