cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sukaitsu
Champion Sweeper
This is about an issue I have brought up in the past and there hasn't been any update. Most larger companies who use VMware, control the host through VMware Vcenter. Access directly to the host is restricted and in most cases blocked by putting the host in Lockdown Mode. VMware also recommends disabling the MOB service on ESXi host as it poses a risk to potential attacks. Please have someone look into using the vCenter API to gather the information, because we have been waiting over a year for an update.

Thank you,

Jeffrey Smith

P.S. Please do not respond with "This is on our customer wishlist, but we are currently working on ___ instead". Lansweeper is advertised as a scanning tool for VMware ESXi host, so it should work, not use methods that are blocked or not supported in most Enterprise environments.
Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com
1 ACCEPTED SOLUTION
Esben_D
Lansweeper Employee
Lansweeper Employee
Scanning VMware via vCenter has been included in Lansweeper 7!

View solution in original post

34 REPLIES 34
Esben_D
Lansweeper Employee
Lansweeper Employee
Scanning VMware via vCenter has been included in Lansweeper 7!
tmolzen
Engaged Sweeper
Please add this functionality.
Argon0
Champion Sweeper
If you manage to get this approach working, can you share it with the community?
Sylvie
Engaged Sweeper III
FYI, my IT department opened a case at VMware.

VMware’s answer referred to the documentation web site https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-0EF83EA7-277C-400...
It states that “The managed object browser (MOB) provides a way to explore the VMkernel object model. However, attackers can use this interface to perform malicious configuration changes or actions because it is possible to change the host configuration by using the MOB. Use the MOB only for debugging, and ensure that it is disabled in production systems.”

We will develop a temporary solution to import data from the VCenter directly into Lansweeper database but, of course, we would rather have a secure and native ESX inventory available within Lansweeper.

Sylvie
astalker22
Engaged Sweeper
+1 to this thread.

Turning on MOB is a security risk and now allowed by many IT departments. Using the APIs that are part of vCenter would solve most, if not all of the issues that were brought up in this thread.
Sylvie
Engaged Sweeper III
+1

Turning on MOB has been be denied by my IT department due to security concerns.
joe_user
Engaged Sweeper III
Please add the feature discussed in this aging thread.

Do you use weighted scoring on requests that factors customer size?
bandersen
Engaged Sweeper II
Would like to see this option to scan via VCenter available as well. Due to security concerns we are unable to enable MOB on our ESXi 6.5 hosts.
CVCO
Engaged Sweeper III
would be helpful to have the functionality to do patch assessment reports and track updates for plain ESXi hosts not linked to a vcenter/vum via esxcli or ssh in cases where it's not blocked. example commands giving useful data on 6.x:
esxcli software profile get
esxcli software vib list
smbiosDump