Hi,
I have upgraded one of my ESXi in my lab to ESXi 6.5 Update 1 Build 5969303.
In this blog Secure By Default - VM.disable-unexposed-features - VMware vSphere Blog from Mike Fowley, it is said that :
The default values for the settings were/are changed in the ESXi code. For ESXi 6.0 there is no reason anymore to add these settings to the VMX/VM Advanced Settings starting with 6.0 Patch 5.
You don’t! It’s been done for you in ESXi. If you are using VUM to update your hosts to 6.0 Patch 5 then when VM’s are migrated to an updated host they will be running with the updated values. You don’t need to power them down in this scenario.
Below are the guideline ID’s, their new value setting set in ESXi itself and the configuration parameter. If you are manually setting any of these settings on 6.0 then apply Patch 5 and you don’t have to set them anymore!
Even if settings of some "disable-unexposed-features" are now set to true by default, when I migrate a VM to an updated host, should I see them in the VM Advanced Settings view ?
Thanks in advance for the answers.
Regards
Patrick
These should appear in the advanced settings of the virtual machine. Are these not appearing for you?
Example from the Hardening guide:
VM.disable-unexposed-features-autologon
From the vSphere web client, select each VM and click "Manage" -> "Settings" -> "VM Options". Expand "Advanced Settings". Scroll the list of "Configuration Parameters" and ensure that the desired configuration parameter is present with the desired value.
Well,
I have done 2 tests :
- migrate a VM from another ESXi to the updated ESXi
- create a new VM from scratch
But for these 2 VMs, VM.disable-unexposed-features don't appear in the list of "Configuration Parameters".
Hi,
I'm still looking for the information about the VM.disable-unexposed-features as these settings don't appear in the list of "Configuration Parameters".
Any thoughts on this question ?
Regards
Patrick.