VMware Tools Security Bug and Finding which VMware Tools components are installed on all VMs

Just a quick post related to today’s VMware security advisories. VMware released a pair of advisories today, CVE-2016-5330 and CVE-2016-5331 and while both are nasty their scopes are somewhat limited. The 5331 issue is only applicable if you are running vCenter or ESXi 6.0 or 6.0U1, Update 2 patches the bug. The 5330 is limited to Windows VMs, running VMware Tools, and have the option HGFS component installed. To find out if you are vulnerable here’s a Power-CLI script to get all your VMs and list the installed components. Props to Jason Shiplett for giving me some assistance on the code.

While the output is still a little rough it will get you there. Alternatively if you are just using this script for the advisory listed you can change  where-object { $_.Name -match $componentPattern }  to  where-object { $_.Name -match "vmhgfs" } . This script is also available on GitHub.

What’s New in vSphere 6: Licensing

Today's release of vSphere 6 brings about quite a few new technologies worth getting excited for. This includes things such as Virtual Volumes (VVOLs), Open Stack Integration, global content library and long distance vMotion. Now for many of us, especially in the SMB space, the question is can we afford to play with them. As usual VMware very quietly released the licensing level breakout of these and other new features and I have to say my first take is this is another case of the rich getting richer.

If you are already Enterprise Plus level licensed you are in great shape as everything discussed today except VSAN is included. Specifically this includes

  • cross vCenter/ long distance vCenter
  • Content Library
  • vGPU
  • VMware Integrated OpenStack

While that's great and all and I applaud their development, they have quite a few other licensing levels that have been left out. Personally my installations are done at either Standard or Enterprise levels. The only major feature with across the product line support is VVOLs, which is nice but I honestly expected them to at least move some version 5 features such as Storage DRS down a notch to the Enterprise level and I figured the Content Library would maybe come in at the Essentials Plus level or Enterprise.

As Mr. Geitner alluded to in his talk about half of all vSphere licenses are Enterprise Plus, my guess is the company really want to see that number grow. Here's to hoping that like vRAM this recent trend of heavily loading features into the highest level is a trend that will be quickly rectified because I think this is going to be just as popular.

 

 

Managing your vSphere 6 Environment

VMware released their long awaited version 6 of its vSphere 6 products today and as I’m sure you’ll be running out tomorrow to go update all your production environments….

Ok now that we’re done laughing what you probably are going to want to get into is getting your lab updated or built so you can work out the changes yourself, possibly using your EvalExperience licenses you got with VMUG Advantage? Once you get it up and running you’ll notice that a few things have changed from the administration point of view. In this post I’m going to take a quick look at the Management features of vSphere 6.

Platform Services Controller

One thing you’ll find right off is that many of the underlying vCenter services have now been lumped together into what they are calling the Platform Services Controller. These services include Single Sign-On, licensing and certificate management.  At installation you are given two options on how to deploy the PSC, either embedded, where the PSC always rides along with vCenter, or External where the PSC is installed on its own VM and each vCenter talks back to the central services controller.

There are a couple of design requirements here if you chose to go the embedded route. You can have a maximum of 8 embedded or external PSCs per Single Sign-On site, and if you choose to go the embedded route it will increase the minimum RAM required to 8 GB.

vSphere Web Client

As has been the trend VMware has spent some serious time improving the Web Client, this time focusing on loading time, login time and a more streamlined component layout. It is still Flash based, but still a bit better. Time will tell with this one.

vSphere Host Client

Is the death of the installable VI client we’ve been hearing about for years here? Yes but it’s been replaced with a new version that is to be used only for connecting to the hosts directly or Update Manager. No, the new C# client for vSphere 6 will function much in the same way as the 5.5 client, you will be able to manage your infrastructure fully with it, but in terms of editing virtual hardware you will only be able to do so fully on VMs version 5-8.* The good part about it is the new C# client is not version based, rather it can be used to manage hosts running hardware versions 8-11.

Multi-Site Content Library

This one is probably what I am most excited about. Instead of having to update the ISO datastore in each of your locations, as well as building or copying your base templates for each vCenter, with the Content Library you can create a repository for all of your ISOs, templates, vApps and scripts and that repository will automatically be synchronized across all sites and vCenter Servers.

Virtual Datacenters and Policy Based Management

These two are the ones that I frankly still need to dive deeper into.  The concept is that you create virtual datacenters, spanning multiple locations (both local and cloud service) and then use policy to define what resources are available and where when spinning up a VM.

Certificate Lifecycle Management

Finally on the management side a new command line interface has been added for managing both the VMware and third-party certificates. I recently used fellow vExpert Derek Seaman’s excellent tool and blog series to use Microsoft Certificate Services certs in my vSphere infrastructure, I have to believe this will make that process easier. As the documentation gets finalized I’ll provide a link to the docs for this here.

All in all it should be an exciting time for us virtualized folks, with lots of new toys and technology to try out.

*After the big Feb. 6 announcement VMware saw fit to let everybody know that there are major changes between what was there in the betas and what will be there in the GA build, this being one of them.