Last week i was working with a customer on some of the security hardening pointers. They were concerned about vSwitches Network Policy.
Shared the following recommendation with them. Hope this is useful.
In VMware vSphere, vSwitches have two network policy settings called “MAC address changes” and “Forged transmits” that control the behavior of virtual machine (VM) network traffic. Let’s understand the implications of changing these settings from “Accept” to “Reject”:
Continue reading “ESXi Hardening : vSwitches Network Policy”
The VMware Event Broker Appliance Fling enables customers to unlock the hidden potential of events in their SDDC to easily create event-driven automation. The VMware Event Broker Appliance includes support for vCenter Server and VMware Horizon events as well as any valid CloudEvent through the native webhook event provider. Easily triggering custom or prebuilt actions to deliver powerful integrations within your datacenter across public cloud has never been more easier before. A detailed list of use cases and possibilities with VMware Event Broker Appliance.
Continue reading “VMware Event Broker Appliance : VEBA”
Install PowerCLI Module (Machine without Admin Rights, with Internet Connectivity)
- Install-Module -Name VMware.PowerCLI -Scope CurrentUser -AllowClobber -Force
Ignore certificate Warning for Default Certs
- Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
Continue reading “PowerShell Commands to Get Snapshot Information”
Last week i was working with a customer, who is planning to add firewall on their external ESXI on which they have public IP.
Their requirement was to have the exact list of ports required for this activity. We have worked and enabled the following:
- 22 – SSH (TCP)
- 53 – DNS (TCP and UDP)
- 80 – HTTP (TCP/UDP)
- 902 – vCenter Server / VMware Infrastructure Client – UDP for ESX/ESXi Heartbeat (UDP and TCP)
- 903 – Remote Access to VM Console (TCP)
- 443 – Web Access (TCP)
Continue reading “Configuring an external firewall to allow ESX/ESXi and vCenter Server Traffic”
I am taking vCenter appliance as an example, same steps can be applied on any VMware Appliance.
- Connect to the vCenter Server Appliance with an SSH session and the root user credentials.
- Use the following commands to get to the command prompt:
- shell.set –enabled true
Continue reading “VMware Appliance/s set Root Account to ‘Never Expire’”