WilliamLam.com

Update on running ESXi on Intel NUC Hades Canyon (NUC8i7HNK & NUC8i7HVK)

by // 55 Comments

The Intel NUC is one of the most popular and affordable hardware platform for running vSphere and vSAN Home Labs. For customers that want a bit more computing power, Intel also has their Skull Canyon platform which was released back in 2016 and has also gained in popularity amongst VMware Home Labbers. To be clear, the none of the Intel NUC platforms are on VMware HCL and therefore are not officially supported.

Earlier this year, Intel released their second generation of their higher-end Intel NUCs dubbed Hades Canyon which comes in two flavors NUC8i7HNK and NUC8i7HVK, with the latter being the higher-end unit. Based on the previous generation of hardware, most customers assumed ESXi should just work and went out and purchased the lower-end "HNK" version just to find out that was not case. The ESXi Installer would boot up to a certain point and then stop with the following error:

“Shutting down firmware services…..

Using “simple offset” UEFI RTS mapping policy”

To add to the confusion, this issue was not observed with the higher-end NUC8i7HVK model which was also quite interesting. Over on the nucblog.net, they also confirmed ESXi runs fine on "HVK" model and the issue seems to be isolated to the lower-end "HNK" model.

[Read more...]

Retrieving Apple hardware details (Model, Serial, Board & EFI Boot ROM & SMC Version) from ESXi

by // 3 Comments

For customers who run ESXi on Apple Hardware, retrieving the Apple hardware specific information such as the Board ID, EFI Boot Room and SMC Version for troubleshooting or auditing purposes can be challenging. Historically, this information is only available when running the hardware with an Apple MacOS operating system and customers would have to either boot the system into the MacOS Recovery Mode to run the system profiler tool from the command-line or install a full blown MacOS operating system to retrieve the necessary information as outlined in this Apple KB.

For some customers, this may not even be an option as Apple hardware does not provide any remote management capabilities and customers must physically be in front of the system to perform this process and imagine needing to do this across a fleet of Apple servers. 

While working on a recent case with a customer, I was curious if the Apple specific information could be retrieved from within ESXi and remove the need to boot into MacOS? I reached out to one of the Engineers, Darius Davis, who I work with on a frequent basis when it comes to MacOS-related topics to see if this was possible.

[Read more...]

Is vCenter Server & ESXi hosts using VMware Certificate Authority (VMCA) or custom CA certificates?

by // 3 Comments

Customers have two primary methods of managing TLS certificates for their ESXi hosts, they can either use the built-in VMware Certificate Authority (VMCA) which is part of vCenter Server or Custom CA Certificates. I will not go into the gory details, but you can read more about the options here in our documentation.

A question that I had received recently was whether you can determine the type of certificate an ESXi host was provisioned with and whether this could be programmatically retrieved using the vSphere API? The answer is yes. In vSphere 6.0, we introduced a CertificateInfo property which contains a number of fields including status, issuer, expiry and subject details and by inspecting either the issuer or subject property, you can determine the type of certificate on the ESXi host.

Here is a screenshot of the data using the vSphere MOB for an ESXi host that has VMCA-based certificate:


Here is a screenshot of the data using the vSphere MOB for an ESXi host that has custom CA certificate:


As you can see, for VMCA-based certificate the issuer's OU will have value of "VMware Engineering" and subject's emailAddress will have value of "*protected email*".

[Read more...]