How to Upgrade vCenter Server Appliance from 6.5 to 6.7

How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 2

In a previous article (How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 1) I walked through the first phase of the upgrade process for vCSA 6.7 (embedded deployment) – Deploy the OVA File of the new vCenter Server Appliance with an embedded Platform Services Controller. In this article I will cover phase 2 of the vCenter upgrade – transfer the data and setup the newly deployed vCenter Server Appliance.

Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 2

In the last step of the phase 1, I was presented with the following screen:

Upgrade vCenter Server Appliance from 6.5 to 6.7 - Deploy VCSA Completed

Read More

How to Upgrade vCenter Server Appliance from 6.5 to 6.7

How to Upgrade vCenter Server Appliance from 6.5 to 6.7 – Stage 1

In this article I will show you how to upgrade vCenter Server Appliance running 6.5 to the target version of 6.7. I will upgrade an embedded deployment (as per vCenter Server and Platform Services Controller Deployment Types: all services bundled with the Platform Services Controller are deployed together with the vCenter Server services on the same virtual machine or physical server).

The upgrade procedure consists in two steps:

  1. Stage 1 – Deploy the OVA File of the new vCenter Server Appliance with an embedded Platform Services Controller
  2. Stage 2 – transfer the data and setup the newly deployed vCenter Server Appliance

In this article I will cover Stage 1 (deployment of a new vCSA 6.7). In a later article I will cover Stage 2 (data migration from the old 6.5 vCSA to the new 6.7 vCSA).

Read More

New Security Patch – vCenter Server 6.5 U1g

VMware released today a new security patch, vCenter Server 6.5 U1g, build number 8024368. This release contains few VMware software fixes, security fixes, and third-party product fixes. The new patch can already be downloaded from My VMware portal (VMware-VCSA-all-6.5.0-8024368.iso, 3.36 GB). Patch is also available through standard online repository.

Updated packages in vCSA (Photon OS):

vCenter Server 6.5 U1g provides part of the hypervisor-assisted guest mitigation of CVE-2017-5715 for guest operating systems (Spectre-2 vulnerability). For more details on this mitigation, see VMware Security Advisory VMSA-2018-0004.3.

The patch also fixes an issue where in some cases the inclusion of an ESXi host into an empty Enhanced vMotion Compatibility (EVC) cluster would fail even though the host met the requirements.

Read More

New Security Patch – vCenter Server 6.5 U1f

VMware released today a new security patch, vCenter Server 6.5 U1f, build number 7801515. This release patches the vCSA operating system (Photon OS) mainly against two vulnerabilities: bounds-check bypass (Spectre-1, CVE-2017-5753) and rogue data cache load issues (Meltdown, CVE-2017-5754). As of now, there is still no patch for branch target injection vulnerability (Spectre-2, CVE-2017-5715).

The new patch can already be downloaded from My VMware portal (VMware-VCSA-all-6.5.0-7801515.iso, 3607.6 MB), but it’s not yet available on the online repository for update using management GUI or CLI. Update 16 February 2018: the patch is available on the online repository, see below for details.

Updated packages:

  • linux 4.4.110-2
  • libgcrypt 1.7.6-3
  • c-ares 1.12.0-2
  • ncurses 6.0-8
  • libtasn1 4.12-1
  • wget 1.18-3
  • procmail 3.22-4
  • rsync 3.1.2-4
  • apr 1.5.2-7

Read More

How to Update vCenter Server Appliance to 6.5 Update 1d

VMware recently released vCenter Server 6.5 Update 1d (Build 7312210). You can read more details about this release in my previous article: “New Release – VMware vCenter Server 6.5 Update 1d”. In another article, I showed how to update vCenter Server Appliance using VAMI (vCenter Server Management Interface). The article covers the update to version 6.5 Update 1b, but there is no change in procedure to go to the latest Update 1d.

In this article I will show a different way to update vCenter Server Appliance. I will update vCSA using the appliance shell. This process is as simple as updating through VAMI, but instead of clicking through the user interface, I will execute few commands in remote console.

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance).

Read More

New Release – VMware vCenter Server 6.5 Update 1d

VMware released vCenter Server 6.5 Update 1d (Build 7312210) to update few third party packages and to fix plenty of bugs. This release also brings a new icon for vSAN witness appliances.

You can already download the update from my.vmware.com site (login is required).

vCenter Server 6.5 Update 1d

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance). If you need update instructions check these articles: Update vCSA using VAMI and Update vCSA using Appliance Shell.

Issues resolved in vCenter Server 6.5 Update 1d

In vCenter 6.5 Update 1d, VMware updated multiple packages:

  • Oracle (Sun) JRE 1.8.0_141
  • Spring Framework 4.3.9
  • OpenSSL 1.0.2l
  • Tomcat 8.5.15
  • Apache Struts 2.5.13
  • Eclipse Jetty 9.2.22

Read More

VMware Security Advisory

VMware Security Advisory VMSA-2017-0021

VMware has released a new security advisory: “VMSA-2017-0021 – VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities”.

Among affected products, we find vCenter Server Appliance 6.5, ESXi (5.5, 6.0, and 6.5), Workstation 12.x, and Fusion 8.x.

VMSA-2017-0021 – ESXi, Workstation, and Fusion stack overflow via authenticated VNC session

CVE-2017-4941 – VMware ESXi, Workstation, and Fusion contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. A successful exploitation will result in remote code execution in a virtual machine via the authenticated VNC session. As prerequisites for a successful exploit, VNC must be manually enabled in a virtual machine’s .vmx configuration file and ESXi must be configured to allow VNC traffic through the firewall.

Affected products and versions:

  • ESXi 5.5 and 6.0 (install patches ESXi550-201709101-SG or ESXi600-201711101-SG)
  • Workstation 12.x (upgrade to version 12.5.8)
  • Fusion 8.x (upgrade to version 8.5.9)

Read More

Update vCenter Server Appliance

How to Update vCenter Server Appliance to 6.5 Update 1b

On 26 October 2017, VMware released VMware vCenter Server 6.5 Update 1b. In this article I will show you how to easily update vCenter Server Appliance (VCSA) from version 6.5.x to the latest 6.5 Update 1b using vCenter Server Appliance Management Interface (VAMI). This version is also identified by version number 6.5.01100  and build number 6816762 (you can check KB2143838 for all vCenter build and version numbers – unfortunately VMware is a little behind to update this KB article).

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance).

In my case, I will update vCenter Server Appliance from 6.5.0.5500 build 5318154 to the latest 6.5.0.11000 build 6816762. I will start by accessing VAMI, on port 5480 of the vCenter Server (https://vcenter.lab.local:5480/ for my lab). I will authenticate with root user and corresponding password.

Update vCenter Server Appliance - VAMI Login

Read More

How to Install VCSA 6.5 (VMware vCenter Server Appliance)

In this article I will show you how to install VCSA 6.5 (VMware vCenter Server Appliance).

To start, you need an installation kit of vCenter Server Appliance 6.5. For this article, I will use the VCSA version I downloaded from my VMUG Advantage account (VMware-VCSA-all-6.5.0-5318154.iso).

Note: If you look for VCSA update instructions, check this article: How to Update vCenter Server Appliance to 6.5 Update 1b.

Read More