VMware with vSAN 7.0u2 introduced an interesting functionality on Skyline for reviewing the state of vSAN in the past time
The functionality is disabled by default, if I want to see the Health History I need to only check the correct option.
After enable it I can see all history
and I can select the red icon for to see what happened
On Jan 8, 12:08 we encountered a problem on a vSAN cluster HOST
It is possible to select the day to check the vSAN status, just select the correct date and time
VMware released the UAG (Unified Access Gateway) with a fix for the LOG4J vulnerability
The UAG version is 2111.1
We continue to look at how to mitigate the log4j vulnerability, in this post we look at horizon connection servers in detail.
As indicated by the VMware KB
only the connection servers where the HTML Access Portal is active are vulnerable. But all versions are subject to vulnerability.
I recommend applying the workaround even if the HTML Access Portal is not active.
Again as indicated in the previously cited KB we have two possibilities:
1. Edit this registry value:
HKLM\Software\VMware, Inc.\VMware VDM\plugins\wsnm\TomcatService\Params\JVMOptions
2. Append a single space character followed by this text: -Dlog4j2.formatMsgNoLookups=true
3. Exit the registry editor and restart the Connection Server service or reboot the machine
@echo off
setlocal
goto start
__________________________________________________
CVE-2021-44228 - Prevent log4j parameter expansion
Horizon Connection Server 7.x, 8.x
VMware, Inc. 2021
__________________________________________________
:start
set sigpath=HKLM\Software\VMware, Inc.\VMware VDM\plugins\wsnm\TomcatService
for /f "delims=" %%g in ('reg.exe query "%sigpath%" /v Filename') do set sigval=%%g
if "%sigval%"=="" goto notneeded
set killflag=-Dlog4j2.formatMsgNoLookups=true
set svcpath=HKLM\Software\VMware, Inc.\VMware VDM\plugins\wsnm\TomcatService\Params
for /f "tokens=2*" %%v in ('reg.exe query "%svcpath%" /v JVMOptions') do set svcval=%%w
echo %svcval%|find " %killflag%" >nul
if not errorlevel 1 goto notneeded
reg add "%svcpath%" /v JVMOptions /d "%svcval% %killflag%" /f
net stop wsbroker /y && net start wsbroker
echo Completed.
goto :EOF
:notneeded
echo Not required.
goto :EOF
I will proceed with the script.
I create a fix-log4j.bat file in the c: \ temp folder of my connection server and copy the script text to it.
I launch the command from a PowerShell with administrator rights:
I reboot the server
I verify that the workaround is applied by relaunching the bat file.
Obviously, I have to do this on all the Horizon Connection Servers present
in the Horizon infrastructure
To configure a PortForwarding on Windows 10 to a VM hosted on VMware Player it is necessary to proceed as follows:
Configure DHCP Reservation
Host <Name of virtual network> {
hardware ethernet <Mac Address in this format xx:xx:xx:xx:xx:xx;
fixed-address <ip address>*;
}
Example:
#Static IP WIN11 –> Comment to identify the VM
VMnet8 host {
Hardware Ethernet 00: 0C: 29: 41: E8: 0C;
fixed address 192.168.233.10;
}
Where in our case the VMnet8 is the one assigned by default to the “NAT” configuration of the VM network card
Port Forwarding Configuration
Example:
8889 = 192.168.233.10:3389
In this case, we follow an RDP session to the OS system hosting my VM using: 8889 I will access through RDS to my VM with IP 192.168.233.10
*To check the IP range to always use the vmnetdhcp.conf file and identify the correct network segment; In the case of my example the segment is 8 (VMnet8)
# Virtual ethernet segment 8
# Added at 11/10/21 23:49:40
subnet 192.168.233.0 netmask 255.255.255.0 {
range 192.168.233.128 192.168.233.254; # default allows up to 125 VM’s
option broadcast-address 192.168.233.255;
option domain-name-servers 192.168.233.2;
option domain-name “localdomain”;
option netbios-name-servers 192.168.233.2;
option routers 192.168.233.2;
default-lease-time 1800;
max-lease-time 7200;
}
Whenever we installed a new vCenter the activity always included integration with Active Directory and normally IWA (Integrated Windows Authentication) was used.
Since vSphere 7.0 version this possibility has been deprecated
so it is good to start with the integration of the vCenter with Active Directory via LDAP.
In our case, we will use LDAPS which uses a certificate
For first the step we need to create the certificate:
On shell use this command
openssl s_client -connect <DC FQDN>:636 -showcerts
Copy the certificate output with —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–
Past on Notepad and save with .crt extension
Now we will go to configure the Identity Sources on vCenter:
Fill out the remaining fields as follows:
Identity Source Name: Label
Base DN for users: The Distinguished Name (DN) of the starting point for directory server searches. Example: “DC=pollaio,DC=lan”.
Base DN for groups: The Distinguished Name (DN) of the starting point for directory server searches.
Domain name: Your domain name. Example: “pollaio.lan”
Domain alias: Your NetBIOS name. Example: “pollaio.lan”
Username: Domain user with at least browse privileges. Example: “pollaio\administrator”.
Connect to: “ldaps://<DC FQDN>”.
If you want check the correct use of SSL certificate on the authentication to Active Directory with LDAP connection check the websso.log:
VMware has had a product for a while now called VMware Skyline that provides proactive monitoring, analysis, and support for your VMware environment. It monitors your VMware installation and will notify you when issues arise.
Skyline Advisor will be available to customers and partners with active Production and Premier Support, VMware Success 360 and vRealize Cloud Universal subscriptions at no additional cost.
Create a Cloud Services Organization
Login with My VMware account associate to Production and Premier Support on the site:
with your VMware account. If you have an existing My VMware account, you can use those same
account details (email address/password) to sign in to Cloud Services.
Organization for Skyline. If you have never used VMware Cloud Services, click Create New
Organization.
Name your Organization something meaningful, that can be easily
referenced by both you, and VMware. For example, name your Organization after you Company, or
Business name. You can also append a line-of-business, division, or team, to the end of your
Company or Business name.
The following are example Organization Names:
The company, LOB, Company LOB, Company-vSphere, Company-Desktop
Click Add Address. You can also choose an existing
address if one was found for your account. If you choose an existing address, skip to substep f.
During the creation of your Cloud Services Organization, your country currency, and Tax ID, may be
displayed. The displaying of this information is a construct of Cloud Services. Skyline is available at
no additional cost, and you will not be required to enter any payment details while adopting Skyline.
Now on service, we have Skyline Advisor, click on this service
Link the Entitlement
Now, after clicking on LINK, we have the correct status LINKED
I have already configured my organization
Copy and paste the token on Skyline Connect and register it.
Add source Data to Skyline Advisor
After complete the step 5 and 6 (I suggest to enable the auto-upgrade), we can access to skyline collector to configure the connection to vCenter (or multiple vCenter)
Go to https://<mySkylineCollectorFQDN/
Select Add a vCenter Server
Use the Account AD to whom assign the correct permission on vCenter
We are able to see the vSphere infrastructures if we access on Skyline Advisor Service on Cloud Service Link
Now we will be waiting….. for data populate (72 hours for Findings)
After 72 hours we are able to see all info (wow I see six Critical alerts :-))
VMware Skyline Frequently Asked Questions (55928)
Skyline Collector User Accounts and Permissions (vmware.com)
With the release of VMware vSphere 7 Update 3, this also means there is a new version of vSAN as well. VMware vSAN has been trailblazing in the world of HCI for several years now and with over 30,000 customers and many releases behind it, the solution has certainly grown, matured, and become […]
One of the conveniences of administering VMware solutions is being able to use code to create scripts to perform repetitive tasks or automate processes
One of the vSphere Web Client features that can help those new to the PowerCli is the Capture Code, it basically allows you to list and save the Powercli commands of the actions you are doing with the vSphere Web Client.
To activate it just access the vSphere Web Client, from the Menu select Developer Center
Select Code Capture and enable it by placing the “Enable Code Capture” flag on the right (which turns green)
At this point, a space will appear in our frame where the commands will be listed with some operations, such as Clear and start another, Copy and Download
Where the Download option generates you the ps1 file with the Powercli commands of the recorded operations
To start and stop a recording session you can use the buttons:
Or the red button that appears at the top of the WebClient once “Enable Code Capture” is enabled
Bye
In an old post, I described how to send ESXi logs to Azure Log Analytics to ingest at Azure Sentinel, now I describe Step to Step how to send vCenter logs.
The first step is to do step by step this configuration:
Change to the settings of VCSA Appliance to send the logs to Syslog Gateway Server
For configuring the VCSA you can use this VMware KB
Forward vCenter Server Log Files to Remote Syslog Server (vmware.com)
and enable send events (it is enabled by default, but a check is a good idea)
Configure Streaming of Events to a Remote Syslog Server (vmware.com)
Now you can connect to the Syslog Gateway Server and check if the Syslog server received the logs from the VCSA Appliance
Use SSH to connect at the Syslog Gateway Server and use this command
cat /var/log/syslog | grep <fqdn vCenter> | more
in my situation
cat /var/log/syslog | grep vcenter | more
Configure the Log Analytics Agent, installed on Syslog Gateway Server to process the Facility Local0
Connect to Azure Portal and on Azure Log Analytics Service enable the correct facility (local0)
After 10/15 minutes the new configuration will be applied on Syslog Gateway Server (you can check the file /etc/rsyslog.d/95-omsagent.conf on Syslog Gateway)
Change the VMwareESXi function (It was created for ESXi Log check my old post) or create a query custom to parse the log on Azure Log Analytics
Finally, you can query the data on Azure Log Analytics
Syslog | where HostName contains “<FQDN vCenter>”
or optionally you can edit the function create for Ingest ESXi log (check my old POST) and insert the vCenter FQDN Name in the same position where there is the ESXi FQDN Name.
Currently, on Azure Sentinel there are no specific Workbooks for VMware, all queries are to be created
I need to check the Compatibility Matrix for the network IO device of ESXi HOST
Connect to ESXi with SSH and start this command
vmkchdev -l | grep vmnic
and the value are:
If you want check storage IO device change vmnic to vmhba
Determining Network/Storage firmware and driver version in ESXi (1027206) (vmware.com)
