VMware Security Advisory

VMSA-2020-0009 – VMware vRealize Operations Manager Vulnerability

Updated on 16 May 2020 with fixed versions of vRealize Operations.

VMware has released a new security advisory VMSA-2020-0009: VMware vRealize Operations Manager addresses Authentication Bypass and Directory Traversal vulnerabilities.

Two vulnerabilities were disclosed in Salt, an open source project by SaltStack, which is used by VMware vRealize Operations Manager. This advisory documents the remediation of one critical and one important issues. The Application Remote Collector (ARC) introduced with vRealize Operations Manager 7.5 utilizes Salt and as such presents two vulnerabilities, one authentication bypass and one directory traversal.

The Common Vulnerabilities and Exposures project has assigned the identifiers CVE-2020-11651 to the authentication bypass vulnerability and CVE-2020-11652 to the directory traversal.

A malicious actor with network access to port 4505 or 4506 on the ARC may take control of the ARC and any Virtual Machines the ARC may have deployed a Telegraf agent to. For the second vulnerability, a malicious actor with network access to port 4505 or 4506 on the ARC may access the entirety of the ARC filesystem.

Read More
Configure vRealize Orchestrator 8.1

How to Configure vRealize Orchestrator 8.1

In a previous article I documented steps required to install the latest VMware vRealize Orchestrator 8.1. After vRO deployment, you have to go through the initial configuration of the application. In this article I will show you how to configure a standalone vRealize Orchestrator 8.1 with vSphere authentication.

By default the password expiry of the root account of the vRealize Orchestrator Appliance is set to 365 days. If you choose to extend the expiration period, you can do that opening a SSH connection to the vRO appliance and running this command:

passwd -x number_of_days_to_expire root

Configure vRealize Orchestrator - Change Password Expiration Policy

While you are connected to the SSH, you can also run a check for proper DNS resolution, forward and reverse:

nslookup vro_FQDN

nslookup vro_IP_address

Configure vRealize Orchestrator - Check DNS Resolution
Read More
vRealize Orchestrator 8.1

How to Install VMware vRealize Orchestrator 8.1

In this article I will demonstrate how to install VMware vRealize Orchestrator 8.1 step by step. This is the latest vRO version to date, released only days ago. You can read more details about the changes in vRO 8.1 in one of my previous articles: VMware vRealize Orchestrator 8.1.

First step is to download the required OVA file: O11N_VA-8.1.0.9326-15995344_OVF10.ova. Make sure DNS resolution for your future vRO appliance works, both forward and reverse (hostname and IP address). You can then proceed to deploy the appliance from your vCenter Server (minimum vCenter Server version is 6.0, although that is already an unsupported version by VMware, and I hope you are at least on version 6.5, if not on 7.0).

Read More
vRealize Orchestrator 8.1

VMware vRealize Orchestrator 8.1

Few days ago, VMware released the latest version of their orchestration application, vRealize Orchestrator 8.1 (O11N_VA-8.1.0.9326-15995344_OVF10.ova, build version 15995344).

A little bit of my history with vRO: after playing with versions 5 to early 7 for few years, I took a pause in using Orchestrator. At the beginning of this year, I accepted the challenge to co-run a VMUG presentation on Orchestrator and I tried one of the first version 8 releases. I have to admit I missed few things from my old vRO days. Among them, the new HTML client felt a little strange with the biggest changes being the missing tree view or the removal of visual binding. I think VMware is on a good track now with this product, and 8.1 looks promising 🙂

Read More
PowerCLI 12.0.0

VMware PowerCLI 12.0.0

VMware released a new PowerCLI version, version 12.0.0. I will cover in this article the improvements brought by PowerCLI 12.0.0 and the easy installation process on both Windows and Linux. For full documentation on this version of PowerCLI you can check the code.vmware.com page.

PowerCLI 12.0.0 Changes

New features:

  • New module: VMware.VimAutomation.WorkloadManagement -provides cmdlets for managing namespace lifecycle and policy for Project Pacific.
  • New module: VMware.CloudServices – provides cmdlets for managing VMware Cloud Services.
Read More
VMware vCenter Server 6.7 Update 3f

VMware vCenter Server 6.7 Update 3f

VMware released a new vCenter Server version: 6.7 Update 3f, 6.7.0.43000, build 15976714. In this article I will cover the resolved issues and I will show how easy is to update from a previous version of vCenter Server 6.7 to VMware vCenter Server 6.7 Update 3f.

In case you are looking for a plain installation of vCenter Server 6.7, you can check my other article: How to Install VCSA 6.7 (VMware vCenter Server Appliance).

Resolved Issues

This release of vCenter Server 6.7 Update 3f delivers the following patch:

  • Security Patch for VMware vCenter Server 6.7 Update 3f (VMware-vCenter-Server-Appliance-6.7.0.43000-15976714-patch-FP.iso)

VMware vCenter Server 6.7 Update 3f resolves a critical security issue documented in security advisory VMSA-2020-0006: vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), may not correctly implement access controls. A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.

Read More

How to Upgrade vCenter Server Appliance from 6.7 to 7.0 – Stage 2

In a previous article (How to Upgrade vCenter Server Appliance from 6.7 to 7.0 – Stage 1) I walked through the first phase of the upgrade process for vCSA 7.0 – Deploy the OVA File of the new vCenter Server Appliance. In this article I will cover phase 2 of the vCenter upgrade – transfer the data and setup the newly deployed vCenter Server Appliance.

Upgrade vCenter Server Appliance from 6.7 to 7.0 – Stage 2

In the last step of the phase 1, I was presented with the following screen:

Upgrade-vCenter-Server-Appliance-from-6.7-to-7.0-Deploy-VCSA-Completed
Read More
Upgrade vCenter Server Appliance from 6.7 to 7.0 - Stage 1

How to Upgrade vCenter Server Appliance from 6.7 to 7.0 – Stage 1

In this article I will demonstrate how to upgrade vCenter Server Appliance running 6.7 to the target version of 7.0. I will upgrade an embedded deployment running in my home lab using the GUI method.

The upgrade procedure consists in two steps:

  1. Stage 1 – Deploy the OVA File of the new vCenter Server Appliance
  2. Stage 2 – transfer the data and setup the newly deployed vCenter Server Appliance

In this article I will cover Stage 1 (deployment of a new vCSA 7.0). In a later article I will cover Stage 2 (data migration from the old 6.7 vCSA to the new 7.0 vCSA).

Read More
VMware vExpert

VMware vExpert 2020

VMware just announced the list of 2020 vExperts and I am honored to be nominated for the third time!

For 2020, VMware awarded this title to over 1700 persons from over 40 countries. I’m glad that my country, Romania, has 3 more friends on this list: Razvan Ionescu, Aylin Sali and Michael Stoica. I feel that more of the people involved in the VMware community from Romania should set a target for themselves to be nominated next year (some of them should start with a Twitter account, hint!). If you need more information about the program, feel free to send me a message. For my Romanian friends: you may find more details about being a vExpert from a presentation I did for Romanian VMUG some time ago (first video recording from VMUG Romania October Meeting Report starting around the 6th minute).

For those still unfamiliar with the benefits of the program, I will list the ones that strike me as most important:

  • recognition both from VMware and from community to personal “significant contributions to the community and a willingness to share their expertise with others”
  • access to vExpert Slack channel – I would say this is a treasure judging by the persons around and the quality of their posts. Think at this as a personal Twitter on steroids 🙂
  • VMware software licenses for home labs – virtually all VMware products can be tried with 1 year licenses with enough capacity for a decent home lab
  • exclusive opportunities for vExperts – webinars, VMworld events, access to beta programs
  • not for resale licenses from other vendors from VMware environment

For the comprehensive list of 2020 vExperts, you can visit the dedicated directory at vexpert.vmware.com/directory.

Congratulations to all new and renew vExperts!

VMUG Romania February 11 2020

VMUG Romania Report – GPU, AI, and VMware News

On February 11, 2020, at PointHub in the usual location, about 50 technology enthusiasts attended the first VMUG Romania meeting in 2020. We managed to start the year in force with two special guests, VCDX certified: Niels Hagoort (VMware) and Johan van Amersfoort (ITQ).

The winter edition of the VMUG Romania meeting was sponsored by:

  • VMware – Program Sponsor
  • Hewlett Packard Enterprise – Platinum Sponsor
  • Commvault – Gold Sponsor
  • Pure Storage – Gold Sponsor
  • Veeam – Silver Sponsor

Fighting Cancer with VMware Technology, GPUs, and ML – Niels Hagoort and Johan van Amersfoort

Niels Hagoort (VCDX # 212 and Technical Marketing Architect at VMware’s Cloud Platform Business Unit) together with Johan van Amersfoort (VCDX # 238, EUC Architect and Tech Marketing Manager at ITQ Consultancy) introduced us to a special world, that of the GPU devices. Johan started with a brief history of video games and the influence of GPUs. We listened stories about Doom (the Game) and Toy Story (the Movie), GeForce and Voodoo (the GPU cards), then switched to GPUs used for High Performance Computing (HPC), Machine Learning (ML) and Deep Learning (DL).

Read More