Details
Virtual machines are made from configuration files and content files. The .vmx and .vmdk files of a virtual machine hold its configuration and define the virtual machine's runtime container. They contain privileged information that is not part of what is inside this container.
Virtual machine configuration files should be carefully handled when imported into ESX/ESXi. In an environment that allows less privileged or untrusted users to import virtual machines, user-provided virtual machine configuration files such as .vmx and .vmdkfiles must be sanitized.
Solution
Below are answers to frequently asked questions on OVF files.
Q. Is it possible to import VMDKs directly?
A. While it is possible to import a VMDK file directly this is strongly discouraged outside of controlled environments. Less privileged or untrusted users should not be allowed access to hypervisor storage. The VMware recommended method of importing VMDK files is an OVF import that verifies the VMDK. VMware Cloud Director, for example, only allows VMs to be imported as OVFs. vCenter Server allows both OVF files and VMDK file to be imported.
Q. What is the difference between OVF and VMDK?
A. An OVF file generically describes both a virtual machine and its disks, while a VMDK descriptor file only describes the files/devices of a virtual disk. OVF files can refer to VMDK disk images but not to VMDK descriptors. This is further explained here.
Q. Where can I find more information on VMDK file integrity?
A. See KB 1003743: Verifying ESX/ESXi virtual machine file integrity and KB 1002511: Recreating a missing virtual machine disk(VMDK) descriptor file.
Based on VMware KB 2034095
