Thursday, April 24, 2014

Upgrade ESXi 5.5 to ESXi 5.5 Update 1

VMware announced the update for vSphere 5.5 which is vSphere 5.5 update 1.  This update includes most of the vCloud Suite products, including VMware Virtual SAN (VSAN). It is time to upgrade your vSphere 5.5 to vSphere 5.5 update 1 to utilize the new features and also to fix the issues reported on the vSphere 5.5. It’s again the task for VMware admins to make their hands dirty with updating your vSphere 5.5. This post going to explain the procedure to upgrade the ESXi 5.5 host to ESXi 5.5 update 1.
This can be easily achieved using Update Manager but even though this post is going to explain the manual process to upgrade your ESXi host using esxcli command. Download ESXi 5.5 Update 1 from the VMware patch download page and download the ESXi 5.s update 1 zip file. Take a look at post Search and Download VMware Patches.


 Once ESXi 5.5 update 1 is downloaded, upload the update-from-esxi5.5-5.5_update01. zip file to your datastore of the ESXi host and verify the file is visible in the directory inside the datastore .Before upgrading to ESXi 5.5 update 1, verify the build version of our ESXi host. which isVMware ESXi 5.5.0 (VMKernel Release Build 1331820) 




You can verify the build version of ESXi 5.5 from the command line using the below command:
vmware -v
Execute the below command to install the ESXi 5.5 update 1 :
esxcli software vib install -d /datastore/directory/update-from-esxi5.5-5.5_update01. zip
Once ESXi 5.5 update 1 is installed on the ESXi host, You can see the message “The update completed successfully, but the system needs to be rebooted for the changes to be effective”.  Reboot the ESXi host. Once ESXi host is back after the reboot, verify the ESXi version after upgrade to ESXi 5.5 update 1.
Build version for the ESXi 5.5 update  1 is VMware ESXi 5.5.0 (VMkernel Release Build 1623387)
 That’s it. We are done with the upgrade to ESXi 5.5 to ESXi 5.5 update 1. I hope this is informative for you. 

Wednesday, April 23, 2014

OpenSSL heartbleed bug – VMware products

Most probably you are aware about recent finding by The bug was independently discovered by security firm Codenomicon and a Google Security engineer. Heartbleed.com has a detailed explanation of the issue, which is related to the “heartbeat” section of OpenSSL’s transport layer security (TSL) protocols and has been in the wild since March 2012. If you’re running a server with OpenSSL 1.0.1 through 1.0.1f, it’s vital that you update to OpenSSL 1.0.1g immediately. Within next few days you should expect massive flow of the companies KB with list of products which are affected and unaffected by OpenSSL bug. 

VMware already released KB2076225 with a list of systems which are affected by this bug. Long story short if have old releases of VMware systems most probably you are not affected. Below you can find short-listed VMware products which are in the KB, to see full list of affected VMware products check mentioned KB article above.

These VMware products that ship with OpenSSL 1.0.1 have been confirmed to be affected:

•         ESXi 5.5
•         vCenter Server 5.5
•         VMware Fusion 6.0.x
•         VMware vCloud Automation Center (vCAC) 5.1.x
•         VMware vCloud Automation Center (vCAC) 5.2.x
•         VMware Horizon Mirage 4.4.0
•        vFabric Web Server 5.0.x – 5.3.x (For remediation details, see the                   Security Advisory on Critical Updates to vFabric Web Server document.)
•         VMware vCloud Networking and Security (vCNS) 5.1.3
•         VMware vCloud Networking and Security (vCNS) 5.5.1

These VMware products that ship with OpenSSL 0.9.8 have been confirmed to be unaffected:

•         ESXi/ESX 4.x
•         ESXi 5.0
•         ESXi 5.1
•         VMware Fusion 5.x
•         VMware vCenter Server 4.x
•         VMware vCenter Server 5.0
•         VMware vCenter Server 5.1
•         VMware vCenter Server Appliance (vCSA) 5.x
•         VMware vCloud Automation Center (vCAC) 6.x

VMware released first bunch of patches for their products related to hearthbleed bug discovered in OpenSSL library, see details below.


vSphere 8 Security Configuration & Hardening

    The VMware vSphere Security Configuration & Hardening Guide (SCG) has evolved significantly over the past fifteen years, remaining...