Hi, I'm a malware researcher, and I'm intending to use ESXi to host VMs for testing purposes. I need to write a couple of custom apps that will automate things like running the malware, reverting snapshots, etc. I found a manual for "diskmount" in PDF format, but all the information in that PDF points to mounting the drives on the local workstation. Since I'm working with malware in a production environment, I prefer not to use VMWare Workstation, due to the possible risk of infection. I currently have my ESXi server connected ot the production network through the management port, and all the nodes within it connect out through our "dirty line". The end result is that I'd like to set up a management node within the VM structure, which will handle the mounting of offfline VM disks, inspect them for remaining traces of the infection. The whole goal here is to verify that antivirus software is removing all components of the threat.
I have two needs that I'm hoping will be met by someone far smarter than me on here.
How do I mount an offline VM's hard disk to an existing VM under ESXi.
Hi rezme,
please fine the command is vmware-mount.
And hear is details , www.vmware.com/pdf/VMwareDiskMount.pdf
I had looked at that, and the command "vmware-mount J: "C:\My Virtual Machines\Windows98\Windows98.vmdk" seems to have to be run from a production workstation that has network access to the ESXi server's datastore. The VM machines I'm dealing with are infected with malware, and are kept on a segregated network from production in order to prevent malware from infecting the production network. The issue at hand is a need to use a single VM on my ESXi server to mount the hard disk from another VM on the same ESXi server as a secondary drive. I can't mount it on my production workstation, as the infection could jump to my machine inadvertently, affecting the production network. Is there a way for a VM residing on ESXi to mount the hard disk from another VM on the same ESXi server? If the same command (vmware-mount) is to be used, what path would I use to point it to the datastore on the ESXi server that it's running from? My impression of the way this works is that no VM machines have visible access to the datastore which they could use to directly access the vmdk files, there would need to be some way within VSphere to mount the drive. Again, it's imperative that the VM machine do the mounting, to avoid infection of clean machines.
