Allowing automated installs of newer VMtools than the host version (Caveat for Trend Deep Security)

During a recent patching cycle VMtools across a set of VMs were updated to the latest version.  This was to patch security vulnerabilities in the versions which were running to ensure the environment was as secure as possible for a PenTest which would go towards IL3 Accreditation.

Shavlik was good enough to oblige here and went out and patched lots of VMs with new VMtools automatically to the latest version.

Then an issue occurred with Trend Deep Security.

Normally when doing a VMtools install for a VM managed by trend the following should be considered as per the Trend Deep Security Best Practices PDF

=============================

VMware includes the VMware vShield Endpoint Driver in VMware Tools 5.x, but the installation program

does not install it on Guest VMs by default. To install it on guest VM, review the installation options in the

=========================

Shavlik didn’t consider that I wanted a Custom/Complete install and so VMCI was missing.

Ok, that would be fine but now we have VMs with newer VMtools than the ISO which is stored on the ESXi Host. So we can’t just re-run the install/upgrade via vSphere

That’s where Andreas Peetz over at http://www.v-front.de comes in with his blog post about how to effectively do 2 things

1. Place the newer VMtools iso onto a shared datstore

2. Tell the ESXi host to look at the new location when it does VMtools installs/upgrades

Now you can do automated installs/upgrades via the gui (powercli cannot pass through the custom parameters)

Here is Andreas’ Blog Post http://www.v-front.de/2013/01/how-to-use-latest-vmware-tools-with.html