Install vRealize Suite Lifecycle Manager

How to Install vRealize Suite Lifecycle Manager 1.1

vRealize Suite Lifecycle Manager is a relatively new tool in VMware’s portfolio. You can use it to install, configure and upgrade vRealize environments consisting in vRealize Automation, vRealize Business for Cloud, vRealize Log Insight and vRealize Operations. In this article I will show how to install vRealize Suite Lifecycle Manager 1.1.

You will need access to both a vCenter Server and an ESXi host 6.0 or 6.5. For running the virtual machine you will have to allocate minimum 2 vCPU and 16GB of RAM. The smallest used disk is around 3GB, and it can grow up to 135GB.

You can download vRealize Suite Lifecycle Manager 1.1 from My.VMware portal (you need to use your credentials to authenticate). You will end up with a 1.7GB OVA file (VMware-vLCM-Appliance-1.1.0.7-7359844_OVF10.ova), released on 12 December 2017.

Install vRealize Suite Lifecycle Manager - My VMware
Install vRealize Suite Lifecycle Manager – My VMware

Read More

vSphere HTML5 Web Client Fling v3.33

New Release – vSphere HTML5 Web Client Fling v3.33

What a release schedule! The team behind vSphere HTML5 Web Client Fling is doing a beautiful job here, one release every other week. I previously blogged about v3.32 of the plugin and the vApp goodies it brought. Here we are in front of a new release, v3.33, with another great set of vApp and VM improvements.

If you don’t use yet the vSphere HTML5 Web Client Fling, you can find here the installation details.

The update process is as easy as described in the How to Update vSphere HTML5 Web Client Fling article. You just hit “Update vSphere Client” button in the management console and the update starts right away:

vSphere HTML5 Web Client Fling - Update
vSphere HTML5 Web Client Fling – Update

After the process is completed and you re-login to the web client, you will see the new version confirmation:

vSphere HTML5 Web Client Fling - Version v3.33
vSphere HTML5 Web Client Fling – Version v3.33

Read More

VMware Carpool Tech Talk - Joe Baguley

VMware Carpool Tech Talk

In a fashion similar with James Corden’s Carpool Karaoke, VMware EMEA released over the last six months a series of short videos: VMware Carpool Tech Talk. For each episode of the series, two VMware influencers share a car and have a short tech talk. It’s a different format, relaxed, fun to follow, and without the exposure it deserves. Without further due, here we go!

VMware Carpool Tech Talk – Rory Choudhuri and Andrew Hald – Hands-on Labs

Rory Choudhuri (Solutions Marketing Director at VMware) talks with Andrew Hald (Principal Architect and Senior Manager) about how VMware Hand-on Labs add value to the products and the customers. How they deliver 150,000 VMs a week, what’s next and what’s in it for you?

Read More

Install Microsoft SQL Server 2017 Developer Edition

How to Install Microsoft SQL Server 2017 Developer Edition

“This is a cloud/virtualization blog, why would you publish an article on how to install Microsoft SQL Server?” That’s a valid question. I am in no way an expert in SQL Server, but I know my way around it. If you follow my blog, you may know I’m a big fan of vRealize Automation. I am working on a vRealize Automation install in my home lab, and this is how this post was born. A Windows domain is mandatory, so I wrote How to Install Active Directory on Windows Server 2012 R2. SQL Server is another prerequisite for vRA, so here I am documenting how to install Microsoft SQL Server 2017.

When thinking at SQL Server, there are few editions to choose from. If you run production workload, you can choose between Enterprise, Standard and Express editions (each which different price and set of features). If you run a test and development environment, you can choose between Express and Developer editions, both free. Express has few limitations, may be enough for a lab environment, but I decided to go with Developer Edition (full-featured free edition). Developer Edition used to be a paid (and cheaper) version, but since March 2016 Microsoft decided to offer it for free. That’s a nice move Microsoft, I hope you will extend the program to Windows Server as well 🙂

I will now document how to do a basic install of Microsoft SQL Server 2017 Developer Edition, to be used in a home lab environment. I will also add to the mix SQL Server Management Studio.

As a first step, you need to prepare a virtual machine where you will install SQL Server. There are plenty of supported operating systems, ranging from Windows 8 to Windows Server 2016. In my case, I chose a Windows Server 2012 R2 Standard Edition virtual machine with all the normal goodies (latest hardware version, latest VMware Tools, vmxnet3 network adapter, paravirtual SCSI adapter). I installed Microsoft security patches (including the latest ones for Meltdown and Spectre vulnerabilities).

You then need to download Microsoft SQL Server 2017 Developer Edition and SQL Server Management Studio 17.4.

Read More

VMware Security Advisory

VMware Security Advisory – VMSA-2018-0005 – Workstation and Fusion Updates

VMware has released a new security advisory: VMSA-2018-0005 – VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities.

This advisory documents the remediation of two issues: one critical (use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled) and one important (an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled).

Read More

VMware Patches for Spectre

VMware Patches for Spectre

After releasing the initial security advisory VMSA-2018-0002 to discuss Meltdown and Spectre vulnerabilities, VMware released yesterday the second advisory on the matter – VMSA-2018-0004 – VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue.

VMSA-2018-0004 – Hypervisor-Assisted Guest Remediation

Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for virtual machines. As a result, a patched guest operating system can remediate the Branch Target Injection issue (CVE identifier CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.

Affected VMware products:

  • vCenter Server 5.5, 6.0, 6.5
  • ESXi 5.5, 6.0, 6.5
  • Workstation 12.x (patch planned; update to 12.5.9), 14.x (update to 14.1.1)
  • Fusion 8.x (update to 8.5.10), 10.x (update to 10.1.1)

Read More

VMware Security Advisory

VMware Security Advisory – VMSA-2018-0001 – vSphere Data Protection

I know you are all busy patching Meltdown and Spectre, but let’s not forget about a security advisory that VMware released so early this year, on 2nd January 2018: VMSA-2018-0001 – vSphere Data Protection (VDP) updates address multiple security issues.

This advisory documents the remediation of three important issues: a VDP authentication bypass vulnerability, VDP arbitrary file upload vulnerability, and a VDP path traversal vulnerability.

Same day, VMware released a new vSphere Data Protection version, 6.1.6, which among other goodies fixes all the vulnerabilities from the current advisory.

Read More

vSphere HTML5 Web Client Fling v3.32

New Release – vSphere HTML5 Web Client Fling v3.32

You may already know I’m a big fan of vSphere HTML5 Web Client Fling, so you should be not surprised that I follow closely the development of this fling. Last few days like everybody else in the tech world I was busy with Meltdown and Spectre vulnerabilities, but I still managed to notice that the development team released a new version: vSphere HTML5 Web Client Fling v3.32.

If you still don’t use the fling (why wouldn’t you?), see the article How to Install vSphere HTML5 Web Client Fling. If you just need to update it, see How to Update vSphere HTML5 Web Client Fling.

Update 22 January 2018: Development Team does a great job on updating the fling, so here it is the new v3.33 version of vSphere HTML5 Web Client Fling.

So, let’s see, what’s new in vSphere HTML5 Web Client Fling?

Read More

VMSA-2018-0003

VMware Security Advisory VMSA-2018-0003

VMware has released a new security advisory: VMSA-2018-0003 – vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities.

This advisory documents the remediation of three important issues: a privilege escalation vulnerability that affects vRealize Operations for Horizon (V4H) and vRealize Operations for Published Applications (V4PA) agents, an out-of-bounds read issue that occurs via Cortado ThinPrint and affects Workstation and Horizon View Client, and a guest access control vulnerability which affects Workstation and Fusion.

Read More

VMSA-2018-0002 Meltdown and Specter

VMware Security Advisory VMSA-2018-0002 – Meltdown and Spectre Vulnerabilities

Google Project Zero released yesterday information about two vulnerabilities with impact to major processors vendors: Meltdown (CVE-2017-5754 – rogue data cache load) and Spectre (CVE-2017-5753 – bounds check bypass & CVE-2017-5715 – branch target injection). Among other organizations, VMware released a security advisory: VMSA-2018-0002 – VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

How to patch your vCenter / ESXi infrastructure against speculative execution vulnerabilities (Meltdown and Spectre). Products, versions, patches, order of upgrade, dependencies, warnings. VMware Patches for Spectre

Meltdown and Spectre Overview

Meltdown breaks the isolation between user applications and the operating system, and allows an application to access all system memory (this includes kernel allocated memory). Meltdown affects a range of  Intel processors.

Spectre breaks the memory isolation between different applications, and allows an application to force another application to access arbitrary portions of its memory. Spectre affects a wide range of processors: Intel, AMD, and ARM.

“Both of these vulnerabilities are hardware level vulnerabilities that exist because of a flaw in CPU architecture. They are very serious vulnerabilities because they are operating system and software independent. The long term fix for both of these issues will require that CPU makers change the way their chips work, which means redesigning and releasing new chips.” – Defiant

You can find more information on both vulnerabilities on spectreattack.com. For comprehensive technical details, you can refer to these academic papers: Meltdown and Spectre.

Read More