Quick Start Guide: ESXi Assessment using GUI (Windows)
Overview
This guide will walk through conducting an ESXi version 6.7, 7.0, or 8.0 Benchmark assessment using the CIS-CAT Pro Assessor v4 GUI (Windows only). Assessor utilizes components of VMware PowerCLI to validate settings and gather information during the scan.
For more information on this process, please refer to the Configuration Guide:
https://ciscat-assessor.docs.cisecurity.org/en/latest/Configuration%20Guide/#vmware-esxi-assessment
Requirements
An ESXi 6.7, 7.0, or 8.0 host reachable on port
443
along with administrative orroot
credentials.PowerShell installed on the Windows system running Assessor
(included by default in Windows 7 SP1 / Windows Server 2008 R2 and later):
Installing PowerShell on Windows - PowerShellThe PowerShell
VMware.VimAutomation.Core
module contained in VMware PowerCLI.Open an administrative PowerShell prompt and enter:
Install-Module -Name VMware.PowerCLI
Verify the installation succeeded with:
Get-Module VMware.* -listAvailable
Included in the output list should be the requiredVMware.VimAutomation.Core
module:
Implementation Steps
1 | Verify PowerCLI is installed before running CIS-CAT Pro Assessor v4 (see above). |
2 | Launch |
3 | Select the “Advanced” → “Add Remote or Local Target System” option:
|
4 | In the following screen, enter the required prompts.
This choice may be counterintuitive (as the target ESXi host is not local),
|
5 | You will be prompted for a connection string to your ESXi host. Enter your ESXi username (such as Select “OK“ followed by “Save” in the bottom right to proceed to the next screen. |
6 | Review your settings and choose “Next” (no connection test is necessary for this assessment). |
7 | Under “Report Output Options”, select your desired reporting formats (HTML is recommended) and choose “Next” to launch the ESXi assessment. |
CLI & Troubleshooting Steps
For details on running an ESXi assessment via CLI instead, please refer to this KB article:
How to use CIS-CAT Pro Assessor v4 to assess VMWare ESXi
If the final report returns “Unknown” results for each Recommendation, or you encounter Certificate or other connectivity errors, please refer to the following troubleshooting articles:
Getting Unknown Results on ESXi Assessment
Cannot connect to ESXi Target for Assessment
For continued issues with ESXi assessments, please open a ticket with CIS Product Support including the following information and INFO-level log files:
Diagnostic / debug information to troubleshoot CIS-CAT Pro Assessor v4 issues.
Copyright © 2024 Center for Internet Security® Privacy Policy