VMware vSphere

After testing a recent upgrade to VMware vCenter Server 7.0 Update 3i, I encountered an issue where the vCenter Server would no longer authenticate users via smart cards/X.509 certificates. The vCenter Server would not even request a certificate from the client’s browser anymore. This seemed odd as the functionality worked fine on the previous 7.0 Update 3h. Surely VMware wouldn’t make a breaking change within a minor patch release? After reverting the upgrade and testing that it wasn’t an issue with the upgrade process itself, a support ticket was opened with VMware support.

If you have deployed a VMware ESXi 7.0 or 8.0 host containing a TPM 2.0 device, you have likely encountered the “TPM Encryption Recovery Key Backup Alarm” in vCenter reminding you to back up your TPM encryption recovery key. Screenshot showing the “TPM Encryption Recovery Key Backup Alarm” in the VMware vSphere Client If you’re like me, the first time you encountered this, you probably searched Google for this alarm message and ran across VMware KB81661 - “TPM Encryption Recovery Key Backup” warning alarm in vCenter Server.

The VMware vSphere Security Configuration Guide has long been the standard baseline for hardening VMware vSphere environments utilized by engineers across the world. As such, with the release of VMware vSphere 8.0, VMware also released a new version of the security configuration guide. For those familiar with implementing United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) STIGs, the guidance provided within the VMware vSphere 8 Security Configuration Guide should seem quite familiar.

Update: DISA released the official VMware vSphere 7.0 STIG on March 15, 2023. Information related to my updated compliance content can be found here. While the United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) hasn’t officially released a STIG for VMware vSphere 7.0, VMware has released what they refer to as their “VMware vSphere 7.0 STIG Readiness Guide”. This guide, while not an official STIG, is based on years of experience assisting the DoD in generating the official DISA STIG releases for previous VMware vSphere product versions.

VMware announced the initial availability (IA) of VMware vSphere 8.0 on October 11, 2022. This new status of “initial availability” follows the new release model that VMware is utilizing for all future vSphere releases. This new release of vSphere is packed with many new features as well as many deprecated features. For a quick overview of what’s new in this release, view the VMware Blog post: Announcing: vSphere 8 Initial Availability.