Automate disabling of IPMI over LAN access on HPE iLO

This article will describe how you can disable the IPMI over LAN access on HPE iLO.

The IPMI protocol can present a security vulnerability where the authentication process for IPMI requires a server to send a hash of a user password to the client before authentication. This is not a new vulnerability and since this is a part of the specification of the protocol there is no fix for it besides disabling it or accepting it.

Note that iLO versions 2, 3 and 4 have the IPMI over LAN access enabled by default whereas iLO version 5 has disabled this by default. ...  continue reading

Welcome to VMworld

VMworld 2018 comes to an end

VMworld 2018 is over. As always I’m leaving with lots of great impressions and lots of content to digest and further explore over the coming weeks.

I think it has been even clearer after this year that VMware is focusing on their Cloud strategy together with partners like AWS and IBM, that vSAN is the storage solution they want you to go forward with and that together with NSX this will be the base for the future.

It was also interesting that only since last year the focus on Containers and Kubernetes has really picked up the pace with lots of new offerings and solution as well as the acquisition of Heptio...  continue reading

Upgrading the VCSA and converting to embedded PSC

This week I’ve been playing in our vCenter lab and tested the upgrade to 6.7 U1 and also changing the deployment type to vCenter with embedded PSC.

I must say that the vCenter team has done a great job on the upgrade process over the last year. Both our migration from the Windows vCenter to the VCSA as well as the upgrade of a VCSA works well and there are lots of great documentation.

Our lab deployment consists of one vCenter VCSA running 6.7 and an external PSC. Both have been migrated from a Windows vCenter and later upgraded to 6.7...  continue reading

Industrialising remote offices with VMware vSAN

Recently we received lots of new hardware destined for a customer that has multiple locations world-wide.

They need a robust server solution for their production environments locally. The environment is small in terms of number of VMs, but there is high demands on the environment and we need local hardware at the sites as the connections to these sites varies and they are not fast enough at all times.

Lots of racks ...  continue reading

vSphere Performance data – New vSphere plugin for Telegraf

Recently there was a new release of Telegraf, a monitoring agent from the guys that built InfluxDB. This new version, 1.8.0, comes with a plugin for vSphere which I’m pretty excited about!

Previously I’ve been testing Telegraf for monitoring some Linux VMs and also my InfluxDB servers and the agent works as expected and it’s as easy to use as the other products in the TICK stack from Influx.

If you’ve followed my blog series about building a monitoring solution for vSphere and other infrastructure components you know that I’ve pulled metrics with PowerCLI scripts. With this new plugin to Telegraf I want to see if I can use this as a replacement. ...  continue reading

HPE iLO affects ESXi management agents – hosts in “not responding”

The last months we have had several issues with ESXi hosts going in a “Not responding” status. The VMs are still active and online in this scenario, but the ESXi cannot be managed. This also affets backup as it won’t be able to reach the VMs through the APIs.

Previously we have normally just restarted the management agents on the host and it has been able to connect to vCenter and after this we have managed to migrate the VMs off the host. Lately this hasn’t worked and we have been forced to boot the host with the result of the VMs getting rebooted by HA and eventually started on a different host.

Almost all of our ESXi hosts is HPE servers. We have also seen in many of these cases that iLO (Integrated Lights-out) management has not been accessible or not responsive. ...  continue reading

Exploring monitoring endpoints in the vCenter Server Appliance (VCSA) REST API

For a long time, actually since we migrated to the VCSA in 6.5 last year, I’ve wanted to utilize the REST API in the appliance to have some monitoring of them.

For several reasons I’ve had to put that on hold, one of them being that there seems to be something wrong with the back-end authentication calls. I get authentication errors on certain calls no matter which user I am logged in with (also the vsphere.local admin account).

 ...  continue reading