VMware

This Question is Answered

1 "helpful" answer available (6 pts)
3 Replies Last post: Mar 18, 2009 10:27 AM by Texiwill  

SNMPv3 posted: Mar 16, 2009 5:22 PM

Click to view altonius_au's profile Enthusiast
altonius_au
17 posts since
Nov 11, 2008

Hi All,

I am going through and evaluating our ESX security design and noticed that we're still using SNMPv2 (with the added benefit of clear-text communication) on our ESX Hosts.

Has anyone out there succesfully implemented SNMPv3 on ESX 3.5 (and above) without too much hassle? Let me know your experiences before I book my time in the test labs.

Many thanks
Altonius

Re: SNMPv3

1. Mar 17, 2009 6:14 AM in response to: altonius_au
Click to view Texiwill's profile Guru
Texiwill
10,213 posts since
Jan 13, 2004
Hello,

Which version of snmp you choose to use will depend entirely on the tools you use on both sides. Since it is a GNU/Linux version of net-snmp 5.0.9 you can use any instructions for setting up SNMPv3 that you would normally use for RHEL3 version of GNU/Linux.

This is really a Linux question more than an ESX question. ESX does not make use of SNMP for its own purposes but it is there for add on products from other vendors.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

Re: SNMPv3

2. Mar 17, 2009 5:16 PM in response to: Texiwill
Click to view altonius_au's profile Enthusiast
altonius_au
17 posts since
Nov 11, 2008

Thanks Texiwill,

That helps, however do you or anyone know anything about the ESXi SNMP Settings.

ESXi can only send SNMP traps, and from the admin guide it only has basic community string etc, indicating SNMPv1 or v2.

Also as an aside for anyone else is looking at SNMP, vCentre only sends SNMPv1 traps (page 93 of admin guide)

Altonius

Re: SNMPv3

3. Mar 18, 2009 10:27 AM in response to: altonius_au
Click to view Texiwill's profile Guru
Texiwill
10,213 posts since
Jan 13, 2004
Hello,

That helps, however do you or anyone know anything about the ESXi SNMP Settings.

There is no real way to configure SNMP with ESXi, they rely almost exclusively on the CIM server.

Also as an aside for anyone else is looking at SNMP, vCentre only sends SNMPv1 traps (page 93 of admin guide)

That is correct....

I think they just chose the easiest path and v1 is the easiest. Not necessarily secure but the easiest. vCetner sends traps but does not 'use' traps sent to it.


Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

Actions

VMware Developer

SDKs, APIs, Videos, Learn and much more in the Developer community.

Learn More

Developer Sample Code

Increase your developer productivity with VMware API sample code.

Learn More

VMworld Sessions & Labs

Online access to the latest VMworld Sessions & Labs and online services.

Learn more

Purchase PSO Credits Online

Purchase credits to redeem training and consulting services online.

Buy Now

Community Hardware Software

View reported configurations or report your own.

Learn More

VMware vSphere

Come witness the next giant leap in virtualization.

Register Today

Communities