vSphere 8.0 – Page 13

Dynamic ESXi firewall rulset for non-standard syslog ports in vSphere 8.0 Update 2b

03.21.2024 by William Lam // 5 Comments

For most users who configure syslog for their ESXi hosts (hopefully everyone is doing that for audit, compliance and troubleshooting purposes), they typically stick with the default syslog ports 514 for UDP/TCP or 1514 for TLS.

A huge benefit of using the default syslog ports is that the ESXi firewall is already configured with these rulesets configured for outbound access.

If you require to use a non-standard syslog port for ESXi, the current solution was not ideal. While you can open up a custom port using the ESXi firewall, the issue is persisting that customization, which either requires a custom VIB or messing around with local.sh startup script.

A nice enhancement that is included with the recent release of vSphere 8.0 Update 2b is the support for a dynamic ESXi ruleset when non-standard syslog ports is configured.

As you can see in the example below when I configure my ESXi host to use a syslog server with a custom port 12345, the ESXi will automatically create a dynamic firewall ruleset that will open up that port for outbound connectivity. If you change the port or disable the syslog configuration, then the dynamic ruleset will be updated and/or removed.

Custom ESXi "Dummy" Reboot VIB for vSphere Lifecycle Manager (vLCM)

03.19.2024 by William Lam // 2 Comments

A few weeks back, I had a request from one of our Technical Adoption Managers (TAM) that their customer wanted to create a custom ESXi VIB that could be used with vSphere Lifecycle Manager (vLCM) and would only require the ESXi host to reboot as part of the remediation.

This might sound like a strange request but I suspect the customer was either building out some automation for vLCM or simply getting more hands on with vLCM without applying any changes, which is great because its predecessor, vSphere Update Manager (VUM) will be removed in a future major release of vSphere.

While the customer was able to create a custom VIB by following the instructions in my recent blog post for building a custom VIB for ESXi 8.x, I did noticed that their descriptor.xml did not properly set the live-install-allowed and live-remove-allowed options which controls whether an ESXi host should reboot after installing and removing a VIB from the host respectively.

Since vLCM only works with offline bundles, we actually need to create an offline bundle with our custom ESXi VIB that vLCM can import. To further complicate things, starting with vSphere 7.x, a proper offline bundle that can be imported into vLCM requires the use of components rather than bulletins, which is what VUM previously had used.

With the assistance of the vLCM Engineering team, I was able to create my own "Dummy" ESXi VIB/Offline Bundle that is compatible with both vSphere 7.x and 8.x, which can be used directly by a standalone ESXi host via ESXCLI or imported and lifecycle using vLCM.

[Read more...]

Retrieving detailed vSphere Lifecycle Manager (vLCM) Image information from vSphere Cluster using PowerCLI

02.06.2024 by William Lam // Leave a Comment

As more and more users are adopting vSphere Lifecycle Manager (vLCM) to simplify the lifecycle and configuration management of their ESXi hosts, you may want to get more information about a given vLCM image that has been associated with a specific vSphere Cluster.

While you can certainly get this information using the vSphere UI, you can also get this detailed information by using the vLCM REST API, which can easily be consumed using variety of vSphere SDK Clients including PowerCLI.

For inventory and/or auditing purposes, automation is typically the answer, especially at scale. I will not bore you with the details, but I recently created the following PowerCLI function called Get-vLCMClusterImageInformation and given the name of a vLCM-enabled vSphere Cluster, it will provide you with the associated ESXi base image and all Solutions and Components that is associated with a given image.

UPDATE (02/06/25) - The script has also been updated to also include information for a vLCM image that has integrated with an Hardware Support Manager (HSM) to provide firmware information.

[Read more...]