Browsed by
Tag: vCenter

How to Mitigate Log4j VMware Vulnerability – Workaround

How to Mitigate Log4j VMware Vulnerability – Workaround

In light of the recent Apache Software Foundation Log4j Java component vulnerability (CVE-2021-44228 and subsequent CVE-2021-45046) which may allow for remote code execution, many are looking to mitigate exposure. Due to the critical nature of the vulnerability, it is recommended mitigations are implemented immediately. Numerous companies and their applications use log4j to log information from Java-based software. VMware is just one of those companies that use the log4j Java component. As such, VMware recently released a critical security advisory (VMSA-2021-0028) addressing…

Read More Read More

Spectre/Meltdown Vulnerability – How to Patch VMware vCenter 6.5

Spectre/Meltdown Vulnerability – How to Patch VMware vCenter 6.5

As per Security Advisory VMSA-2018-0007, VMware has begun releasing virtual appliance updates to address side-channel analysis due to speculative execution vulnerabilities. One of the first virtual appliances VMware has patched is vCenter 6.5. The latest release, vCenter 6.5U1f, patches the VCSA’s Photon OS to address Spectre-1 (CVE-2018-5753) and Meltdown (CVE-2017-5754) vulnerabilities. Mitigations for Spectre-2 (CVE-2017-5715) are absent from the latest patch as Spectre-1 and Meltdown mitigations were ready to be released; whereas, Spectre-2 patches were still being prepared. UPDATE –…

Read More Read More

Connect vCenter to vRealize Orchestrator 7.x

Connect vCenter to vRealize Orchestrator 7.x

Last month, we discussed how to install VMware vRealize Orchestrator (vRO) 7.x. Once vRO is installed, you can begin utilizing Orchestrator plug-ins. Orchestrator plug-ins allow you to access and interact with external applications through workflows. Natively, the vRealize Orchestrator appliance deploys with a set of standard plug-ins. It is also possible to develop custom plug-ins with Orchestrator’s open standards. The vCenter connection plug-in is a good place to begin your Orchestrator journey. In order to access objects and run workflows against…

Read More Read More

Upgrade to vRealize Log Insight 4.5

Upgrade to vRealize Log Insight 4.5

VMware vRealize Log Insight is a log collection and analysis tool for troubleshooting across your VMware and accompanying environments. Yesterday, VMware released vRealize Log Insight 4.5. Most notably introduced in version 4.5, is a greater integration with VMware vRealize Operations. Admins can now access and interact with Log Insight within vRealize Operations. Also announced, are improvements to content packs, server features, GUI items and agent items. To get the full scope of release features, check out VMware’s announcement and release…

Read More Read More

Configure vCenter Mail Sender and E-mail Alerts

Configure vCenter Mail Sender and E-mail Alerts

An update in the vCenter 6.5b patch that I have been anticipating is the ability to change the mail sender address vCenter utilizes for email alerts. Releases prior to 6.5b sent e-mail alerts from root@VCSA_FQDN by default. Even if the Mail Sender was changed within the appliance, e-mails would still have that same root return-path. This proved to be problematic in environments who leveraged SMTP relay servers to pass e-mail authentication or encryption (ie. Office 365 relays). Relay servers in those…

Read More Read More