VMware Skyline – Findings Information – What does it mean?
When you start to utilise VMware Skyline, one of the first areas that you will be drawn to is the ‘Findings & Recommendations’ page and rightly so.
The idea behind VMware Skyline is to proactively provide fixes to findings in your environment to allow you to remediate them before they become an issue for you… therefore spending time in the ‘Active Findings’ section of the ‘Findings & Recommendations’ page in Skyline will help you understand where you need to spend time to resolve findings.
When you initially view the ‘Active Findings’ they will appear as tiles similar to below:
This tile provides some summary information about the finding in question but if you click on the tile, it will open up a more detailed view of the finding including the objects it applies to, similar to below:
A lot of the information on this page is pretty self explanatory but I thought that I would write this blog post to provide some information on some of the areas of the findings that may not be so clear to understand what they mean.
Finding ID
The Finding ID is a unique ID that is assigned to each finding. There are three parts to the finding ID which usually follow this format:
- The first section is the part showing ‘VSAN’ above. This is usually the product that the finding applies to… in this case ‘vSAN’.
- The second section is the part showing ‘SmallDiskVMFailures’ above. This is a summary of what the finding is about.
- The final section is the part showing ‘KB#2080503’ above. This is usually either the KB article number for the issue containing more details and possible workaround/fixes for the issue or the VMSA (VMware Security Advisory) number containing more details about the advisory and whether there are any fixes or workaround available.
Severity
This is a fairly straightforward item and shows the perceived severity of the finding. This can be either Critical, Moderate or Trivial.
What do these severity designations mean?
- Critical – These are the most severe findings that could cause critical data corruption, performance issues or service outages.
- Moderate – These aren’t as severe as the Critical findings but are findings that could cause major performance and functionality issues in your environment.
- Trivial – These are findings that aren’t going to affect functionality or data… these are usually more of an inconvenience.
The same severity designation is provided for VMSA findings but as VMSAs are assigned their severity value based on the Max CVSSv3 score, which include four severity classifications (Critical, Important, Moderate, Low), the VMSA findings are assigned Skyline severity designations as follows:
- Skyline Critical = VMSA Critical
- Skyline Moderate = VMSA Important and Moderate
- Skyline Trivial = VMSA Low
Category
This is another area that is quite straightforward in appearance but I thought that it would be good to explain the types of products that would fall into each category.
There are currently 6 categories available: Compute, Network, Storage, Security, End User Compute, Management
Here is a rough breakdown of what products fall into each category:
- Compute – This includes the likes of ESXi Management, vCenter Management and VMware Cloud Foundation
- Network – This includes ESXi Networking and NSX
- Storage – This includes ESXi Storage and vSAN
- Security – This includes ESXi Security, vCenter Security and VMSAs
- End User Compute – This currently includes Horizon
- Management – This includes the currently supported Aria tools such as Aria Operations, Aria Automation, Aria Operations for Logs and Aria Suite Lifecycle
First Observed
This shows when that finding was first observed by Skyline in your environment. As a word of caution, this date will show the date of the first instance of the finding being observed by Skyline in your environment and therefore if additional objects discover the same finding at a later date whilst the original finding is present in Skyline, then this date will not change.
Description
This provides a summary description of what the finding is about. This description is also made available on the original tile for the finding to help you to quickly understand whether this finding is something that falls into your area to resolve.
Risk in no action taken
This section can sometimes cause confusion. Quite simply this designation is trying to provide you with a quick understanding of what the impact could be to you if you were to do nothing with the finding.
At the time of writing there are currently 13 different risks. The risk names are provided below with a brief description to understand a little more about what they mean:
- Potential ESXi host crash – This is where you could have a host crash or receive a PSOD (Purple Screen of Death)
- Performance Impacting – This finding could see the affected products performance slow down
- Environmental Stability – This is very much focused on whether there will be product stability problems
- Service Stability – This is more about whether there will be service stability issues
- Data Inconsistency – This could include datastore corruption
- Incorrect Reporting – Reporting information or esxtop type information could be misreported
- Cosmetic Issue – This is usually an issue that would be seen in the UI
- Guest OS Stability – This is focused on the VMs themselves and whether the issue is likely to cause a BSOD (Blue Screen of Death) or a VM crash
- BCDR Impacting – This is related to business continuity and disaster recovery. This usually refers to issues with backups or snapshots
- Security Risk – This is either a security bug or linked to a VMSA
- Infrastructure Stability – These are usually issues relating to network or storage stability
- Configuration Limiting – This relates to an impact to the management of the product
- Upgrade Blocking – This is either an upgrade bug or something that will block upgrades being able to be performed
Recommendations & Affected Objects
This is usually the largest section of the finding. It provides information about the recommendations for that finding, where some of the detail will have been taken from the relevant KB article. It will also provide Helpful Links which are links to the relevant KB article or VMSA page. Below that you have a section showing the affected objects to allow you to understand where the fix needs to be applied.
All of the information provided in the finding should help with creating change requests, if needed, by providing the details about the finding, what will happen if it isn’t fixed, the affected objects and the process to fix the issue.