Device Control limitations in VMWare Environments

Available Languages

Download Options

  • PDF     (15.4 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (92.3 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (75.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:February 28, 2024
Document ID:221743

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Contents

Introduction

The Device Control feature has limitations working with virtual machines in VMWare Hypervisors.

majacob2_0-1709139239353

Problem

In VMWare virtual environments, shared virtual storage devices, like iSCSI, present to the VM as if it is a hot swappable device, like a USB device. VMWare makes them hot pluggable to support dynamically resizing volumes.

This can cause issues when Device Control is enabled in modes where blocking writes / reads from external devices are configured. Despite this being an 'internal' drive on the VM, it is a shared, hot swappable storage device.

Solution

The solution is to have the VM not view the iSCSI device as hot swappable per the following method:

  1. From a web browser, connect to the vSphere Web Client.
  2. Log in with Administrator credentials.
  3. Navigate to the virtual machine you want to modify.
  4. Power off the virtual machine.
  5. Right-click the virtual machine and select Edit Settings.
  6. Click the VM Options tab.
  7. Click Advanced > Edit Configuration.
  8. Either select Add Row, or enter the values directly into the provided fields at the bottom.
  9. Insert a new row with the name devices.hotplug and a value of false.
  10. Power on the virtual machine.

Changing the drive to not present as hot swappable should allow Device Control to ignore the 'internal' drive as a removable device. If you need to keep the device in this state, be aware that Device Control settings could interfere with the VM and 'internal' disks and should be configured accordingly.

Further info from VMWare specifically can be found here: https://kb.vmware.com/s/article/1012225

Revision History

Revision Publish Date Comments
1.0
29-Feb-2024
Initial Release

Contributed by

  • majacob2
    SBG

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products