The acceptance level of a VIB depends on the amount of certification of that VIB. The acceptance level of the host depends on the level of the lowest VIB. You can change the acceptance level of the host if you want to allow lower-level VIBs. You can remove CommunitySupported VIBs to be able to change the host acceptance level.
About this task
VIBs are software packages that include a signature from VMware or a VMware partner. To protect the integrity of the ESXi host, do not allow users to install unsigned (community-supported) VIBs. An unsigned VIB contains code that is not certified by, accepted by, or supported by VMware or its partners. Community-supported VIBs do not have a digital signature.
The host's acceptance level must be the same or less restrictive than the acceptance level of any VIB you want to add to the host. For example, if the host acceptance level is VMwareAccepted, you cannot install VIBs at the PartnerSupported level. You can use ESXCLI commands to set an acceptance level for a host. To protect the security and integrity of your ESXi hosts, do not allow unsigned (CommunitySupported) VIBs to be installed on hosts in production systems.
The acceptance level for an ESXi host is displayed in the Security Profile in the vSphere Web Client.
The following acceptance levels are supported.
The VMwareCertified acceptance level has the most stringent requirements. VIBs with this level go through thorough testing fully equivalent to VMware in-house Quality Assurance testing for the same technology. Today, only I/O Vendor Program (IOVP) program drivers are published at this level. VMware takes support calls for VIBs with this acceptance level.
VIBs with this acceptance level go through verification testing, but the tests do not fully test every function of the software. The partner runs the tests and VMware verifies the result. Today, CIM providers and PSA plug-ins are among the VIBs published at this level. VMware directs support calls for VIBs with this acceptance level to the partner's support organization.
VIBs with the PartnerSupported acceptance level are published by a partner that VMware trusts. The partner performs all testing. VMware does not verify the results. This level is used for a new or nonmainstream technology that partners want to enable for VMware systems. Today, driver VIB technologies such as Infiniband, ATAoE, and SSD are at this level with nonstandard hardware drivers. VMware directs support calls for VIBs with this acceptance level to the partner's support organization.
The CommunitySupported acceptance level is for VIBs created by individuals or companies outside of VMware partner programs. VIBs at this level have not gone through any VMware-approved testing program and are not supported by VMware Technical Support or by a VMware partner.
- Connect to each ESXi host and verify that the acceptance level is set to VMwareCertified, VMwareAccepted, or PartnerSupported by running the following command.
esxcli software acceptance get
- If the host acceptance level is CommunitySupported, determine whether any of the VIBs are at the CommunitySupported level by running the following commands.
esxcli software vib list esxcli software vib get -n vibname
- Remove any CommunitySupported VIBs by running the following command.
esxcli software vib remove --vibname vib
- Change the acceptance level of the host by using one of the following methods.
esxcli software acceptance set --level acceptance_level
vSphere Client (HTML5-based client) or vSphere Web Client
Select a host in the inventory.
Select the Configure tab.
Expand System and select Security Profile.
Click the Edit button for Host Image Profile Acceptance Level and choose the acceptance level.