Category: ESXi

VSphere tip: removed VM from a datastore cluster but rules still applying to it

Found this issue last week and wanted to note it for future reference for myself (getting old and best way for me to remember as much as anyone:)).

So removed a VM from one of our datastore clusters. Now this machine had an affinity rule applied to it which i wasn’t aware of. Interestingly found i couldn’t remove the rule even  wanted to from the datastore cluster.

Turns out the solution was slightly inelegant but it worked.

i) Moved said VM back into the datastore cluster

ii) In the vSphere client (or web) browse to the datastore cluster.

iii) Click the Manage tab and select Settings

iv) Under Configuration, click Rules

v) Pick out your offending rule you want deleted and click Remove and click Ok

VSphere 6.5 enhancement: VM secure boot support

Although theoretically possible in vSphere 6.0 VM secure boot support only officially supported with vSphere 6.5. Interesting thing with 6.5 is the range of improvements made in the security space with the hypervisor. Been good too that VMware have been listening to the user community in simplifying the adoption of a lot of these features.

An example being VM secure boot support which is easy to setup.

Requirements:

I) Requires EFI firmware support

II) Works for Windows and Linux virtual machines

To setup simply:

i) edit your virtual machine properties

ii) Choose VM Options tab

iii) Make sure EFI is choosen under the Choose which firmware should be used to boot the virtual machine

aa-secure-boto

iv) Tick the tick box beside Secure Boot (EFI boot only) and ok

And your done

VMware tip: how to get assign a static IP address to

Recently came across an issue trying to assign a static IP address to an OVA file. Was going to post it on the VMware communities site but someone had raised a post asking same question. Turns out the fix is a little more involved than assigning one to an OVF file. Good VMWare discussions article came to my (and some other folks’) rescue:

https://communities.vmware.com/thread/472332

 

 

ESXi tip: Recommended lockdown mode configurations

As you can probably guess by its name lockdown mode is used to increase the security of your ESXi hosts. When enabled no users other than vpxuser have permissions to logon nor can they perform activities against the host directly.

Essentially forces all operations to be performed through vCenter.

Enclosed is a handy table showing the recommended configuration based on setup

https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B23B1360-8838-4FF2-B074-71643C4CB040.html

Applicable to later editions too.