NSX/vCNS/vCD – “Unplanned Reset” Operational Risk

vcdx133 This post is about mitigating the “unplanned reset” operational risk of the “Control-Alt-Delete” button in the vSphere Web Client/C# Client console for all Linux VMs, including NSX Manager, NSX Controller, vCNS Manager and vCD.

All Linux Administrators will be aware that pressing Control-Alt-Delete on the Console will reset the Linux OS immediately unless disabled in the Linux Operating system.  However, Windows Administrators are not aware of this, because they press the same key sequence to access the login screen.  Unfortunately, this behaviour is also true for some “hardened” virtual appliances such as NSX and vCNS.

nsx_controller_ctrl_alt_del nsx_manager_ctl_alt_del vcns reboot 1

This behaviour has been around for a very long time:

With a solution for Linux Operating Systems to ignore the “Control-Alt-Delete” key sequence:

VMware Workstation has a “Control-Alt-Delete” ignore setting (“mks.CtlAltDel.ignore”) that is not available in vSphere 5.x:

As a Customer of VMware, I have opened a ticket with GSS and also contacted GSS employees who I know via Twitter to investigate.  It is too early to tell yet, but it appears that this feature has been scheduled but never implemented in vSphere 5.x.

The Irony

What I do not understand, is why VMware have not implemented this KB in vSphere 5.x and the “Control-Alt-Del” ignore sequence has not been added to the “hardened” vCNS Manager and NSX Manager/Controller templates.  Surely this would have been detected during vCNS/NSX testing?  And considered a high operational risk to the vCNS and NSX product suites?

The VMware Products that Passed (UPDATED)

I am pleased to report that ESXi 5.x, vCSA 5.x. LogInsight, vC Ops, NSX Edge Gateway, NSX LDR and vCD (hardened) do not reboot, since “Control-Alt-Delete” has been disabled within the base Linux OS of the Virtual Appliances.

esxi_Ctrl_Alt_DelvCSA_Ctrl_Alt_Delloginsight_ctl_alt_del vCOPs_Analytics_Ctl_Alt_Delnsx_edge_gateway_ctrl_alt_delnsx_ldr_ctrl_alt_delvcd_hardened_ctrl_alt_del

I have not had a chance to test vMA, vSA, vCNS Edge yet.  If you can test it in your lab, drop me a line (with a screenshot) and I will add the result to this post.

Assessing your Exposure


It is very simple to assess your exposure, assuming you have a full test environment that is representative of your Business Critical and Mission Critical Production workloads: Open the Console of each Virtual Machine or Appliance and press the “Control-Alt-Delete” or “Control-Alt-Insert” key sequence.

If the VM/VA resets, you have an operational risk that can be mitigated (covered in the next section).  For Virtual Appliances, you will have to open tickets with the vendor who developed the Virtual Appliance to provide you a version that ignores the “Control-Alt-Delete” key sequence.

Mitigating this Risk

There are a number of things that can be done to mitigate this risk until VMware (and other vendors) provide fixes to their existing virtual appliances and a “Control-Alt-Delete” Ignore option in ESXi 5.x:

  • Education of Linux and Windows Administrators about the dangers of using “Control-Alt-Delete” with Linux VMs and Virtual Appliances
  • Update of operational procedures for Administrators
  • Restrict access to the consoles of vCD RHELS VMs, Linux VMs, vCNS Manager, NSX Manager/Controller Virtual Appliances
  • Modify the “/etc/init/control-alt-delete.conf” file on all Linux OS VMs and VM Templates to ignore the “Control-Alt-Delete” key sequence, including vCloud Director RHELS 6.x.

Other Resources

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s