vArchitect Newsletter 015

VMware Security announcements

VMware has released quite a few product updates in the last 2 weeks to address security issues.  Please review the vulnerability list below carefully and address where necessary or just read the  summary below:

  • Upgrade vCenter Server 6.5 to 6.5 U1
  • Upgrade ESXi 6.5 to ESXi650-201707101-SG
  • Upgrade Workstation 12.x to 12.5.7
  • Upgrade Fusion 8.x to 8.5.8
  • Important patch for vRA and VIDM are not yet available, keep an eye on VMSA-2016-0019.

Critical:  Out-of-bounds write vulnerability in SVGA

VMware ESXi, Workstation & Fusion contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

View on EVC here

  • Upgrade ESXi 6.5 to ESXi650-201707101-SG
  • Upgrade Workstation 12.x to 12.5.7
  • Upgrade Fusion 8.x to 8.5.8

Moderate:  Guest RPC NULL pointer dereference vulnerability

VMware ESXi, Workstation & Fusion contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests.

Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

View on EVC here

  • Upgrade ESXi 6.5 to ESXi650-201707101-SG
  • Upgrade ESXi 6.0 to ESXi600-201706101-SG
  • Upgrade ESXi 5.5 to ESXi550-201709101-SG
  • Upgrade Workstation 12.x to 12.5.7 (this new version will remediate critical bug)
  • Upgrade Fusion 8.x to 8.5.8 (this new version will remediate critical bug)

Moderate: Stored XSS in H5 Client

vCenter Server H5 Client contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.

View on EVC here

  • Upgrade vCenter Server 6.5 to 6.5 U1
Opvizor slack bot

Is your business using Slack? Do you communicate more with your co-workers, who sit across from you, using Slack more than actual talking? Do you have more channels in your list than what is really necessary? We are probably all in the same boat on this one!

Well why not use Slack to monitor and manage your VMware environment? The guys from Opvizor created a Slack bot for VMware vSphere, and at the moment it is free and endorsed by both Luc Dekens and Alan Renouf, the godfather of PowerCLI.

Some of the cool things it can do:

  • @opbot help: gives you a full list of all the commands
  • Last Entity: When you send a command to a specific VM (or list of VMs), OpBot automatically remembers that VM for the next command.
  • [show] vm (VM_NAME or *) snapshots: will show the snapshot tree for all VMs.
  • [show] vm (VM_NAME or *) screenshot: will show image of VM desktop
  • vm "VM_NAME" snapshot create "SNAPSHOT_NAME": create snapshot
  • vm top 6 cpuusage: 6 machines with highest CPU consumption
  • many more to use

Download here today!

New VMware Certification

VMware recently released a new associates certification called VCA-DBT (VMware Certified Associate – Digital Business Transformation)

Earning the VCA-DBT will showcase your digital transformation expertise — highly valued in today’s IT marketplace — by validating your knowledge of:

  • How virtualization concepts drive an enterprise’s digital agenda
  • The VMware products that support VMware Cloud Foundation and Cross-Cloud Architecture solutions, including VMware vSphere, VMware vSAN, VMware NSX, and the VMware vRealize Suite

Also, be aware that VMware is retiring some associate 6 certifications on December 31, 2017:

  • VMware Certified Associate 6 – Data Center Virtualization (VCA6-DCV) – exam 1V0-621
  • VMware Certified Associate 6 – Network Virtualization (VCA6-NV) – exam 1V0-642
  • VMware Certified Associate 6 – Desktop and Mobility (VCA6-DTM) – exam 1V0-605 VMware Certified Associate 6 – Cloud Management and Automation (VCA6-CMA) – exam 1V0-60
VMware announces General Availability of VMware vRealize Suite Lifecycle Manager 1.0

VMware vRealize Suite Lifecycle Manager automates Day 0 to Day 2 operations of the entire vRealize Suite, enabling simplified operational experience.

It also automates lifecycle management with a single pane of glass, with key capabilities like:

  • Simplified New Install of vRealize Suite
    • Product & Solution Based install (VVD)
    • Standardized deployment sizing (S/M/L)
    • Silent Install (infra as code)
  • Support Brownfield Environment - Import existing environment
  • Pre-checks & Validation
  • Single sign-on (vIDM integration)
  • GUI & API based
  • Export configuration (JSON template)
  • Snapshot and one-click upgrade
  • Day 2 Operations
    • Scale-out
    • Organic growth
  • com Integration
  • Configuration Management and Drift Reporting
  • Health Monitoring (Integration with vROPS SDDC Health)
  • Error Handling / Log Bundles
  • Aligned to VMware reference architecture & VMware validated designs
  • Backup and restore with EMC Avamar

View the release notes here, with documentation available here.

New VMworld 2017 Hands-on Labs released

VMware has begun releasing the new VMworld 2017 Hands-on Labs and will continue to do so for the next couple of weeks until all 81 are available.  Direct links to HOLs available here.

Veeam Backup for Office 365 v1.5 Released

The popular backup for Office 365 from Veeam has reached the 1.5 release as noted in this blog. This version was announced at VeeamON this year and brings a host of new features with it including a new REST API, various scenarios like hybrid, and public folder protection. So if you’re a Veeam customer and also an O365 customer, you probably want to check this out.

vSphere Integrated Containers 1.2 Released

The 1.2 version of VIC brings many needed features like SSO access tied to the PSC, integration with Harbor, reconfiguring deployed VCHs, and others. Check the release notes here. If you’re an existing vSphere Enterprise Plus owner, you’re entitled to VIC so you may want to give it a go if you want to be able to integrate containers into your native vSphere.

VMware Cloud on AWS Sizing

One of the big things that came out of VMworld this year was VMC on AWS. Now that it’s generally available in US West, you may be wondering how to take advantage of it. There was a good blog released that gives you some help in that area, so definitely worth a read.

VMworld 2017 Session URL Dump

William Lam did his awesome session dump again this year of the VMworld recordings. While not everything was recorded, the vast majority was, so use his GitHub site to easily search through those sessions to catch the ones you missed.

Horizon 7.3 Released

Announced at VMworld 2017, Horizon 7.3 has formally been GA’d. Get the release notes here. Lots of new changes. Also, one other thing to add which may not show up there but was caught on Twitter. VMware has stated they are putting all future development into the new Blast Extreme protocol rather than PCoIP. So if you’re hoping it would continue to grow, now might be the time to switch to Blast Extreme which is said to offer much better performance.

vCenter 6.5 Update 1a Released

This is a security update for the vCSA that was released recently due to the replatforming of vCenter on Photon OS. Check the release notes for that here. Now that VMware owns the underlying OS, they are beginning a more regular cadence of releasing security patches for it. This is a good thing and a shift from the past when they were reliant upon SLES to release them. It’s a win-win for everyone, so no reason not to stay patched up on the appliance, especially considering how easy it is to update (click the ‘Update’ button in the VAMI).

Monitoring Veeam Backup & Replication with vROps

A new blog from Chip shows you how to monitor your Veeam servers and their various services if you have vROps. Definitely recommend you take a look and incorporate this type of guest-level monitoring for any BC/DR solution you might have.

Custom Naming in vRA with Zero Custom Coding

Here is another new blog article that shows you how to incorporate your complex custom naming standard into vRA all while using no custom code thanks to SovLabs. Take a read here.

VMware vRealize Operations for Horizon & Published Apps 6.5 Is GA

vROps for Horizon is definitely a good product, and VMware just released the new version of it. Catch the blog article here and release notes here. Some things added are NVIDIA vGPU support, use- and pool-level metrics (which were a common complaint), and more info on cloud pods.

VMware Workstation 14 and Fusion 10 Released

More releases to mention in this newsletter. VMware have released Workstation 14 and Fusion 10, which customarily bring a host of new features. The blogs linked have the release notes, so go check out what’s new. Just a word of caution as we’ve seen several issues reported on the VMTN Communities to backup your VMs and also your Workstation/Fusion keys before you upgrade. Any time you take the plunge on a dot zero release you run the risk of encountering bugs and other odd issues.

VMware Tools 10.1.15 Released

While not a typical product release, VMware has been putting out new versions of VMware tools out-of-band to ESXi for some time now. Recently, version 10.1.15 was made available. You can get the release notes here. So if you’re updating these tools in your ESXi product locker, you can download these bits and add them there, and then proceed to push them to your VMs.

vCloud Director 9.0 Released

vCD 9 was recently released, and it’s the biggest release ever by many accounts. Notes you can get here. Some things to call out that are the largest are the new Clarity UI, and support for an internal vPostgres. SQL is no longer required, and that is reason enough to party for most users.

NVIDIA vGPU Management Pack for vROps

Something new here but is pretty cool is a vROps pack for NVIDIA vGPU. This is the 1.0 release, so best not to expect the moon, but if you have NVIDIA GPUs in use and vROps then you probably should get it. Comes with a number of dashboards that show host and guest usage of the GPU and other metrics.

Service Discovery Management Pack 2.0

If you followed the last newsletter, we talked about how Infrastructure Navigator is EOL and just won’t work at all with vSphere 6.5. That functionality is being slowly rolled into vROps via a separate Service Discovery management pack. That pack recently reached the 2.0 version, and although not a ton has changed, it does fix some issues. We hope to see this improved as VIN was a very useful tool and really has no equivalent at this time.

vRealize Orchestrator 7.2.1 patch

Those using vRO 7.2 (maybe with vRA 7.2), you should know about a patch that will bring it up to 7.2.1 and fixes many issues in the process. We have noticed this fixes some problems observed in the field, so you probably want to consider it. Check out the KB article containing it here.