02-13-2018 09:32 AM - edited 03-01-2019 01:25 PM
Hello everyone,
I have recently installed some vSphere 6.5 hosts on UCS B200 M3 blades. I downloaded the "Vmware-ESXi-6.5.0-5969303-Custom-Cisco-6.5.1.1.iso" image off of VMware's site, and installed it on the hosts. This image includes a vib added by Cisco, ucs-tool-esxi.vib. Our security scanners are flagging it because it is "Partner Supported" instead of "VMware Certified"for the Host Image Profile Acceptance Level. I do not want to uninstall the tool if it's useful, but I'm not sure what it does? I would like to have an explanation for our Security team. Any thoughts would be much appreciated. Thanks!
Solved! Go to Solution.
02-15-2018 06:24 AM
Hello,
VIB helps UCSM by providing host OS inventory and enables to ease the validation of UCS HCL matrix.
You will also get more details when your domain is registered with Intersight ( when features introduced in it )
Following commands on ESXi host will provide more details on VIB
esxcli software vib get -n ucs-tool-esxi
ls /opt/ucs_tool_esxi
Thanks
Padma
02-15-2018 06:24 AM
Hello,
VIB helps UCSM by providing host OS inventory and enables to ease the validation of UCS HCL matrix.
You will also get more details when your domain is registered with Intersight ( when features introduced in it )
Following commands on ESXi host will provide more details on VIB
esxcli software vib get -n ucs-tool-esxi
ls /opt/ucs_tool_esxi
Thanks
Padma
02-15-2018 08:00 AM
Thanks, Padma! I was wondering if it was related to Intersight since the vib seemed to be added about the same time Intersight was announced. I appreciate the info!
02-16-2018 01:11 AM
Hello,
Yes, as of today it is useful for UCSM-managed servers where the domain is registered with Intersight.
Partner certified is good for host extensions program.
Would you be able to share what is the alert that you receive from your scanner ?
Thanks
02-28-2018 12:15 PM
Hi Padmas, sorry about the delay. We use Qualys for security scans of ESXi hosts, and the reports come up with the text
"Expected regular expression match
^(VMware Certified|VMware Accepted)$"
Since Partner Supported is not listed here, the compliance scan report has the scan as "Failed" for the Host Image Profile Acceptance Level. If we want to keep this vib, I will need to put in a variance to document this. I've done it before for Teradici cards on our VDI rackmounts, but I need some explanation. Thanks again for your help!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: