WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
    • VMware Cloud Foundation 9.1
    • VMware Cloud Foundation 9.0
  • VKS
  • Homelab
    • Hardware Options
    • Hardware Reviews
    • Lab Deployment Scripts
    • Nested Virtualization
    • Homelab Podcasts
  • VMware Nostalgia
  • Apple

Quick Tip - Automating allowed and not allowed Datastores for use with vSphere Cluster Services (vCLS)

01.25.2023 by William Lam // 5 Comments

One of the recent features of the vSphere Cluster Services (vCLS) is the ability configure the vSphere Datastores that vCLS is allowed to use to provision the required service VMs, which can be on a vSphere Cluster under Configure->vSphere Cluster Services->Datastores as shown in the screenshot below.


In addition to the vSphere UI, you can also programmatically update this configuration using the vSphere API and with tools like PowerCLI as one of the interfaces to the API.

[Read more...]

Categories // PowerCLI, vSphere 7.0, vSphere 8.0 Tags // vCLS, vSphere 7.0, vSphere 8.0

Applying additional security hardening enhancements in ESXi 8.0

01.10.2023 by William Lam // 16 Comments

While responding to a few ESXi security configuration questions, I was referencing our ESXi Security documentation, which includes a lot of useful information and latest best practices. It is definitely worth re-reviewing this section from time to time to take advantage of all the ESXi security enhancements to help protect and secure your vSphere environment.

In certain areas of the ESXi security documentation, I noticed that it mentions CLI and API, but it does not always provide an example that customers can then reference and use in their Automation, which is really the only guaranteed method to ensure configurations are consistent across your vSphere environment. After answering some of the security related questions, especially on the Automation examples, I figure it would be useful to share this information more broadly so that folks are aware of some of the new and existing security enhancements along with some of their implications if you are not implementing them.

Speaking of new ESXi security enhancements, one of the new features that was introduced in ESXi 8.0 is the ability to disable ESXi Shell access for non-root users. While this might sound like a pretty basic feature, applying this towards the vCenter Server service account vpxuser can help add another layer of protection for your ESXi hosts against attackers. It turns out that users with ESXi Shell access can also modify other local users password on ESXi host including the root user. By restricting ESXi Shell access for the vpxuser, you prevent attackers, which can also be insiders who have access to vCenter Server the ability to just change the ESXi root password without knowing the original password. As a result, this can lock you out of your ESXi hosts or worse, enable an attacker to encrypt your workloads, especially as the rise ransomeware attacks has been increasing.

[Read more...]

Categories // ESXi, PowerCLI, Security, vSphere 8.0 Tags // esxcli, ESXi 8.0, kickstart, security

Quick Tip - How to check if vSAN TRIM/UNMAP is enabled in VMware Cloud on AWS Cluster?

01.04.2023 by William Lam // 2 Comments

While the original question was for checking whether a specific VMware Cloud on AWS (VMC-A) cluster has the vSAN TRIIM/UNMAP feature enabled, the solutions below is applicable to any recent vSAN 7.x or 8.x deployment. There are two ways you check, either using the vSphere UI by selecting the cluster and navigating to Configure->vSAN->Services and expanding the Advanced Options tile or simply leveraging PowerCLI and the vSAN API to retrieve the exact same information.

vSphere UI

vSAN API using PowerCLI

$clusterName = "Cluster-1"
$vsanConfigSystem = Get-VsanView -Id VsanVcClusterConfigSystem-vsan-cluster-config-system
$clusterMoRef = (Get-Cluster $clusterName).ExtensionData.MoRef
$vsanConfigSystem.VsanClusterGetConfig($clusterMoRef).unmapConfig

 

Categories // PowerCLI, VMware Cloud on AWS, VSAN Tags // unmap, VMware Cloud on AWS, VSAN

  • « Previous Page
  • 1
  • …
  • 11
  • 12
  • 13
  • 14
  • 15
  • …
  • 57
  • Next Page »

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Quick Tip: How to Identify Which Kubernetes Cluster Owns a vSphere Container Volume (PV) 06/25/2026
  • What Host Lifecycle Operations Are Available after Importing vCenter into VCF 9.x Fleet? 06/24/2026
  • VCF 9.1 - Enabling High Availability for a Small VCF Management Services (VCFMS) Deployment 06/22/2026
  • Clarifying Minimum Required ESX Hosts for VCF Deployments 06/18/2026
  • VCF 9.1 - Auditing VCF Management Services (VCFMS) IP Pool Usage  06/17/2026
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.

To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2026

Loading Comments...