esxcli

Quick Tip - New remote version of ESXCLI 8.x

09.08.2023 by William Lam // Leave a Comment

I was recently made aware of a nice update from our developers that we now have a new version of the remote ESXCLI utility that is much simpler to install across any operating system and is fully backwards compatibility with ESXi hosts running 6.7.x, 7.x and 8.x.

Many of you are probably familiar with the local version of ESXCLI which is available when connecting to ESXi whether that is over SSH or directly in the ESXi Console. However, a remote version of ESXCLI has been available since the introduction of ESXCLI back in vSphere 4.0, but surprisingly, I still come across users who never knew that this was possible!

In the past, the remote version of ESXCLI was platform specific and it was distributed in a number of diffrent ways from being bundled as part of the vSphere CLI (6.7) to being a standalone download (7.0) and this inconsistency brought many challenges, not just from an internal development standpoint but also operationally for users who needed to deploy this utility across their administrative systems.

[Read more...]

Extending ESXCLI commands

05.02.2023 by William Lam // 2 Comments

Back on the first of April, I had shared the following video:

While many thought it was an April Fools's joke, that was certainly the original intention, but I also wanted the joke to be based on something realistic and not made up. Everything that you saw in that video is completely real, this was a real ESXCLI command that integrated with ChatGPT and was running on an ESXi 8.0 Update 1 release! 😊

So how did I do it?

[Read more...]

Applying additional security hardening enhancements in ESXi 8.0

01.10.2023 by William Lam // 6 Comments

While responding to a few ESXi security configuration questions, I was referencing our ESXi Security documentation, which includes a lot of useful information and latest best practices. It is definitely worth re-reviewing this section from time to time to take advantage of all the ESXi security enhancements to help protect and secure your vSphere environment.

In certain areas of the ESXi security documentation, I noticed that it mentions CLI and API, but it does not always provide an example that customers can then reference and use in their Automation, which is really the only guaranteed method to ensure configurations are consistent across your vSphere environment. After answering some of the security related questions, especially on the Automation examples, I figure it would be useful to share this information more broadly so that folks are aware of some of the new and existing security enhancements along with some of their implications if you are not implementing them.

Speaking of new ESXi security enhancements, one of the new features that was introduced in ESXi 8.0 is the ability to disable ESXi Shell access for non-root users. While this might sound like a pretty basic feature, applying this towards the vCenter Server service account vpxuser can help add another layer of protection for your ESXi hosts against attackers. It turns out that users with ESXi Shell access can also modify other local users password on ESXi host including the root user. By restricting ESXi Shell access for the vpxuser, you prevent attackers, which can also be insiders who have access to vCenter Server the ability to just change the ESXi root password without knowing the original password. As a result, this can lock you out of your ESXi hosts or worse, enable an attacker to encrypt your workloads, especially as the rise ransomeware attacks has been increasing.

[Read more...]