Follow CloudHat.eu on Feedspot

Continue with Google
Continue with Facebook

CloudHat.eu by Constantin Ghioc - 1M ago

VMware just released a new vCenter Server version: 6.7 Update 2,, build 13010631. In this article I will cover some of the new features and resolved issues. I will also demonstrate how easy is to update from a previous version of vCenter Server 6.7 to VMware vCenter Server 6.7 Update 2.

In case you are looking for a plain installation of vCenter Server 6.7, you can check my other article: How to Install VCSA 6.7 (VMware vCenter Server Appliance).

VMware vCenter Server 6.7 Update 2 New Features

vCenter Server 6.7 Update 2 introduces Virtual Hardware Version 15 which adds support for creating virtual machines with up to 256 virtual CPUs.

There are few changes in vCenter backups: you can use NFS v3 (Network File System) and SMB2 (Server Message Block) protocols for file-based backup and restore operations. Also it adds version details to the “Enter backup details” page that help you to pick the correct build to restore the backup file. You can create alarm definitions to monitor the backup status of your system (using email, SNMP traps or scripts as actions).

vCenter Server 6.7 Update 2 introduces the Developer Center with two new features: API Explorer and Code Capture. This update brings API Explorer (formerly accessible via https://<vCSA-FQDN>/apiexplorer) into the vSphere Client, thus removing the extra steps to authenticate prior to interacting with the REST APIs. If you ever played with the old Onyx flings, you will enjoy Code Capture. Just enable recording, do something in vSphere Client, then end recording and see the equivalent PowerCLI code generated.

You can now publish your VM templates managed by Content Library from a published library to multiple subscribers. You can trigger this action from the published library, which gives greater control over the distribution of VM templates.

vCenter Server 6.7 Update 2 Resolved Issues

VMware vCenter Server 6.7 Update 2 resolves plenty of issues with vMotion, backup, auto deploy, VMware tools, storage, management of VMs, and networking.

  • vSphere vMotion operations for encrypted virtual machines might fail after a restart of the vCenter Sever system
  • Power-on or vSphere vMotion operations with virtual machines might fail with an infinite loop error
  • Migrating a virtual machine might fail due to inability to access the parent disk
  • Migrating a virtual machine might fail due to inability to access the parent disk
  • VMware vSphere Auto Deploy Discovered Hosts tab might display an error after creating or editing a deployment rule
  • Customization of virtual machines by using Microsoft Sysprep on vSphere 6.7 might fail and virtual machines stay in customization state
  • The c:\sysprep directory might not be deleted after Windows guest customization
  • You might not see the configured CPU shares when exporting a virtual machine to OVF
  • vCenter Server might stop responding when adding a fault message in the vSphere Storage DRS
  • The vpxd service might fail when the vSphere Storage DRS provides an initial placement operation
  • ESXi hosts with visibility to RDM LUNs might take a long time to start or experience delays during LUN rescans
  • Expanding the disk of a virtual machine by using VMware vRealize Automation might fail with an error for insufficient disk space on a datastore
  • Provisioning of virtual machines might fail if the same replication group is used for some or all virtual machine files and disks
  • You cannot add permissions for a user or group beyond the first 200 security principals in an Active Directory domain by using the vSphere Client
  • User login and logout events might not contain the IP address of the user
  • The vCenter Server daemon service vpxd might fail to start with an error for invalid descriptor index
  • Cloning a virtual machine from a snapshot of a template might fail with a “missing vmsn file” error
  • An internal error might occur in alarm definitions of the vSphere Web Client
  • Attempts to log in to a vCenter Server system after an upgrade to vCenter Server 6.7 might fail with a credentials validation error
  • Migration of vCenter Server for Windows to vCenter Server Appliance might stop at 75% if system time is not synchronized with an NTP server
  • Upgrading vCenter Server for Windows to 6.7 Update 2 from earlier versions of the 6.7 line might fail
  • vCenter Server upgrades might fail due to compatibility issue between VMware Tools version 10.2 and later, and ESXi version 6.0 and earlier
  • You might see a message that an upgrade of VMware vSphere Distributed Switch is running even after the upgrade is complete
  • You cannnot migrate virtual machines by using vSphere vMotion between ESXi hosts with NSX managed virtual distributed switches (N-VDS) and vSphere Standard Switches

VMware vCenter Server 6.7 Update 2 also updates some of the internal packages used.

  • VMware Postgres is updated to version 9.6.11
  • Oracle (Sun) JRE is updated to version 1.8.202.
  • Apache httpd is updated to version 2.4.37
  • The OpenSSL package is updated to version openssl-1.0.2q.
  • The ESXi userworld libxml2 library is updated to version 2.9.8.
  • The OpenSSH is updated to version 7.4p1-7.

For full list of resolved issues you can check the Release Notes.

How to Update to vCenter Server 6.7 Update 2

I will demonstrate an online update from vCenter Appliance Management console. I logged in to https://<vCSA-FQDN>:5480/ using the root appliance password, then I navigated to Update menu. After a short check, I can see my current version is and I have an available update to (which is vCenter Server 6.7 Update 2). I will click on “Stage and install” link.

Next step is to accept the end user license agreement (EULA). Check the “I accept…” checkbox and click on “Next”.

The installer will run pre-update checks now. For example, if your root password has expired, you will receive a notice and you will not be able to proceed further before fixing the problem. If everything is allright, the wizard will jump to the next screen. You can see a downtime estimation (which proved to be waaay overestimated in my case). Confirm you have a backup of vCenter Server and click on “Finish”.

We can sit down and relax now while the vCenter Server is upgraded.

After some time we will be logged out from the appliance. Wait few minutes and then you can log back in.

Installation is now completed!

Going on the Summary page of the Appliance Management console, you can see the new version:, build 13010631.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

VMware has released two new security advisories VMSA-2019-0004 (VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability) and VMSA-2019-0005 (VMware ESXi, Workstation and Fusion updates address multiple security issues).

The advisories document the remediation of these critical issues:

  • VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.
  • VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of these issues requires an attacker to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host.
  • VMware Workstation and Fusion contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.
  • VMware Workstation and Fusion updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.
  • VMware Fusion contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.

The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2019-5523 to VMSA-2019-0004 issue and CVE-2019-5514 / CVE-2019-5515 / CVE-2019-5518 / CVE-2019-5519 / CVE-2019-5524 to the VMSA-2019-0005 issues.

VMSA-2019-0004 – Affected Products and Resolutions
  • VMware vCloud Director 9.7.x – unaffected
  • VMware vCloud Director 9.5.x – update to version
  • VMware vCloud Director 9.1.x – unaffected
  • VMware vCloud Director 9.0.x – unaffected
VMSA-2019-0005 – Affected Products and Resolutions
  • ESXi 6.7 – apply patch ESXi670-201903001
  • ESXi 6.5 – apply patch ESXi650-201903001
  • ESXi 6.0 – apply patch ESXi600-201903001
  • Workstation 15.x – update to version 15.0.4
  • Workstation 14.x – update to version 14.1.7
  • Fusion 11.x – update to version 11.0.3
  • Fusion 10.x – update to version 10.1.6

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

The post VMware ESXi, Workstation, Fusion and vCloud Director Security Updates appeared first on CloudHat.eu.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
CloudHat.eu by Constantin Ghioc - 4M ago

Four months after the previous VMUG Romania meeting, we invite you to a new event dedicated to VMware technologies. Journey Pub in Bucharest will be our host for 12 February 2019. We will have presentation sessions, demos, networking and hopefully some interesting announcements. As we did last time, we will be live on Facebook on VMUG RO page.

This is the first full-day meeting for VMUG Romania, so be patient till the end for a non-virtual craft beer tasting session.

Next to VMware presentation (Cristian Radu – “Deep Dive VMware NSX-V”) and those of the sponsors Dell EMC (Cristian Stan – The Power of Hyper-Converged) and Bitdefender, we will have no less then 4 community sessions.

Victor Homocea returns with his second vSAN presentation: “How to maintain your vSAN cluster(s)”. For Victor’s first vSAN presentation you can check the recordings from our previous meeting. Victor has an experience of over 15 years working for enterprise companies. He is focused on End User Computing with experience on application virtualization, HyperConverged infrastructure and Enterprise Security. Victor holds multiple related certifications, like Citrix Certified Expert and VMware Double VCP (DCV and DTM). You can find Victor on Twitter, Linkedin and on his personal blog: blog.ogs.ro.

For the second community session, we will have Bogdan Mitu with “vRealize Operations Manager v6.x Day2: Troubleshoot cluster components”. Bogdan holds a virtualization engineer position with Adobe and has more than 11 years experience in IT industries.

Corneliu Lefter from Neverfail continues our presentations with “Migrating ESXi hosts between vCenters with powered on VMs”. Corneliu is a technology nerd, passionate about virtualization and datacenters. Corneliu is VCAP-DCV certified.

Last but not least, Mihai Huica will talk to us about “DCLI – New(est) CLI in the block”. Mihai has over 15 years experience with virtualization, replication, high availability, private cloud and automation. Mihai is also one of VMUG Romania leaders.

Registration is mandatory and free of charge on vmug.com portal. Places are limited!

Agenda – VMUG Romania – 12 February 2019
10:00-10:30Registration / Networking
10:30-10:45 Opening VMUG
10:45-11:30VMware Update – Deep Dive VMware NSX-V (demo) – Cristian Radu, VMware
11:30-12:00 Community session – How to maintain your vSAN cluster(s) – Victor Homocea, NTT Data Services
12:00-12:15Break / Networking
12:15-13:00Sponsor session – The Power of Hyper-Converged – Cristian Stan, Dell EMC
13:00-13:30Community session –  vRealize Operations Manager v6.x Day2: Troubleshoot cluster components – Bogdan Mitu, Adobe
14:30-15:15Sponsor session – TBD
15:15-15:45Community session – Migrating ESXi hosts between vCenters with powered on VMs – Corneliu Lefter, Neverfail
15:45-16:00Break / Networking
16:00-16:30Community session – DCLI – New(est) CLI on the block – Mihai Huica, Orange
16:30-17:30Craft beer tasting

The post VMUG Romania February Meeting appeared first on CloudHat.eu.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

In this article I will show you how to install VCSA 6.7 (VMware vCenter Server Appliance).

To start, you need an installation kit of vCenter Server Appliance 6.7. For this article, I will use the VCSA 6.7 Update 1 version – VMware-VCSA-all-6.7.0-10244745.iso (the latest available at the time I wrote this article).

Note: If you look for VCSA upgrade instructions, check this article: How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 1.

Install VCSA 6.7 (VMware vCenter Server Appliance) – Stage 1

To launch the installer I will use a Windows virtual machine (alternatively you can use a Mac or a Linux system). Unzip the archive and navigate to VMware-VCSA-all-6.7.0-10244745\vcsa-ui-installer\win32 folder. Launch installer.exe and begin to install VCSA 6.7.

vCenter Server Appliance 6.7 Installer will start. Click on Install.

The installation process consists in two separate stages. At the end of the first stage we will deploy the appliance, then in the second stage we will configure it. Let’s start with first stage: click Next.

Read the End user license agreement, check “I accept the terms of the license agreement” checkbox and click Next.

We now must choose the deployment type. I will show a simple installation, so I will choose “vCenter Server with an Embedded Platform Services Controller”. Read more on vCenter 6.7 available deployment types. Click Next.

We now have to enter the details of the ESXi server where we will deploy the VCSA 6.7 appliance. If you don’t have any available ESXi server, you can read my article How to Install VMware vSphere 6.7. Click Next.

Installer will connect now to the ESXi server. If you don’t have trust relationship configured, you will receive a certificate warning. Click Next.

We need now to set up the appliance name (this is the name of the virtual machine that you will see in vSphere Client, and not the FQDN of the vCenter) and the root password. Click Next.

For next step we need to select the deployment size. You can see the resources allocated for different deployment sizes. As I deploy this vCenter in a home lab, I chose Tiny deployment with a default storage size. Click Next.

Select on which ESXi datastore you want to deploy the appliance. You have also the option to enable thin disk mode. Last option allows you to configure a new vSAN cluster and deploy the appliance on this cluster. I will not treat vSAN deployment in this article.

You need to decide on DNS records of the vCenter appliance. Before moving on, make sure you already have A and PTR records for VCSA in your DNS server (if you miss this one, deployment will fail). I check below for forward and reverse name resolution.

We need now to configure networking details. Pay attention to the system name (you will not be able to change it afterwards). To avoid deployment failure, double-check the FQDN and the IP address. Click Next.

Review all the settings and if everything is correct, click Finish.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

VMware has released a new security advisory VMSA-2018-0024: VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability.

This advisory documents the remediation of one critical issue: VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. If certificate-based authentication is not enabled the outcome of exploitation is limited to an information disclosure (Important Severity).

The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2018-6979 to VMSA-2018-0019 issue.

VMSA-2018-0024 – Affected Products and Resolutions

AirWatch Console 9.7.x – update to version or above
AirWatch Console 9.6.x – update to version or above
AirWatch Console 9.5.x – update to version or above
AirWatch Console 9.4.x – update to version or above
AirWatch Console 9.3.x – update to version or above
AirWatch Console 9.2.x – update to version or above
AirWatch Console 9.1.x – update to version or above

As per VMware KB, if patching your environment is not feasible in a timely manner, you can take mitigation steps by disabling SAML authentication for enrollment located under System > Enterprise Integration > Directory Services.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

The post VMSA-2018-0024 – AirWatch Console Vulnerability appeared first on CloudHat.eu.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview