vToolbelt – October 2020
Hello and welcome to fall… I think. Maybe next week. Ohio weather is so unpredictable. Anyway a short newsletter this month A few on-line events you may be interested in as well as a free trial of Carbon Black.
Free Training Resources – Offer extended!
For the past few months I have mentioned that VMware was offering a complimentary 6-month Digital Learning subscription to the Premium edition of the VMware Learning zone. Due to popular demand, this offer has been extended to a full year. You must enroll by October 31st. You can learn more about this free offering and register here.
Are you managing Android devices with Workspace ONE Unified Endpoint Management? There are some changes regarding Workspace ONE UEM & Android Enterprise coming in November 2020 you will want to review.
vCenter Server Internal Certificate Expiration – If your vCenter server (Appliance or Windows) was deployed as 6.5 Update 2 or later, the Security Token Service (STS) signing certificate may have a 2-year validity period. Depending on when your vCenter was deployed, this may be approaching that expiration date. There is no vCenter Alarm for this condition. I highly recommend you take a few minutes and check your environment and proactively replace the certificate if needed.
- KB 79248: Simple ways to check the STS certificate expiration date
- KB 76719: Scripted/automated method to replace STS certificate
A friendly reminder about Adobe ending support for Flash
If you haven’t heard, Adobe has announced that they are ending support for Flash in December 2020. There are 2 points in the VMware management stack that this may have impact for you
- VMware vSphere prior to 6.7 U1 – Any vSphere versions prior to vSphere 6.7 Update 1 still use flash
- Horizon View 7.x and newer – While later versions of Horizon 7 do offer some support for HTML 5 in the management console, the use of Flash in the management console is not fully deprecated until Horizon 8.
Once Adobe makes the Flash Player End-Of-Life, browser manufactures are expected to pull the software from their browsers. This will make managing your environment difficult. The VMware vSphere Blog has an article about the vSphere Web client and your options. The short version:
- Upgrade your vCenter or Horizon environment. Your ESXi hosts don’t have to be at the same version. There is a vCenter-ESXi interoperability chart that can help you determine if your hosts can be managed by newer vCenter versions.
- If you cannot upgrade to a version of vCenter or Horizon that supports the HTML 5 client, you should proactively setup a dedicated management computer/VM
- Set up the machine and test it to verify it works as you expect
- Disable all updates
- Take a Snapshot (if a VM)
Product Support Watch
Horizon View / Workspace ONE
- Horizon 7.5 ESB- 11/30/20
- Horizon 7.9, 7.11, 7.12 – 3/22/2021
- App Volumes 2.15 – 12/13/2020
- App Volumes 2.16 – 3/14/2021
- User Environment Manager 9.6 – 12/13/20
- User Environment Manager 9.7 – 3/14/21
- Unified Endpoint Management Console builds
- 1903 – 10/22/20
- 1904 – 10/24/20
- 1905 (SAAS) – 10/24/20
- Identity Manager 19.03 – 11/16/2020
- Fusion 11 – 12/19/20
- Workstation 15 – 12/1920
- Lifecycle Manager 1.3 – 12/17/20
- vRealize Automation 7.4, 7.5 – 12/17/20
- vRealize Orchestrator 7.4, 7.5 – 12/17/20
- vRealize Business for Cloud 7.5 – 12/17/20
Notes From The Field
Carbon Black – Free Trial & Webinar
Carbon Black delivers agentless protection for vSphere workloads. Modern Attacks from malware and ransomware bypass traditional endpoint security. Carbon Black looks at app behavior patterns and can simplify your security stance while providing improved protection
- OARnet/VMware Power Blocks webinar – On October 28th, OARnet and VMware are teaming up to bring you a 30 minute webinar on Carbon Black and how it can protect your environment. Register Here.
- Free Trial – During Vmworld 2020, a free trial of Carbon Black Cloud Workload Essentials through April 2021 was announced. You can get hands-on with the product and try it out in your environment without obligation. Get more information and sign up at https://www.carbonblack.com/workload-free-trial.
Making the case to patch your systems (all of them, not just VMware)
You may have seen a thread on Reddit where someone describes a recent situation where the datastores in a vSphere environment environment were impacted by a ransomware attack. A few notes on the situation:
- The vulnerability was internally found as part of VMware’s Secure Development Lifecycle in 2017 and quickly remediated
- The vulnerability was addressed in vCenter Server 6.5 U1 released on July 27, 2017
- The vulnerability was addressed in vCenter Server 6.0 U3c on November 9, 2017
- The vulnerability was never present in vCenter Server 6.7 and vCenter Server 7.0
Customers that run outdated versions of VMware products are strongly encouraged to update to the latest version.
- If you missed VMworld, You can review the announcements from Day 1and Day 2.
- Did you know that you can use vRealize Operations to monitor SSL Certificate Expiry Dates?
- If your environment is using an external Platform Services Controller (PSC), you will need to converge to an Embedded PSC before upgrading to vSphere 7. Here is a nice blog on that process.