vSphere 7.0

Quick Tip - Listing all vSphere Privilege Definitions

03.04.2025 by William Lam // Leave a Comment

By design, the vSphere platform (includes vCenter Server and ESXi) is highly extensible and additional vSphere Events and Privileges can added by 2nd and 3rd party solutions. Similiar to vSphere Events, where you can query your specific vCenter Server (or ESXI hosts) to list all vSphere Event definitions, you can also do the same for vSphere Privileges.

Using PowerCLI, we can use the Get-VIPrivilege cmdlet to help list out the vSphere Privilege Groups and the specific granular vSphere Privileges that exists within deployment.

Here is an example of listing all the different vSphere Privilege Groups that have been defined, either out of the box and/or by 2nd or 3rd party solution:

Get-VIPrivilege -PrivilegeGroup | select id,Description | Sort-Object -Property Id

As of vCenter Server 8.0 Update 3c, there are currently 111 out of the box vSphere Privilege Groups, you may have more or less depending on your version and the number of 2nd/3rd party integrations.

Here is an example of listing all the vSphere Privilege definitions that have been defined, either out of the box and/or by 2nd or 3rd party solution:

Get-VIPrivilege -PrivilegeItem | select id,Description | Sort-Object -Property Id

As of vCenter Server 8.0 Update 3c, there are currently 473 out of the box vSphere Privileges, you may have more or less depending on your version and the number of 2nd/3rd party integrations.

Additionally, you may also find these other vSphere Authorization blog posts useful:

Updated vSphere Login UI customizations for vSphere 7.x & 8.x

02.04.2025 by William Lam // 2 Comments

It has been more than a decade since the vSphere UI has transition to an HTML-based interface and while not officially supported, users do have the ability to customize the login screen for a variety of use cases from internal disclaimers and compliance to customer branding as I have demonstrated in the past.

Although the general modification process has mostly stayed consistent, there has been subtle changes across vCenter Server releases which I have blogged about here, here and here.

I recently had a few folks ask whether the previous guidance was still applicable to the latest vCenter Server releases and given the previous articles were focused on vSphere 6.0 and 6.5, I figured its time for an update 🙂

Disclaimer: This is not officially supported by VMware, please use at your own risk.

Here is an example of one of my development vCenter Servers running the latest 8.0 Update 3 release ... I wonder if would make the cut as a feature enhancement for a default theme? 😅

via GIPHY

[Read more...]

Quick Tip - Monitoring ESXi remote syslog forwarding

10.01.2024 by William Lam // 3 Comments

When an ESXi host is unable to forward its logs to a remote syslog server, a VMkernel Observation (VOB) is automatically raised by the host and it can be used to proactively alert administrators, which has been possible since ESXi 5.0 .... per this blog post from 2012 after some Googling! 😅😂

While I was pretty confident the behavior described above still holds true for our latest ESXi 7.x and 8.x releases, I wanted to be sure before responding back to a colleague. I deployed the latest ESXi 7.0 Update 3q and ESXi 8.0 Update 3b and after configuring syslog forwarding, I disabled the NIC on my Aria Operations for Logs to simulate a network disconnect and I saw the following log entry in /var/log/vobd.log

2024-09-28T21:12:00.298Z: [UserLevelCorrelator] 7452916537us: [esx.problem.vmsyslogd.remote.failure] The host "192.168.30.62:514" has become unreachable. Remote logging to this host has stopped.

By default, ESXi will attempt to retry the remote syslog connection after the configured timeout (default 180 seconds), which is a relatively new configuration option that is available with ESXCLI (esxcli system syslog config set --default-timeout XX).

[Read more...]