Automation – Page 30

Exploring the new vSphere Privilege Recorder in vSphere 8.0 Update 1

09.13.2023 by William Lam // 3 Comments

Determining the minimum vSphere privileges that is required to perform a given vSphere operation (UI/API) has been a huge customer challenge to say the least. Strategies have included guessing along with trial and error by creating a custom vSphere Role and slowly removing privileges until you have identified the minimum required privileges. If you are familiar with the vSphere API and know exactly which API methods and properties are consumed, then you can use the vSphere API Reference since every method and property includes the specific privilege required in the documentation, but this method is pretty tedious and time consuming.

If only we had a way to record all the vSphere privilege that was used for a specific set of operation(s) in vCenter Server ... 🤔

Apparently I missed the initial news, but this was actually one of the new features that was introduced in vSphere 8.0 Update 1 called the vSphere Privilege Recorder! 😆

UPDATE (07/25/24) - Looks like the PowerCLI team has productized this capability with a new cmdlet introduced in PowerCLI 13.3 called Get-VIPrivilegeReport

[Read more...]

Retrieving vCenter Server certificate (Machine, VMCA Root, STS & Trusted Root) details using the vSphere API

09.11.2023 by William Lam // 11 Comments

In the vSphere UI, users can easily view and manage all of their vCenter Server certificates by navigating to Administration->Certificate->Certificate Management as shown in the screenshot below.

There are four types of vCenter Server certificates: Machine SSL, VMware Certificate Authority, STS Signing Certificate and the Trusted Root. On the main summary view, we can see the validity of the certificate, which is useful to quickly determine if you need to plan on replacing a specific certificate. We can also get more information about a specific certificate by clicking on the "View Details".

A question recently came up internally asking whether there is a vSphere API to retrieve all of this information programmatically, especially the validity of the certificate?

[Read more...]

Quick Tip - New remote version of ESXCLI 8.x

09.08.2023 by William Lam // 1 Comment

I was recently made aware of a nice update from our developers that we now have a new version of the remote ESXCLI utility that is much simpler to install across any operating system and is fully backwards compatibility with ESXi hosts running 6.7.x, 7.x and 8.x.

Many of you are probably familiar with the local version of ESXCLI which is available when connecting to ESXi whether that is over SSH or directly in the ESXi Console. However, a remote version of ESXCLI has been available since the introduction of ESXCLI back in vSphere 4.0, but surprisingly, I still come across users who never knew that this was possible!

In the past, the remote version of ESXCLI was platform specific and it was distributed in a number of diffrent ways from being bundled as part of the vSphere CLI (6.7) to being a standalone download (7.0) and this inconsistency brought many challenges, not just from an internal development standpoint but also operationally for users who needed to deploy this utility across their administrative systems.

[Read more...]