VMware ESXi Host Scanning

sukaitsu · ‎03-20-2015

This is about an issue I have brought up in the past and there hasn't been any update. Most larger companies who use VMware, control the host through VMware Vcenter. Access directly to the host is restricted and in most cases blocked by putting the host in Lockdown Mode. VMware also recommends disabling the MOB service on ESXi host as it poses a risk to potential attacks. Please have someone look into using the vCenter API to gather the information, because we have been waiting over a year for an update.

Thank you,

Jeffrey Smith

P.S. Please do not respond with "This is on our customer wishlist, but we are currently working on ___ instead". Lansweeper is advertised as a scanning tool for VMware ESXi host, so it should work, not use methods that are blocked or not supported in most Enterprise environments.

Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com

Esben_D · ‎09-12-2018

Scanning VMware via vCenter has been included in Lansweeper 7!

View solution in original post

DaveinJP · ‎08-03-2015

Please add us to the list of entities wanting to view ESXi Hosts via VCenter. It is unfortunate that this has not already happened. I get that MOB gave you "max compatibility" but it's a hard sell for me to push this product's inventory and monitoring capabilities when it requires our enterprise to significantly loosen it's security policy to accommodate MOB. Nobody worth their salt in the enterprise world is managing ESXi hosts directly via MOB.

As one of the biggest enterprise installations, this is something that we truly want to see brought into Lansweeper.

We periodically discover problems, report, test, and provide feedback for potential solutions because the size of our installation lends itself to "load testing" or "stress testing" portions of the product. A recent example is our rewrite and optimization of the query behind the Scanserver Status Widget that will be released in 5.3.10. (Scanserver Status Widget displays Error ~60% of the time)

You might consider a poll of your users for the top 10 things that they consider important for Lansweeper future improvements. We don't expect you to drop everything and pay attention to only us, but we would like to get added to the list of folks that want to see this feature fully developed.

thanks!

Susan_A · ‎03-23-2015

There's not much more I can tell you. Development is aware of the vCenter request, but there's no road map or release date for this feature. The ability to restrict access to specific assets *is* planned for a future Lansweeper release, though this feature will have to wait until after the help desk release. I wouldn't classify this as a security issue. In regards to SQL injection issues: these are addressed when reported, so feel free to send information on this to support@lansweeper.com

While it is nice of you to offer help to our development/support team, it's really not a matter of development not knowing how to implement the features you're requesting. It's just a matter of us needing to select and prioritize, given the large number of feature requests. If we had unlimited time and resources, we would happily and instantly implement everything that's suggested.

sukaitsu · ‎03-23-2015

I have brought this up in the past and had a lot of customers mention how they do need this, and it also talked about on other forums as a negative about lansweeper. VMware does not recommend having MOB on as it poses a security risk. There are other security risks I have found that have not been addressed in Lansweeper:

Role Access Filtering per Asset/Groups, rather than the whole database
SQL Injection Attacks
Software License Visability

I have not seen anymore preferential treatment as an Enterprise license holder vs a freeware user. When large issues or security concerns are brought to your attention; you should try work on a plan with the customers. I have even offered to work with your developers to implement fixes or features, and I'm told they are too busy working on the Help Desk / Software Deployment. If you want to grow your userbase or keep big name companies as customers; you will need to rethink how you work with us for the future.

Thank you,

Jeffrey

Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com

Susan_A · ‎03-23-2015

I moved this to the wish list simply because what you are inquiring about is not currently possible in Lansweeper. Anything that's not currently in the software is moved to the wish list. I was going to post a response later, but you beat me to it.

I know this is not what you want to hear, but we have no release date for the addition/change you are requesting. Please understand that we get dozens of feature requests each week. Everyone has their opinion on what needs to be added/changed/prioritized. While we welcome feedback, we cannot be expected to implement everything that's suggested or give everything priority. This would just not be a viable strategy for any software company. In general, we implement a feature if it's requested a lot, if we think it will benefit most (if not all) of our customers and if it can be added in a reasonable time frame.

Development implemented MOB scanning because, unlike vCenter, the MOB is available in any VMware environment and enabled by default. Many of our customers don't have a vCenter setup. vCenter scanning is on our wish list, but not a priority for now.

sukaitsu · ‎03-23-2015

... this should not have been moved to the wishlist. It is something you need to address or you shouldn't advertise you do VMware Scanning.

Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com

VMware ESXi Host Scanning

New to Lansweeper?

Try Lansweeper For Free