How do I autostart VMWare ESXi 6.0-6.7 virtual machines?

The task has taken me a year to figure out, so I would like to share tips with you, in case you run into the problem and come across this article, searching for it.

Had you ever used VMWare’s ESXi, you would know, that versions, prior to ESXI 6.0 were managed by a Windows vSphere Client and everything was working properly.

But that was not convenient for everyone, to keep a Windows machine handy just to log in into their VMWare’s control panel. If you, like me, were one of those, or just lucky to start your journey with VMWare from version ESXi 6.0, you could have noticed, that the application refuses to support versions over 6.0. Therefore you can use a Host Client (which has a web-interface, instead).

The story would have ended here, although not this time. Once you set everything up and have your virtual machines happily running, you will be hardly pressed to find how to make them start, when the system is power-cycled.

In case you migrate from the older VMWare and provided some luck, your machines will continue to auto-start. But what to do with the new machines, created actually with ESXi 6.0+? After every power-cycle they will just stay off.

In the documentation all over the Internet you can find, that auto starting is controlled by a setting of priority for your VMs. Unfortunately, this setting does not work.

Before ESXi 6.0 you could explicitly set a boot-up flag in the Windows vSphere Client, so how to solve it now?

If you search, you will not find it, but I have come across the solution completely by an accident.

There is a utility, which is meant for running virtual machines by VMWare on Linux or Windows, the name of this utility is: VMWare Workstation Pro. It is commercial, but you can try it for free for 30 days.

– Use it to connect to your system, using “Connect to a Remote Server” button on the initial screen.

– Right click on the host’s IP or hostname in the left pane after a successful connection, and select – VM power actions,

– You will see “Auto Start” flags, which can be set in front of every virtual machine.

By the way, VMWare Workstation Pro does not provide many features, which are there in the web-based Host Client. So, strangely just one option, which is not in the web-interface, is here and 80% of other options are in the web-interface.

I do not propose to install or use VMWare Workstation Pro, I just demonstrate, that there exists a hidden mechanism, not present in the Host Client’s interface, which can be triggered for example this way.

Please endorse and share this article, if it had helped you to get to know VMWare ESXi better.

Web presence – challenges and solutions

Modern companies require a good plan to maintain their web presence.

Whether it is a corporate image representation, a marketing campaign, an E-Commerce resource, or an e-business on its own, the importance of having a proper Internet infrastructure in terms of stability, performance and cost efficiency is hard to overestimate.

If it comes to E-Commerce or an Internet-based business, InfoSec (Information Security) is another important aspect, that ensures the data of your customers is kept private, excluding expensive lawsuits.

Today the biggest players on the market inevitably utilise site protection firewalls from centralised suppliers, sign up for DDOS protection measures (like IP traffic filtering), use multi-layered defence measures.

Virtual private networks have become a must, be it a site to site or an SSL-based VPN, it is impossible to imagine any sensitive administrative access without one.

Just a few years back one would only protect web-pages, which include a login form, with HTTPS. Today presence of HTTPS has become a ranking factor in Google, it is recommended for the use on every page, and HTTP is discouraged. Now SSL encryption is available even to small low-cost web-sites, while even larger market players sometimes rely on LetsEncrypt free service.

An improvement to HTTP1/1 protocol (HTTP/2) does not even function in web-browsers, while on HTTP connection. With the increase of tracking tools across the web, every request, sent by a browser over an unencrypted connection is deemed to leak sensitive information about user behaviour.

Changing your password once in a while could be a good strategy back in the days. Presently it is not enough to assure having a long pass phrase, but also necessary to implement mechanisms at your enterprise, which would force a policy of password modification every 90 days as the latest.

Does your company hold regular security scans of its web site? If not, you need to hurry-up. Scans guarantee to find vulnerabilities in the code of your web-resource, and manual post-checks ensure nothing obvious was omitted.

A report provided will let your software engineers correct discovered inconsistencies to protect valuable data and general image.

How does your web-resource handle errors? In case something happens to the database or any critical part of the web-site? Remember, no information about internal paths, user/password credentials for the database should be leaked in this case.

Having someone deliberately provoking a failure of one of your site’s components could lead to an uncontrolled data leak. Always ensure, that your software engineers parse similar issues in a proper manner, showing a generic message.

Do you have a login form on your web-site? Then remember, you should never provide a hint, in case a username or a password are mis-entered. Neither a user should be aware, if the e-mail for password recovery exists in the database. Show only generic error messages and never hint about the data you handle, unless only the username and password are both entered correctly.

Should a weak password during the registration process be allowed for the convenience of visitors, do not forget a password strength meter. It is a good practice to consult users about their own risk they take, when providing a simple password.

In case you run a popular CMS, be it WordPress, Drupal or similar – think twice before leaving it unattended. Despite the stability, such CMSes owe their security exploits to their popularity. Very often new problems get discovered and you should be ready to update the system. If you plan for an unattended system, your best bet will be a custom framework.