Thursday, June 26, 2025

VCF 5.x and VCF9.0 Component Comparison

VMware by Broadcom has announced the release of VMware Cloud Foundation 9.0, making it an ideal time to review and compare the key component from the VCF 5.x to VCF 9.0


Find more details on VCF 9.0 : Click here

Posted by at No comments:

Wednesday, May 28, 2025

Create a Custom ESXi ISO Image along with vendor Add-on Using vSphere Lifecycle Manager

In case Custom Image with required build and version not available from Server Hardware OEM, you can create a custom ESXi ISO that incorporates vendor add-ons (such as those from HPE, Dell, Cisco, etc.) even if the specific ESXi build or version you're targeting hasn't been released by the hardware OEM yet. This approach allows you to leverage the latest security patches while still benefiting from the vendor-specific enhancements.

1. Import ESXi Patch and Vendor Add-on to vLCM Depot

Prerequisites:

  • Ensure you have the necessary privileges.

  • Obtain the correct versions of ESXi offline bundle depot zip file and vendor add-on zip file from Broadcom download portal.

Steps:

  1. Log in to the vSphere Client.

  2. Navigate to Menu > Lifecycle Manager.

  3. Go to the Image Depot tab.

  4. Click Actions > Import Updates.

  5. In the Import Updates dialog:

    • Click Browse and select the ESXi patch ZIP file.

    • Click Browse again and select the vendor add-on ZIP file 

    • Click OK 

Note: Ensure the ZIP files are compatible with your vSphere version.

Click lifecycle manager on below page:







Then after selecting image Depot click on action menu and then click on Import Updates, repeat this task for ESXi Depot zip file and then Vendor Add-on zip file as per your Hardware.










2. Create Temporary Cluster with Single Image Management

  1. In the vSphere Client, navigate to Menu > Hosts and Clusters.

  2. Right-click on the datacenter and select New Cluster.

  3. Enter a name for the cluster (e.g., Temp-Custom-ISO-Cluster).

  4. Check the box "Manage all hosts in the cluster with a single image".

  5. Under chose how to setup custom image - Compose a new image like below:




















Click Next and then choose the ESXi version and add-on along with correct version which you imported in Task 1:












Click Next and then Finish.













This will create a new cluster with Image as per tour ESXi Version Build along with Vendor Add-on.

Select cluster in the left pane under Host and Cluster Menu and then click on updates tab:
















On this page in the top right corner click on three dots and then choose Export :


Below page select ISO and click on Export, make sure there is no pop-up blocker. if so accept and then you can retry the same.
















This will download the ISO file which will have ESXi version along with Vendor-On.

3. Delete Temporary Cluster

  1. In the vSphere Client, navigate to Menu > Hosts and Clusters.

  2. Right-click on Cluster you created in above step (e.g., Temp-Custom-ISO-Cluster). and delete the same.

More details: https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-5-2-and-earlier/5-2/create-a-custom-esxi-iso-image-using-vsphere-lifecycle-manager.html



Posted by at No comments:

Monday, January 20, 2025

How to Replace vCenter Machine SSL Certificate with a Custom Certificate

When managing a vCenter Server, it is important to ensure your certificates are properly configured for secure communication. This blog will walk you through the process of replacing the default machine SSL certificate with your own custom certificate in VMware vCenter.

Prerequisites:

  1. Custom Certificate: You should already have your custom SSL certificate, private key, and root CA certificate ready.
  2. Backup: Always take an offline snapshot of your vCenter Server Appliance (vCSA) before proceeding, especially if the vCenter is part of an Enhanced Linked Mode (ELM) configuration. This ensures you can revert back if anything goes wrong.

Steps to Replace the vCenter Machine SSL Certificate:

1. Take an Offline Snapshot of vCenter

If you’re working in a vCenter Cluster (ELM), make sure to take an offline snapshot of all vCenter Servers in the cluster before starting the process. This ensures you can roll back to a stable state if needed.

2. Log in to vCenter Appliance (vCSA)

Connect to your vCenter Server Appliance via SSH. If SSH is not enabled, enable it from the vCenter Appliance Management Interface (VAMI).

3. Launch the VMware Certificate Manager

Once logged in, navigate to the VMware Certificate Manager utility to replace the SSL certificate.

For vCenter Server 6.x/7.x/8.x Appliance, run the following command:

/usr/lib/vmware-vmca/bin/certificate-manager


4. Select Option 1: Replace Machine SSL Certificate with Custom Certificate

After launching the Certificate Manager, select Option 1 to replace the machine SSL certificate with your custom certificate.

1) Replace Machine SSL certificate with custom certificate

When prompted, enter the administrator@vsphere.local password to authenticate.

5. Select Option 2: Import Custom Certificate

Next, choose Option 2 to import your custom certificate since you already have the custom certificate prepared.

6. Enter Directories for Certificate Files

You will now be asked to provide the location of your certificate files. Make sure you have the following ready:

  • Machine SSL Certificate (machine_name_ssl.cer)
  • Private Key (machine_name_ssl.key)
  • Root CA Certificate (Root64.cer)

Enter the paths of these files when prompted:

  • Machine SSL Certificate (e.g., /tmp/ssl/machine_name_ssl.cer)
  • Private Key (e.g., /tmp/ssl/machine_name_ssl.key)
  • Signing Certificate (Root CA Certificate) (e.g., /tmp/ssl/Root64.cer)

For example:

Provide a valid custom certificate for Machine SSL:
/tmp/ssl/machine_name_ssl.cer

Provide a valid custom key for Machine SSL:
/tmp/ssl/machine_name_ssl.key

Provide the signing certificate of the Machine SSL certificate:
/tmp/ssl/Root64.cer

7. Confirm the Changes

After entering the file paths, the utility will prompt you to confirm the replacement of the existing certificates. Answer Yes (Y) to proceed.

8. Restart vCenter Services

The certificate replacement process will replace the old SSL certificate with your custom one. Once completed, vCenter services will automatically restart to apply the new certificate.

9. Verify the New SSL Certificate

After the vCenter services restart, verify that the new certificate is applied by logging into the vSphere Client (Web UI) and checking the SSL certificate in your browser. You should now see your custom certificate instead of the default self-signed VMware certificate.

Important Notes:

  • If you have multiple vCenter servers in an Enhanced Linked Mode (ELM) configuration, ensure that you replace the machine SSL certificates on all vCenter instances in the ELM configuration.
  • Make sure the root CA certificate is trusted by all clients and devices that will communicate with the vCenter Server.
  • Always take a snapshot of your vCenter appliance before making any changes to the certificates.

By following these steps, you will replace the default SSL certificates with your custom ones, ensuring secure communications for your vCenter environment.

More details: you can also look in to VMware KB316601
Posted by at No comments:

Thursday, January 9, 2025

Check SSH port connection using curl from VMware Appliances

Login to appliance using correct credential, once you logged in run below command and replace x.x.x.x with your target ip and Port with port number you want to check connectivity.

root@myserver [ ~ ]# curl -v telnet://x.x.x.x:Port
* Trying x.x.x.x:Port...
* Connected to x.x.x.x (x.x.x.x) port Port (#0)
^C
if port reachable you will get connected status. else it will keep trying but not able to connect.
Posted by at No comments:
Subscribe to: Posts (Atom)