https://www.stevenbright.com/ Recent content on Steven Brighten-us2024 Tue, 20 Aug 2024 18:27:39 +0000 https://www.stevenbright.com/2024/08/getting-started-with-aria-auto-rest-api/ Tue, 20 Aug 2024 18:27:39 +0000 Steven Bright https://www.stevenbright.com/2024/08/getting-started-with-aria-auto-rest-api/ While VMware Aria Automation Orchestrator 8.x includes a plug-in, workflows, and actions for automating VMware Aria Automation, I often find these workflows and actions to be simple and nowhere close to supporting the extensibility outcomes I require. Instead, I frequently must work directly with the VMware Aria Automation REST API. At first, the idea of writing code to utilize the API seemed a bit daunting, but with the help of the Aria Automation 8. https://www.stevenbright.com/2024/03/vsphere-vm-instant-restore-synology-active-backup-for-business/ Sun, 10 Mar 2024 18:27:39 +0000 Steven Bright https://www.stevenbright.com/2024/03/vsphere-vm-instant-restore-synology-active-backup-for-business/ In a previous blog post, I walked through the process of using Synology Active Backup for Business to protect your VMware vSphere virtual machines. This post takes the next step and walks through the process of using the Instant Restore to VMware feature for virtual machines in Synology Active Backup for Business. The Instant Restore to VMware feature does exactly what it sounds like; it allows you to restore a virtual machine in your VMware vSphere environment almost instantly, allowing for reduced downtime. https://www.stevenbright.com/2023/12/disa-releases-vmware-vsphere-8-0-stigs/ Sun, 10 Dec 2023 20:50:06 +0000 Steven Bright https://www.stevenbright.com/2023/12/disa-releases-vmware-vsphere-8-0-stigs/ Almost exactly one year after the release of VMware vSphere 8.0, the Defense Information Systems Agency (DISA) made available the first STIG for VMware vSphere 8.0. https://www.stevenbright.com/2023/11/vmware-vsphere-vm-backups-synology-active-backup-for-business/ Fri, 17 Nov 2023 00:41:42 +0000 Steven Bright https://www.stevenbright.com/2023/11/vmware-vsphere-vm-backups-synology-active-backup-for-business/ While many folks with home labs recognize Synology as a manufacturer of excellent user-friendly network-attached storage (NAS) arrays full of features, many might not realize that these same NAS devices include an excellent built-in suite of Backup and Recovery tools. This suite contains Synology Active Backup for Business, Synology Active Backup for Google Workspace, and Synology Active Backup for Microsoft 365. Synology Active Backup for Business supports backing up PCs, Macs, physical servers, file servers, and virtual machines from VMware vSphere and Microsoft Hyper-V. https://www.stevenbright.com/2023/09/getting-started-synology-storage-console-for-vmware/ Tue, 19 Sep 2023 23:53:10 +0000 Steven Bright https://www.stevenbright.com/2023/09/getting-started-synology-storage-console-for-vmware/ Synology Logo Getting Started with the Synology Storage Console for VMware I have used VMware vSAN and a Synology DS1821+ for several years for my home lab’s storage. However, up to now, I have never deployed the Synology Storage Console for VMware. Realizing that the console might have valuable benefits, I decided it was time to try it. This post will walk through the deployment process for the Synology Storage Console for VMware and review its various features. https://www.stevenbright.com/2023/09/aria-operations-compliance-content-vsphere-7-0-stig-v1-r2/ Tue, 05 Sep 2023 23:00:00 +0000 Steven Bright https://www.stevenbright.com/2023/09/aria-operations-compliance-content-vsphere-7-0-stig-v1-r2/ The United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) officially released the first update to the VMware vSphere 7.0 STIG on July 26, 2023. I have updated my custom compliance and alerting content for use within Aria Operations. This content covers almost all findings for the Virtual Machine STIG, a large portion of the ESXi STIG, and a select number of items from the vCenter STIG. https://www.stevenbright.com/2023/09/java-tool-options-on-horizon/ Mon, 04 Sep 2023 20:25:54 +0000 Steven Bright https://www.stevenbright.com/2023/09/java-tool-options-on-horizon/ I encountered another fun adventure recently while upgrading some VMware Horizon 8 Connection Servers to version 2306. The upgrade process itself went smoothly, as you would expect. The installer processed the upgrade and stated that it was completed successfully. I attempted to access the VMware Horizon Administrator web console and found it would not process my smartcard authentication. I then tried to authenticate using an account with a password assigned, and again, the authentication was unsuccessful. https://www.stevenbright.com/2023/09/vmware-horizon-returning-http-421/ Mon, 04 Sep 2023 17:45:26 +0000 Steven Bright https://www.stevenbright.com/2023/09/vmware-horizon-returning-http-421/ After recently upgrading the VMware Horizon Connection Servers in a VDI environment I am new to managing, end users complained that they could no longer access their virtual desktops. They stated that when they connected via the VMware Horizon Client for Windows, they received an HTTP 421 error similar to the screenshot below. VMware Horizon Windows Client Showing HTTP 421 Error Honestly, I had never heard of the HTTP 421 error code, so I had to look it up. https://www.stevenbright.com/2023/09/deploy-horizon-8-connection-servers/ Mon, 04 Sep 2023 16:27:59 +0000 Steven Bright https://www.stevenbright.com/2023/09/deploy-horizon-8-connection-servers/ I recently had the opportunity to begin supporting multiple VMware Horizon 8 virtual desktop environments. Knowing that I wasn’t familiar with the products, I set out to deploy a complete environment in my home lab. This blog post is the first of hopefully several that will walk through the deployment and configuration of the various VMware Horizon and Workspace ONE components. Within this post, I walk through deploying my first Horizon 8 Connection Server and a Connection Server Replica. https://www.stevenbright.com/2023/08/disa-releases-vmware-vsphere-7-0-stig-version-1-release-2/ Sun, 20 Aug 2023 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2023/08/disa-releases-vmware-vsphere-7-0-stig-version-1-release-2/ On July 26, 2023, the Defense Information Systems Agency (DISA) released the first VMware vSphere 7.0 STIG update. This update includes several minor updates to the checks and fixes across the ESXi, VAMI, vCA EAM, vCA Lookup Service, vCA Photon OS, vCA PostgreSQL, vCA STS, vCA UI, vCenter, and Virtual Machine STIGs. https://www.stevenbright.com/2023/07/unable-to-reuse-vsan-disks-for-new-vsan-cluster/ Thu, 27 Jul 2023 21:24:56 +0000 Steven Bright https://www.stevenbright.com/2023/07/unable-to-reuse-vsan-disks-for-new-vsan-cluster/ During recent testing that I was completing within my home lab, I was repeatedly creating and decommissioning VMware vSAN configurations within a single cluster. The first time I completed this process, I was decommissioning a VMware vSAN OSA configuration prior to creating a new VMware vSAN ESA configuration on the cluster. When I went through the process and reached the portion to specify the disks, I found that the disks were unavailable for claiming. https://www.stevenbright.com/2023/07/tp-link-tl-sx3008f-review/ Fri, 14 Jul 2023 19:01:34 +0000 Steven Bright https://www.stevenbright.com/2023/07/tp-link-tl-sx3008f-review/ For quite a while now, I’ve been utilizing a Cisco Nexus 3064PQ 10G/40G network switch to support my home lab. While the switch is a fantastic, feature-rich device, it also was designed for use in a data center environment. Thus, the switch generates a lot of heat, utilizes a lot of power, and has cooling fans that sound like turbo jets when running at full speed. Luckily, the only time that the fans run at full speed is during a reboot of the switch, but even at their lowest speed, they are quite noticeable. https://www.stevenbright.com/2023/06/intel-optane-10gtek-u2-pci-bifurcation/ Tue, 20 Jun 2023 21:00:00 +0000 Steven Bright https://www.stevenbright.com/2023/06/intel-optane-10gtek-u2-pci-bifurcation/ While recently building out my new home lab server, I had the opportunity to install several Intel Optane 905p U.2 NVMe drives. Because my motherboard did not natively support U.2 devices, I acquired multiple 10Gtek U.2 to PCIe adapters to connect 6 U.2 drives to the system. These adapters come in either PCIe 3.0 x16, PCIe 3.0 x8, or PCIe 3.0 x4, depending on the number of U.2 devices the adapter supports. https://www.stevenbright.com/2023/06/new-home-lab-server-build/ Tue, 20 Jun 2023 20:45:00 +0000 Steven Bright https://www.stevenbright.com/2023/06/new-home-lab-server-build/ Recently, I participated in a VMware vExpert program in partnership with Intel Corporation and coordinated by Matt Mancini and Simon Todd, where Intel offered to provide VMware vExperts with Intel Optane NVMe devices for use in our home labs. While I wasn’t initially selected to receive the hardware, there was a second chance opportunity to apply again after working on extending the reach of my social media presence. In addition to receiving Intel Optane NVMe devices during the second chance opportunity, Matt Mancini graciously donated several home lab devices as prizes for the top three individuals who grew their social media presence the most. https://www.stevenbright.com/2023/05/aria-operations-compliance-content-for-the-vsphere-8-0-stig-readiness-guide/ Wed, 03 May 2023 01:22:54 +0000 Steven Bright https://www.stevenbright.com/2023/05/aria-operations-compliance-content-for-the-vsphere-8-0-stig-readiness-guide/ On April 18, 2023, VMware released their “VMware vSphere 8.0 STIG Readiness Guide”. This guide, while not an official STIG, is based on years of experience assisting the DoD in generating the official DISA STIG releases for previous VMware vSphere product versions. Based on their knowledge of the DoD SRGs and previous STIGs, they are confident that the guidance provided within the VMware vSphere 8 STIG Readiness Guide would enable an environment to pass certification with minimal changes should an official DISA STIG be released by the DoD. https://www.stevenbright.com/2023/04/automated-snapshot-cleanup-aria-operations-automation-central/ Fri, 21 Apr 2023 22:11:12 +0000 Steven Bright https://www.stevenbright.com/2023/04/automated-snapshot-cleanup-aria-operations-automation-central/ Before the addition of Automation Central to VMware Aria Operations (formerly VMware vRealize Operations), I had created my own method of cleaning up outdate snapshots. I documented this method of executing VMware Aria Automation Orchestrator workflows to remediate alerts in my blog post from 2019 titled Automated Alert Remediation in vRealize Operations 7.x using vRealize Orchestrator. This process involved creating an alert in VMware Aria Operations that would be generated when a snapshot reached a specific age. https://www.stevenbright.com/2023/03/aria-operations-compliance-content-for-the-vsphere-7-0-stig/ Sun, 19 Mar 2023 15:31:13 +0000 Steven Bright https://www.stevenbright.com/2023/03/aria-operations-compliance-content-for-the-vsphere-7-0-stig/ The United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) officially released the VMware vSphere 7.0 STIG on March 15, 2023. This STIG closely follows VMware’s vSphere 7.0 STIG Readiness Guide. As with previous STIG releases, I have created custom compliance and alerting content for use within Aria Operations. This content covers almost all findings for the Virtual Machine STIG, a large portion of the ESXi STIG, and a select number of items from the vCenter STIG. https://www.stevenbright.com/2023/03/disa-releases-vmware-vsphere-7-0-stigs/ Fri, 17 Mar 2023 13:09:35 +0000 Steven Bright https://www.stevenbright.com/2023/03/disa-releases-vmware-vsphere-7-0-stigs/ Almost three years after VMware vSphere 7.0 was released (April 2, 2020), the Defense Information Systems Agency (DISA) made available the first STIGs for VMware vSphere 7.0 on March 15, 2023. The STIGs can be downloaded from the Public DoD Cyber Exchange STIGs Document Library by searching for “VMware vSphere 7.0 STIG”. I have not completed an in-depth comparison, but from what I’ve noticed, this STIG release aligns with the content previously provided by VMware in their VMware vSphere 7. https://www.stevenbright.com/2023/03/vmware-aria-automation-8-11-1-is-now-available/ Wed, 01 Mar 2023 21:56:23 +0000 Steven Bright https://www.stevenbright.com/2023/03/vmware-aria-automation-8-11-1-is-now-available/ VMware released the latest update to the VMware Aria Suite, VMware Aria Automation 8.11.1, on February 21, 2023. This release focuses primarily on customized notifications in Service Broker, CPU/Storage capacity enhancements, Google Cloud Platform (GCP) improvements, minor product enhancements, and bug fixes. https://www.stevenbright.com/2023/02/configure-netapp-ontap-system-manager-to-use-vmware-identity-manager-as-a-saml-idp/ Wed, 22 Feb 2023 01:57:27 +0000 Steven Bright https://www.stevenbright.com/2023/02/configure-netapp-ontap-system-manager-to-use-vmware-identity-manager-as-a-saml-idp/ This blog post provides a quick walkthrough of configuring NetApp ONTAP System Manager to use VMware Identity Manager/Workspace ONE Access to provide SAML authentication for users. This blog post assumes that your VMware Identity Manager and NetApp ONTAP System Manager environments are online and functional. Create SAML Users in NetApp ONTAP System Manager The first step in this process is to ensure that you have user accounts defined within NetApp ONTAP System Manager to support your SAML users. https://www.stevenbright.com/2023/02/managing-esxi-local-user-accounts-from-aria-automation-orchestrator/ Mon, 13 Feb 2023 09:30:00 +0000 Steven Bright https://www.stevenbright.com/2023/02/managing-esxi-local-user-accounts-from-aria-automation-orchestrator/ In my previous blog post Managing ESXi Local User Accounts from vCenter Server Using PowerCLI, I provided a quick walkthrough of how to manage ESXi local user accounts using VMware PowerCLI and VMware vCenter Server. This post will provide a similar walkthrough, but I will utilize VMware Aria Automation Orchestrator this time. Getting Started This walkthrough assumes that you already have a working VMware Aria Automation Orchestrator deployment and that you’ve already established a connection to your VMware vCenter Server instance from VMware Aria Automation Orchestrator. https://www.stevenbright.com/2023/02/managing-esxi-local-user-accounts-from-vcenter-server/ Wed, 08 Feb 2023 03:42:52 +0000 Steven Bright https://www.stevenbright.com/2023/02/managing-esxi-local-user-accounts-from-vcenter-server/ There was once a time early in my career when I would SSH to each VMware ESXi host and manually update the root account’s password. As time went by and the environment I was responsible for grew larger, so did the workload for resetting root account passwords regularly. Eventually, I researched and learned that these VMware ESXi local user accounts could be modified using VMware PowerCLI, and password updates became a much easier task. https://www.stevenbright.com/2023/01/aria-automation-orchestrator-plugin-for-vsphere-client/ Fri, 27 Jan 2023 21:57:26 +0000 Steven Bright https://www.stevenbright.com/2023/01/aria-automation-orchestrator-plugin-for-vsphere-client/ You might not know it from how VMware Aria Automation Orchestrator (formerly VMware vRealize Orchestrator) is marketed today, but originally, Aria Automation Orchestrator was bundled as a component of VMware vCenter Server. Titled VMware vCenter Orchestrator back in the day, it was one of the best ways to automate actions within your VMware vCenter Server. While vCenter Orchestrator was rebranded as vRealize Orchestrator, and now as Aria Automation Orchestrator, it is still included as a feature with each VMware vCenter Server license. https://www.stevenbright.com/2023/01/vmware-vcenter-smart-card-authentication-stops-after-7-0-u3i/ Thu, 26 Jan 2023 02:14:09 +0000 Steven Bright https://www.stevenbright.com/2023/01/vmware-vcenter-smart-card-authentication-stops-after-7-0-u3i/ After testing a recent upgrade to VMware vCenter Server 7.0 Update 3i, I encountered an issue where the vCenter Server would no longer authenticate users via smart cards/X.509 certificates. The vCenter Server would not even request a certificate from the client’s browser anymore. This seemed odd as the functionality worked fine on the previous 7.0 Update 3h. Surely VMware wouldn’t make a breaking change within a minor patch release? After reverting the upgrade and testing that it wasn’t an issue with the upgrade process itself, a support ticket was opened with VMware support. https://www.stevenbright.com/2023/01/vmware-aria-automation-8-11-is-now-available/ Mon, 23 Jan 2023 22:01:16 +0000 Steven Bright https://www.stevenbright.com/2023/01/vmware-aria-automation-8-11-is-now-available/ VMware released the latest update to the VMware Aria Suite, VMware Aria Automation 8.11, on January 20, 2023. This release focuses primarily on improvements to public cloud support, Guardrails improvements (SaaS offering only), minor product enhancements, and bug fixes. https://www.stevenbright.com/2023/01/backing-up-vmware-esxi-tpm-encryption-recovery-keys/ Fri, 20 Jan 2023 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2023/01/backing-up-vmware-esxi-tpm-encryption-recovery-keys/ If you have deployed a VMware ESXi 7.0 or 8.0 host containing a TPM 2.0 device, you have likely encountered the “TPM Encryption Recovery Key Backup Alarm” in vCenter reminding you to back up your TPM encryption recovery key. Screenshot showing the “TPM Encryption Recovery Key Backup Alarm” in the VMware vSphere Client If you’re like me, the first time you encountered this, you probably searched Google for this alarm message and ran across VMware KB81661 - “TPM Encryption Recovery Key Backup” warning alarm in vCenter Server. https://www.stevenbright.com/2023/01/using-node-js-in-aria-automation-orchestrator-8-10/ Thu, 12 Jan 2023 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2023/01/using-node-js-in-aria-automation-orchestrator-8-10/ Aria Automation Orchestrator + Node.js Introduction With the release of VMware vRealize Orchestrator 8.1 in April 2020, VMware added the ability to utilize new languages within your workflows and actions. These new languages included PowerShell, Node.js, and Python. Since then, I have seen very few documents detailing the use of this capability. Recently though, while attempting to migrate some legacy scripts from a vRealize Orchestrator 7.6 deployment to vRealize Orchestrator 8. https://www.stevenbright.com/2023/01/aria-operations-compliance-content-for-the-vsphere-7-0-stig-readiness-guide-available/ Mon, 09 Jan 2023 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2023/01/aria-operations-compliance-content-for-the-vsphere-7-0-stig-readiness-guide-available/ Update: DISA released the official VMware vSphere 7.0 STIG on March 15, 2023. Information related to my updated compliance content can be found here. While the United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) hasn’t officially released a STIG for VMware vSphere 7.0, VMware has released what they refer to as their “VMware vSphere 7.0 STIG Readiness Guide”. This guide, while not an official STIG, is based on years of experience assisting the DoD in generating the official DISA STIG releases for previous VMware vSphere product versions. https://www.stevenbright.com/2023/01/aria-operations-compliance-content-for-the-vsphere-8-0-security-configuration-guide-available/ Mon, 09 Jan 2023 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2023/01/aria-operations-compliance-content-for-the-vsphere-8-0-security-configuration-guide-available/ The VMware vSphere Security Configuration Guide has long been the standard baseline for hardening VMware vSphere environments utilized by engineers across the world. As such, with the release of VMware vSphere 8.0, VMware also released a new version of the security configuration guide. For those familiar with implementing United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) STIGs, the guidance provided within the VMware vSphere 8 Security Configuration Guide should seem quite familiar. https://www.stevenbright.com/2022/12/compliance-management-with-aria-automation-saltstack-secops/ Wed, 14 Dec 2022 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2022/12/compliance-management-with-aria-automation-saltstack-secops/ In my previous post titled Introduction to VMware vRealize Automation SaltStack SecOps, I provided an introduction to VMware Aria Automation SaltStack Automation SecOps, as well as a brief history and overview of the product’s capabilities. In this post, I’ll dive deeper into the product’s compliance management capabilities. Compliance Checks Compliance checks are at the foundation of VMware Aria Automation SaltStack SecOps compliance management. These checks provide the information necessary to identify the purpose of the check, the operating systems it applies to, the rationale for the check, and, more importantly, the state file responsible for implementing/remediating the check. https://www.stevenbright.com/2022/11/unable-to-access-orchestrator-control-center-in-vrealize-automation-8-x/ Mon, 14 Nov 2022 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2022/11/unable-to-access-orchestrator-control-center-in-vrealize-automation-8-x/ Recently, while attempting to change some settings on several instances of vRealize Orchestrator embedded within vRealize Automation 8.8.1 appliances, I found that I could not successfully authenticate to the vRealize Orchestrator Control Center interface. The interface is located at https://[vRA URL]/vco-controlcenter and requires that you provide the “root” user credentials to access it. Although I could authenticate to the virtual appliance consoles using the “root” credentials, I could not successfully authenticate to the vRealize Orchestrator Control Center interface. https://www.stevenbright.com/2022/10/introduction-to-vmware-vrealize-automation-saltstack-secops/ Fri, 21 Oct 2022 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2022/10/introduction-to-vmware-vrealize-automation-saltstack-secops/ Recently I began familiarizing myself with VMware vRealize Automation SaltStack Config in my home lab. While I'm still relatively new to the product, I was curious to learn more about the compliance and vulnerability management capabilities provided by the SecOps add-on. In this post, I introduce VMware vRealize Automation SaltStack SecOps and briefly review the various features and functionality provided by the product. In subsequent blog posts, I will give a more in-depth look at vulnerability management and compliance management capabilities. https://www.stevenbright.com/2022/10/upgrading-to-vmware-vcenter-server-8-0/ Wed, 12 Oct 2022 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2022/10/upgrading-to-vmware-vcenter-server-8-0/ VMware announced the initial availability (IA) of VMware vSphere 8.0 on October 11, 2022. This new status of “initial availability” follows the new release model that VMware is utilizing for all future vSphere releases. This new release of vSphere is packed with many new features as well as many deprecated features. For a quick overview of what’s new in this release, view the VMware Blog post: Announcing: vSphere 8 Initial Availability. https://www.stevenbright.com/2022/06/vmware-vrealize-automation-8-8-1-is-now-available/ Mon, 06 Jun 2022 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2022/06/vmware-vrealize-automation-8-8-1-is-now-available/ VMware vRealize Automation 8.8.1 was released on June 9, 2022. With this release, VMware has provided security updates and new features, including support for the vRealize Automation Extensibility (vREx) Proxy. https://www.stevenbright.com/2022/05/vmsa-2022-0014-workspace-one-access-identity-manager-critical-vulnerability/ Wed, 18 May 2022 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2022/05/vmsa-2022-0014-workspace-one-access-identity-manager-critical-vulnerability/ Hot on the heels of the recent April 2022 VMware critical security advisory VMSA-2022-0011, which addressed eight CVEs within VMware Workspace ONE Access and VMware Identity Manager, VMware has released a new creitical security advisory VMSA-2022-0014. This advisory addresses two new security vulnerabilities (CVE-2022-22972 and CVE-2022-22973) in VMware Workspace ONE Access and VMware Identity Manager, with one rated as critical. Authentication Bypass Vulnerability - CVE-2022-22972 According to VMware, a malicious user with network access to the VMware Workspace ONE Access or VMware Identity Manager user interfaces may be able to obtain administrative access without needing to authenticate. https://www.stevenbright.com/2022/05/vmware-vrealize-suite-lifecycle-manager-8-8-0-locker-bug/ Wed, 04 May 2022 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2022/05/vmware-vrealize-suite-lifecycle-manager-8-8-0-locker-bug/ One of my work colleagues brought to my attention today an issue in VMware vRealize Suite Lifecycle Manager 8.8.0 to my attention today. While attempting to complete some regular account password changes, he realized that the Password Locker was only returning 10 passwords and stating there were only 10 passwords in the system. https://www.stevenbright.com/2022/05/introduction-to-vsphere-diagnostic-tool/ Tue, 03 May 2022 20:00:00 +0000 Steven Bright https://www.stevenbright.com/2022/05/introduction-to-vsphere-diagnostic-tool/ While browsing the VMware Flings website, I recently ran across a Fling previously released in November of 2021 titled vSphere Diagnostic Tool that I found to be quite interesting. The tool is a set of python scripts that execute various diagnostic commands against a vCenter Server appliance. The scripts aim to rapidly isolate common known issues with vCenter Server appliances to aid and provide the end-user with information on how to remediate the problems. https://www.stevenbright.com/2022/05/vmware-vrealize-automation-8-8-is-now-available/ Tue, 03 May 2022 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2022/05/vmware-vrealize-automation-8-8-is-now-available/ VMware has released the latest update to the vRealize Suite, vRealize Automation 8.8, on April 28, 2022. With this release, VMware has provided several enhancements and new features, including support for multi-level approval policies, enhanced custom naming for deployment resources, and support for legacy vRealize Orchestrator workflow presentations within vRealize Automation custom forms. https://www.stevenbright.com/2022/05/vmware-vrealize-operations-8-6-3-is-now-available/ Tue, 03 May 2022 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2022/05/vmware-vrealize-operations-8-6-3-is-now-available/ vRealize Operations has received its latest update on April 25, 2022. vRealize Operations 8.6.3 is a maintenance release which resolves several important security, performance, stability, and functionality issues identified in the product. https://www.stevenbright.com/2022/04/disa-releases-vmware-vsphere-6-7-stig-version-1-release-3/ Fri, 22 Apr 2022 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2022/04/disa-releases-vmware-vsphere-6-7-stig-version-1-release-3/ On April 22, 2022 the Defense Information Systems Agency (DISA) released the third update to the VMware vSphere 6.7 STIG. Version 1, Release 3 contains minor changes to the VMware vSphere 6.7 Photon OS STIG. https://www.stevenbright.com/2022/04/april-2022-security-update-available-for-vra-7-6/ Thu, 21 Apr 2022 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2022/04/april-2022-security-update-available-for-vra-7-6/ On April 21, 2022, VMware released the April 2022 Cumulative Security update for vRealize Automation 7.6 and vRealize Orchestrator 7.6. This update includes patches for various platform components that may be flagged by vulnerability scanners while scanning the virtual appliances. Since this update is cumulative, all previously updated components are included in this release. What’s Included While VMware does not provide detailed release notes for these cumulative security updates, based on the contents of the update script, the following RPM packages will be deployed during the update process: https://www.stevenbright.com/2022/03/vmware-vrealize-automation-8-7-is-now-available/ Wed, 23 Mar 2022 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2022/03/vmware-vrealize-automation-8-7-is-now-available/ VMware has released the latest update to the vRealize Suite, vRealize Automation 8.7, on March 22, 2022. With this release, VMware has provided several enhancements and new features, including a next-generation On-Prem ABX Engine, enhancements to vRealize Automation SaltStack Config, additional OS support for SaltStack Config SecOps Compliance, minor UI changes, and several changes related to deployments. What’s New Updates included in vRealize Automation 8.7.0: Next-generation On-Prem ABX Engine - New Function as a Service (FaaS) engine is much faster, fixes numerous issues with memory limits, and introduces memory-based throttling. https://www.stevenbright.com/2022/03/deploy-salt-minions-automatically-using-vmware-tools/ Thu, 03 Mar 2022 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2022/03/deploy-salt-minions-automatically-using-vmware-tools/ For several years, VMware has been adding new integration capabilities into new releases of VMware Tools. These capabilities often supported VMware products, including vRealize Operations, NSX, AppDefence, and Carbon Black. The latest product to be integrated into VMware Tools 12.0.0 is VMware vRealize SaltStack Config. VMware Tools 12.0.0 now includes the ability to automate the deployment of the Salt Minion software utilizing vSphere virtual machine guest variables. This new integration makes it easier than ever to deploy new Salt Minions to both new and existing virtual machines. https://www.stevenbright.com/2022/02/monitoring-vmware-identity-manager-with-vmware-vrealize-operations/ Mon, 14 Feb 2022 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2022/02/monitoring-vmware-identity-manager-with-vmware-vrealize-operations/ Those familiar with deploying VMware vRealize Suite know just how vital VMware Identity Manager (vIDM) is to support the entire deployment. For those who haven’t deployed VMware vRealize Suite, VMware Identity Manager is the centralized authentication platform integrated throughout the entire VMware vRealize Suite of products. It provides multiple directory options, including Active Directory Integrated Windows Authentication, Active Directory over LDAPS, traditional LDAP directories, and local directories. Authentication options include traditional username/password, x509 certificate/smart card, Kerberos, RSA Adaptive Authentication, RSA SecurID, and RADIUS. https://www.stevenbright.com/2021/12/vrealize-operations-compliance-alerts-for-the-vsphere-6-7-stig/ Thu, 16 Dec 2021 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2021/12/vrealize-operations-compliance-alerts-for-the-vsphere-6-7-stig/ While I will admit that I’m a little bit behind on this one, I’ve finally put together my vRealize Operations compliance content for the VMware vSphere 6.7 STIG that was released by DISA earlier this year. The VMware vSphere 6.7 STIG release was quite different from the previous releases and includes 12 separate STIGs. Not only are there compliance checks related to Virtual Machines, ESXi hosts, and the vCenter Server application, there are also STIGs for various services that make up the vCenter Server Appliance (VCSA). https://www.stevenbright.com/2021/12/log4j-workaround-for-vrealize-automation-8-and-vrealize-orchestrator-8/ Wed, 15 Dec 2021 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2021/12/log4j-workaround-for-vrealize-automation-8-and-vrealize-orchestrator-8/ VMware has been quite busy providing workarounds for all of their products that are affected by the recent Apache Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046. One of the affected products is vRealize Automation 8.0 through 8.6.1. While VMware has stated that these vulnerabilities will be addressed in the future vRealize Automation 8.6.2 and vRealize Orchestrator 8.6.2 releases, they have provided a temporary workaround as detailed in KB87120 for vRealize Automation and vRealize Orchestrator versions 8. https://www.stevenbright.com/2021/12/vmsa-2021-0028-vmwares-response-to-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228/ Sat, 11 Dec 2021 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2021/12/vmsa-2021-0028-vmwares-response-to-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228/ Unless you’ve been living under a rock the past couple days, you’ve likely been seeing many articles regarding CVE-2021-44228 which describes a remote code execution vulnerability within Apache Log4j. Apache Log4j is a Java-based logging utility used by many applications across the world, and as such, this vulnerability is a huge issue due to how easy it is to exploit as well as the sheer number of vulnerable devices. Like most companies with Java based applications, many of VMware’s products utilize Log4j to provide application logging capabilities. https://www.stevenbright.com/2021/12/vmware-vrealize-automation-8-6-1-is-now-available/ Wed, 08 Dec 2021 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2021/12/vmware-vrealize-automation-8-6-1-is-now-available/ VMware vRealize Automation 8.6.1 was released on November 19, 2021. With this release, VMware has provided several enhancements and new features including significant Onboarding and Deployment enhancements, Extensibility and TKG improvements and new SaltStack and Carbon Black integration. What’s New Updates included in vRealize Automation 8.6.1 Assign icons to onboarded deployments - To give end user more information about deployments, vRA updates the deployment Edit action to support assigning custom icons to onboarded deployments. https://www.stevenbright.com/2021/12/vmware-vrealize-operations-8-6-1-is-now-available/ Wed, 08 Dec 2021 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2021/12/vmware-vrealize-operations-8-6-1-is-now-available/ vRealize Operations has received its latest update on December 7, 2021. vRealize Operations 8.6.1 is a maintenance release which resolves several important security, performance, stability, and functionality issues identified in the product. Issues Resolved The following issues have been resolved as of vRealize Operations 8.6.1: vRealize Operations firstboot doesn’t complete successfully after deployment. Agent stopped automatically post content update for applications having jolokia2 plugin. Moved the running Custom Script feature using Telegraf to ADV license. https://www.stevenbright.com/2021/11/vrealize-operations-management-packs-for-compute-and-storage-now-available/ Fri, 12 Nov 2021 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2021/11/vrealize-operations-management-packs-for-compute-and-storage-now-available/ During VMworld 2021, VMware announced that the vRealize True Visibility Suite 3rd party compute and storage management packs would be provided free of charge to all existing vRealize Operations customers. The only caveat was that these management packs wouldn’t be available until a future release. On November 11, 2021, VMware followed through on this announcement and released new versions of all of 20 compute and storage management packs. Customers can download these new management packs by accessing the vRealize Operations Management Packs VMware Customer Connect download page. https://www.stevenbright.com/2021/10/vrealize-true-visibility-suite-compute-and-storage-management-packs-available-to-all-vrealize-operations-customers/ Tue, 05 Oct 2021 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2021/10/vrealize-true-visibility-suite-compute-and-storage-management-packs-available-to-all-vrealize-operations-customers/ With the upcoming release of vRealize True Visibility Suite, VMware will be entitling all vRealize Operations customers with access to the compute and storage management packs available within the suite. Previously, access to all of these management packs would require a license to the Advanced (Standard+) edition of vRealize True Visibility Suite. Going forward, no additional license key will be required to install and use these management packs. After this upcoming release becomes generally available, you will be able to access the management packs by visiting the Customer Connect portal and looking for the vRealize Operations Management Packs for Compute and Storage. https://www.stevenbright.com/2021/10/whats-new-in-vrealize-automation-8-6/ Tue, 05 Oct 2021 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2021/10/whats-new-in-vrealize-automation-8-6/ Today is the first day of VMworld 2021 and with it, VMware has announced VMware vRealize Automation 8.6. With it comes many additional enhancements and a few new features to make managing your clouds much simpler. As is typical, VMware has not provided an exact release date but has stated that it will be released in Q3 of FY22. Enhancements in vRealize Automation 8.6 Leverage Azure provisioning capabilities, including the ability to configure the name for the Azure NIC interfaces. https://www.stevenbright.com/2021/10/whats-new-in-vrealize-operations-8-6/ Tue, 05 Oct 2021 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2021/10/whats-new-in-vrealize-operations-8-6/ Today, VMware is announcing vRealize Operations 8.6 which includes a ton of additional features and capabilities. These updates include numerous enhancements to public cloud support (including support for monitoring ALL AWS services including custom metrics), a revamped user interface, support for defining custom email notices within the user interface (FINALLY!), new methods to define customer groups, the inclusion of vRealize True Visibility compute and storage management packs for all editions, and new sustainability-related dashboards. https://www.stevenbright.com/2021/08/vmware-vrealize-automation-8-5-is-now-available/ Fri, 20 Aug 2021 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2021/08/vmware-vrealize-automation-8-5-is-now-available/ VMware vRealize Automation 8.5 has reached general availability as of August 19, 2021. With this release, VMware has provided several enhancements and new capabilities, including: Assign a Project Administrator as an approver in Approval Policies. Customize the amount of time an IP address is retained before being released after it is no longer in use. Limit the number of K8 Supervisor Namespaces that can deployed for a given Project. The vRealize Orchestrator plug-in for vRealize Automation 8. https://www.stevenbright.com/2021/06/vmware-vrealize-automation-8-4-2-released/ Mon, 28 Jun 2021 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2021/06/vmware-vrealize-automation-8-4-2-released/ On June 24, 2021, VMware released the second minor update to vRealize Automation 8.4. vRealize Automation 8.4.2 adds several updates and includes a few bug fixes as well. The full release notes can be found here: vRealize Automation 8.4.2 Release Notes. Known Issue During Upgrades There is a known issue with upgrading to this release. In the previous vRealize Automation 8.4.1 release, VMware made a change to the user permissions within vRealize Automation regarding the Migration Assistant service. https://www.stevenbright.com/2021/04/disa-releases-vmware-vsphere-6-7-stigs-version-1-release-1/ Fri, 30 Apr 2021 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2021/04/disa-releases-vmware-vsphere-6-7-stigs-version-1-release-1/ Almost exactly 3 years after vSphere 6.7 was released (April 17, 2018) and approximately 17 months prior to the end of General Support (October 15, 2022), the Defense Information Systems Agency (DISA) made available the first STIGs for VMware vSphere 6.7 on April 22, 2021. The STIGs can be downloaded from the Public DoD Cyber Exchange STIGs Document Library by searching for “VMware vSphere 6.7”. What’s New? Unlike the previous VMware vSphere 6. https://www.stevenbright.com/2021/04/vmware-vrealize-automation-8-4-is-now-available/ Mon, 19 Apr 2021 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2021/04/vmware-vrealize-automation-8-4-is-now-available/ VMware vRealize Automation 8.4 has reached general availability as of April 15, 2021. With this release, VMware has provided several enhancements and new capabilities, including: Federal Information Processing Standard (FIPS) 140-2 compliance for SaltStack Config Accessibility enhancements Consolidated secret store Addition of resource tag-based as well as string-based and integer-based operators for use in policy criteria Changes and improvements to the onboarding process including a simplification of the process, the ability to change the project for an onboarded deployment as a day 2 action, the ability to unregister an onboarded deployment, and the ability to bring in the connected vSphere network interface as part of onboarding Numerous changes regarding VM disks, disk placement, and disk management Cloud Assembly Support for Multiple Disks Clusters, Disk Sizes per Template & SCSI Controller Management Cloud Assembly’s Disk Placement, Storage allocation enhancements and Optimized Cluster Disk Deployment/Attachment Better vRA support for disks which are part of an image template Additional image and snapshot management capabilities for Azure Enhancements to Ansible and Puppet support A major redesign to the ServiceNow ITSM plugin A brand new vRealize Automation plugin for vRealize Orchestrator Updated access token API behavior A new “force delete” functionality for IaaS API endpoints Support for Azure VMware Solution and Google Cloud VMware Engine Changes to the “blueprint-service,” “Snapshot Creation for Block Device - Provisioning Service,” “Azure Storage profile creation - Provisioning Service,” “Attach Block Device to a Machine - Provisioning Service” API endpoints, as well as the addition of a new “Resource quota policy - Aggregator service” API endpoint For the full details on all changes in vRealize Automation 8. https://www.stevenbright.com/2021/04/vmware-vrealize-operations-8-4-is-now-available/ Mon, 19 Apr 2021 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2021/04/vmware-vrealize-operations-8-4-is-now-available/ VMware vRealize Operations 8.4 has reached general availability as of April 15, 2021. With this release, VMware has provided several enhancements and new capabilities, including: vRealize Application Remote Collector has been deprecated and replaced by Cloud Proxy Introduction of the new vRealize Operations Automation Center that allows for scheduling of automation jobs from within vRealize Operations Introduction of Alert Payload Templates that allow for easy customization of alert plugin content Simplified Alert Notifications Outbound Plugin Enhancements Telegraf-based Application Monitoring Enhancements Major enhancements regarding cost management and reporting Support for VMware Cloud on AWS Costing APIs for Pricing Rate Cards Cost Optimization Dashboards New Cost and Price Dashboards for both the consumer layer and provider layer What If – Migration Planning for Azure VMware Solution (AVS) and Google Cloud VMware Engine (GCVE) Tag-Based Price as Individual Metrics Costing and Pricing of Short-Lived VMs allowing for tracking VMs to a minimum granularity of five minutes lifetime Energy Consumed, OS Categories, and Number of Rack Units as new cost drivers Ability to export all content using a single button for backup/restore, cloud migration, and disaster recovery use cases Availability of a system access URL (vRealize Operations Cluster LB IP/FQDN) to support registration of vRealize Operations within Center using the load balancer URL (FINALLY! https://www.stevenbright.com/2020/11/vmware-vrealize-automation-8-2-patch-1-released/ Sun, 15 Nov 2020 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2020/11/vmware-vrealize-automation-8-2-patch-1-released/ On November 13, 2020, VMware released the first patch for vRealize Automation 8.2. Patch 1 including twenty-five fixes for the Provisioning Engine, the Service Broker, Migration and Assessment Services, vRealize Orchestrator, and virtual appliance/clustering. The patch can be installed using vRealize Suite Lifecycle Manager 8.2. It is recommended to install vRealize Suite Lifecycle Manager 8.2 Patch 1 before installing vRealize Automation 8.2 Patch 1 (8.2.0.13070). For complete details on the items that have been resolved with this hotfix, review the VMware KB article Cumulative Update for vRealize Automation 8. https://www.stevenbright.com/2020/09/vmware-announces-intent-to-acquire-saltstack/ Tue, 29 Sep 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/09/vmware-announces-intent-to-acquire-saltstack/ The annual VMworld conference always includes large product announcements, and in line with this history, VMware today has announced their intent to acquire SaltStack. Salt is a python-based open-source platform for event-driven IT automation, remote task execution, and configuration management platform that utilizes infrastructure as code. Salt originated from the need for high-speed data collection and task execution for systems administrators managing massive infrastructure scale and resulting complexity. SaltStack is the company that now maintains the Salt Open project and develops and sells SaltStack Enterprise software, services, and support. https://www.stevenbright.com/2020/09/vmware-introduces-new-vrealize-cloud-universal/ Tue, 29 Sep 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/09/vmware-introduces-new-vrealize-cloud-universal/ Today, VMware is introducing the new vRealize Cloud Universal subscription. With this new hybrid subscription offering, VMware is providing customers the flexibility to consume both on-premise and SaaS vRealize Suite products and services using a single subscription license. This offering allows customers the freedom to move workloads between on-premise and SaaS offerings interchangeably without the requirement to purchase new licenses. Additionally, this new offering provides access to Cloud Federated Analytics and Cloud Federated Catalog capabilities. https://www.stevenbright.com/2020/09/vmware-vrealize-automation-7-6-patch-14-released/ Wed, 23 Sep 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/09/vmware-vrealize-automation-7-6-patch-14-released/ It seems like it wasn’t too long ago that I posted that Patch 3 had been released for vRealize Automation 7.6 (technically it was March 2, 2020). Since then, VMware has been quite busy resolving various issues within vRealize Automation 7.6 and have released 11 additional patches as well as 2 cumulative security updates. Patch 14 for vRealize Automation 7.6 was released by VMware on September 22, 2020, and only contains 1 fix related to “Email notifications fail to work properly over time requiring service restarts”. https://www.stevenbright.com/2020/08/vmware-vrealize-automation-8-1-patch-2-released/ Thu, 06 Aug 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/08/vmware-vrealize-automation-8-1-patch-2-released/ On July 24, 2020, VMware released the second patch for vRealize Automation 8.1. Patch 2 including forty-eight fixes for Provisioning, the Service Broker, vRealize CodeStream, Identity, vRealize Orchestrator, and virtual appliance/clustering. The hotfix can be installed using vRealize Suite Lifecycle Manager 8.1. It is recommended to install vRealize Suite Lifecycle Manager 8.1 Patch 1 before installing vRealize Automation 8.1 Patch 2 (8.1.0.9583). For complete details on the items that have been resolved with this hotfix, review the VMware KB article Cumulative Update for vRealize Automation 8. https://www.stevenbright.com/2020/05/monitoring-devices-using-snmp-in-vrealize-operations-8-1/ Fri, 08 May 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/05/monitoring-devices-using-snmp-in-vrealize-operations-8-1/ VMware’s vRealize Operations is an excellent monitoring, analytics, and self-driving IT operations platform that supports numerous applications and infrastructure systems out of the box. Management packs are available from both VMware and third-parties to extend these out of the box capabilities to a wide variety of additional applications and infrastructure systems. Unfortunately, management packs aren’t available for every hardware device that you might need to monitor. In these situations, monitoring via SNMP might be your only choice. https://www.stevenbright.com/2020/05/vmsa-2020-0009-vrealize-operations-authentication-bypass-and-directory-traversal-vulnerabilities/ Fri, 08 May 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/05/vmsa-2020-0009-vrealize-operations-authentication-bypass-and-directory-traversal-vulnerabilities/ I just wanted to provide a quick post to bring attention to the latest VMware Security advisory VMSA-2020-0009. The products affected include: vRealize Operations 7.5.0 vRealize Operations 8.0.x vRealize Operations 8.1.0 If you utilize the vRealize Operations Application Remote Collector (ARC) appliance to monitor operating systems or applications via the Telegraf agents, you should immediately implement the workaround documented in VMware KB79031. While two vulnerabilities were announced, both relating to Salt, an open-source project by SaltStack, the authentication bypass vulnerability (CVE-2020-11651) received a CVSSv3 base score of 10. https://www.stevenbright.com/2020/04/disa-releases-updated-vmware-vsphere-6-5-stigs-version-1-release-4/ Tue, 28 Apr 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/04/disa-releases-updated-vmware-vsphere-6-5-stigs-version-1-release-4/ On April 23, 2020, the Defense Information Systems Agency (DISA) has made available the third update to VMware vSphere 6.5 STIGs originally released in 2019. VMware vSphere 6.5 STIG Version 1, Release 4 includes minor updates to both the ESXi and the vCenter Server STIGs. Per the revision history provided in the updated STIG download, the following changes were made: VMware vSphere 6.5 ESXi STIG V-100543 – Reinstated requirement The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic. https://www.stevenbright.com/2020/04/vmware-vrealize-automation-8-0-1-hotfix-3-released/ Tue, 21 Apr 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/04/vmware-vrealize-automation-8-0-1-hotfix-3-released/ It seems like it was just a few days ago that I was posting that vRealize Automation 8.0.1 Hotfix 2 was available. In reality, it was precisely 15 days ago. Nevertheless, on April 16, 2020, VMware released the third hotfix for vRealize Automation 8.0.1. Hotfix 3 (20 days after Hotfix 2) including seven fixes for Provisioning, the Service Broker, and vRealize CodeStream. The hotfix can be installed using vRealize Suite Lifecycle Manager 8. https://www.stevenbright.com/2020/04/getting-started-with-vsphere-7-0-lifecycle-manager/ Fri, 10 Apr 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/04/getting-started-with-vsphere-7-0-lifecycle-manager/ In the early days of VMware ESX and VirtualCenter Server (now called vCenter Server), patching and upgrading ESX hosts was a manual and challenging task that required a significant amount of time from a virtual administrator to complete. This process included manually staging patch files as well as executing install and reboot commands to each ESX host. To simplify virtual infrastructure management, in 2007, VMware introduced a new feature with VMware VirtualCenter Server 2. https://www.stevenbright.com/2020/04/vmware-vrealize-automation-8-0-1-hotfix-2-released/ Mon, 06 Apr 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/04/vmware-vrealize-automation-8-0-1-hotfix-2-released/ On March 27, 2020, VMware released the second hotfix for vRealize Automation 8.0.1. Included in it are sixty-three fixes for items relating to the Provisioning, vRealize Orchestrator (vRO), vRealize CodeStream, and Virtual appliance/clustering. The hotfix can be installed using vRealize Suite Lifecycle Manager 8.0.1. It is recommended to install vRealize Suite Lifecycle Manager 8.0.1 Patch 1 before installing vRealize Automation 8.0.1 Hotfix 2 (Build 8.0.1.7482). For complete details on the items that have been resolved with this hotfix, review the VMware KB article Cumulative Update for vRealize Automation 8. https://www.stevenbright.com/2020/04/esxi-upgrade-software-or-system-configuration-of-host-is-incompatible/ Fri, 03 Apr 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/04/esxi-upgrade-software-or-system-configuration-of-host-is-incompatible/ While attempting to upgrade my ESXi hosts to the latest vSphere 7.0 release, I ran into the following error on all of the hosts in my home lab: The upgrade has VIBs that are missing dependencies. Remove the VIBs or use Image Builder to create a custom upgrade ISO image that contains the missing dependencies, and try to upgrade again. While the error message gives you a pretty good idea of what might be causing the issue, for the life of me, I couldn’t think of what VIBs it could be referring to. https://www.stevenbright.com/2020/04/vmware-vsphere-7-0-now-available/ Thu, 02 Apr 2020 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2020/04/vmware-vsphere-7-0-now-available/ Today, the highly anticipated VMware vSphere 7.0 release is now available for download. With it comes many new features and enhancements that I hope to write about in the near future. Until then, there are several items that you should be aware of before you begin upgrading your environments. What’s New in vSphere 7.0 There are so many new features in vSphere 7.0 that a dedicated blog post would be required to cover them all. https://www.stevenbright.com/2020/03/vmware-vrealize-automation-7-6-hotfix-3-released/ Tue, 03 Mar 2020 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2020/03/vmware-vrealize-automation-7-6-hotfix-3-released/ While vRealize Automation 8.0 may be the hot new cloud management platform from VMware, vRealize Automation 7.6 still enjoys widespread usage due to its long life and rich feature set. As such, VMware continues to provide bug fixes for vRealize Automation 7.6. Continuing this trend, VMware recently released Hotfix 3 for vRealize Automation 7.6 on February 25, 2020. This cumulative update brings us fixes for 14 separate issues relating to performance, UI, vRealize Operations integration, and adds support for Red Hat Enterprise Linux 8. https://www.stevenbright.com/2020/02/custom-hostname-generation-in-vrealize-automation-8/ Tue, 11 Feb 2020 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2020/02/custom-hostname-generation-in-vrealize-automation-8/ If you’re like most large IT environments, a device naming standard is common to maintain order on your network when deploying new devices. Some IT environments utilize simple naming standards, while others are complex and might vary depending on location, device type, device usage, or some other abstract reason. vRealize Automation 8 introduced significant improvements over vRealize Automation 7 when it comes to machine naming including support for naming templates based on: https://www.stevenbright.com/2020/02/vrealize-automation-7-x-data-collection-stuck-in-progress-for-compute-resource/ Wed, 05 Feb 2020 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2020/02/vrealize-automation-7-x-data-collection-stuck-in-progress-for-compute-resource/ Over the past several years of operating multiple vRealize Automation 7.x deployments, I’ve come across a situation where the data collection status for the Inventory or State data stays stuck at “In Progress” for a particular vSphere cluster. Usually, this occurs because a vSphere Agent executing the job was stopped mid-process. I initially searched online for a solution and could not find anything that helped. This left me to digging through the vRealize Automation 7. https://www.stevenbright.com/2020/02/vmware-updates-per-cpu-licensing-model-to-32-cores-per-cpu/ Tue, 04 Feb 2020 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2020/02/vmware-updates-per-cpu-licensing-model-to-32-cores-per-cpu/ With the new 64-core AMD EPYC processors available and the 56-core Intel Xeon on the horizon, it was bound to happen… On February 3, 2020, VMware announced that effective April 2, 2020, all per-CPU licensed products will be limited to 32 physical cores per CPU license. This change means that those shiny new 64-core processors will require the purchase of 2 CPU licenses for each processor going forward. This change affects all per-CPU licensed products, including vSphere, vSAN, NSX, and Enterprise PKS, to name a few. https://www.stevenbright.com/2020/01/vmware-vrealize-automation-8-0-logs/ Tue, 28 Jan 2020 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2020/01/vmware-vrealize-automation-8-0-logs/ Over the past several years of using vRealize Automation 6.x and 7.x, I have generated numerous dashboards and search queries within Splunk to explore the log data generated by these products. Knowing that vRealize Automation 8.0 is an entirely new product compared to previous versions, I decided that it was time to begin reviewing the log data being generated by the appliance to determine what information could be obtained from the logs. https://www.stevenbright.com/2020/01/disa-releases-updated-vmware-vsphere-6-5-stigs-version-1-release-3/ Tue, 21 Jan 2020 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2020/01/disa-releases-updated-vmware-vsphere-6-5-stigs-version-1-release-3/ On January 16, 2020, the Defense Information Systems Agency has made available the second update to VMware vSphere 6.5 STIGs released in 2019. VMware vSphere 6.5 STIG Version 1, Release 3 includes updates to both the ESXi and the vCenter Server STIGs. Per the revision history provided in the updated STIG download, the following changes were made: VMware vSphere 6.5 ESXi STIG V-94505, V-94507, V-94529, V-94531, V-94543, V-94545 - Added N/A statement when host profiles are not used to join AD These STIGs checks all relate to the authentication of users to ESXi using Active Directory. https://www.stevenbright.com/2020/01/vrealize-automation-8-0-1-hotfix-1-released/ Tue, 21 Jan 2020 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2020/01/vrealize-automation-8-0-1-hotfix-1-released/ When it comes to vRealize Automation 8.0, VMware has been moving full steam ahead with rapid product updates containing new features, capabilities, and bug fixes. Continuing this trend, on January 17, 2020, VMware released the first hotfix for vRealize Automation 8.0.1. Included in it are three enhancements, ten improvements, and fifteen fixes for items relating to the IaaS API, Provisioning, Action-based extensibility (ABX), vRealize Orchestrator (vRO), and Virtual appliance/clustering. The hotfix can be installed using vRealize Suite Lifecycle Manager 8. https://www.stevenbright.com/2020/01/privilege-escalation-vulnerability-in-vmware-tools-10/ Tue, 14 Jan 2020 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2020/01/privilege-escalation-vulnerability-in-vmware-tools-10/ Just a heads up. VMware has published Security Advisory VMSA-2020-0002 (CVE-2020-3941), which details information regarding a race condition within VMware Tools 10.x.x that can allow a user to escalate their privileges on a Windows VM. This issue was assigned a CVSSv3 score of 7.8 and has the potential to affect many environments as it applies to all releases of VMware Tools 10. The vulnerability can be resolved by installing VMware Tools 11, but if you can’t upgrade to VMware Tools 11, a workaround is available in VMware KB76654. https://www.stevenbright.com/2020/01/upgrading-to-vmware-identity-manager-3-3-1/ Tue, 14 Jan 2020 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2020/01/upgrading-to-vmware-identity-manager-3-3-1/ I recently had the pleasure of upgrading two virtual appliance-based VMware Identity Manager 3.3.0 deployments to 3.3.1 using the offline update method without the assistance of vRealize Suite Lifecycle Manager. When I reviewed the update documentation, I found that this release didn’t support the offline update process I previously utilized, so I figured I’d create a quick post providing an overview of the supported update processes for 3.3.1. What Changed? In previous releases of VMware Identity Manager 3. https://www.stevenbright.com/2019/12/vmware-vrealize-automation-8-0-1-released/ Mon, 30 Dec 2019 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2019/12/vmware-vrealize-automation-8-0-1-released/ VMware has released a new update to vRealize Automation 8.0, bringing with it new features, as well as improvements and bug fixes. Unfortunately, vRealize Automation 8.0.1 still does not provide an upgrade/migration path from 7.x to 8.0. We likely will not see upgrade/migration functionality until version 8.1. New features in this release include: Migration from vRealize Automation 7.5 or 7.6 assessment vRealize Automation Migration Assessment Offline Capture Utility 1.0.0 allows you to collect data from your vRealize Automation, vRealize Orchestrator, or external vRealize Orchestrator source environment offline. https://www.stevenbright.com/2019/12/vmware-vrealize-operations-8-0-1-released/ Mon, 30 Dec 2019 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2019/12/vmware-vrealize-operations-8-0-1-released/ VMware has released a new maintenance update to vRealize Operations 8.0 that includes performance and stability improvements. The list of resolved issues in vRealize Operations 8.0.1 includes: The rsyslog service does not run with vRealize Operations Manager parameters. After Service Discovery is configured, the Execute Script and Get Top Processes actions do not work from the Inventory > Objects page. The Set Memory of VM action does not work and the memory hot plug is not supported on virtual machines. https://www.stevenbright.com/2019/12/working-with-tags-in-vrealize-automation-8-0/ Fri, 20 Dec 2019 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2019/12/working-with-tags-in-vrealize-automation-8-0/ vRealize Automation 8.0 brought with it a completely new method for controlling access to resources within our cloud environments. In previous versions of vRealize Automation, the concept of a Reservation existed, which provided a clear contract as to what compute, storage, and network resources a particular Business Group had access to as well as limits on the amount of memory and storage resources that the Business Group could consume. Fast forward to vRealize Automation 8. https://www.stevenbright.com/2019/11/getting-started-with-vrealize-automation-8-0-cloud-assembly/ Wed, 27 Nov 2019 00:00:00 -0500 Steven Bright https://www.stevenbright.com/2019/11/getting-started-with-vrealize-automation-8-0-cloud-assembly/ As a followup to my Deploying VMware vRealize Automation 8.0 walkthrough, we’ll now utilize our new vRealize Automation 8.0 deployment to configure a basic Blueprint and provision our first virtual machine using Cloud Assembly. vRealize Automation 8.0 includes a great “Getting Started” wizard that we’re provided when we access our deployment for the first time. While this option gets us up and running the fastest with Cloud Assembly, it obscures the task required to begin using Cloud Assembly. https://www.stevenbright.com/2019/11/disa-releases-updated-vmware-vsphere-6-5-stigs-version-1-release-2/ Sat, 02 Nov 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/11/disa-releases-updated-vmware-vsphere-6-5-stigs-version-1-release-2/ On October 25, 2019, the Defense Information Systems Agency has made available the first updates to VMware vSphere 6.5 STIGs released earlier this year. VMware vSphere 6.5 STIG Version 1, Release 2 includes updates to both the ESXi and the Virtual Machine STIGs. Per the revision history provided in the updated STIG download, the following changes were made: VMware vSphere 6.5 ESXi STIG V-94491, V-94493, V-94495, V-94497, V94499, V-94501, V-94503, V-94513, V94515,V-94517, V-94519, V-94521, V94523, V-94525, V-94527, V-94537, V94539, V-94541, V-94551, V-94553, V94555, V-94557, V-94049 - Removed multiple duplicate requirements in ESXi STIG. https://www.stevenbright.com/2019/11/upgrading-to-vrealize-suite-lifecycle-manager-8-0/ Sat, 02 Nov 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/11/upgrading-to-vrealize-suite-lifecycle-manager-8-0/ vRealize Suite Lifecycle Manager 8.0 is the latest release of VMware’s application platform for deploying, upgrading, and managing the various products included in the vRealize Suite. Don’t worry; you didn’t miss several releases between version 2.1 to version 8.0. Instead, VMware has decided to baseline all of the latest vRealize Suite products onto a common version number. Unlike with the previous version of Lifecycle Manager, upgrading to version 8.0 requires the deployment of a new virtual appliance and migration of your existing configuration. https://www.stevenbright.com/2019/10/deploying-vmware-vrealize-automation-8-0/ Tue, 22 Oct 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/10/deploying-vmware-vrealize-automation-8-0/ The latest release of vRealize Automation 8.0 is based on a completely rewritten codebase and is a dramatic departure from the previous versions of vRealize Automation. vRealize Automation 8.0 is an on-premise release of the VMware vRealize Automation Cloud SaaS offering that has been available for a while now. The platform consists of 3 components: Cloud Assembly, Cloud Broker, and Code Stream. The new vRealize Automation 8.0 virtual appliance includes these components as well as an integrated version of vRealize Orchestrator 8. https://www.stevenbright.com/2019/07/deploy-the-hpe-3par-storeserv-simulator/ Mon, 01 Jul 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/07/deploy-the-hpe-3par-storeserv-simulator/ For several years now, HPE has provided a simulated version of its 3PAR StoreServ storage array available for deployment in virtualized environments. While the simulator does not offer storage services to external devices, it is fully functional in almost all aspects allowing for complete testing of most features and management functions. In this post, we walk through the process to deploy and configure the simulator. Preparing for Deployment Before we can begin, we need to download the HPE 3PAR StoreServ Simulator from the My HPE Software Center. https://www.stevenbright.com/2019/06/add-custom-properties-to-vrealize-operations-using-the-rest-api-and-vrealize-orchestrator/ Wed, 26 Jun 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/06/add-custom-properties-to-vrealize-operations-using-the-rest-api-and-vrealize-orchestrator/ I have been using vRealize Operations to monitor the compliance of virtual machines against the DISA VMware vSphere Virtual Machine STIG for quite some time now. With the release of the new VMware vSphere 6.5 Virtual Machine STIG, I have discovered that vRealize Operations does not collect all the necessary information out of the box to verify compliance with the new STIG rules. Rather than waiting for VMware to provide an update to vRealize Operations, I decided to utilize vRealize Orchestrator to add custom properties to the virtual machines in vRealize Operations using the vRealize Operations REST API. https://www.stevenbright.com/2019/06/vrealize-operations-compliance-alerts-for-the-vsphere-6-5-esxi-stig/ Tue, 18 Jun 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/06/vrealize-operations-compliance-alerts-for-the-vsphere-6-5-esxi-stig/ As a follow-up to my previous post providing alert content for the VMware vSphere 6.5 Virtual Machine STIG Version 1, Release 1, I have also put together new alert content for the VMware vSphere 6.5 ESXi STIG Version 1, Release 1. See the link at the bottom of the page to download the alert content XML. The following STIG items cannot be verified by vRealize Operations because the checks are user process related, the configuration values are not currently collected by vRealize Operations, or the checks involve non-VMware assets (e. https://www.stevenbright.com/2019/06/vrealize-operations-compliance-alerts-for-the-vsphere-6-5-virtual-machine-stig/ Fri, 14 Jun 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/06/vrealize-operations-compliance-alerts-for-the-vsphere-6-5-virtual-machine-stig/ With the recent release of the VMware vSphere 6.5 Virtual Machine STIG Version 1, Release 1, I needed to create new vRealize Operations alert content to verify compliance of my virtual machines. Combined with the automated alert remediation process I described in a previous post, ensuring compliance with the new STIG requirements is easy. See the link at the bottom of the page to download the alert content XML. Unfortunately, the following STIG items can’t be verified by vRealize Operations either because the checks are user process related or the configuration values aren’t currently collected by vRealize Operations: https://www.stevenbright.com/2019/06/disa-stigs-released-for-vmware-vsphere-6-5/ Thu, 13 Jun 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/06/disa-stigs-released-for-vmware-vsphere-6-5/ Update: On Oct 25, 2019, DISA released the first update to the VMware vSphere 6.5 STIGs As of today, the Defense Information Systems Agency has made available the first STIGs for VMware vSphere 6.5. These STIGs can be downloaded from DoD Cyber Exchange here: DISA Virtualization STIG Downloads. The VMware vSphere 6.5 STIG ZIP file contains the following: VMware vSphere 6.5 Version 1 Release 1 - Overview PDF VMware vSphere 6. https://www.stevenbright.com/2019/06/configure-splunk-to-use-a-vmware-vcenter-psc-as-a-saml-idp/ Sun, 09 Jun 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/06/configure-splunk-to-use-a-vmware-vcenter-psc-as-a-saml-idp/ Why Use a VMware vSphere Platform Service Controller? As mentioned in a previous post, Splunk Enterprise is a fantastic application for handling the massive amount of log data generated by VMware virtualization environments. Since every VMware vCenter deployment includes at least a single Platform Service Controller (PSC), you can easily configure your Splunk Enterprise deployment to use the same authentication services making it easier to access your log data. Items to Keep in Mind Splunk Enterprise requires that the following information be passed back as part of the SAML assertion from the IdP: Role Splunk Enterprise will use the following information if it is passed back as part of the SAML assertion from the IdP: Email, Real Name As of Splunk Enterprise version 7. https://www.stevenbright.com/2019/05/configure-splunk-enterprise-to-use-vmware-identity-manager-as-a-saml-identity-provider/ Wed, 29 May 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/05/configure-splunk-enterprise-to-use-vmware-identity-manager-as-a-saml-identity-provider/ Splunk Enterprise is an awesome platform for analyzing massive amounts of data at scale. Because of this, it’s a popular system for aggregating log data from VMware virtualization environments. Its flexibility and ability to search through significant quantities of log data at great speeds is why I’ve been utilizing it for years. Today I’m going to go over the process to integrate VMware Identity Manager (vIDM) as a SAML 2.0 identity provider (IdP) for Splunk Enterprise authentication. https://www.stevenbright.com/2019/05/vrealize-suite-lifecycle-manager-2-1-patch-1-installation/ Fri, 24 May 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/05/vrealize-suite-lifecycle-manager-2-1-patch-1-installation/ Introduction In this short post, we will quickly review the process for installing Patch 1 to your existing vRealize Suite Lifecycle Manager (vRSLCM) 2.1 deployment. The release notes for the patch are available in VMware KB 68067. How to Obtain the Patch You can directly download the patch within the vRSLCM interface or if your vRSLCM deployment does not have Internet access, you can download it from the VMware Patch Download Center. https://www.stevenbright.com/2019/05/automated-alert-remediation-in-vrealize-operations-7-x-using-vrealize-orchestrator/ Fri, 17 May 2019 00:00:00 -0400 Steven Bright https://www.stevenbright.com/2019/05/automated-alert-remediation-in-vrealize-operations-7-x-using-vrealize-orchestrator/ Have you ever wished that you could automatically execute a custom workflow in response to an alert generated in vRealize Operations? In previous releases of vRealize Operations, there wasn’t an easy way of accomplishing this. While there were many actions that could be executed using the built-in VMware vSphere solution, there wasn’t an easy built-in method to execute custom actions. With the introduction of the VMware vRealize Operations Management Pack for vRealize Orchestrator, VMware has finally made this possible.