Automation – Page 118

Automatically retrieve CVE CVSS score for all ESXi security bulletins

07.20.2018 by William Lam // 10 Comments

I always enjoying learning new things, especially when it is outside of my immediate domain expertise and if I can thrown in some Automation to help solve a solution, it is a win for everyone. I bring this up because, yesterday I had noticed an interesting question from one of our field folks where their customer is looking to implement a process for applying ESXi security patches to help determine compliance timeline (e.g. when a specific security update will be applied to infrastructure).

To do this, the customer would like to use the Common Vulnerability Scoring System (CVSS) score which ranges from 0-10, 0 being low and 10 being high. The CVSS score is part of the Common Vulnerabilities and Exposures (CVE) which is also referenced for every ESXi security patch (bulletin) that is published by VMware. The question that came up was how easily it would be to determine the CVSS score for a given ESXi security patch. First, I will outline the "manual" process and once that is understood, I will demonstrate an automated solution which customers can take advantage of to easily retrieve this information for all ESXi security patches.

[Read more...]

Resource Pools, Folders & VMC now supported with Cross vCenter vMotion Utility Fling

07.18.2018 by William Lam // 1 Comment

Many of you are already familiar with the Cross vCenter vMotion Utility, which was released as a Fling last year. In fact, a number of you have even shared your VM migration numbers, many of which are quite impressive (e.g. 5-10K VMs). Not only are the number of production VMs significant, but I also learned the duration of customer migration projects, such as datacenter evacuation, was able to complete significantly faster with the help of this tool.

Although v2.1 was just recently released, Vishal, the lead developer is constantly looking for ways to improve the tool. Most recently, we had a few customers ask for supporting additional placement targets such as vSphere VM Folders and Resource Pools. Customers often use VM Folders for organization purposes but also as a way to manage permissions and of course resource management with the use of Resource Pools (not for organization purposes ;)). These two stand alone feature are quite useful on their own, but they are also a building block to allow us to support migrating workloads to and from VMware Cloud on AWS (VMC) which we have received requests for as well. VMC has a restrictive permission model and customer workloads must be placed in a specific VM Folder and Resource Pool, both of which was not initially supported with the Cross vCenter vMotion Utility.

With the latest v2.2. release, customers will now have the ability to optionally specify a target Resource Pool and/or VM Folder by enabling an Advanced settings option at the upper right hand corner of the tool as shown in the screenshot below.

Below is a screenshot of vMotion'ing 3 running PhotonOS VMs from onPrem environment to my VMC's SDDC. The Fling supports both hot and cold relocate, however for vMotion to work you will need to ensure that your source vCenter Server (including ESXi hosts) are running vSphere 6.7 and the VM is configured with the new Per-VM EVC (requires vHW 14) which can be configured in the vSphere H5 Client.

Give the latest Fling a try and let us know what you think, if you have any feedback or request, feel free to leave a comment on the Fling page.