How to tell if a system is a VM in VMWare?

jgstew 2019-02-26 22:06:28 UTC #1

I wanted to write some relevance to determine if a particular endpoint was running in VMWare.

First thing I did was dump all of the SMBIOS values for an example system using this relevance:

unique values of ( ( item 0 of it & name of item 1 of it as trimmed string & "=" & ( (item 1 of it as string as trimmed string) | (item 1 of it as hexadecimal) | "ErrorUnknownValue" ) ) | "ErrorUnknownName") of (name of it & ": ", values of it) of structures of smbios

Looking through all the results I find:

A: system_information: manufacturer=VMware, Inc.
A: system_information: product_name=VMware Virtual Platform
A: system_information: serial_number=VMware-00 00...
A: system_information: uuid=0000...
A: system_information: version=None
A: system_information: wake_up_type=6

Which leads me to write more exact relevance like this:

Q: values "product_name" of structures "system_information" of smbios
A: VMware Virtual Platform
T: 0.154 ms
I: plural smbios value

Then to turn this into a true/false boolean value for a fixlet/task or automatic group:

Q: exists (it as string) whose(it starts with "VMware Virtual Platform") of values "product_name" of structures "system_information" of smbios
A: True
T: 0.116 ms
I: singular boolean

https://github.com/jgstew/bigfix-content/blob/master/AutomaticComputerGroups/VM%20-%20VMWare.bes

https://azure.microsoft.com/en-us/blog/announcing-general-availability-of-azure-instance-metadata-service/

fermt 2019-02-27 13:39:49 UTC #2

How about Non Windows Environments?
We have a lot of non windows environments that we would like to identify, but we haven’t found a practical way to do so.
Have you found anything similar?

fermt 2019-02-27 13:45:34 UTC #3

It seems like the command dmesg could help:

[root@hostname ~]# dmesg | grep -i VMWARE
[    0.000000] DMI: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/14/2014
[    0.000000] Hypervisor detected: VMware
[    0.000000] ACPI: SRAT 00000000bfef124e 000F0 (v02 VMWARE MEMPLUG  06040000 VMW  00000001)
[    0.000000] ACPI: HPET 00000000bfef1216 00038 (v01 VMWARE VMW HPET 06040000 VMW  00000001)
[    0.000000] ACPI: WAET 00000000bfef11ee 00028 (v01 VMWARE VMW WAET 06040000 VMW  00000001)
[    0.883136] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input2
[    0.883410] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input3
[    0.903662] systemd[1]: Detected virtualization vmware.
[    1.402697] VMware PVSCSI driver - version 1.0.7.0-k
[    1.411453] scsi host0: VMware PVSCSI storage adapter rev 2, req/cmp/msg rings: 8/8/1 pages, cmd_per_lun=254
[    1.411507] vmw_pvscsi 0000:03:00.0: VMware PVSCSI rev 2 host #0
[    1.411677] scsi 0:0:0:0: Direct-Access     VMware   Virtual disk     1.0  PQ: 0 ANSI: 2
[    1.418353] VMware vmxnet3 virtual NIC driver - version 1.4.7.0-k-NAPI
[    1.591834] ata2.00: ATAPI: VMware Virtual IDE CDROM Drive, 00000001, max UDMA/33
[    1.599818] scsi 2:0:0:0: CD-ROM            NECVMWar VMware IDE CDR10 1.00 PQ: 0 ANSI: 5
[root@hostname~]#

Aram 2019-02-27 13:51:51 UTC #4

I’d expect this relevance to work on a lot of non-Windows virtual environments as well given that it is querying the smbios. Are there particular platforms on which you’re having challenges?

SLB 2019-02-27 14:37:07 UTC #5

This is the approach we use and it certainly works for Windows and Linux. VMWare workstation will report slightly differently, VMWare,x.x (where x.x is the version of the VMWare Workstation host platform). We use 2 properties, one that pulls the manufacturer the other that pull the model from the smbios, then we can gain visibility of varius virtual platforms such as Microsoft, VMWare, Innotek, Parallels to name but a few.

(if (windows of it or unix of it) then (value "manufacturer" of structure "system_information" of smbios as string as trimmed string) else (if(mac of it) then (string "IOPlatformSerialNumber" of dictionary of service plane of iokit registry) else (nothing))) of operating system

(if (windows of it or unix of it) then (value "product_name" of structure "system_information" of smbios as string as trimmed string) else (if(mac of it) then (cstring "model" of dictionary of devicetree plane of iokit registry) else (nothing))) of operating system

AlanM 2019-02-28 21:10:16 UTC #6

You could also start with the inspectors we have.

https://developer.bigfix.com/relevance/reference/operating-system.html#virtual-machine-of-operating-system-boolean

Or the new hardware info has some as well

https://developer.bigfix.com/relevance/reference/hardware.html

yorkly1 2020-10-14 17:55:57 UTC #7

Hi there, I tried to query the uuid information using the relevance below and it failed. But it seems to work with "serial_number’. May I know what do I need to fix that error. Thanks.

Q: values “serial_number” of structures “system_information” of smbios
A: VMware-56 4d a8 88 99 5f 76 02-40 1a 6e 0b 0e 72 cf 46
T: 376

Q: values “uuid” of structures “system_information” of smbios
E: Unrepresentable binary data in binary_string. Not UTF-8.
T: 213

Q: values “uuid” of structures “system_information” of smbios as string
E: Unrepresentable binary data in binary_string. Not UTF-8.
T: 330

mesee2 2020-10-14 18:32:28 UTC #8

Is there a simple way to associate the VM Guest name from Vcenter to the VM OS name of bigfix?

I have tried the builtin dashboard but it does not provide the information in a usable fashion for targeting, etc.

I am still on 9.5.15, not sure if this is added in v10.

yorkly1 2020-10-14 18:47:10 UTC #9

I found another way of getting the uuid information using the “uuid of hardware” and it works well.

https://developer.bigfix.com/relevance/reference/hardware.html

yorkly1 2020-10-15 01:55:38 UTC #10

I noticed that the system_information on my virtual machine (Windows and Linux) is reporting the same information for serial_number and uuid but just a different format. See below. Should it be different?

system_information: manufacturer=VMware, Inc.
system_information: product_name=VMware7,1
system_information: serial_number=VMware-56 4d 8d 28 87 9c fe 6b-11 9e e5 27 65 b3 b1 8f
system_information: uuid=564d8d28879cfe6b119ee52765b3b18f
system_information: version=None
system_information: wake_up_type=6

Same outputs from these commands:

values “serial_number” of structures “system_information” of smbios
values “uuid” of structures “system_information” of smbios as hexadecimal

uuid of hardware
serial of hardware