How to tell if a system is a VM in VMWare?

jgstew 2019-02-26 22:06:28 UTC #1

I wanted to write some relevance to determine if a particular endpoint was running in VMWare.

First thing I did was dump all of the SMBIOS values for an example system using this relevance:

unique values of ( ( item 0 of it & name of item 1 of it as trimmed string & "=" & ( (item 1 of it as string as trimmed string) | (item 1 of it as hexadecimal) | "ErrorUnknownValue" ) ) | "ErrorUnknownName") of (name of it & ": ", values of it) of structures of smbios

Looking through all the results I find:

A: system_information: manufacturer=VMware, Inc.
A: system_information: product_name=VMware Virtual Platform
A: system_information: serial_number=VMware-00 00...
A: system_information: uuid=0000...
A: system_information: version=None
A: system_information: wake_up_type=6

Which leads me to write more exact relevance like this:

Q: values "product_name" of structures "system_information" of smbios
A: VMware Virtual Platform
T: 0.154 ms
I: plural smbios value

Then to turn this into a true/false boolean value for a fixlet/task or automatic group:

Q: exists (it as string) whose(it starts with "VMware Virtual Platform") of values "product_name" of structures "system_information" of smbios
A: True
T: 0.116 ms
I: singular boolean

https://github.com/jgstew/bigfix-content/blob/master/AutomaticComputerGroups/VM%20-%20VMWare.bes

https://azure.microsoft.com/en-us/blog/announcing-general-availability-of-azure-instance-metadata-service/

fermt 2019-02-27 13:39:49 UTC #2

How about Non Windows Environments?
We have a lot of non windows environments that we would like to identify, but we haven’t found a practical way to do so.
Have you found anything similar?

fermt 2019-02-27 13:45:34 UTC #3

It seems like the command dmesg could help:

[root@hostname ~]# dmesg | grep -i VMWARE
[    0.000000] DMI: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/14/2014
[    0.000000] Hypervisor detected: VMware
[    0.000000] ACPI: SRAT 00000000bfef124e 000F0 (v02 VMWARE MEMPLUG  06040000 VMW  00000001)
[    0.000000] ACPI: HPET 00000000bfef1216 00038 (v01 VMWARE VMW HPET 06040000 VMW  00000001)
[    0.000000] ACPI: WAET 00000000bfef11ee 00028 (v01 VMWARE VMW WAET 06040000 VMW  00000001)
[    0.883136] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input2
[    0.883410] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input3
[    0.903662] systemd[1]: Detected virtualization vmware.
[    1.402697] VMware PVSCSI driver - version 1.0.7.0-k
[    1.411453] scsi host0: VMware PVSCSI storage adapter rev 2, req/cmp/msg rings: 8/8/1 pages, cmd_per_lun=254
[    1.411507] vmw_pvscsi 0000:03:00.0: VMware PVSCSI rev 2 host #0
[    1.411677] scsi 0:0:0:0: Direct-Access     VMware   Virtual disk     1.0  PQ: 0 ANSI: 2
[    1.418353] VMware vmxnet3 virtual NIC driver - version 1.4.7.0-k-NAPI
[    1.591834] ata2.00: ATAPI: VMware Virtual IDE CDROM Drive, 00000001, max UDMA/33
[    1.599818] scsi 2:0:0:0: CD-ROM            NECVMWar VMware IDE CDR10 1.00 PQ: 0 ANSI: 5
[root@hostname~]#

Aram 2019-02-27 13:51:51 UTC #4

I’d expect this relevance to work on a lot of non-Windows virtual environments as well given that it is querying the smbios. Are there particular platforms on which you’re having challenges?

SLB 2019-02-27 14:37:07 UTC #5

This is the approach we use and it certainly works for Windows and Linux. VMWare workstation will report slightly differently, VMWare,x.x (where x.x is the version of the VMWare Workstation host platform). We use 2 properties, one that pulls the manufacturer the other that pull the model from the smbios, then we can gain visibility of varius virtual platforms such as Microsoft, VMWare, Innotek, Parallels to name but a few.

(if (windows of it or unix of it) then (value "manufacturer" of structure "system_information" of smbios as string as trimmed string) else (if(mac of it) then (string "IOPlatformSerialNumber" of dictionary of service plane of iokit registry) else (nothing))) of operating system

(if (windows of it or unix of it) then (value "product_name" of structure "system_information" of smbios as string as trimmed string) else (if(mac of it) then (cstring "model" of dictionary of devicetree plane of iokit registry) else (nothing))) of operating system

AlanM 2019-02-28 21:10:16 UTC #6

You could also start with the inspectors we have.

https://developer.bigfix.com/relevance/reference/operating-system.html#virtual-machine-of-operating-system-boolean

Or the new hardware info has some as well

https://developer.bigfix.com/relevance/reference/hardware.html