In Part 3, we are going to look at auditing the different ways you can access the VCSA which includes direct console access (TTY1), Direct-Console UI (TTY2), whether the Bash Shell is enabled and remote SSH access. This is especially useful if you need to ensure certain interfaces like SSH is always disabled and you can even create scheduled task that would periodically run the PowerCLI script and generate either an email or some other notification when a particular access interface is enabled when it is not supposed to be.

VAMI UI Area of Focus

We will be retrieving the two access configurations properties shown in the VAMI UI today as well as two additional properties that are not displayed.

VAMI APIs Used

  • GET /appliance/access/consoleui
  • GET /appliance/access/dcui
  • GET /appliance/access/shell
  • GET /appliance/access/ssh

PowerCLI Function

Sample Output


The output is fairly straight forward, just boolean specifying whether each of the access types are either enabled or disabled. To make changes to any of these settings, you just need to use the PUT operation against the specific access endpoint that you wish to enable or disable. I will leave that as an exercise for the reader.

One thought on “Exploring new VCSA VAMI API w/PowerCLI: Part 3

  1. Hey William,

    I have one doubt. As you know most of the thing about Vc.
    Could you please help with – “how to retrieve thumbprint of VCenter using command line or API”

    Thanks

Thanks for the comment!