You might not know it from how VMware Aria Automation Orchestrator (formerly VMware vRealize Orchestrator) is marketed today, but originally, Aria Automation Orchestrator was bundled as a component of VMware vCenter Server. Titled VMware vCenter Orchestrator back in the day, it was one of the best ways to automate actions within your VMware vCenter Server. While vCenter Orchestrator was rebranded as vRealize Orchestrator, and now as Aria Automation Orchestrator, it is still included as a feature with each VMware vCenter Server license.
After testing a recent upgrade to VMware vCenter Server 7.0 Update 3i, I encountered an issue where the vCenter Server would no longer authenticate users via smart cards/X.509 certificates. The vCenter Server would not even request a certificate from the client’s browser anymore. This seemed odd as the functionality worked fine on the previous 7.0 Update 3h. Surely VMware wouldn’t make a breaking change within a minor patch release? After reverting the upgrade and testing that it wasn’t an issue with the upgrade process itself, a support ticket was opened with VMware support.
If you have deployed a VMware ESXi 7.0 or 8.0 host containing a TPM 2.0 device, you have likely encountered the “TPM Encryption Recovery Key Backup Alarm” in vCenter reminding you to back up your TPM encryption recovery key. Screenshot showing the “TPM Encryption Recovery Key Backup Alarm” in the VMware vSphere Client If you’re like me, the first time you encountered this, you probably searched Google for this alarm message and ran across VMware KB81661 - “TPM Encryption Recovery Key Backup” warning alarm in vCenter Server.
The VMware vSphere Security Configuration Guide has long been the standard baseline for hardening VMware vSphere environments utilized by engineers across the world. As such, with the release of VMware vSphere 8.0, VMware also released a new version of the security configuration guide. For those familiar with implementing United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) STIGs, the guidance provided within the VMware vSphere 8 Security Configuration Guide should seem quite familiar.
While the United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) hasn’t officially released a STIG for VMware vSphere 7.0, VMware has released what they refer to as their “VMware vSphere 7.0 STIG Readiness Guide”. This guide, while not an official STIG, is based on years of experience assisting the DoD in generating the official DISA STIG releases for previous VMware vSphere product versions. Based on their knowledge of the DoD SRGs and previous STIGs, they are confident that the guidance provided within the VMware vSphere 7.