vToolbelt – December 2021
Hot topics for the month
- The open source Apache Log4J project has announced a zero day vulnerability with versions 2.14.1 and earlier. Any systems using those affected software components should patch or take preventative action immediately. Read below for more details.
- ESX hosts using SD-Cards or USB Media to boot should be aware that support for this is ending.
Product Support Watch
The following products are nearing the End of General Support. You can find the full list on the VMware Lifecycle Product Matrix.
Horizon View / Workspace ONE
- Dynamic Environment Manager 9.9 – 3/17/21
- Dynamic Environment Manager 9.11 – 3/17/22
- App Volumes 4 – 1/14/22
- Horizon 7.0 ESB – 3-17-22
- Identity Manager 3.3.3 – 5/11/22
- Workspace ONE UEM Console 2006 (SaaS Only) – 12/17/21
- Workspace ONE UEM Console 2007 (SaaS Only) – 1/20/22
- Workspace ONE UEM Console 2008 – 3/15/22
- Workspace ONE UEM Console 2010 (SaaS Only) – 4/14/22
- NSX for vSphere (NSX-V) – 1/16/22 – must transition to NSX-T
- Lifecycle Manger 8.3 – 2/4/22
- Lifecycle Manger 8.4 – 4/15/22
- vRealize Orchestrator 8.3 – 2/4/22
- vRealize Orchestrator 8.4 – 4/15/22
- vRealize Automation 8.3 – 2/4/22
- vRealize Automation 8.4 – 4/15/22
- Fusion 12 – 12/14/21
- Workstation 16 – 12/14/21
Notes from the Field
VMware’s response to the Apache Log4J vulnerability – On 12/10/21, the Apache Log4J project disclosed a zero-day vulnerability in CVE-2021-44228.
- VMware Security Advisory VMSA-2021-0028 was published to document the impact to VMware Products. This is an on-going event – please check back at this URL for updates as the develop
- This is a critical severity issue and immediate action is recommended.
- You can download a PDF summary of the advisory which includes the steps to remediate VMware products as published as of 12/13/21. Do check back at the URL above for new developments.
Migrating to NSX-T – NSX-V is End of Life and will be out of support on January 16, 2022. If you are running NSX-V you need to migrate to NSX-T. The licenses you have today do work with NSX-T. There are 2 methods to migrate. There is also a whitepaper on migrating from NSX-V to NSX-T.
vSphere 7.0 Update 2 and USB-based Boot Media (SD Cards/USB Sticks) – If your ESX hosts boot from these devices – you need to read this important information before you upgrade as the boot devices you are using may have issues.
vSphere 7 Update 2 introduces changes to core storage used by the Hypervisor and increases the I/O requirements past the endurance thresholds of some SD cards. This change is described in the vSphere 7.0 Update 2 VMware ESXi Installation and Setup Guide. On page 12 of the guide, it specifies that the ESX-OSData partition “must be created on high-endurance storage devices”.
Currently, information about the internal SD cards can’t be checked on the VMware Compatibility Guide, as hardware manufacturers do not provide that information to VMware. Please be aware that the hardware vendors are responsible for managing and updating their information listed in the compatibility guide. If you have questions about the endurance specifications of your SD Cards – please check with your hardware manufacturer.
KB 83376 – discusses the issues that can arise when the SD card boot device has exhausted its write capability. This KB also describes a work around VMware has developed to allow low endurance SD Cards to work with vSphere 7 Update 2. It involves a manual one-time config change which moves certain highly accessed files to a RAM Disk. This should become automatic in a future release of vSphere 7.x.
While this should help with vSphere 7.x, I am not sure what the future holds for SD Cards as ESX boot devices. If I had to guess, I would imagine that the I/O requirements will increase over time as ESX continues to evolve.
It is advisable to consider adding higher performance/endurance boot devices into a future budget or into your next hardware refresh plan.