WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple

Is the vCenter Server Unique ID still important today?

10.05.2022 by William Lam // 4 Comments

When I was a customer back in the day, one of my operational checklist items for deploying a vCenter Server was to configure the vCenter Server ID and ensure that it was unique from other vCenter Servers within my environment.


The vCenter Server ID is a value between 0-63 that is randomly generated by default, but it can updated by a user after the vCenter Server has been deployed.

Why should you care about the vCenter Server ID? vCenter Server uses this ID to generate Virtual Machine MAC Addresses and if two vCenter Servers have the same ID, it can potentially generate duplicate VM MAC Addresses as explained in this VMware KB 1024025.

With this background in mind, is having a unique vCenter Server ID still relavent and applicable today in 2022?

[Read more...]

Categories // vSphere 5.5, vSphere 6.0, vSphere 6.5, vSphere 6.7, vSphere 7.0, vSphere 8.0 Tags // vCenter Server

Automatically retrieve CVE CVSS score for all ESXi security bulletins 

07.20.2018 by William Lam // 10 Comments

I always enjoying learning new things, especially when it is outside of my immediate domain expertise and if I can thrown in some Automation to help solve a solution, it is a win for everyone. I bring this up because, yesterday I had noticed an interesting question from one of our field folks where their customer is looking to implement a process for applying ESXi security patches to help determine compliance timeline (e.g. when a specific security update will be applied to infrastructure).

To do this, the customer would like to use the Common Vulnerability Scoring System (CVSS) score which ranges from 0-10, 0 being low and 10 being high. The CVSS score is part of the Common Vulnerabilities and Exposures (CVE) which is also referenced for every ESXi security patch (bulletin) that is published by VMware. The question that came up was how easily it would be to determine the CVSS score for a given ESXi security patch. First, I will outline the "manual" process and once that is understood, I will demonstrate an automated solution which customers can take advantage of to easily retrieve this information for all ESXi security patches.

[Read more...]

Categories // Automation, ESXi, Security, vSphere 5.5, vSphere 6.0, vSphere 6.5, vSphere 6.7 Tags // CVE, CVSS, ESXi 5.1, esxi 5.5, esxi 6.0, esxi 6.5, esxi 6.7, NIST

Quick Tip - What hashing algorithm is supported for ESXi Kickstart password?

05.21.2018 by William Lam // 2 Comments

I had a question the other day asking whether the encrypted password which can be specified within an ESXi Kickstart file (denoted by the --isencrypted flag) can use a different hashing algorithm other than MD5? The answer is absolutely yes. In fact, MD5 as a default hashing algorithm has NOT been used for a number of releases, probably dating back to classic ESX (you know, the version that had the Service Console).

For all recent releases of ESXi including 5.5 to 6.7, the default hashing algorithm has been SHA512 for quite some time now. Below are two ways in which you can check which default hashing algorithm is currently being used:

Option 1 - SSH to ESXi host and take a look at /etc/pam.d/passwd


Option 2 - SSH to ESXi host and take a look at /etc/shadow and look at the field prior to the salt.

As a reference:

  • $1$ - MD5
  • $5$ - SHA256
  • $6$ - SHA512

Categories // Automation, ESXi, Security, vSphere 5.5, vSphere 6.0, vSphere 6.5, vSphere 6.7 Tags // esxi, kickstart, md5, sha256, SHA512

  • 1
  • 2
  • 3
  • …
  • 30
  • Next Page »

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Recent

  • Self-Contained & Automated VMware Cloud Foundation (VCF) deployment using new VLC Holodeck Toolkit 03/29/2023
  • ESXi configstorecli enhancement in vSphere 8.0 Update 1 03/28/2023
  • ESXi on Intel NUC 13 Pro (Arena Canyon) 03/27/2023
  • Quick Tip - Enabling ESXi Coredumps to be stored on USB 03/26/2023
  • How to disable the Efficiency Cores (E-cores) on an Intel NUC? 03/24/2023

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2023

 

Loading Comments...