WilliamLam.com

Enhanced vCenter Server Audit Event & Logging in vSphere 6.7 Update 2

by // 9 Comments

A couple of years back I had published a detailed analysis on vCenter Server's Authentication (AuthN) and Authorization (AuthZ) from an auditing and logging standpoint. This has been the go to reference for many of our customers and the posts also includes a number of log samples which I have documented in the following Github repository.

In addition to serving as a reference for our customers, it has also helped our Product and Engineering teams understand where we still had some gaps and how we could improve the overall user experience. As hinted in the recently announced vSphere 6.7 Update 2 release, which will be available soon, there are number of new auditing enhancements that have been made to both vCenter Server and the vCenter Single Sign-On (SSO) service that I think customers will really appreciate.

"Real" client IP address in Events

When you look at a login or logout Event in vCenter Server today, you may have noticed the user's client IP Address is actually of the vCenter Server rather than the actual remote client's address and the reason for this is explained here. In vSphere 6.7 Update 2, the real client IP Address is now captured and is included in all successful login/logout and failed logins. This information can now enable administrators to easily identify unauthorized access and be able to quickly track down the systems initiating the connections.

[Read more...]

How to immediately refresh the network GuestInfo using VMware Tools?

by // 1 Comment

We all know the benefits of installing VMware Tools into your guest operating system which also includes additional functionality such as the Guest Operations APIs, allowing administrators to perform operations directly within the guest (credentials required), even if networking is not available. In addition to all these benefits, customers also get better visibility into the guest such as the underlying OS that is actually installed, disk volumes and networking information such as hostname and IP Addresses for the different network interfaces.

I am assuming most of you have seen the VM Summary page in the vSphere UI and if VMware Tools is installed and running, some of the GuestInfo data will be displayed such as networking.


An interesting tidbit that I had learned recently about VMware Tools while working on Instant Cloning Apple MacOS (yup, this works!) is that there is a default polling interval of 30 seconds in which this GuestInfo data is updated. In general, this is not a problem as this type of information does not change frequently and the default should be more than sufficient for most customers.

However, if you are performing an Instant Clone and you are relying on the vSphere API and the GuestInfo data to determine the IP Address of the guest, having to wait up to 30seconds is not ideal, especially since the actual Instant Clone operation completes in just a few seconds. One option is to change the default polling interval, which I have outlined the details in the MacOS Instant Clone article, but rather than changing the default which can add some additional load, there is actually a much simpler solution.

With VMware Tools 10.1 or newer, customers now have a way to immediate initiate a refresh of the networking info, directly from within the guest. This is perfect for the Instant Clone use case where network configuration is applied through a customization script and you can then run the update command afterwards to ensure the GuestInfo data is immediately reflected. Below are the respective commands for each OS type and you will need to have administrator privileges to perform this operation.

Windows:

C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe info update network

Linux:

/usr/bin/vmware-toolbox-cmd info update network

MacOS:

/Library/Application\ Support/VMware\ Tools/vmware-tools-cli info update network

Integrating Github Actions with vSphere and VMware Cloud on AWS

by // 2 Comments

I have always been a fan of event-driven automation, the idea where you can automatically trigger a workflow or an operation based on a specific event. In the consumer world, the most popular example is the If This, Then That (IFTTT) service, which I use on a regular basis to automate the sharing of new articles from virtuallyGhetto to different Social Media channels.

For the Enterprise, this is also not a new idea and many folks including myself have been doing this for years in vSphere using vCenter Server Alarms. In fact, one example I still reference on a regular basis is from 2012 where you automatically apply a set of vSphere Security Hardening configurations to a Virtual Machine when a new VM Create Event is published by vCenter.

There are countless more examples of this concept beyond VMware but the general idea is to be able to subscribe to specific events and then automatically do something when a given event occurs. When Github Actions (Beta) was announced last year, I was really interested as I think this could open the door for a ton of interesting possibilities, especially from a VMware perspective around Continuous Integration/Development (CI/CD). I quickly registered for the Beta but did not get access until the start of this year. If you want to know what Github Actions can do, check out some of these demos that have been built by various folks from the community. The really exciting thing about Github Actions is that you can literally execute any workflow as long as you can containerized your business logic within a Docker Container. This means, you can use any language or tool that you are familiar with and make this work with Github Actions, pretty powerful stuff!

It was only recently while working on a personal project, which I hope will make its way to VMworld, that I finally got a chance to dig into Github Actions. I noticed in many of the online Github Action examples, that it included ways to deploy applications and containers to a Public Cloud but there was nothing that I found related to VMware. I figured, this would be a good learning opopournity for myself and I could even learn how to build my own Actions which can be useful for others to use or extend further.

[Read more...]