Support ending for vSphere 6.5 and 6.7 in Six Months

It may be hard to read; but the end of the road is coming for vSphere 6.5 and 6.7 in terms of General Support. These versions were released in 2016 and 2018.  vSphere 6.5 and 6.7 will run into End of General Support on 10/15/2022.  You can search for end of support dates for any VMware product on the VMware Product Lifecycle Matrix. 🎦

What does this mean?

vSphere is a term that generally refers to the combination of vCenter Server and the ESXi Hypervisor.  After 10/15/22, these products will transition from General Support to Technical Guidance.  In this state, support for VMware products centers around web-only support that focuses on providing links to known workarounds for less critical issues.  Phone and Zoom-based support are not available.  For the more information, refer to the VMware Product Lifecycle Policies.

If you haven’t already started planning the upgrade of your environment – now is the time to do so.  Continue reading for a few helpful tips!

Continue reading “Support ending for vSphere 6.5 and 6.7 in Six Months”

vToolbelt – April 2020

Spring weather greetings from Ohio!   Anyone who lives in a climate that shifts significantly in seasons will relate – we have had 70 degree days and snow in the same week!

A lot of our schools are on spring break so the news this month is light.

Product Support Watch

The following products are nearing the End of General Support.  You can find the full list on the VMware Lifecycle Product Matrix.

  • Dynamic Environment Manager 10/2006 – 8/11/22
  • App Volumes 4 – 7/9/22
  • App Volumes 2.18 – 9/16/22
  • Identity Manager 3.3.3 – 5/11/22
  • Identity Manager 3.3.4 – 8/4/22
  • Workspace ONE UEM Console 2010 (SaaS Only) – 4/14/22
  • Workspace ONE UEM Console 2011 – 7/15/22
  • Workspace ONE Access 20.10 – 5/2/22
  • Workspace ONE UEM Console 2101 (SaaS Only) – 7/22/22
  • vRealize Automation 7.6 – 9/1/22
  • vRealize Orchestrator 7.6 – 9/1/22
  • vRealize Operations 8.1.1 – 7/9/22

 


Notes from the Field

If you are looking to get started with NSX – Check out the NSX-T Easy Adoption Guide.

Continue reading “vToolbelt – April 2020”

vToolbelt – March 2022

Welcome to March everyone!  For those of us in the mid-western US, this is the moment we start looking forward to nice weather!  It’s also a time when all VMware products have LOG4J patchesavailable.  VMworld’s call for papers will be coming soon and there is generally a need and a feeling for a fresh start!

Hot topics

Product Support Watch

The following products are nearing the End of General Support.  You can find the full list on the VMware Lifecycle Product Matrix.

Horizon View / Workspace ONE

  • Dynamic Environment Manager 9.9 – 3/17/22
  • Dynamic Environment Manager 9.11 – 3/17/22
  • Dynamic Environment Manager 10/2006 – 8/11/22
  • App Volumes 4 – 7/9/22
  • Horizon 7.10 ESB – 3/17/22
  • Identity Manager 3.3.3 – 5/11/22
  • Identity Manager 3.3.4 – 8/4/22
  • Workspace ONE UEM Console 2008 – 3/15/22
  • Workspace ONE UEM Console 2010 (SaaS Only) – 4/14/22
  • Workspace ONE UEM Console 2011 – 7/15/22
  • Workspace ONE Access 20.10 – 5/2/22
  • vRealize Automation 7.6 – 9/1/22
  • vRealize Operations 8.1.1 – 7/9/22

 


Notes from the Field

The VMware Communities forum has been redesigned to provide a better experience- check it out today at  communities.vmware.com.

New version of RVTools is available – If you have never used this free tool, you should check it out.  It can be used to gather a quick inventory of your environment with some very good detail.  It also provides a quick health check tab that calls out information about long running snapshots, VMs that were removed from inventory but not from disk.  The 20 minutes it would take for you to use this tool (from download to run to review) could save you quite a bit of time and help tidy up your environment.

Continue reading “vToolbelt – March 2022”

Using OpenSSL to create certificate signing request with Subject Alternative Names

Now that I had replaced the self-signed certificates in my vSphere environment, I started to wonder what other parts of my homelab could use the same treatment. While I worked on this, I learned how to use OpenSSL to generate a certificate signing request with Subject Alternative Names – and solved a problem.  Read on for the details!

LIke most homelabs, I had a number of applications and devices

  • vSphere
  • VMware Skyline
  • Realize Suite
  • Synology NAS
  • Ubiquiti Manager
  • Webmin

The vSphere environment was already done.  I was able to figure out the vRealize Suite fairly easily.    Next up was one of the NAS devices I had, and this is where I ran into trouble.  I was able to use the tools built into the Synology to generate a CSR and request a certificate from the Microsoft CA I had setup. The new certificate seemed to install fine; but the site was still showing as not trusted in my browser.  I kept seeing the error : NET::ERR_CERT_COMMON_NAME_INVALID – even though the certificate was showing up as valid.

Continue reading “Using OpenSSL to create certificate signing request with Subject Alternative Names”

Setup vCenter as Subordinate CA and Replace Host Certificates

Updated – 3/23/22:   Added some notes to regarding Certificate Chain Ordering after working working with a customer using a certificate exported directly from the Microsoft Certificate Management Console.

I was trying to replace the self-signed certificates in my vSphere environment – for both the vCenter Server Appliance and the ESXi hosts.  The VCSA includes a Certificate Authority (VMCA) to helpSecured by SSL automate this process for larger VMware environments.

I had trouble getting it to work until I found Adrian Costea’s writings on the topic.  His blog helped clarify the process of configuring the VCSA as a subordinate CA.  Through a bit of trial and error, I was able to learn how to get vCenter to replace the certificates on ESX hosts using the newly configured CA in vCenter.

Note:  The steps listed here were performed against the VCSA using  vCenter Server 6.7 U3 with an Embedded PSC.  It was also tested against vCenter 7.0 U3.

Before you begin

It’s always a good idea to take a snapshot of vCenter before making significant changes like this.  Make sure you are taking a snapshot of vCenter the right way.  While you are at it – take a few moments and configure your vCenter Server Backup.

Continue reading “Setup vCenter as Subordinate CA and Replace Host Certificates”

VMware Horizon LOG4J Remediation – did you apply the right patch?

I have heard some confusion from customers about the proper way to remediate Horizon environments for LOG4J.  I wanted to review the highlights for you.

If you operate a VMware Horizon environment please take a moment and review the following notes:Horizon View logo

  • Verify your installed Horizon releases are from December 19th – The Apache software foundation released updated guidance after VMware initially published a release for Horizon on December 16th.  The new guidance required updates which were made available on December 19th.
  • Verify you have updated all affected Horizon components – The components affected will vary based on the version you are running (as not all versions used the LOG4J component).  Affected components can include:
    • Connection Server / Security Server
    • HTML Access
    • Universal Access Gateway
    • Horizon Agents for Windows and Linux
    • Cloud Connector
    • vRealize Operations for Horizon Desktop Agent

All of this information is covered in detail by KB 87073.

For links to guidance on all VMware products affected by LOG4J – please refer to the VMware Security Advisory – VMSA-2021-0028.

vToolbelt – February 2022

Hot topics

Product Support Watch

The following products are nearing the End of General Support.  You can find the full list on the VMware Lifecycle Product Matrix.

Horizon View / Workspace ONE

  • Dynamic Environment Manager 9.9 – 3/17/22
  • Dynamic Environment Manager 9.11 – 3/17/22
  • App Volumes 4 – 7/9/22
  • Horizon 7.10 ESB – 3/17/22
  • Identity Manager 3.3.3 – 5/11/22
  • Workspace ONE UEM Console 2008 – 3/15/22
  • Workspace ONE UEM Console 2010 (SaaS Only) – 4/14/22

Continue reading “vToolbelt – February 2022”

Get Notified about VMware Security and Technical Updates

Do you rely on Twitter to get notifications on updates to VMware Security Advisories or Technical Updates?  Did you know that you can easily be among the first to get notified when new VMware Security Advisories and Technical Updates are published? Sign up today!    You might just be the one sending the tweet next time!

VMware Security Advisories

VMware publishes Security Advisories for their products at https://vmware.com/security/advisories.html.  While I do encourage you to bookmark this page, there are 2 easy ways to set up automatic notifications for yourself:

Continue reading “Get Notified about VMware Security and Technical Updates”

vToolbelt – January 2022

Happy New Year everyone!

Hot topics

  • VMware announced a heap-overflow vulnerability for VMs configured to use an ISO image or host device in the CD-RomRead below for details on the issue as well as preventative steps you can take.
  • The open source Apache Log4J project has announced a zero day vulnerability with versions 2.14.1 and earlier. Any systems using those affected software components should patch or take preventative action immediately.  Read below for more details on how VMware is responding.
  • ESX hosts using SD-Cards or USB Media to boot should be aware that support for this is ending. A TAM Customer webinar in early December covered this extensively. If you were unable to attend the webinar live, you can watch the recording.

Continue reading “vToolbelt – January 2022”

Updates to VMware products for the Log4J vulnerability – CVE-2021-44228

Many VMware products use the LOG4J software components which were recently disclosed to have a critical security vulnerability (CVE-2021-44228).    This is a serious issue which requires immediate action.

VMware has published a security advisory (VMSA-2021-0028) which details VMware products known to be affected, as well as steps to remediate the issues.      This is an on-going situation and updates to this document are expected.  Please check back often to ensure you have the latest information.

VMware has also published an FAQ to address any questions.