Cybersylum

vToolbelt – February 2023

byArron King 02.06.2023 vToolBelt

Let’s talk Ransomware

I am sure most everyone has heard about the latest ransomware attack called “ESXiArgs”. If you haven’t, two sites I follow have coverage [BleepingComputer and HackerNews].Ransomware uses a software exploit to gain access to a system and block access to that system until a sum of money is paid. There are instances where this exploit is unknown (also known as a Zero Day exploit). In the case of ESXiArgs, the attackers are targeting an exploit found in OpenSLP. A patch for this issue was released in February 2022 via VMSA 2019-0022. That date is not a typo – the patch has been available for about a year.

Please take a moment and review the VMSA above to ensure you are have applied the patch. If you cannot patch immediately, KB 76372 has steps on disabling the OpenSLP service on your ESXi hosts until you are able to find a patch window.

Protecting against Ransomware

One of the best general ways to protect your organization is to apply the relevant security patches. VMware publishes Security Advisories about it’s products. You can sign up to be notified when any new security advisory is published.

Continue reading “vToolbelt – February 2023”

ESX Host Prep with PowerCLI

byArron King 02.02.2023 PowerCLI Scripting vSphere

I often discuss ESX configuration with customers, and during a recent conversation the topic turned to Powershell and automation. This reminded of a script I wrote back in the vSphere 4.x days. I was able to locate the file, and with just 2 minor changes found it still works with vSphere 7. It is simple; but can save quite a bit of time. Since that is one of the fundamentals of automation – I thought it worthy of sharing.

vSphere does offer a feature called Host Profiles that can help ensure hosts have the same configuration. This feature does require Enterprise Plus licensing and can take some time to setup. For those that use vSphere Standard or the older Enterprise licensing – Host Profiles are not an option. That is where PowerCLI can be really useful!

Continue reading “ESX Host Prep with PowerCLI”

vToolbelt – January 2023

byArron King 01.06.2023 vToolBelt

I hope all of you had a Happy New Year – welcome to 2023.

I do want to take a moment and thank you for reading. I have been working on this blog for a few years now with no real expectations other than trying to provide some information that is helpful to others. Getting questions and feedback on what I write provides encouragement to keep going!

I don’t normally make much of New Year’s Resolutions; but thought it might help keep myself accountable so – Here goes!

Focus more on Education – In almost every industry continual learning is a necessity to some degree. I want to deepen my skillset and branch out a bit
- I just completed the vRealize 8.x Automation Install, Configure, and Manage course. Next step – lab time and maybe the Advanced Features and Troubleshooting course
- Azure Certification – A number of my customers are starting to use Public Cloud environments to compliment their on-premises compute.
- VMware seems to be joining in this resolution as well – check out the new training options below. One course is even complimentary for a limited time!
Blog more – The last quarter of 2022 has kept me busy with work and life. The winter months should provide time to share what I am learning. I have a few things on tap that may be of interest so stay tuned!
Dedicate Time to Physical Health – I know this one is cliche; but for this first time it seems like I am headed in the right direction in this area. Like many who may read this, I spend most of my time on the computer for work or hobby. My wife and I recently decided to help each other be more active and eat better. Doing this together really does seem to be working for us. I have a workout streak going and am having success eating healthier food with little to no snacking. Even after a short time my blood pressure is starting to trend in the right direction and so is the scale. Queue up Rule #1 🤣

VMware Security Advisories

VMSA-2022-0030 – vCenter and ESXi updates address multiple security vulnerabilities
VMSA-2022-0031 – vRealize Network Insight updates address command injection and directory traversal vulnerabilities
VMSA-2022-0032 – Workspace ONE Access and Identity Manager updates address multiple security vulnerabilities. Note: This also affects Identity Manger 3.3.6 used with vRealize Suite and Horizon
VMSA-2022-0033 – ESXi, Fusion, and Workstation updates address a heap out-of-bands vulnerability
VMSA-2022-0034 – vRealize Operations updated to address privilege escalation vulnerabilities

Continue reading “vToolbelt – January 2023”

vToolbelt – December 2022

byArron King 12.06.2022 vToolBelt

Hot Topics

VMware Security Advisories
- VMSA-2022-0028 – VMware Workspace ONE Assist – Authentication Bypass
- VMSA-2022-0029 – VMware Tools – Denial of Service

Upcoming Events

Cincinnati VMUG UserCON
December 8th 2022
8am – 4:30pm
In-person at the Sharonville Convention Center

The Cincinnati VMUG community welcomes you back to the Sharonville Convention Center to networkand engage in face-to-face conversations with your peers at the Cincinnati VMUG UserCon. Learn about the latest in IT innovations to help you stay on the cutting edge of technology. Advance your knowledge, become a better IT professional and grow as a strategic leader for your organization.

Continue reading “vToolbelt – December 2022”

vToolbelt – November 2022

byArron King 11.03.2022 vToolBelt

Welcome to November! For those of us in the midwest this means a

nearly endless need to rake and bag leaves. The first round isn’t so bad. When you get to the 5th round or later – not as fun 🤣 Wherever you are – I hope you are well! Please send me a kind thought as I prepare for my 6th round of leaf duty. On to more interesting topics – this month’s newsletter contains a number of links that will help you start to prepare for vSphere 8

If you haven’t upgraded to vSphere 7 yet – there is still time. While vSphere 6.5 and 6.7 have left End of General Support and are now in Technical Guidance, VMware will still do their best to help you if you upgrade. Take a look at these upgrade planning tips and get started!

Hot Topics

OpenSSL 3.0 vulnerabilities (CVE-2022-3602 and CVE-2022-3786) – Read the VMware Response
If you haven’t signed up for the VMware Security Advisories mailing list – take a moment to do so. Sign up is on this page – right next to the RSS Feed link.
VMware Converter is back! Version 6.3 is ready for download!

Continue reading “vToolbelt – November 2022”

vToolbelt – October 2022

byArron King 10.01.2022 vToolBelt

Hot Topics

vSphere 6.5 and 6.7 will exit General Support on 10/15/22 and transition into TechnicalGuidance – This phase of the support lifecycle is focused on providing workarounds for lower severity issues. The full description of this phase including what support options are still available is described on the VMware Lifecycle Policy page.

Upcoming Events

Toledo VMUG – What’s new with vSphere 8 and vSAN
Date: November 16th, 2022
Time: 11:30am Eastern

Join the Toledo VMUG on this virtual Lunch-n-Learn to review what is new in vSphere and vSAN for version 8!

Continue reading “vToolbelt – October 2022”

vCenter Server Certificate Status Alarm

byArron King 09.16.2022 Certificates VCSA

Earlier this week I began receiving alarms from my vCenter regarding a Certificate Status Alarm. I had not run into this particular error before and it took me a bit of investigation to get it solved.

An unusual certificate description

The alert kept repeating on an hourly interval and I didn’t have a clue what this certificate was for:

This email is to notify you that an alarm has been triggered in your vCenter:
[Critical] Alarm alarm.CertificateStatusAlarm on Folder Datacenters because Certificate 'CN=Synology,OU=Synology,O=Synology,L=Unknown,ST=Unknown,C=Unknown' from 'SMS' expires on 2022-08-01 08:35:11.000.

Alarm name alarm.CertificateStatusAlarm
Description alarm.CertificateStatusAlarm
Target Folder Datacenters
Status Critical (previous status: Unset)
Triggered time 09/15/2022 08:45:42 PM

Continue reading “vCenter Server Certificate Status Alarm”

vToolbelt – September 2022

byArron King 08.28.2022 vToolBelt

Sending this newsletter a little early. Included below are links to an important Security Advisory and the live stream to the VMware Explore keynote on August 30th.

Hot Topics

VMware Explore keynote from the General Session on Tuesday will be streamed live on Tuesday 8/30 at 12pm EST.
A Security Advisory for VMware Tools was released on 8/23/22. VMSA-2022-0024 describes the impact as a local privilege escalation vulnerability.
- VMware Tools should be updated to 12.1.0.
- This VMware tools package can be added to your VMware environment so you can use vCenter to do the updates.
vSphere 6.5 and 6.7 are heading into End of General Support in 6️⃣ weeks- October 15th, 2022. If your environment is still running these versions – now is the time to start your upgrade. Check out this Upgrade Planning Guide to help you get started.

Upcoming Events

VMware Explore
August 29 – September 1, 2022
In-Person at the Moscone Center
San Francisco, California

VMware Explore starts this week!

The keynote from the General Session on Tuesday will be streamed live on Tuesday 8/30 at 12pm EST.

Learn more and Register

Continue reading “vToolbelt – September 2022”

Adding VMware Tools Updates to vSphere Lifecycle Manager

byArron King 08.24.2022 VMware Tools

Updated – 12/28/22 – based on user feedback I have updated this article.

There are times where VMware Tools updates are published outside of a vSphere release/update. This can be due to a bug fix or a security advisory (ie: VMSA-2022-0024)

This new VMware Tools package can be easily added to your ESXi hosts so your virtual machines can be updated. If you are still running vSphere 6.x, the VMware Tools package will be updated using Update Manager.

vSphere 7 introduced Lifecycle Manager which can now be used for this update. Here are the steps:

Create the Baseline

Click on the Baselines menu and click New -> Baseline

Continue reading “Adding VMware Tools Updates to vSphere Lifecycle Manager”

vToolbelt – August 2022

byArron King 08.18.2022 vToolBelt

Hot Topics

A few security advisories have been released recently for VMware products. If you operate any of these please take a few moments to review the information to see if it is applicable to your environment:
- Workspace ONE Access, Access Connector, Identity Manager (including vRealize Automation) – VMSA-2022-0021
- vCenter Server – VMSA-2022-0018
- vSphere ESXi – VMSA-2022-0020

Sphere 6.5 and 6.7 are heading into End of General Support in just a few months – October 15th, 2022. If your environment is still running these versions – now is the time to plan your upgrade. Check out this Upgrade Planning Guide to help you get started.

Upcoming Events

VMware Explore
August 29 – September 1, 2022
In-Person at the Moscone Center
San Francisco, California

Same event – new name! VMworld has become VMware Explore!

There are a variety of ways to pay for a pass. You can use PSO Credits (24 credits per pass). These can be purchased via OARnet. You can also pay with a credit card and there are 2 early bird discount periods. Please refer to the link below for details.

Check out the Content Catalog to start planning your sessions!

Important Date

July 19th – Breakout Session scheduling begins

Learn more and Register

Continue reading “vToolbelt – August 2022”