VMware vSphere

On July 26, 2023, the Defense Information Systems Agency (DISA) released the first VMware vSphere 7.0 STIG update. This update includes several minor updates to the checks and fixes across the ESXi, VAMI, vCA EAM, vCA Lookup Service, vCA Photon OS, vCA PostgreSQL, vCA STS, vCA UI, vCenter, and Virtual Machine STIGs.

During recent testing that I was completing within my home lab, I was repeatedly creating and decommissioning VMware vSAN configurations within a single cluster. The first time I completed this process, I was decommissioning a VMware vSAN OSA configuration prior to creating a new VMware vSAN ESA configuration on the cluster. When I went through the process and reached the portion to specify the disks, I found that the disks were unavailable for claiming.

Recently, I participated in a VMware vExpert program in partnership with Intel Corporation and coordinated by Matt Mancini and Simon Todd, where Intel offered to provide VMware vExperts with Intel Optane NVMe devices for use in our home labs. While I wasn’t initially selected to receive the hardware, there was a second chance opportunity to apply again after working on extending the reach of my social media presence. In addition to receiving Intel Optane NVMe devices during the second chance opportunity, Matt Mancini graciously donated several home lab devices as prizes for the top three individuals who grew their social media presence the most.

On April 18, 2023, VMware released their “VMware vSphere 8.0 STIG Readiness Guide”. This guide, while not an official STIG, is based on years of experience assisting the DoD in generating the official DISA STIG releases for previous VMware vSphere product versions. Based on their knowledge of the DoD SRGs and previous STIGs, they are confident that the guidance provided within the VMware vSphere 8 STIG Readiness Guide would enable an environment to pass certification with minimal changes should an official DISA STIG be released by the DoD.

Before the addition of Automation Central to VMware Aria Operations (formerly VMware vRealize Operations), I had created my own method of cleaning up outdate snapshots. I documented this method of executing VMware Aria Automation Orchestrator workflows to remediate alerts in my blog post from 2019 titled Automated Alert Remediation in vRealize Operations 7.x using vRealize Orchestrator. This process involved creating an alert in VMware Aria Operations that would be generated when a snapshot reached a specific age.