VMware has finally realeased an patch version for VCF 3.x and the version is 3.11. You can only download this as a patch form from the SDDC Manager. You can Upgrade to version 3.11 from 18.104.22.168 or VCF 3.5 or later.
Security fixes for Apache Log4j Remote Code Execution Vulnerability: This release fixes CVE-2021-44228 and CVE-2021-45046. See VMSA-2021-0028.
Security fixes for Apache HTTP Server: This release fixes CVE-2021-40438. See CVE-2021-40438.
Improvements to upgrade prechecks: Upgrade prechecks have been expanded to verify filesystem capacity, file permissions, and passwords. These improved prechecks help identify issues that you need to resolve to ensure a smooth upgrade.
This also resolves the following Security Advisory VMSA-2022-0004 which deals with several vulnerabilities in esxi 6.7 hosts
This also resolves the vulnerability in VCF SDDC Manager 3.x according to the security advisory VMSA-2022-0003
This version also addresses the heap-overflow vulnerability in esxi hosts according to the security advisory VMSA-2022-0001.2
The Updated product versions according to the BOM for VCF 3.11 are
Hope this post helps for the teams who have VCF 3.10.x and waiting for the long awaited log4j patch instead of an workaround.
I recently came across an issue where the vRealize Life Cycle Manager 2.1 has the Deploy option greyed out in SDDC Manager in VCF 3.10.x and the issue looks like the screenshot below:
The issue happened as we were using VLAN Backed Network for vRealize products instead of AVN in this version of VCF
The solution is as follows:
Log in to SDDC Manager by using a secure shell (SSH) client, use the account vcf to login into SSH session
Type su to elevate to root and enter the root_password.
Enter the following and press enter.
echo "feature.vrealize.enable.non.avn.deployments=true" >> feature.properties
chown vcf:vcf feature.properties
chmod 644 feature.properties
When prompted enter Y to confirm. vRealize Suite deployments using SDDC Manager will now be deployed to VLAN backed networks
Next, We Create a New Environment and then create an New VRA environment using vRLCM
Go to Home and Click on Create Environment to get started
Agree to the EULA, click Next
Enter the License
Select the Certificate which we have generated before and click Next
This is where things have gotten tricky in this version as we have multiple options to define the VRA environment including the windows template to create new vms themseleves.
let us go step by step process
Under Product Properties, provide the windows server username and password which you want to access after the box has been provisioned using the windows template.
In the above configuration, We have only 3 VMs being deployed in VRA Simple Configuration.
VRA Primary Appliance
VRA DB server (Database server)
VRA IAAS web server (this contains iaas-web server, iaas manager, iaas DEM Worker and proxy-agent-vsphere )
Once all the Product details of VRA are put in, we will proceed to the precheck phase.
Next, we click on Validate & Deploy option to deploy the vms
Make sure you disable UAC in the windows template and then click on Validate & Deploy option to continue.
NOTE: The re-validation took more than 30 mins in my lab to complete. Not sure why it took a lot of time, but I suggest you all to be patient during this process as there is no way to speed it up.
NOTE that at this point, I haven’t installed SQL Software on the SQL Server, but VRSLM has created an windows server for both the db and iaas install. I will have to install SQL Server on the db windows VM and see how it goes.
This Post is pending and I will be updating it soon once I have some clarification on if I need to install and configure the SQL software in the vRA SQL server windows machine or will the scripts do it if I provide the SQL ISO file. Stay Tuned …….
This Blog Post is to Install & Configure vRealize Life Cycle Manager 2.1 in my lab environment.
The reason why I had to install vRLCM 2.1 is to install and configure vRA 7.4/7.5 in my environment.
Deploy the vRLCM OVF file in the lab and the below screenshots will show the configuration after deploying the appliance.
After you login into the vRLCM appliance, the self help starts and below are the screenshots.
Now, Let us change the root password of the appliance from the settings option -> System Administration and click on SAVE to move ahead with the configuration.
Next, we configure NTP Servers and DNS Servers from Servers and Protocol option
Next, we configure the Product Binaries (Where we download the vRA 7.x version using the my vmware account or using the Product Binaries option)
In my case, I have downloaded vRealize Automation 7.6 version to install and configure in my lab.
We will continue with the vRA 7.6 configuration below.
First, Let us configure the Certificates in vRLCM so that the certificate can be used to Deploy the components through vRLCM.
Click on Certificate Management on the left hand side, I will be Generating an CSR as I would like to use my AD CA Signing Authority to generate an Certificate for this instance.
Once the CSR is generated, use it to create an Cert and then download the Cert chain which will be in the .p7b format. Use this cert chain to create an pem file.
In my case, I used Cygwin in windows to create an pem file, but with an .cer extension. I had to open the csr file generated which contained the key certificate and then open the generated .cer file by using Cygwin to input the Domain Certificate (in this case, its the vrlcm certificate from the CA, Intermediate CA and Root CA into the Import field and imported it.
NOTE: These are the links which helped me to use Cygwin on my Windows machine to generate the PEM file from existing cert.p7b file
Use the Command ” openssl pkcs7 -inform PEM -outform PEM -in certnew.p7b -print_certs > certificate.cer ” after copying the certnew.p7b file into the C:\cygwin64\home\username directory to generate a new .cer file
Next, We create a Data Center
Next, We Add vCenter Server to this Data Center we created
Since, This Post was getting too big, I have decided to split it into 2 parts. The Installation of vRA and its configuration is explained in the next part.
This post details the installation and configuration of the vRealize Suite Life Cycle Manager 1.2 which was recently released by VMware to automatically provision vRA components as part of their Cloud initiative.
First, Download the Life Cycle Manager ova from the vRealize Suite 2017 components and deploy it using the vCenter web client
Once the vm has been deployed and powered ON, you will have to go to a web browser to configure the appliance.