VMware: Disable Managed Object Browser (MOB)

The managed object browser provides a way to explore the object model used by vCenter to manage the vSphere environment; it enables configurations to be changed as well.

This interface is used primarily for debugging the vSphere SDK. This interface might potentially be used to perform malicious configuration changes or actions.

In order to disable the datastore browser you will need to edit the ‘vpxd.cfg’ file, to ensure the‘ enableDebugBrowse’ is set to false, as below:

<vpxd>
     <enableDebugBrowse>false</enableDebugBrowse> 
</vpxd>

Once the above configuration change has been made, restart the ‘VMware VirtualCenter Server’ service to apply the change. Once disabled the managed object browser will no longer be available for diagnostics.

For disabling the managed object browser at a host level, see http://pubs.vmware.com/vsphere-55/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-0EF83EA7-277C-400B-B697-04BDC9173EA3.html.

Advertisements

Removing vCenter plug-in using Managed Object Browser

I recently installed a third party appliance within vCenter, upon removal the installed plug-in was still present in vCenter and no uninstall package was available.

The only option was then to connect to the Managed Object Browser for that vCenter instance, and remove the plug-in.

1) Browse to ‘https://<vcenter server or IP>/mob’.

2) Select the ‘Content’ hyperlink.

3) Select the ‘ExtensionManager’ hyperlink.

4) Select the plug-in hyperlink from the ‘ExtensionList’

5) Copy the ‘key name’ string and browse back to the ‘ExtensionManager’ page

6) Select ‘UnregisterExtension’ hyperlink.

7) Paste the ‘key name’ string from Step 5 into the ‘value’ text box for the extension key.

8) Select ‘Invoke Method’

9) Refresh the ‘ExtensionManager’ web page, the plug-in should now have been removed, log in to vCenter and the plug-on should also have been removed from the list of installed/available plug-ins.