Gabbs' Random Thoughts

Using vRealize Log Insight – UPDATE YOUR CERTS!
Self signed cert, or CA provided cert…you need to pay attention!
April 30, 2023, all internal certs of Log Insight will expire.
Kudos to Russel Hamker for highlighting this!
VMware KB article is here.

Lots of Patches from Many Vendors this past week….
Hacker News article with callouts to a lot of admin work this week….
Microsoft has quite a few.
Check out all the other vendors that patches needing to be applied in the post.

vSphere 8.0 Update 1 is coming….
Still waiting on the release….
VMware Blog post on vSAN Performance Monitoring.
William Lam covered a long awaited NFS feature, which is the ability to tag a VMkernel for NFS traffic

vSphere 8.0 Update C is out
Looks mostly to be about vSphere Distributed Services Engine (DPUs).
vCenter Release Notes are here.
ESXi Release Notes are here.

VMware Horizon View 7 – end of support
…is coming very soon.
If you are still running it, be aware end of support is:
April 30, 2023
VMware Blog post highlighting this is here.

vSphere (and vSAN) 8.0 Update 1
Coming very soon.
Okta support for iDP!!!!
vSphere Configuration Profiles!!! (DSC for Image based clusters)
Skyline Health Diagnostics built into vCenter (probably a larger download).
VMware Blog post on vSphere 8 Update 1 is here.
VMware Blog post on vSAN 8 Update 1 is here.

Latest Microsoft Patch can leave VMs unbootable
Just ran across this myself in the lab I teach vSphere Workshops.
All of the Windows VMs are Windows Server 2022.
I patched them all and rebooted the VMs during the patching (as normal).
After shutting them all down to do a backup (yes, that’s my process for the lab), I completed the backup.
Powering on the VMs left me with a message
“Windows Boot Manager…Security Violation”
I could get them to boot, but I had to disable Secure Boot in the Boot Options section of the VM’s settings.
Wouldn’t you know it, it’s a problem with ESX 6.7 or 7.0.
ESXi 8.0 is unaffected.
Resolution is to upgrade ESXi 7.0 to Update 3k (released Feb 21).
Which means I updated my vCenter first.
Once updated to ESXi 7.0 Update 3k, Windows 2022 booted up just fine.
VMware KB 90947 is here.

More Ransomware for ESXi…
…and here is CISA’s guidance on ESXiArgs…

Another round of ESXi ransomware
Brought up by one of the WEI team members….
Please make sure you are patched, and if you expose your ESXi hosts on the internet, please stop!
Blog Post is here.

Oracle Java Pricing changes – Major Cost Implications
Medium size businesses with small Java footprint – 1,400% increase
Medium size businesses with medium Java footprint – 105% increase
Read more to see what this entails…
House of Brick post is here.
Reach out to us at WEI….we are working with HOB on this with customers.

ESXi TPM Encryption Recovery Keys – Backup via PowerCLI
Deploying ESXi 7.x or 8.x hosts that have TPM 2.0 devices?
MIGHT want to take a look at this PowerCLI script to backup those keys…
Grab that script, and give it a go (be sure to add an Export-CSV command to the end of it).
Post by Steven Bright is here.

ESXi Server Hardening
Security is coming to the forefront of most designs nowadays.
The official Securing ESXi Hosts (vSphere 8.0 Docs) is a short 462 page read, as of the December 2022 update.
While many things are called out in the vSphere Hardening Guide, never hurts to view the documentation along with it (and grab a PDF copy for a point in time reference) to document your decisions.