A. Mikkelsen VMware ESX scripts, commands, tools and other nice to know things that will make your virtualization days easier!!!!

Friday, June 24, 2011

VMware releases vSphere 4.1 hardening guide

Filed under: Security,Tools — Tags: , , , — A. Mikkelsen @ 22:25 pm

In April VMware released their hardening guide for vSphere 4.1 (http://communities.vmware.com/docs/DOC-15413) , now the have also released a free tool to check your vSphere installations against their hardening guidelines.

The tool is called “VMware Compliance Checker for vSphere” – http://www.vmware.com/products/datacenter-virtualization/vsphere-compliance-checker/overview.html

Tuesday, September 21, 2010

Copy & Paste option is disabled in vSphere Client 4.1 – default

Filed under: Security,Troubleshooting — Tags: , , , , , — A. Mikkelsen @ 14:23 pm

Yesterday we upgraded one of our vSphere Clusters to 4.1 – it went smoothly 🙂

But today the users reported that they weren’t able to use cut % paste between the guest and their computer using the vSphere Client (Console).

After a quick google we found that VMware has tightened the vSphere security by disabling this feature. See VMware KB 1026437.

If you need the cut & paste functionality you can enable it again on the guest or host level.

For a single VM:

  • Using the vSpher Client logon to your vCenter server.
  • Poweroff the VM.
  • Edit the VM’s settings
  • Navigate to Options > Advanced > General
  • Click Configuration Parameters
  • Add the following rows, by using Add Row
    isolation.tools.copy.disable –  false
    isolation.tools.paste.disable  – false
  • Click OK twice to close the dialogs and save the changes.
  • PowerOn the VM

For all VM’s on a host ESX/ESXi

Must be done on all hosts, so you don’t loose the functionality when the VM is migrated to another host.

  • Open a SSH to the host ex. using Putty
  • Open /etc/vmware/config in your favorit editor .
  • Add these lines to the file

  • Save and close the config file. Cut & Paste will work after a VM powerson, reboots or resume.

Tuesday, May 11, 2010

vSphere 4.0 Hardening Guide Released

Filed under: Security — Tags: , , — A. Mikkelsen @ 9:18 am

VMware has released their hardening guide for vSphere 4.0.

There is more than 100 guidelines to choose from, divided between

  • Introduction
  • Virtual Machines
  • Host (both ESXi and ESX)
  • vNetwork
  • vCenter
  • Console OS (for ESX only)


Thursday, September 17, 2009

Ever wondered it you ESX servers are hardened enough

Filed under: Security,Tools,vSphere (ESX) — A. Mikkelsen @ 14:03 pm

Have you ever needed to document how secure your ESX servers are.

If the answer is yes then take a look at these free fools (Compliance Checkers) from ConfigureSoft.com.

If the answer is no I would sugest you took a look at the tools anyway……

Compliance Checker for VMware ESX, checks the compliance of VMware ESX hosts against VMware hardening guidelines and Center for Internet Security (CIS) benchmarks.

Compliance Checker for PCI DSS, checks the compliance of servers and desktops against PCI DSS v1.2 requirements as specified by PCI Security Standards Council.

Tuesday, February 10, 2009

Need to see how secure your “babies” is ??

Filed under: ESXi,Security,Tools,vSphere (ESX) — Tags: , , , , , , , , , — A. Mikkelsen @ 18:29 pm

Have you ever needed to verify the security or hardened state of you ESX hosts?

If yes, then these tools from ConfigureSoft.com or TripWire.com will help you make the process easier.
If no, take a look at the tools anyway – it’s always nice to know if your “babies” are safe ;-).

Compliance Checker for VMware ESX, checks the compliance of VMware ESX hosts against VMware hardening guidelines and Center for Internet Security (CIS) benchmarks.

Compliance Checker for PCI DSS, checks the compliance of servers and desktops against PCI DSS v1.2 requirements as specified by PCI Security Standards Council.

TripWire ConfigCheck

Read a great how to.

Friday, October 10, 2008

Two free tools for Securing and auditing VM’s and ESX hosts

Filed under: Security,Tools,vSphere (ESX) — Tags: , , , , , — A. Mikkelsen @ 19:39 pm

Today i came across an article from techtarget.com about securing and auditing VM’s and ESX hosts.

There are a few free tools that can help you audit your host servers. Tripwire’s ConfigCheck and Configuresoft’s Compliance Checker for ESX, both of which are lite versions of each company’s enterprise-level product.

Read the full article here.

Wednesday, July 9, 2008

Need to check your ESX 3.5 enviroment security?

Filed under: ESXi,Security,Tools,vSphere (ESX) — A. Mikkelsen @ 18:03 pm

TripWire is here….

Came accross this cool free tool to check your ESX 3.5 enviroment security against VMware hardening guide.

Tripwire® ConfigCheckTM
is a free utility that rapidly assesses the security of VMware ESX 3.5 hypervisor configurations compared to the VMware Infrastructure 3 Security Hardening guidelines. Developed by Tripwire in cooperation with VMware, Tripwire ConfigCheck ensures ESX environments are properly configured—offering…… (Read More)

I’m really looking forward to see what else they can come up with 🙂

Thursday, February 14, 2008

Free Disaster Recovery for physical servers

Filed under: Disaster Recovery,Scripting,Security,White Papers — A. Mikkelsen @ 10:49 am

Frane Borozan has created a automated script based on VMware Converter to take a physical server and make fresh replica of it on VMware Server.

It is worth a look.

A. Mikkelsen

Saturday, February 9, 2008

vRanger script

Filed under: Disaster Recovery,Scripting,Security,Virtual Center,vRanger,vSphere (ESX) — A. Mikkelsen @ 16:47 pm

At work we use vRanger to take DR snapshots of all our VM’s (more than 370).

We decided that we would only snapshot drive 0 and use a TSM client to backup tha data in each VM and that the snapshots were only to be taken outside working hours.
These choices gave us some problems when running vRanger because we couldn’t schedule the snapshots from vRanger.

The solution was to make our own script that would handle the logic and just use vRanger to do the actual snapshotting.
We created a VBS script to hold the logic.
Create a log file
Delete snapshots from the day before (do to lack of storage space on the server)
Call the .cmd file that holds the information on witch VM’s to snapshot (Based on weekday – one file for each day).
Start TSM (send the VM’s snapshots to tape)
Send a status mail

We then created 7 .cmd files (one for each weekday) in witch we add a line for each VM to snapshot that day.
(You have to use vRanger GUI to choose witch drives to snapshot – changed from 3.17 -> 3.20)

I know this solution isn’t very dynamic but i works.

I’m in the process of upgrading the script so that it dynamicly creates a list of witch VM’s to snapshot based on a custom field in VC.
Furthermore i also want to create a script to update the vRanger database with witch drives to snapshot based on a custom field in VC.

I will upload the updated script as soon as it is done.
You can download the current script here.

Tuesday, December 11, 2007

Don’t miss the VMware Security Center

Filed under: Security,White Papers — A. Mikkelsen @ 14:15 pm

If you are looking for Security White Papers for VMware products take a closer look at

A. Mikkelsen

Powered by WordPress