VMware Cloud Community
Hwoosuk
Contributor
Contributor

Need to remove CD-ROM from Virtual machine permanently

Hi, I created a Virtual Appliance based on RedHat and developed it as OVA file witch you can deploy it on ESXi or vCenter, i need to prohibit my customers from booting this virtual appliance via Live Linux CD/DVD, So i deleted the CD-ROM of this virtual machine but the problem is a customers can add CD-ROM again to the virtual machine after deployed it on its own environment,im looking for a way to delete CD-ROM permanently from a virtual machine, please help me

Reply
0 Kudos
4 Replies
DavoudTeimouri
Virtuoso
Virtuoso

Hi,

I guess, there is no way to remove CD-ROM permanently, because your customer be able to edit vmx file and there is no way to lock vmx file.

Google it, maybe you find a solution for this.

-------------------------------------------------------------------------------------
Davoud Teimouri - https://www.teimouri.net - Twitter: @davoud_teimouri Facebook: https://www.facebook.com/teimouri.net/
Hwoosuk
Contributor
Contributor

thanks davud but i really need to do this, i hope there is a way for doing this

Reply
0 Kudos
vmclouds
Enthusiast
Enthusiast

the best method might be to disallow users access to edit this virtual machine. Can't permission and rule help you with this?

Regards, Rajn https://virtualtraces.wordpress.com/
Reply
0 Kudos
continuum
Immortal
Immortal

Do I assume right when I guess that your actual goal is not to remove the CD from the VM but protecting your smart scripts inside the VM ?

If yes let me suggest a different approach because nothing can really prevent that a user looks into the vmdk after the OVF is deployed.

Inside the Redhat system create another partition and encrypt it with Truecrypt or what ever.
Move everything you want to keep out of the reach of spying eyes into the encrypted partition.
Compile a tool that does the following actions at startup and once every few minutes:
- check wether the system detects a CDrom,DVD, USB-device or additional harddisk
- if anything is detected do not mount the encrypted partition
- if anything is detected stop whatever services your stuff needs to run and unmount the encryped partition
- if anything is detected display a message like "An attempt to modify the configuration has been detected. System will reboot now" and shutdown the system

- if nothing is detected mount the encrypted container and start services and launch your application

Yes - much more work ... and probably not enough to keep out the really smart guys - but probably good enough for your needs.


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...