VMware vCenter Server 6.7 Update 2

VMware vCenter Server 6.7 Update 2

VMware just released a new vCenter Server version: 6.7 Update 2, 6.7.0.30000, build 13010631. In this article I will cover some of the new features and resolved issues. I will also demonstrate how easy is to update from a previous version of vCenter Server 6.7 to VMware vCenter Server 6.7 Update 2.

In case you are looking for a plain installation of vCenter Server 6.7, you can check my other article: How to Install VCSA 6.7 (VMware vCenter Server Appliance).

VMware vCenter Server 6.7 Update 2 New Features

vCenter Server 6.7 Update 2 introduces Virtual Hardware Version 15 which adds support for creating virtual machines with up to 256 virtual CPUs.

There are few changes in vCenter backups: you can use NFS v3 (Network File System) and SMB2 (Server Message Block) protocols for file-based backup and restore operations. Also it adds version details to the “Enter backup details” page that help you to pick the correct build to restore the backup file. You can create alarm definitions to monitor the backup status of your system (using email, SNMP traps or scripts as actions).

Read More
VMware Security Advisory

VMware ESXi, Workstation, Fusion and vCloud Director Security Updates

VMware has released two new security advisories VMSA-2019-0004 (VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability) and VMSA-2019-0005 (VMware ESXi, Workstation and Fusion updates address multiple security issues).

The advisories document the remediation of these critical issues:

  • VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.
  • VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of these issues requires an attacker to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host.
  • VMware Workstation and Fusion contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.
  • VMware Workstation and Fusion updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.
  • VMware Fusion contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
Read More
How to Upgrade ESXi from 6.5 to 6.7 with Command Line

How to Upgrade ESXi from 6.5 to 6.7 with Command Line

In a previous post I wrote about how to update ESXi 6.5 using Command Line. It’s 6.7 time now, so here is the article explaining how to upgrade ESXi from 6.5 to 6.7 with the command line (esxcli). This method works either the ESXi server is standalone or added to a vCenter Server (I will use no component of vCenter Server).

As a prerequisite, I placed the ESXi 6.5 server in maintenance mode.

Upgrade ESXi from 6.5 to 6.7 with Command Line - Maintenance Mode

Upgrade ESXi from 6.5 to 6.7 with Command Line – Check ESXi Version

To find the current version of ESXi, after I connected with PuTTY to the server, I ran this command:

esxcli system version get

Upgrade ESXi from 6.5 to 6.7 with Command Line - Check ESXi Version
Read More
How to Upgrade vCenter Server Appliance from 6.5 to 6.7

How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 2

In a previous article (How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 1) I walked through the first phase of the upgrade process for vCSA 6.7 (embedded deployment) – Deploy the OVA File of the new vCenter Server Appliance with an embedded Platform Services Controller. In this article I will cover phase 2 of the vCenter upgrade – transfer the data and setup the newly deployed vCenter Server Appliance.

Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 2

In the last step of the phase 1, I was presented with the following screen:

Upgrade vCenter Server Appliance from 6.5 to 6.7 - Deploy VCSA Completed

Read More

How to Upgrade vCenter Server Appliance from 6.5 to 6.7

How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 1

In this article I will show you how to upgrade vCenter Server Appliance running 6.5 to the target version of 6.7. I will upgrade an embedded deployment (as per vCenter Server and Platform Services Controller Deployment Types: all services bundled with the Platform Services Controller are deployed together with the vCenter Server services on the same virtual machine or physical server).

The upgrade procedure consists in two steps:

  1. Stage 1 – Deploy the OVA File of the new vCenter Server Appliance with an embedded Platform Services Controller
  2. Stage 2 – transfer the data and setup the newly deployed vCenter Server Appliance

In this article I will cover Stage 1 (deployment of a new vCSA 6.7). In a later article I will cover Stage 2 (data migration from the old 6.5 vCSA to the new 6.7 vCSA).

Read More

How to Update vCenter Server Appliance to 6.5 Update 1d

VMware recently released vCenter Server 6.5 Update 1d (Build 7312210). You can read more details about this release in my previous article: “New Release – VMware vCenter Server 6.5 Update 1d”. In another article, I showed how to update vCenter Server Appliance using VAMI (vCenter Server Management Interface). The article covers the update to version 6.5 Update 1b, but there is no change in procedure to go to the latest Update 1d.

In this article I will show a different way to update vCenter Server Appliance. I will update vCSA using the appliance shell. This process is as simple as updating through VAMI, but instead of clicking through the user interface, I will execute few commands in remote console.

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance).

Read More

New Release – VMware vCenter Server 6.5 Update 1d

VMware released vCenter Server 6.5 Update 1d (Build 7312210) to update few third party packages and to fix plenty of bugs. This release also brings a new icon for vSAN witness appliances.

You can already download the update from my.vmware.com site (login is required).

vCenter Server 6.5 Update 1d

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance). If you need update instructions check these articles: Update vCSA using VAMI and Update vCSA using Appliance Shell.

Issues resolved in vCenter Server 6.5 Update 1d

In vCenter 6.5 Update 1d, VMware updated multiple packages:

  • Oracle (Sun) JRE 1.8.0_141
  • Spring Framework 4.3.9
  • OpenSSL 1.0.2l
  • Tomcat 8.5.15
  • Apache Struts 2.5.13
  • Eclipse Jetty 9.2.22

Read More

How to Update ESXi 6.5 with Command Line

In a previous post I wrote about how to easily update ESXi 6.5 using Update Manager. This time I will show another method of updating ESXi, more specific I will update ESXi 6.5 with the command line tool (esxcli). This method works either the ESXi server is standalone or added to a vCenter Server (I will use no component of vCenter Server).

When is this method better than using the Update Manager? The simplest use case is when you have no vCenter Server (because Update Manager is a component of vCenter Server). In other cases, you may be more familiar running scripts than clicking into a user interface 🙂

As a prerequisite, I placed the ESXi server in maintenance mode. Let’s start!

Read More

Update vSphere HTML5 Web Client Fling - Dashboard

How to Update vSphere HTML5 Web Client Fling

In an earlier post I showed how to install vSphere HTML5 Web Client Fling. The biggest difference between fling version and the vCenter 6.5 supported version is that the fling gets updated more often. In this post I will show how easy it is to update vSphere HTML5 Web Client Fling.

I will start from the base version 3.27.0 build 7055108. My target is to update the fling to version 3.29.0 build 7157335. Even if only 2 weeks passed since 3.27.0 release, there are few new features available:

  • Configure advanced CPU Identification Mask
  • Select PVRDMA adapter type for a VM network
  • Configure traffic filtering and marking rules on distributed port groups
  • Export and import distributed switches and distributed port groups

See the full change log in the official fling repository.

Read More

VMware Security Advisory

VMware Security Advisory VMSA-2017-0017

VMware has released a new security advisory: “VMSA-2017-0017 – VMware vCenter Server update resolves LDAP DoS, SSRF and CLRF injection issues“.

VMSA-2017-0017 advisory covers two issues affecting VMware vCenter Server:

  • CVE-2017-4927 – VMware vCenter Server doesn’t correctly handle specially crafted LDAP network packets which may allow for remote DoS. This issue affects vCenter Server 6.5 and 6.0. vCenter Server 6.5 Update 1 and 6.0 Update 3c fix this issue.
  • CVE-2017-4928 – SSRF and CRLF injection issues in vSphere web client. An attacker may exploit the Flash-based vSphere Web Client by sending a POST request with modified headers towards internal services leading to information disclosure. This issue affects vCenter Server 6.0 and 5.5. vCenter Server 6.0 Update 3c and 5.5 Update 3f fix this issue.

Read More