In this blog we will go over replacing the Corfu API certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate. In my case the Corfu API certificate has already expired In the top menu bar I went to Generate -> Generate Self Signed Certificate Next I had to grab the new certificate ID ...
In this blog we will go over replacing the LocalManager certificate in NSX. In this example I will be using the UI to generate the self signed certificate and then an API call to replace the certificate. In my case the LocalManager certificate has already expired In the top menu bar I went to Generate -> Generate Self Signed Certificate Next I had to grab the new certificate ID ...
VMware Cloud Foundation (VCF) has revolutionized data center virtualization by seamlessly integrating compute, storage, and networking components. In a VCF environment, the NSX platform provides crucial software-defined networking capabilities. At times, removing NSX edges becomes necessary due to infrastructure changes, optimization efforts, or other reasons. To simplify this process, VMware has introduced the NSX Edge Removal Tool. In this blog post, we will explore how this tool can streamline the removal of NSX edges in a VCF environment while preserving dependencies. ...
I wanted to reuse my VCF downloaded bundles on another SDDC Manager system so that i wont have to download it from internet again. I found an easy guide here in the VMware documentation. My goal was to download the specific bundle once and upload it on other SDDC Managers. The first command from SDDC manager was to list the bundles. The lcm bundle transfer utility can be found in /opt/vmware/vcf/lcm/lcm-tools/bin ...
With the release of of VCF 5 I wanted to get my lab upgraded. The release blog can be found here and the release notes are here Please note that some of the components within the VCF will still need additional upgrading. Please read the release notes for additional details. We can start by going to Inventory -> Workload Domains -> Select the domain -> Update/Patches -> Select the VCF version -> Download now. If you do not see the newest releases go to Administration -> Online Depot and add a VMware Customer Connect account that has access to perform downloads. ...
In this guide i will go over the steps of getting an existing 8.x vRSLCM appliance upgraded to the latest 8.12 release. The release notes can be found here The first step is to log in to vRealize Suite Lifecycle Manager under the Lifecycle Operations section Go to settings -> System Upgrade Click on Check for Upgrade We can see that the check found a new version available for 8.12 ...
In this post i will go over upgrading my 8.x SSC appliance to 8.12.1. As a pre requirement we do need to have VMware Aria Suite Lifecycle upgraded to 8.12. Instructions can be found here. The upgrade does not include the latest PSPACK that contains the 8.12.1 SaltStack Config release. Instructions to get the PSPACK can be found on my other blog post here. To get started we can go to vRealize Lifecycle Manager -> Lifecycle Operations -> Settings -> Binary Mapping. (If you haven’t added your My VMware credentials you will need to do that first by going to vRealize Lifecycle Manager -> Lifecycle Operations -> Settings -> My VMware) ...
In this guide i will go over the steps of getting an existing 8.x VMware Aria Suite Lifecycle (formerly vRSLCM vRealize Lifecycle Manager) appliance to support the latest product releases available. Here is a great blog that goes in to the details about what the Product Support Pack is https://blogs.vmware.com/management/2019/01/vrslcm-pspak.html. Typically the newer Product Support Pack is included part of the upgrade for LCM, however sometimes there are product releases in between releases where product support packs come in handy. ...
As i was installing\upgrading my lab environment to ESXi 7.0 i received an error that the CPU was unsupported. As per the release notes vSphere 8.0 release notes my CPU is no longer on the compatibility list. Since this is a lab environment i wanted to continue using my current hardware. It goes without saying that this method should not be used in a production environment. To allow the legacy CPU all I had to do is boot up from the ISO, on the boot Menu I pressed TAB or Shift + O and added allowLegacyCPU=True option as seen in the screenshot below ...
I was trying to find some documentation around the metrics monitored by the VMware Aria Operations Compliance Pack for HIPAA. Since VMware is now including the management pack as a native solution as of vRealize Operations 8.1 I wasn’t able to find allot of documentation around it so I exported the symptoms monitored. Here is a list of the symptoms from version 8.10 HIPAA 164.312(c)(1) - Integrity - NTP time synchronization service is not configured on the host HIPAA 164.312(a)(1) - Access Control - Count of maximum failed login attempts is nto set HIPAA 164.312(c)(1) - Integrity - launchmenu feature is enabled HIPAA 164.312(c)(1) - Integrity - Unity taskbar feature is enabled HIPAA 164.312(c)(1) - Integrity - Shellaction is enabled HIPAA 164.312(c)(1) - Integrity - Independent nonpersistent disks are being used HIPAA 164.312(a)(1) - Access Control - Default setting for intra-VM TPS is incorrect HIPAA 164.312(c)(1) - Integrity - NTP Server is not configured to startup with the host HIPAA 164.312(a)(1) - Access Control - Dvfilter network APIs is nto configured to prevent unintended use HIPAA 164.312(a)(1) - Access Control - HGFS file transfers are enabled HIPAA 164.312(b) - Audit Control - Persistent logging is not configured for ESXi host HIPAA 164.312(c)(1) - Integrity - Toprequest feature is enabled HIPAA 164.312(b) - Audit Control - Remote logging for ESXi hosts is not configured HIPAA 164.312(c)(1) - Integrity - PCI pass through device is configured on the virtual machine HIPAA 164.312(c)(1) - Integrity - Bios Boot Specification feature is enabled HIPAA 164.312(a)(1) - Access Control - Timeout to automatically terminate idle sessions is not configured HIPAA 164.312(a)(1) - Access Control - Access to VM console is not controlled via VNC protocol HIPAA 164.312(a)(1) - Access Control - VIX messages are enabled on the VM HIPAA 164.312(c)(1) - Integrity - Protocolhandler feature is enabled HIPAA 164.312(a)(1) - Access Control - Copy/paste operations are enabled HIPAA 164.312(c)(1) - Integrity - Tray icon feature is enabled HIPAA 164.312(a)(1) - Access Control - GUI Copy/paste operations are enabled HIPAA 164.312(c)(1) - Integrity - version get feature is enabled HIPAA 164.312(c)(1) - Integrity - Informational messages from the VM to the VMX file are not limited HIPAA 164.312(a)(1) - Access Control - Timeout value for DCUI is not configured HIPAA 164.312(a)(1) - Access Control - Guests can recieve host information HIPAA 164.312(c)(1) - Integrity - Users and processes without privileges can remove, connect and modify devices HIPAA 164.312(c)(1) - Integrity - NTP time synchronization server is not configured HIPAA 164.312(c)(1) - Integrity - Unity active feature is enabled HIPAA 164.312(c)(1) - Integrity - Autologon feature is enabled HIPAA 164.312(a)(1) - Access Control - drag-n-drop - Copy/paste operations are enabled HIPAA 164.312(c)(1) - Integrity - Intra VM Transparent Page Sharing is Enabled HIPAA 164.312(c)(1) - Integrity - GetCreds feature is enabled HIPAA 164.312(a)(1) - Access Control - Time after which a locked account is automatically unlocked is not configured HIPAA 164.312(c)(1) - Integrity - Versionset feature is enabled HIPAA 164.312(a)(1) - Access Control - Auto install of tools is enabled HIPAA 164.312(a)(1) - Access Control - Access to DCUI is not set to allow trusted users to override lockdown mode HIPAA 164.312(a)(1) - Access Control - Access to VMs are not controlled through dvfilter network APIs HIPAA 164.312(a)(1) - Access Control - Copy/paste operations are enabled HIPAA 164.312(a)(1) - Access Control - Managed Object Browser (MOB) is enabled HIPAA 164.312(c)(1) - Integrity - Trash folder state is enabled HIPAA 164.312(c)(1) - Integrity - Unity feature is enabled HIPAA 164.312(a)(1) - Access Control - Timeout is not set for the ESXi Shell and SSH services HIPAA 164.312(c)(1) - Integrity - Image Profile and VIB Acceptance Levels are not configured to desired level HIPAA 164.312(c)(1) - Integrity - Firewall is not configured for NTP service HIPAA 164.312(c)(1) - Integrity - Unity push feature is enabled HIPAA 164.312(c)(1) - Integrity - Users and processes without privileges can connect devices HIPAA 164.312(c)(1) - Integrity - Memsfss feature is enabled HIPAA 164.312(c)(1) - Integrity - Unity Interlock is enabled HIPAA 164.312(c)(1) - Integrity - Unity window contents is enabled HIPAA 164.312(e)(1) - Transmission Security - NFC on the vCenter is not configured for SSL HIPAA 164.312(e)(1) - Transmission Security - Restrict port-level configuration overrides on VDS HIPAA 164.312(c)(1) - Integrity - Virtual disk shrinking wiper is enabled HIPAA 164.312(c)(1) - Integrity - Virtual disk shrinking is enabled HIPAA 164.312(e)(1) - Transmission Security - The Forged Transmits policy is not set to reject HIPAA 164.312(e)(1) - Transmission Security - MAC Address Changes policy is set to reject HIPAA 164.312(e)(1) - Transmission Security - SNMP Server is running on the host HIPAA 164.312(e)(1) - Transmission Security - The Promiscuous Mode policy is not set to reject HIPAA 164.312(d) - Person or Entity Authentication - Active directory is not used for local user authentication HIPAA 164.312(e)(1) - Transmission Security - Host firewall is not configured to restrict access HIPAA 164.312(e)(1) - Transmission Security - BPDU filter is not enabled on the host HIPAA 164.312(e)(1) - Transmission Security - The MAC Address Changes policy is not set to reject HIPAA 164.312(d) - Person or Entity Authentication - Password policy for password complexity is not set HIPAA 164.312(e)(1) - Transmission Security - VDS network healthcheck for Teaming Health Check is enabled HIPAA 164.312(d) - Person or Entity Authentication - Bidirection CHAP auhtentication is not enabled HIPAA 164.312(e)(1) - Transmission Security - Forged Transmits policy is set to reject HIPAA 164.312(e)(1) - Transmission Security - Promiscuous Mode policy is configured to reject