Rule ID
SV-258724r933233_rule
Version
V1R1
CCIs
CCI-000366
Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation.
Parallel devices are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.
From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match "parallel"}
If a virtual machine has a parallel device present, this is a finding.Parallel devices are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI.
The VM must be powered off to remove a parallel device.
From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands:
$pport = (Get-VM -Name <vmname>).ExtensionData.Config.Hardware.Device | Where {$_.DeviceInfo.Label -match "Parallel"}
$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$spec.DeviceChange += New-Object VMware.Vim.VirtualDeviceConfigSpec
$spec.DeviceChange[-1].device = $pport
$spec.DeviceChange[-1].operation = "remove"
(Get-VM -Name <vmname>).ExtensionData.ReconfigVM($spec)