vSphere APIs for Guest Operating System Management: What’s Special and When to Use It?

Home > Software Development, vSphere API > vSphere APIs for Guest Operating System Management: What’s Special and When to Use It?

March 19th, 2012 Leave a comment Go to comments

This is a wrap-up post of recent series on vSphere guest operating system management APIs. If you missed them, here are a few links to related posts: [Note: these are not related to the vSphere Guest API.]

After reading these posts, you may wonder (at least, I did): Why should we use these guest operating system related APIs? Can’t we simply use well-known alternatives like HTTP to download/upload files, SSH/WMI to run programs, etc.? To some extents, you are right but not exactly.

Time to learn how to "Google" and manage your VMware and clouds in a fast and secure

HTML5 App

For one thing, all these remote manageability to a guest operating system requires network connection to the guest OS. With vSphere APIs, it doesn’t. All you must have is networking connection to the ESXi on which the guest operating system is running. I think this is the biggest uniqueness of this APIs.

This does not mean you don’t need remote manageability. In fact, you do. The question is really when you should use which.

To answer the question, you have to first consider the accessibility of the management network to the ESXi. In general, this is a separate network dedicated for management, nothing else as a best practice. This limitation actually excludes lots of use cases already. It basically suggests that you use vSphere API only in management applications which can access management network.

The second consideration is the performance. In general, I felt, without apple to apple comparison, that the vSphere API is slow especially when moving files from and to a guest operating system. I think it’s in part due to the fact that ESXi is a middleman in between.

To sum up, the guest management APIs via vSphere is not meant to be used as a general approach for communicating with a guest operating system. Only these management applications with ESXi access should use these APIs. For other general purpose communications like download files, use whatever existing protocols/APIs out there as would you work with an operating system running directly on a physical machine.

Categories: Software Development, vSphere API Tags: Guest, operating system, vSphere, vSphere API

Comments (13) Trackbacks (0) Leave a comment Trackback

Fletcher Cocquyt

March 21st, 2012 at 00:32 | #1

Reply | Quote

Hi Steve, thanks for the great work on the APIs!
It seems the APIs allow a great deal of new modify access to the guest OS from vCenter – how does VMware intend to address this?

For instance I can now craft a powershell script to remotely access all VMs as root (subverting our policy) /etc/ssh/sshd_config PermitRoot No

I’d suggest ideally there would be a decentralized (secure) sudoers list of allowed guest operations to mitigate a vcenter compromise.

thanks
Steve Jin

March 21st, 2012 at 07:49 | #2

Reply | Quote

Hi Fletcher,
I now see your comment! Thanks for reminding me on Twitter and trying it again!
To gain access to an OS, you will need credential as would you log in the OS directly. I think you raised a good point to use sodo for better auditing.
Steve
Svetozar

August 31st, 2012 at 13:34 | #3

Reply | Quote

Hi Steve,

I like the VI Java API.
I would like to use this “vSphere APIs for Guest Operating System managment” too.

Do you have plans to share its source code ?

Thanks,
Svetozar
lihlcnkr

October 7th, 2012 at 20:33 | #4

Reply | Quote

Hi Steve,
It’s great job.

but it have a issue.
some vm, GuestOperationsManager works well, but after hot adding nic device to vm,
it always throw GuestPermissionDenied exception.

It’s like vmware issue, and because this issue, we can not use it: (
Vcenter version is 5.0
virtual machine guest OS is windows 2008 server R2

are u have any idea?

thanks

lihlcnkr
Steve Jin

October 8th, 2012 at 18:57 | #5

Reply | Quote

Hi lihlcnkr, interesting issue. what if you re-login? just wonder if you can work this around.

Steve
lihlcnkr

October 8th, 2012 at 21:14 | #6

Reply | Quote

Hi Steve.
thanks your reply.

I tested re-login, restart VM guest OS, reset VM。
after hot adding nic device, guest OS API is not working again.
always throw GuestPermissionDenied exception.

and after hot adding nic device, I try to use vSphere upgrade GuestOS VM tool , but it fail.

So, it looks when hot adding nic device, GuestOS VM tool is not working well.

I Tested it win 2003 and win 2008 server R2, It’s same result.
Steve Jin

October 8th, 2012 at 23:23 | #7

Reply | Quote

Let’s try to understand what you found out. After hot adding NIC to a VM running Windows 2003 and Windows 2008 SR2, the guest OS API stops working correctly with GuestPermissionDenied exception even after you re-logining, restarting guest OS, reset VM. Am I right?
Also, how about after removing the hot added NIC? I know it’s probably not acceptable in your case, but I am curious what would happen. What version of VMware Tools did you use? Had you upgrade the VMware Toosl before you hot adding NIC?
Steve
lihlcnkr

October 9th, 2012 at 01:13 | #8

Reply | Quote

Hi, Steve,

Yes, It’s just you say.
My VMware Tool version is 8.6.5, Build 652272

and after removing the hot added NIC, it also happen.
lihlcnkr

October 9th, 2012 at 01:20 | #9

Reply | Quote

my environment is like this:

VMware Tools: Version 8.6.5, Build 652272
Vcenter Server: Version 5.0.0 Build 455964
ESXi: Version 5.0.0 Build 623860

before hot adding NIC device, I upgraded the VMware Toosl.
and after removing the hot added NIC, it also happen.

sorry for my poor english.
thanks

lihlcnkr
Steve Jin

October 9th, 2012 at 12:41 | #10

Reply | Quote

Thanks Lihlcnkr, as you pointed out earlier, it’s mostly an issue with VMware Tools which carries real executions. You may want to contact VMware support on this issue. I believe part of VMware Tools is open sourced somewhere (search it), you also take a look there. But I wouldn’t recommend that unless you are really familiar with low level programming. Even so it’s still a lot of work.
Thanks! Steve
lihlcnkr

October 10th, 2012 at 01:24 | #11

Reply | Quote

Hi, Steve.

I contacted VMware support team, but they said for technical support, it need technical support license, it very expensive@@. and without support team, it can’t report bug directly.

Anyway, Thanks very much.
Steve Jin

October 10th, 2012 at 10:49 | #12

Reply | Quote

Tech support license needed to file a bug with VMware? It doesn’t make senese to me. Maybe for a solution but not for filing a bug. Can you ask around on Twitter and cc me there? Thanks!

Steve
lihlcnkr

October 11th, 2012 at 21:42 | #13

Reply | Quote

Hi, Steve

I posted on twitter and vmware community.
https://twitter.com/lihlcnkr/status/256583258526056448
http://communities.vmware.com/thread/421460

And I tested it again using vSphere powerCLI, and result is same.

and I Installed open source vmware tool(open-vm-tools) on linux, and tested it.
but looks open-vm-tools not working well with guest OS API.

if I can’t resolve this issue, looks like I only use VIX or wmi&ssh for handle guest OS: (

anyway, thanks your advise^^

lihlcnkr

No trackbacks yet.

Easy Switching RDP and PCoIP Protocol with VMware View How to Upload File to Guest Operating System on VMware

NEED HELP?

My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__ doublecloud.org.

Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.

Latest Tweets

Follow @sjin2008 Steve Jin
@sjin2008

A customer sent me a quite note after using VmDeployer to fix the deployment issue with #vmware #vSphere #OVF templ… https://t.co/pc21j3VLEV
about 7 months ago
@sich75 vijavaNG 6.7 does not support #vSAN itself but we have implemented #vSAN 6.6 APIs. Please contact us for mo… https://t.co/GG2tjxcZ45
about 1 year ago
[DoubleCloud] Announcing vijavaNG 6.7 with FULL support of VMware vSphere 6.7 https://t.co/UQXywNYEjf
about 1 year ago
@RaameshKeerthi Thanks Raamesh, the VIM #REST API that supports #vsphere #API 6.7 is not ready yet. You can first t… https://t.co/HHWJjMqRx5
about 1 year ago
vijavaNG 6.7 beta is available to support the latest and greatest #vmware #vSphere 6.7 that is more cloud friendly… https://t.co/MkDupAYqW7
about 1 year ago
The #vmware #vSphere download site shows mis-matched version numbers. Hope it's just a trivial bug of the site ... https://t.co/IcQ6rCefz8
about 1 year ago
@hack4mer You're welcome Anand, glad it helped.
about 1 year ago
vijavaNG hides the complexity of #vSphere API and vSphere Automation #SDK. Be it #SOAP or #REST, it's no longer a c… https://t.co/viBKxqE1zf
about 1 year ago
Just shipped vijavaNG 6.5 to yet another customer - it will make their products even faster with the streaming engi… https://t.co/HcXQpVTjik
about 1 year ago
Free productivity GUI tool downloaded by many #VMware #employees: portable, convenient, fast in deploying and expor… https://t.co/NhowI7DT8O
about 1 year ago

DoubleCloud => Private Cloud + Public Cloud