WilliamLam.com

Exploring the new vSphere Privilege Recorder in vSphere 8.0 Update 1

09.13.2023 by William Lam // 3 Comments

Determining the minimum vSphere privileges that is required to perform a given vSphere operation (UI/API) has been a huge customer challenge to say the least. Strategies have included guessing along with trial and error by creating a custom vSphere Role and slowly removing privileges until you have identified the minimum required privileges. If you are familiar with the vSphere API and know exactly which API methods and properties are consumed, then you can use the vSphere API Reference since every method and property includes the specific privilege required in the documentation, but this method is pretty tedious and time consuming.

If only we had a way to record all the vSphere privilege that was used for a specific set of operation(s) in vCenter Server ... 🤔

Apparently I missed the initial news, but this was actually one of the new features that was introduced in vSphere 8.0 Update 1 called the vSphere Privilege Recorder! 😆

UPDATE (07/25/24) - Looks like the PowerCLI team has productized this capability with a new cmdlet introduced in PowerCLI 13.3 called Get-VIPrivilegeReport

[Read more...]

Synology DS723+ in Homelab

09.12.2023 by William Lam // 15 Comments

While I am a huge fan and a happy user of vSAN in my homelab environment, it can sometimes be challenging when you only have a single node (yes, this is not a best practice nor recommended). For example, I have not been able to upgrade to the latest vSAN Disk Group version because my vCenter Server Appliance (VCSA) is also running on top of vSAN which prevents the upgrade operation from completing as changes to the vSAN Disk Group is required.

I honestly have been putting this maintenance off for quite some time but right before VMware Explore, I got an opportunity from Synology to check out one of their storage offerings, the DS723+. While I have never worked with a Synology product before, I know many in the VMware Community use their DiskStation NAS for a number of use cases from VM/Application backup, file sharing, and certainly external storage for ESXi. I also found it interesting that you can also run certain types of applications directly on the NAS, which certainly pique my interest 🙂

With VMware Explore US now behind us, I finally got a chance to play with the DS723+ which has the following configuration:

DS723+
HAT3300-4T - 2 x 4TB SATA Disks
SNV3410-400G - 2 x 400GB M.2 SSD Disks
D4ES02-4G - 6GB DDR4 ECC memory (1 x 4GB DDR4 module + included 2GB DDR4 module)
E10G22-T1-Mini - 10GbE network module

Note: For those interested, there is also DS723+ bundle (includes 2 x 4TB SATA disk) on Amazon

[Read more...]

Retrieving vCenter Server certificate (Machine, VMCA Root, STS & Trusted Root) details using the vSphere API

09.11.2023 by William Lam // 11 Comments

In the vSphere UI, users can easily view and manage all of their vCenter Server certificates by navigating to Administration->Certificate->Certificate Management as shown in the screenshot below.

There are four types of vCenter Server certificates: Machine SSL, VMware Certificate Authority, STS Signing Certificate and the Trusted Root. On the main summary view, we can see the validity of the certificate, which is useful to quickly determine if you need to plan on replacing a specific certificate. We can also get more information about a specific certificate by clicking on the "View Details".

A question recently came up internally asking whether there is a vSphere API to retrieve all of this information programmatically, especially the validity of the certificate?

[Read more...]