Cybersylum -

Identify VMware ESX Hosts and VMs using Secure Boot

byWeb Master 02.21.2026 Aria Automation

You may need to identify VMware ESX Hosts and VMs that use Secure Boot in your environment. This can be helpful for a number of reasons:

Environment Audit – are there any assets that should be using Secure Boot – but are not?
Inventory list – Having a list of assets that are using Secure Boot can help build a reference list should the need arise to make updates to the Secure Boot configuration

There are two primary means to do this:

Aria Operations / VCF Operations – With a little work and help from an open-source management pack you can build a dashboard that will identify these assets
PowerCLI – PowerCLI can be used to quickly and easily extract this information and format it in any way you like

Continue reading “Identify VMware ESX Hosts and VMs using Secure Boot”

My Notes – Introduction to Swift

byArron King 02.21.2024 Swift Tech Learning

Once in a while I find it useful to stretch myself in a new direction. Usually this is to scratch an itch for a pet project that I am interested in. I also think this can help break the rut we can all to easily fall into. To that end, I spent my 3 day weekend learning the Swift programming language. I used a Pluralsight course called Swift Fundamentals.

Full Disclosure

Pluralsight did not sponsor this post. I do get access to Pluralsight through their participation in the VMware vExpert program. I have been selected to be a vExpert for many years and they have been a constant supporter of that program and many others. I have found their content very helpful as I keep my skills up-to-date. They have a very wide variety of training topics. I found their Swift Fundamentals course extremely engaging. If you want to grow your skills – I highly recommend that you check them out.

What this page is – and isn’t

This page is a collection of notes that I took while going through the course. My intention is to review what I have learned about Swift when I have the time to write a real app.

This page is not a tutorial or guide. While I hope it contains enough illustrative snippets to be a reference, it will probably not serve as a tool to teach someone who has never programmed before.

Getting Started

Xcode is the best tool to use when learning Swift. It is free to download and use. It has a very useful feature called the Xcode Playground. This is an area where you can type and execute code in iterative steps to try out complex logic or new programming techniques before using them in a larger program. I found this tremendously useful as I went through the course. I am a hands-on learner and I frequently paused the training so I could type out the code in my Playground to make sure I had the syntax down. You can actually take the notes below and paste them into an Xcode playground on your own computer.

Continue reading “My Notes – Introduction to Swift”

Hybrid vSphere SSL Certificate Replacement

byArron King 01.31.2024 Certificates VCSA

When it comes to SSL Certificates and vCenter, there are a few options:

Use the Self-Signed Certificates that are the default – ignore the untrusted certificate warning and go about your day
Use the Self-Signed Certificates that are the default and Download the self-signed vCenter Certificate Chain to add it to your computer’s trusted certificate store. This makes the untrusted cert warnings go away. It is easy to manage if you have a small number of administrators.
Make the Certificate Authority in vCenter (VMCA) a Subordinate CA to your in-house Certificate Authority. This option replaces all certficates in your vSphere environment. It has an important security factor which you must consider
Replace the SSL Certificate on the vCenter front-end with a standard SSL Certificate; but allow the VMCA to self-sign certificates for each host. This is called Hybrid vSphere SSL Certificate Replacement, and is considered by many to be the best balance of security and risk.

Why Hybrid vSphere SSL Certificate Replacement over Subordinate CA?

Making the Certificate Authority in vCenter (VMCA) a Subordinate CA to your Enterprise CA is does work. All certificates in your vSphere environment (vCenter and hosts) will have enterprise trusted certificates. Before deciding on this approach, It is important to look at this from a security standpoint.

When the VMCA has a subordinate CA certificate from your Enterprise CA – it can generate certificates that are trusted by your entire enterprise. This could allow a rogue admin or bad actor to use this powerful certificate to create unauthorized certificates which would be trusted by your organization. You should review this in light of the security policies in your organization.

Continue reading “Hybrid vSphere SSL Certificate Replacement”

Using OpenSSL to create SSL Certificates for vSphere

byArron King 01.30.2024 Certificates vSphere

OpenSSL can be very useful when it comes to working with SSL Certificates in a vSphere environment. It is widely available in Linux/Unix – and that includes the Photon OS in your vCenter. Just be careful!

You should also review the VMware Documentation for vSphere Certificate Requirements for Different Solution Paths to ensure you are using the correct parameters.

Here are a few tidbits I find myself using frequently:

Generate a Private Key

openssl genrsa -out vcenter.key 2048

Creating Certificate Signing Requests

There are 2 parts to this process:

Create the OpenSSL Config file that describes the certificate properties
Generate the Certificate Signing Request (CSR) which will be used by your Certificate Authority

Create an OpenSSL config file

This file will be used to generate the Certificate Signing Request (CSR). I keep a copy of this as a template and use that for every certificate I create – replacing the values for each cert.

You can name the file anything you like. For the examples on this page, this file is called vcenter-openssl.cnf

[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no

[req_distinguished_name]
C = US
ST = Ohio
L = Columbus
O = Cybersylum
OU = Cybersylum Labs
CN = vcenter.cybersylum.com

[req_ext]
subjectAltName = @alt_names

[alt_names]
IP.1 = 172.16.1.32
DNS.1 = vcenter.cybersylum.com
DNS.2 = vcenter

Continue reading “Using OpenSSL to create SSL Certificates for vSphere”

Basic Math in an Aria Automation Cloud Template

byArron King 11.13.2023 Aria Automation

I was helping someone with a small challenge in their Aria Automation Cloud template and had to dig to find the solution. They didn’t find any examples through a search, and neither did I – so I thought I would share. The goal was to do basic math (addition) in the YAML of the Cloud Template.

The use case was a cloud template adding multiple disks in a virtual machine. They had a need to control the name of the VMDK differently than was specified in the Project Custom Naming template. They were using an array of disks in the Cloud Template and the index of that array to make the VMDK name unique (The second disk for the vm should be called mytestvm_disk2.vmdk).

As most arrays in computing are, the index was zero-based (the second disk was called mytestvm_disk1.vmdk). While this would provide a unique name for each disk, the preference was to start with 1 to make it easier on the large number of admins who manage workloads in the environment. They tried various ways of formatting the YAML to get the addition correct; but could not find a way that worked as expected.

I cannot share the code that this customer wrote; but have worked up a simple example to illustrate. The use case this code sample represents is not something you would normally do; but will serve to highlight the syntax to allow some basic math in an Aria Automation Cloud Template.

Continue reading “Basic Math in an Aria Automation Cloud Template”

Importing vSphere Networks into Aria Automation – Part 4 – Update Network Profiles

byArron King 10.18.2023 Aria Automation Importing vSphere Networks into Aria Automation

If you are standing up a new Aria Automation environment and have a large number of vSphere Networks (aka Port Groups), it could take a very long time to enter this information manually. I have written a few scripts that can make Importing vSphere networks into Aria Automation fairly easy!

This blog article is the last in a 4-part series that discusses how you can update the Network Profiles configured in Aria Automation. Before an Aria Automation Network Profile can be associated with the vSphere Networks in an environment, both the Network and IP Range definitions must be updated.

Blog Series Overview – Importing vSphere Networks into Aria Automation

Export Networks with Missing IP Info – This will export a file that can be used to determine which networks need updated. This will be the basis for the other 3 sections as an input file to target updates. This file will need updated with the pertinent IP information.
Update Network IP Info – This script will use the file created in step 1 to update the IP Information for vSphere networks discovered by Aria Automation
Update IP Ranges – This script will use the file created in step 1 and define IP Ranges for the subnets used by the discovered vSphere Networks. This must be completed after the networks have updated IP Information
Update Network Profiles – The final step is to take the results from the prior 3 steps and create Network Profiles that can be used by Aria Automation for workload deployment

Update Network Profiles

Now that the networks all have valid IP Information and the IP ranges defined, we can complete the task and update the existing Network Profiles in Aria Automation so workloads can be deployed! The Network Profile definitions are located in Cloud Assembly, under Infrastructure -> Configure -> Network Profiles.

The environment this script was written for has 1 Network Profile for each Cloud Account (named after the vCenter it represents). Each Network Profile will have all of the networks for that vCenter.

Continue reading “Importing vSphere Networks into Aria Automation – Part 4 – Update Network Profiles”

Importing vSphere Networks into Aria Automation – Part 3 – Update IP Ranges

byArron King 10.17.2023 Aria Automation Importing vSphere Networks into Aria Automation

This blog article is the 3rd in a 4-part series that discusses how you can update the IP Ranges configured in Aria Automation. Before an Aria Automation Network Profile can be associated with the vSphere Networks in an environment, both the Network and IP Range definitions must be updated.

Blog Series Overview – Importing vSphere Networks into Aria Automation

Export Networks with Missing IP Info – This will export a file that can be used to determine which networks need updated. This will be the basis for the other 3 sections as an input file to target updates. This file will need updated with the pertinent IP information.
Update Network IP Info – This script will use the file created in step 1 to update the IP Information for vSphere networks discovered by Aria Automation
Update IP Ranges – This script will use the file created in step 1 and define IP Ranges for the subnets used by the discovered vSphere Networks. This must be completed after the networks have updated IP Information
Update Network Profiles – The final step is to take the results from the prior 3 steps and create Network Profiles that can be used by Aria Automation for workload deployment

Update IP Ranges

Once the Aria Automation Network definitions have accurate IP Information for the networks in vSphere, IP Ranges need to be created/updated. This allows Aria Automation or an external IPAM provider to manage IPs on that network. You can find these definitions in Cloud Assembly, under Infrastructure -> Resources -> Networks -> IP Ranges.

Continue reading “Importing vSphere Networks into Aria Automation – Part 3 – Update IP Ranges”

Importing vSphere Networks into Aria Automation – Part 2 – Update Network IP Info

byArron King 10.16.2023 Aria Automation Importing vSphere Networks into Aria Automation

This blog article is the 2nd in a 4-part series that discusses how you can update Network IP Information for vSphere networks discovered by Aria Automation. While Aria Automation will discover vSphere Port Groups for any vCenters added into a Cloud Account, it does not automatically fill out the various details about the IP Configuration.

Blog Series Overview – Importing vSphere Networks into Aria Automation

Export Networks with Missing IP Info – This will export a file that can be used to determine which networks need updated. This will be the basis for the other 3 sections as an input file to target updates. This file will need updated with the pertinent IP information.
Update Network IP Info – This script will use the file created in step 1 to update the IP Information for vSphere networks discovered by Aria Automation
Update IP Ranges – This script will use the file created in step 1 and define IP Ranges for the subnets used by the discovered vSphere Networks
Update Network Profiles – The final step is to take the results from the prior 3 steps and create Network Profiles that can be used by Aria Automation for workload deployment

Update Network IP Info

Aria Automation will discover vSphere Port Groups that exist in any Cloud Accounts that have been configured. The next step is to fill out the details for those various Networks:

Default Gateway
CIDR
DNS Servers
Search Domains
Domain

Continue reading “Importing vSphere Networks into Aria Automation – Part 2 – Update Network IP Info”

Importing vSphere Networks into Aria Automation – Part 1 – Export Networks with Missing IP Info

byArron King 10.15.2023 Aria Automation Importing vSphere Networks into Aria Automation

This blog article is the 1st in a 4-part series that discusses how you can import vSphere Networks into Aria Automation. The environment these scripts were written for has multiple vCenter Server instances – each with multiple clusters. The network infrastructure is using Layer 2 stretched VLANs. As a result the same VLAN can exist in multiple locations. The vSphere Port Groups are all named the same, and have the same characteristics.

Blog Series Overview – Importing vSphere Networks into Aria Automation

Export Networks with Missing IP Info – This will export a file that can be used to determine which networks need updated. This will be the basis for the other 3 sections as an input file to target updates. This file will need updated with the pertinent IP information.
Update Network IP Info – This script will use the file created in step 1 to update the IP Information for vSphere networks discovered by Aria Automation
Update IP Ranges – This script will use the file created in step 1 and define IP Ranges for the subnets used by the discovered vSphere Networks
Update Network Profiles – The final step is to take the results from the prior 3 steps and create Network Profiles that can be used by Aria Automation for workload deployment

Export Networks with Missing IP Info

Aria Automation will discover vSphere Port Groups that exist in any Cloud Accounts that have been configured. This will create definitions in Infrastructure -> Resources -> Networks -> Networks; but does not necessarily populate the necessary IP Information.

In order to deploy workloads to these environments using Aria Automation, a Network Profile needs to be created. This profile requires Network IP Information and IP Ranges to be defined for each vSphere Network.

Continue reading “Importing vSphere Networks into Aria Automation – Part 1 – Export Networks with Missing IP Info”

vToolbelt – October 2023

byArron King 10.14.2023 vToolBelt

End of Technical Guidance for vSphere 6.5 and 6.7

These two versions of vSphere have served us well; but on November 15, 2023, all technical support for vSphere 6.5 and 6.7 will end as the products leave Technical Guidance. If you are still running these versions please upgrade now. If you have questions about the planning or upgrade process let us know!

Security Advisories

VMSA-2023-0020 – Local Privilege escalation in Aria Operations

Upcoming Events

VMware Modernize Core Infrastructure Roadshow – Cleveland
Date: October 17, 2023
Location: Corporate College East – Warrensville Heights

You will hear the latest on how to get the most out of your vSphere Infrastructure with sessions on Multi-Cloud Operations with VMware Aria, securing your workloads using tools built into vSphere, and learn about Disaster Recovery Planning.

Continue reading “vToolbelt – October 2023”