WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / New PCI Compliance Audit APIs for VMware Cloud Foundation (VCF) 5.2

New PCI Compliance Audit APIs for VMware Cloud Foundation (VCF) 5.2

08.08.2024 by William Lam // Leave a Comment

One very interesting capability that I had noticed while reading the the latest VMware Cloud Foundation (VCF) 5.2 release notes are new VCF APIs for auditing PCI Compliance.

VCF users can now use a new set of APIs that audit VCF configuration for compliance with 9 relevant PCI-DSS controls

In addition to exploring these new VCF APIs, I thought this would also be a good opportunity to contribute to the popular PowerShell Module for VMware Cloud Foundation which is also the basis for several other useful VCF modules for automation:

  • PowerShell Module for VMware Cloud Foundation Reporting
  • PowerShell Module for VMware Cloud Foundation Certificate Management
  • PowerShell Module for VMware Cloud Foundation Password Management
  • PowerShell Module for VMware Cloud Foundation Power Management

To demonstrate the new VCF Compliance Audit APIs, I crated the following new functions which I have also submitted a pull request (PR) 291 to incorporate functions in a future release of the PowerShell Module for VMware Cloud Foundation, which I hope will get merged by the time this blog post is live!

  • Get-VCFComplianceStandard
  • Get-VCFComplianceConfiguration
  • New-VCFCompliance
  • Get-VCFComplianceTask
  • Get-VCFCompliance
  • Get-VCFComplianceHistory

After importing the PowerShell Module for VMware Cloud Foundation, you will need to connect to SDDC Manager by using the following command:

Request-VCFToken -fqdn $sddcManagerFQDN -username $sddcManagerUsername -password $sddcManagerPassword

Using the Get-VCFComplianceStandard function, we can retrieve the list of available compliance audit standards and the Get-VCFComplianceConfiguration function will return the specific audit configurations for the supported VCF resources.


To run a new compliance audit, you will use the New-VCFCompliance function and today the supported compliance standard and version is PCI 4.0 and the resource is on SDDC Manager, which you will specify the following command along with the name of either your Management or Workload Domain:

New-VCFCompliance -ResourceType "SDDC_MANAGER" -StandardType "PCI" -StandardVersion "4.0" -WorkloadDomainName "vcf-m01"


The output from the command will be the compliance audit task and you can check the progress by using the Get-VCFComplianceTask function and provide the task ID along with the name of the Management or Workload Domain as shown in example below:

Get-VCFComplianceTask -WorkloadDomainName "vcf-m01" -ComplianceTaskId "f57f0c2a-5ab5-4e79-9034-d0bed61acf41"


Once the compliance audit has finished, you will get back a compliance audit ID and using the Get-VCFCompliance function, you can view the results of the audit:

Get-VCFCompliance -ComplianceAuditId "4c5aa3dc-3c2f-460b-ad1a-3a8f2a1a534a"


To get more information about a specific audit configuration you can refer back to the Get-VCFComplianceConfiguration function.

Lastly, you can also retrieve the history for all compliance audits using the Get-VCFComplianceHistory function which also includes the compliance audit ID in case you want to view a specific audit that had previously completely:

Get-VCFComplianceHistory

More from my site

  • ESXi on GMKtec NucBox K11
  • Quick Tip - VMware Cloud Foundation (VCF) Bringup fails without persistent ESX-OSData
  • Enhancements to VMware Cloud Foundation (VCF) & vSphere Automated Lab Deployment Scripts
  • vSAN ESA hardware mock VIB for physical ESXi deployment for VMware Cloud Foundation (VCF)
  • Quick Tip - Easily host VMware Cloud Foundation (VCF) Offline Depot using Python SimpleHTTPServer with Authentication

Categories // Automation, PowerCLI, VMware Cloud Foundation Tags // VMware Cloud Foundation

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...