Apply the Latest VMware ESXi Security Patches to OEM Custom Images and Visualize the Differences

VMware vSphere customers often rely on custom VMware ESXi images from server OEM partners, such as Cisco, Dell, and HPE, to ensure support for the specific devices that each of those manufacturers include with their hardware.  This arrangement makes initial deployment easier, because all the required storage and I/O drivers are included, but often causes confusion when it comes to keeping up to date with the latest security patches published by VMware.

Since OEM partners typically only update custom images in conjunction with significant ESXi version releases or updates, vSphere admins must patch those custom images if security vulnerabilities arise.  A great resource for quickly reviewing available ESXi patches and build numbers is KB 2143832.  Download applicable patch bundles from My.VMware.

PowerCLI Image Builder enables admins to keep contents of an image profile up to date with the latest patches while still benefiting from the OEM images that contain hardware-specific device drivers. But selecting individual packages, known as VIBs, can be a daunting task for the uninitiated.

Fortunately, there’s a straightforward way to assemble an updated image: In a PowerCLI session, add both the OEM and VMware software depots, clone the OEM profile, and update it with the following command:

Set-ESXImageProfile $ClonedProfile -SoftwarePackage  (Get-ESXSoftwarePackage -Newest )

This is the simplest way to keep OEM images up to date with the latest VMware ESXi patches.  Don’t forget to export the resulting image profile to a zip or ISO file for subsequent use.

Advanced VMware ESXi Image Profile Creation and Comparison

For those interested in a more full-featured approach to image creation, I’m pleased to share a pair of PowerCLI scripts that provide more automation, as well as detailed information about the contents of your ESXi image profiles. These scripts may be found on the VMware PowerCLI Example Scripts repository, and are not officially supported by GSS.

esxi-image-creator.ps1 is a wrapper around the Image Builder commands that takes care of some of the additional tasks typically required when creating custom images.  Things like mounting depot files, and excluding or including specific VIBs are all handled with ease.  An advanced option gives admins the ability to select the latest VIBs by dates and not just by version number, for scenarios that warrant such fine-grained tuning. And finally, the resulting image can be written to ISO and/or zip image for use in your deployment workflows.

esxi-image-comparator.ps1 shows exactly what the differences are between two or more profiles.  The results can be viewed in the console window, in a GUI, or exported to CSV for safekeeping.  An interactive option and profile name include/exclude filters help whittle the selection down to exactly what you’re looking for.

Now you can confidently see every difference to know exactly what is changing in your ESXi image when applying patches!

Example VMware ESXi Image Management Use Cases

In the following section, I will go over a few sample workflows for image creation and show the resulting comparison output, using the -Grid option.

VMware ESXi 5.5 with Cisco UCS

Update the most recent Cisco custom image for ESXi 5.5 (U3b from December 2015) with the latest VMware patches and updated Cisco async drivers for enic and fnic devices.  Exclude the tools-light VIB to optimize for Auto Deploy.

esxi-image-creator.ps1 -NewProfileName Cisco_5.5_OEM_with_express_patch_11 -WriteZip -Files,,,

VMware ESXi 6.0 with Dell PowerEdge

Integrate the most recent Dell ESXi 6.0U3 image, which has already been updated by Dell to include the latest express patch 7a (5224934), with NSX VIBs and remove VMware Tools for use with Auto Deploy.

esxi-image-creator.ps1 -NewProfileName Dell_6.0_OEM_5224934_with_NSX -Files,, -Acceptance PartnerSupported

VMware ESXi 6.5 with HPE Proliant

Generate an image that incorporates the latest HPE Proliant packages from their online repository with the most recent ESXi 6.5 offline bundle from VMware.


esxi-image-creator.ps1 -LeaveCurrentDepotsMounted -NewProfileName ESXi_6.5.0d_with_HPE_drivers -Files -Acceptance PartnerSupported

Public VMware Image Profile Repository

Do not attempt to use the public VMware image profile repository to create a custom image, as it contains many different versions of image profiles and the resulting Frankenimage will likely be entirely unusable.

However, if you would like to generate a spreadsheet comparing every VMware ESXi release, try this:


esxi-image-comparator.ps1 | Export-Csv all_profiles.csv


  • Custom VMware ESXi images are the best way to get the full benefit of your preferred hardware
  • VMware ESXi security and bugfix patches typically need to be added to OEM custom images manually
  • These new PowerCLI scripts help streamline the workflow and provide confidence through detailed package comparisons

The post Apply the Latest VMware ESXi Security Patches to OEM Custom Images and Visualize the Differences appeared first on VMware vSphere Blog.

Source: VMware vSphere Blog

The VMware Certified Lenovo XClarity Web Client Plug-In Solution

The VMware Certified Lenovo XClarity Solution Capabilities

Lenovo recently certified their XClarity vSphere web client plugin solution.  Lenovo XClarity Administrator is a new centralized resource management solution that enables administrators to deploy infrastructure faster and with less effort. The solution seamlessly integrates into Lenovo servers and Flex System converged infrastructure platform. XClarity provides automated discovery, monitoring, firmware updates and compliance, pattern-based configuration management, and deployment of operating systems and hypervisors to multiple systems. 

Lenovo XClarity Integrator for VMware vCenter extends the VMware management platform to include XClarity Administrator functionality as well as helping to reduce planned and unplanned workload downtime through scheduled and automated workload migration during rolling system updates and reboots in the cluster, and on user-defined platform-level alerts such as a predicted hardware component failure. 

Benefits: What Are The Benefits Of Lenovo XClarity For vSphere Plug-In?

The VMware-certified solution from Lenovo has many benefits:

  • Automate complex and repetitive foundational infrastructure tasks
  • Improve workload uptime in clustered vSphere environments

For more information, click here 

Video: Let’s Take A Look At Lenovo Xclarity Vsphere Web Client Plug-In!

VMware’s Web Client Plug-In Certification Program:

Many companies are building and certifying their plug-in.  We have seen a surge in HTML 5 plugins being certified in 2017.  Through VMware certification partners can ensure a better end user experience and have the trusted VMware brand behind their plug-in.  Look for new partner web client plug-in certifications in 2017!   Thanks to all of our partners for supporting the VMware vSphere web client plug-in certification and partner program. 

For more information, view the links below:

VMware’s Solution Exchange (VSX):

vCenter website for vSphere web client plug-ins:

Social Media Channels: vSphere YouTube Channel: VMwarevSphere and Twitter: @VMwarevSphere

vSphere Fling for developing plug-ins:

The post The VMware Certified Lenovo XClarity Web Client Plug-In Solution appeared first on VMware vSphere Blog.

Source: VMware vSphere Blog

Hard(ware) Lessons Learned: Getting Started with Open Source Hardware

There’s a familiar face on

One of our most enthusiastic VMware Open Source experts, John Hawley, shared a must-read article with the : 8 Ways to Get Started with Open Source Hardware.

“Let’s start off by pointing out that hardware is hard, it’s complicated, sometimes esoteric and the tools you may be using are not always the most user-friendly. … Lessons are learned when things go wrong, and you usually get an interesting story to tell later.”

John Hawley, VMware Open Source Developer

In his piece, John highlights eight steps you need to take once you figure out what you want to build. Here are the first four steps to get your started:

  • Find an electronic design automation (EDA) tool. John recommended a few user-friendly options, such as Fritzing, gEDA and KiCad.
  • Design your board in the tool. For your first time around, John suggests keeping it small and simple before building up from there.
  • Export the design for manufacturing.
  • Find a board house. Ever heard of OSH Park? That’s the board house John uses for his open source hardware projects.

Four more steps remain in John’s quest to build the hardware he needs. After all:

“That’s what open source hardware is: A community of people making things and sharing them so that everyone can make their own things and build the hardware that they want—not the hardware they can get.”

Follow John’s upcoming contributions via RSS or catch him on Twitter @warty9.

Because you liked this blog:

The post Hard(ware) Lessons Learned: Getting Started with Open Source Hardware appeared first on Open Source @VMware.

Source: Open Source @VMware

OpenStack Summit Takeaways

By Mark Voelker, OpenStack Architect at VMware

Another OpenStack Summit is in the books! Last week I attended my 13th OpenStack Summit in Boston, Massachusetts. Part of what makes OpenStack Summit such a great event is the mix of activities and people. While I saw a lot of familiar faces and spent a lot of time catching up with old friends, I also met a lot of new folks—in fact, about half of the attendees at each OpenStack Summit are there for the first time

While I spent some time catching up on projects I’ve been working with for some time, I also spent some time with relative newcomers to the scene and adjacent communities. In fact, this spring OpenStack Summit hosted a number of “Open Source Days” for the first time. Open Source Days brought adjacent communities to the OpenStack Summit so attendees could get the best of all worlds. The roster included Kubernetes, Open vSwitch, OPNFV, CloudFoundry, and more. Specific use cases were on display too, with a lot of sessions and hallway conversations focussing on NFV and container workloads atop OpenStack.


If that wasn’t enough open source, adjacent open source technologies also made it to the main keynote stage the second edition of the Interop Challenge. I joined a large group on stage to do a live demonstration of a cloud-native workload deployed without modification on 15 different OpenStack clouds. This time around, we enlisted a little help from our friends at CoreOS and CockroachDB. We deployed Kubernetes on CoreOS guest instances, and then spun up a containerized CockroachDB cluster on top. While that in itself was a great testament to how much more portable workloads on top of OpenStack have become and how diverse the ecosystem is, we also spent some time this year to demonstrate not just repeated copies of the same workload, but a single app running across clouds. VMware joined a group of others to connect our CockroachDB cluster into a single large, geo-distributed database cluster spanning several clouds. As we see hybrid cloud or multi-cloud use cases go from thought experiment to production deployment pattern, this demo was a timely reminder of how fast the cloud ecosystem is evolving—and how fast OpenStack is moving to keep up. OpenStack is now approaching it’s seventh birthday, while Kubernetes is just shy of two years on from its 1.0 release and CockroachDB launched it’s 1.0 release on May 10th—the day after our on-stage demo!

While a lot of energy went into use cases in which OpenStack is rapidly growing and adjacent open source technologies that OpenStack users are increasingly adding to their portfolios, plenty of time was also spent on traditional OpenStack projects. Boston was the first OpenStack Summit under the new Summit format. Following last year’s OpenStack Summit in Barcelona, the community split the Design Summit portion of the conference out into a separate event called the Project Team Gathering (the next of which will be held in Denver later this year) so project developers could spend more time focussing on development.

The split also freed up some time at the Summit for developers to spend more time in “fishbowl” sessions with users—a new series of events within the Summit called “The Forum”. The Forum sessions I attended were mostly spent gathering feedback from operators and users about what to work on next to make sure OpenStack remains a good fit for production use. Generally, the feedback seemed to focus on a few key themes: emerging use cases (such as NFV and containers) and continued hardening of widely-deployed projects (like Nova, Cinder, and Neutron).

One particular topic that generated a lot of interest was a new addition to one of the oldest OpenStack projects: Nova. In the new Ocata release of OpenStack, all Nova deployments use Cells v2, a reimagined version of the experimental Nova Cells feature that was introduced years ago as a way to help Nova scale to larger deployments. Starting from Ocata, all Nova deployments will be a “cell of one”, which support for multiple cells landing in future releases. A fair amount of time was also spent on the Nova placement API, which was initially introduced in the Newton release and is increasingly important to scaling up deployments and alleviating expensive rescheduling events from the Nova scheduler.

All in all, Boston was another great OpenStack event: a steady hum of activity mixed with a few new twists.  We’re looking forward to the PTG in September, and the next OpenStack Summit in Sydney in November—see you there!

Don’t miss Misbah Mahmoodi’s deep-dive into how telcos can benefit from open source platforms like OpenStack. Stay tuned to the OpenSource blog for more.

The post OpenStack Summit Takeaways appeared first on Open Source @VMware.

Source: Open Source @VMware

vSphere 6.5 Upgrade Considerations Part-1

The release of vSphere 6.5 in November 2016 introduced many new features and enhancements. These include the vCenter Server Appliance (VCSA) now becoming the default deployment. vCenter Server native high availability, which protects vCenter Server from application failure. Built-in File-Based backup and restore allows customers the ability to backup their vCenter Server from the VAMI or by API. The VSCA restore can simply be done by mounting the original ISO used to deploy the VCSA and selecting the restore option. These features and more are exclusive only to the vCenter Server Appliance. The new HTML5 vSphere Client is making its first official product debut with vSphere 6.5.

Did someone say security? We now have better visibility of vSphere changes with actionable logging. VM Encryption allows the encryption of a virtual machine, including disks and snapshots. Secure Boot for ESXi ensures that only digitally signed code runs on the hypervisor. Secure Boot for VM’s is as simple as checking a box. We’ve only begun to scratch the surface of all the new vSphere 6.5 features.

vSphere 6.5 Upgrade

Product Education

As you start preparing for your vSphere 6.5 upgrade, a checklist will be the run book used to ensure its success. The upgrade process can be divided into three phases:

Phase 1: Pre-upgrade – all the upfront work that should be done before starting an upgrade.

Phase 2: Upgrade  – mapping the steps of each component that will be upgraded.

Phase 3: Post-upgrade – validation to ensure everything went according to plan.

The first part of any successful upgrade is determining the benefits of the new features and the value add they will provide to your business. Next is getting familiar with these new features and how they will be implemented in your environment. The following list will get you started learning each of the new vSphere 6.5 features and their benefits.

Another consideration to getting familiar with the new features and upgrade process is the hands on approach in a lab environment. If you have a lab environment at your disposal, try building it as close to your production environment as possible to simulate both the upgrade process and new feature implementation. If a lab environment is not available, there are options like VMware’s Workstation or Fusion if you have the resources to run them.  Last, but not least, there is also the Hands on Labs that do not require any resources and provide a guided approach. No matter which option you select, the key is getting familiar and comfortable with the upgrade process.

Health Assessment

vSphere 6.5 Health AssessmentDoing a health assessment of your current environment is critical. Nothing is worse than being in the middle of an upgrade and having to spending hours troubleshooting an issue only to find out it was related to a misconfiguration with something as simple as DNS or NTP.  Another advantage to doing a health assessment is discovering  wasted resources. For example, virtual machines that are no longer needed but have yet to be decommissioned. The health assessment should cover all components (Compute, Storage, Network, 3rd party) that interact with your vSphere environment. Please consult with your compute, storage, and network vendors for health assessment best practices and tools. Environmental issues are high on the list when it comes to upgrade show stoppers. The good news is that they can be prevented.

There are also VMware  and community tools that can help by providing reports on your current environment. Most of these tools come with a 60-day evaluation period, which is enough time to get the information needed. When using community tools please keep in mind they are not officially supported by VMware. Finally, there is also the VMware vSphere health check done by a certified member of VMware’s professional services team. Check with your VMware representative for more information.

Conducting the health assessment could lead to discovering an issue that requires the help of support and opening a ticket. Do not proceed with the upgrade until all open support tickets have been resolved. There are instances where an issue can be fixed by applying a patch or an update, but make sure that any environmental problems have completely been resolved prior to proceeding. This not only includes VMware support tickets, but also compute, storage, network, and 3rd party that interact with your vSphere environment.

Important Documents

Now that we’ve learned about the features and completed a health assessment of our current vSphere environment, it’s time to start mapping out the upgrade process. The first step is looking at important documents like the vSphere 6.5 documentation, product release notes, knowledge base articles, and guides. Each of these documents have pieces of information which are vital to ensuring a successful upgrade.  Product release notes, for example, provide information such as what’s new but also information about upgrades, any known issues, and all key pieces of information.  Reading the vSphere 6.5 upgrade guide will give you an understanding of the upgrade process. The VMware compatibility guide and Product interoperability matrices will ensure components and upgrade paths are supported. Here is a breakdown of the important vSphere 6.5 documentation that should be viewed prior to upgrading.

vSphere 6.5 Documents
Product Release Notes

Knowledge Base Articles



Upgrades need to be done with a holistic view from the hardware layer all the way to the application layer. With this philosophy in mind, a successful upgrade requires advance prep work to be done to avoid any potential roadblocks. Things like health assessments shouldn’t only be done when preparing for an upgrade, but also routinely. Think of it as a doctor’s visit for your environment and getting a clean bill of health.  vSphere 6.5 has been released now for six months and since then four patches are now available providing bug fixes and product updates. The HTML5 vSphere Client now has added features in the release of vSphere 6.5.0 patch b and vSAN easy install is available in 6.5.0 patch d.  This agile release of patches means customers no longer need to wait on the first update to consider upgrading to vSphere 6.5. The next few blog posts in this series will cover mapping out the upgrade process whiteboard style, architecture considerations for the vSphere Single Sign-On domain, migration, and upgrade paths.

At this point it is worth noting that the vSphere upgrade process can seem complex if not overwhelming, especially for our customers who use other tools that depend on vSphere and vCenter Server. We hear you. VMware is certainly working to make this better. I hope to be able to write about those improvements in the future. Until then you have upgrade homework to do!

The post vSphere 6.5 Upgrade Considerations Part-1 appeared first on VMware vSphere Blog.

Source: VMware vSphere Blog

OpenStack Summit Recap

By Ben Pfaff, Principal Engineer at VMware

I attended the OpenStack Summit, the fifth Summit for me, in Boston this week, May 8-11. For me, the highlight was Open Source Days, a new element for this summit. For Open Source Days, the OpenStack Foundation selected 11 open source projects related to OpenStack, Open vSwitch among them, and gave each of them a room for a day for presentations. OpenStack handed out these rooms at no charge, which is incredibly generous given that conference space ordinarily costs thousands of dollars for a room. They additionally gave 10 free registration codes to each open source project to distribute to speakers, also incredibly generous given that full registration is $600 or more.
OpenStack logo

For the Open vSwitch Open Source day, we sent out a call for presentations back in February, received several submissions, and accepted about 10 talks, each 10 to 20 minutes long, plus an hour-long tutorial session. We held the Open Source Day on Wednesday. I was anxious about attendance before it started–I always am–and the first few talks were lightly attended. Around 11 am, the room started filling up for a talk about NFV performance, and from then on the room was well filled. Over 100 people attended my tutorial on using OVN, the open source network virtualization system that is part of Open vSwitch, with OpenStack in the afternoon.  The day of talks wrapped up around 5:20 pm. The event was a big success and I hope that they will make Open Source Days a regular feature of their conferences.

In addition to the Open Source Day, on Monday I gave a joint talk in the main conference on the latest features and the future of OVN, with Justin Pettit from VMware and Russell Bryant from Red Hat.  I also had numerous meetings, lunches, and dinners with folks who have an interest in Open vSwitch and OVN.

A video recording from my talk about OVN is already available on the OpenStack website at Over the next few weeks, audio recordings and slides from the Open vSwitch Day talks will be posted and made available on the OVS Orbit podcast at and at

The post OpenStack Summit Recap appeared first on Open Source @VMware.

Source: Open Source @VMware

Discover VMware Technology Network: 7 Ways to Gain Points

This is the second blog in a series. See the first blog here: VMTN Global Forums

The foundation of VMware Technology Network is peer-to-peer support and engagement. Community is powered by human connection – the warm feeling of helping another person and the satisfaction of collaborating to solve a problem.

Screen Shot 2017-05-11 at 11.05.53 AM

And then there’s the added bonus to participation, the cherry on top, gaining points. The happiness when your answer is marked correct and you can almost hear the points adding up. A little competition to spice things up never hurts, right?

If competition is something you thrive on, and you went to get onto the Weekly, or All-time communities leaderboard (half-way down the homepage), I’m here to help. These are the 7 ways you can gain points on communities:



  1. Correct Answer – 10 Points. Having an answered marked as correct is the most lucrative way to gain points. Take advantage of the Browse feature to identify unanswered questions. Opt-in to Follow communities you are interested in so you get email notifications & they are added to your My Communities list. Or even bookmark your favorite communities.Screen Shot 2017-05-10 at 3.14.22 PM
  1. Helpful Answer – 6 Points. If you know a partial answer to a question, or a resource that might shed some light, go ahead and post it. An answer doesn’t have to be perfect, a user can mark your response as helpful and you still receive points.
  1. Reply to an Answer – 1 Point. Sometimes you will answer a question and the user will forget to mark it correct. It happens! Sometimes, you have a comment to add, like, “thanks for posting, this was helpful.” Engagement is always rewarded. As a contributor, you will receive 1 point for taking the time to reply to a question.
  1. Create a Document – 1 Point. Did you write a white paper, case study, or a study guide around a VMware product or solution? Post it on communities. Not only are you sharing your knowledge, helping others, and expanding your clout, you gain a point for doing so.
  1. Create a BlogPost – 1 Point. If you don’t host a personal blog, but have something to say, post a blog to your community profile. This is low maintenance blogging, where you’ll receive views, but have very little up-keep. If you do host a blog, post an abstract and a link to your blog on communities. The community’s audience wants to read the technical content being written. Plus, every blog you post gains you a point.
  1. Post a Status Update – 1 Point. This is a lesser known functionality on communities. Every user has the option to follow other users. To follow someone, visit that user’s profile by clicking on their username, or searching their username. When you visit their profile, select Follow in the bottom right corner. Follow Example
  • Make sure you select the option to follow them in your Connections Stream in the Follow dropdown. View your Connections Stream by clicking News in your header. The Connections Stream option will be on the left side-bar. Click and be brought here:Screen Shot 2017-05-11 at 10.49.38 AM
  • From here you will be able to post a status, see recent activity of those you follow, and filter your view. You will also receive notifications in your VMTN inbox (@) when a user you follow posts a status, and vis versa. Here you can post links to cool resources or share exciting news, like just having deployed vSAN, and gain a point.
  1. Have Someone like your Status Update – 1 Point. Always post relevant and technically informative resources. Spam and marketing are discouraged on communities. Getting status likes is all about appealing to your audience. To gain more followers organically, be active consistently on the communities, and promote your activity via social media.

While utilizing these 7 methods, keep in mind that as a community member, one must give to receive. Be sure to always mark answers correct or helpful on your queries, like other user’s status updates, and respond to questions. Visit communities to start gaining points now!

For further information on status/badge levels, gaining points, and gamification visit the Community Rewards Points System FAQ or email the VMTN Community Manager,

The post Discover VMware Technology Network: 7 Ways to Gain Points appeared first on VMTN Blog.

Source: VMware VMTNBlog –

VMware highlights at Dell EMC World 2017


VMware Unveils IoT Management Solution

Dell EMC VDI Complete Solutions

Delivering Developer-Ready Infrastructure for Modern Application Development

VMware & Google Extend Partnership to Accelerate Adoption of Chromebooks

Dell & VMware Extend PC Management to the Firmware and BIOS

Multiple announcements/blogs from DellEMC:

On-demand General Session Keynotes:

The post VMware highlights at Dell EMC World 2017 appeared first on VMTN Blog.

Source: VMware VMTNBlog –