DefinIT Because if IT were easy, everyone would do it…

8Oct/130

VMware – The future of IT Google Hangout

Posted by Simon Eady

VMware.jpg

Recently I had the privilege to be asked to attend a Google hangout with Joe Baguley (VMware CTO EMEA), Paul Saffo (Technology Forecaster) and several other well known guys from the VMUG community

VMware - The future of IT Google Hangout

It was a first for me but a really enjoyable experience.

7Oct/132

Recover ESXi Root Password using AD Authentication

Posted by Sam McGeown

vmware logoLosing a root password isn’t something that happens often, but when it does it’s normally a really irritating time. I have to rotate the password of all hosts once a month for compliance, but sometimes a host drops out of the loop and the root password gets lost. Fortunately, as the vpxuser is still valid I can manage the host via vCenter - this lends itself to this little recovery process:

  • Join the host to the domain (I’ve got a handy post for that here)
  • Create the “ESX Admins” group in your AD and ensure that you are a member. The AD group will be given full administrator rights on the host automatically.
  • Wait for replication, and the host to pick up the group and membership – it took about 15 minutes for me.
  • You can now connect directly to the host using the vSphere Client – head on to the “Local Users & Groups” page and edit “root”:

image

  • You should now be able to connect to the host using your new root password.
4Oct/131

vSphere Security: Active Directory Authentication

Posted by Sam McGeown

Security-Guard_thumb2This is the second article in a series of vSphere Security articles that I have planned. The majority of this article is based on vSphere/ESXi 5.1, though I will include any 5.5 information that I find relevant. The first article in this series was vSphere Security: Understanding ESXi 5.x Lockdown Mode.

Why would you want to join an ESXi host to an Active Directory domain? Well you’re not going to get Group Policies applying, what you’re really doing is adding another authentication provider directly to the ESXi host. You will see a computer object created in AD, but you will still need to create a DNS entry (or configure DHCP to do it for you). What you will get is a way to audit root access to your hosts, to give administrators a single sign on for managing all aspects of your virtual environment and more options in your administrative arsenal – for example, if you’re using an AD group to manage host root access, you don’t have to log onto however many ESXi hosts you have to remove a user’s permissions, simply remove them from the group. You can keep your root passwords in a sealed envelope for emergencies! ;-)

26Sep/132

vSphere Security: Understanding ESXi 5.x Lockdown Mode

Posted by Sam McGeown

Security-GuardThis is the first article in a series of vSphere Security articles that I have planned. The majority of this article is based on vSphere/ESXi 5.1, though I will include any 5.5 information that I find relevant.

I think lockdown mode is a feature that is rarely understood, and even more rarely used. Researching this article I’ve already encountered several different definitions that weren’t quite right. As far as I can see there are no differences between lockdown more in 5.5 and 5.1.

The vSphere Security guide says (emphasis mine):

To increase the security of your ESXi hosts, you can put them in lockdown mode. In lockdown mode, all
operations must be performed through vCenter Server
. Only the vpxuser user has authentication
permissions, no other users can perform operations against the host directly.

In short, lockdown mode means you can ONLY manage the host via vCenter. The only exception is via the DCUI.

20Sep/130

What sort of lab would you build for $2000?

Posted by Sam McGeown

John Troyer (@jtroyer) asked a question on Twitter last night about a CloudCred prize of $1000-2000:

 

Page 10 of 44« First...89101112...203040...Last »