Tag: vSphere

BIG SWITCH NETWORKS EXPAND THEIR REACH, NOW WITH HCI INTEGRATION

Big Switch Networks, the Santa Clara–based software-defined networking company, has just released a new version of the Big Cloud Fabric product. Big Cloud Fabric, a software-defined networking product that has been on the market for over four years, is heavily integrated into VMware. For the uninitiated, its core pitch is that with its product, you can cut out proprietary networking gear, and that by using its software-based controller, coupled with low-cost white-box servers and switches, networks can be provisioned, orchestrated, and configured programmatically.

Out of the box, it has many advanced features. Unlike NSX, it has a real physical presence. Unlike ACI, it has a real virtual presence. It plays nicely with both. Its data layer can be deployed on Open Networking Dell EMC Edgecore white boxes and the HPE Altoline family of equipment. Its Big Monitoring Fabric product is a Womble product; it monitors “overlay, underlay—so your packets roam free.”

Role-based access can give VM admins and storage admins the ability to push VMs directly on the network. Yes, you can do this with other products, but there are no Band-Aids™ or shoehorning of square pegs into round holes.

Previously Published on TVP Strategy (The Virtualization Practice)

—– Read More —–

 

CHANGING THE GUARD: GOODBYE FLEX WEB CLIENT—HELLO HTML5, BABY

They’re changing the guard at Buckingham Palace. This is a major tourist attraction in London, and the changing of the guard happens every Monday, Wednesday, Friday, and Sunday, weather permitting. “Changing the guard” is also a well-known refrain used to signify the complete change of an environment. VMware is currently undergoing such a transformation with regard to its vSphere clients and the introduction of the HTML5 client.

Originally Published on TVP Strategy (the Virtualization Practice)

——– Read More ———–

Error “Idm client exception: Error trying to join AD, error code [11]” when joining a VCSA to AD domain

This is not clear in the documentation, but if you receive the following error when adding your device to an Active Directory:

Error “Idm client exception: Error trying to join AD, error code [11]” when joining a VCSA to AD domain

 The root cause of this is because of incorrectly formatted entries in the details form.

When adding a vCenter appliance to an Active Directory domain, remember this the vCenter Appliance is not a Windows device but a PhotonOS device and as such you should use the following:

  • The fully qualified domain name not the NETBios name for the domain field.
  • The LDAP format for Organisation units not the Active Directory format
  • The Qualified Username not the Windows format

See below for an example:

 

 

VMware Has Released vSphere 6.5 — but Do I Care?

This week, VMware finally GAs the latest and greatest version of its flagship product, vSphere. We have now reached the lofty heights of version 6.5. It has the usual improvements. The vCSA can now handle updates natively, has high availability, and runs on PhotonOS. Virtual machines can be encrypted.

Now, I do not intend to deep dive into all the new features; you can read the What’s New document as well as I can. That said, with this release, I do not have that buzz I used to get with a new vSphere release. The reason, I feel, is that although the new features are welcome and extend the capability of the platform, they most likely will not be widely employed. On the whole, they will be utilized for niche use cases. vSphere is no longer the crowd puller it used to be. Like an aging rock star who is still trying to fill stadiums, it just seems a little sad.

The hypervisor is now passé, with regard to vSphere; it has met the vast majority of users’ needs since version 5.0. The newer features are really just sprinkles on your ice cream. With the release of Server 2016, Hyper-V is now good enough, and RHEL-V is, too. XenServer, if Citrix can get its marketing and sales teams into gear, is also a viable product. I cannot find myself getting excited about the hypervisor any more.

vSphere reaches 6.5, but do we care anymore

Read More

Cost to Build a New Virtualized Data Center, Part 2b

In part one of Cost to Build a New Virtualized Data Center, we discussed the basic software costs for a virtualized data center based on VMware vSphere 6.0, Citrix XenServer 6.5, Microsoft Hyper-V 2012 R2 and 2016, and Red Hat. If you missed that, please click here to review before continuing.

Part 2a of this series concentrated on Hyper-V 2012 R2 and 2016 as well as vSphere 6.0 regarding the addition of a local distributed storage solution: DataCore Virtual SAN in the case of Hyper-V 2012 R2, Storage Spaces Direct with Hyper-V 2016, and VSAN 6.2 with vSphere 6.0. You can review that article here.

This article continues from that second article of the series and finishes the addition of a local distributed storage stack to XenServer and RHEV. Once again, our compute unit of choice is the Dell 730xd with two 10-core CPUs and 256 GB of RAM. As stated in the previous post, we need to add some local storage in each node. These compute nodes can, depending on the choices made during the configuration, take up to twenty-four disk drives. For the purposes of this article, we are assuming that data locality is required for performance and that there is a need for an all-flash array. We chose to go with two 400 GB SLC drives for cache and four 800 MLC drives for capacity, giving a total raw capacity per node of 4 TB. There may be further hardware requirements depending on the chosen solutions for each hypervisor, but that will be called out in the relevant vendor sections.

to Continue reading

Cost to Build a New Virtualized Data Center, Part 2a

In part one of Cost to Build a New Virtualized Data Center, we discussed the basic software costs for a virtualized data center based on VMware vSphere 6.0, Citrix XenServer 6.5, Microsoft Hyper-V 2012 R2 and 2016, and Red Hat. If you missed that, please click here to review before continuing.

This post will take that original premise and expand it to include storage with a view to moving the entire environment toward a software-defined data center.

Once again, our compute unit of choice is the Dell 730xd with two 10-core CPUs and 256 GB of RAM. Now, we need to add some local storage in each node. This compute node can, depending on the choices made during the configuration, take up to twenty-four disk drives. For the purposes of this article, we assume that data locality is required for performance, and that there is a need for an all-flash array. We have chosen to go with two 400 GB SLC drives for cache and four 800 MLC drives for capacity. This means that there is a total raw capacity per node of 4 TB. There may be a requirement for further hardware, depending on the chosen solutions for each hypervisor, but that will be called out in the relevant vendor section. Due to the length of this article, we have split it into two sections. This post deals with the costs surrounding vSphere and Hyper-V.

read more

Cost to Build a New Virtualized Data Center

Over the last couple of weeks, I have been thinking about costs relating to a building a new virtualization-based data center. “What?” I hear you say. “Everywhere is virtualized—there is no such thing as a greenfield site anymore!” I would have said that myself, but in the last month I have come across three, one of which is a company worth over a billion pounds.

During a conversation I had with that company, they informed me that they were going to use a certain vendor for their hypervisor, because it was cheaper. This got me thinking: how much cheaper is it, really? As a result, this is the first in a series of articles looking at a generic cost breakdown for a general-purpose virtualization infrastructure.

read more

VCP Foundation Objective 1.1 Identify vSphere Architecture and Solutions

This is the start of the series digging into the blueprint for the VCP Foundation Exam. This post will deal with “Objective 1.1 Identify vSphere Architecture and Solutions for a given use case”. Let’s get started.

Identify available vSphere editions and features

There are essentially 11 editions of vSphere available today, although the comparison on the website only lists 10, and it is debatable if the last one I have included here should be considered part of vSphere at all. I’ve included it though, because it is the base on which the rest is built, and it’s good to know it exists. There are a lot of acronyms in this table, most of them we will dig into later

vSphere Edition Description
Standard The base vSphere edition: vMotion, svMotion, HA, DP, FT, vShield Endpoint, vSphere Replication, Hot Add, vVols,Storage Policy Based Management, Content Library, Storage APIs
Enterprise Standard plus: Reliable Memory, Big data extensions, virtual serial port concentrator, DRS, SRM
Enterprise Plus Enterprise plus: sDRS, SIOC, NIOC, SR-IOV, flash read cache, NVIDIA Grid vGPU, dvSwitch, host profiles, auto deploy
Standard with Operations Management Standard plus: Operations Visibility and Management, Performance Monitoring and Predictive Analytics, Capacity Management and Optimization, Change, Configuration and Compliance Management, including vSphere Security Hardening
Enterprise with Operations Management Enterprise plus: Operations Visibility and Management, Performance Monitoring and Predictive Analytics, Capacity Management and Optimization, Change, Configuration and Compliance Management, including vSphere Security Hardening
Enterprise Plus with Operations Management Enterprise Plus plus: Operations Visibility and Management, Performance Monitoring and Predictive Analytics, Capacity Management and Optimization, Change, Configuration and Compliance Management, including vSphere Security Hardening
Remote office/Branch Office Standard Adds VM capacity into existing Std, Ent, Ent+ system. Packs of 25 VMs. Feature set roughly equivalent to Std.
Remote office/Branch Office Advanced Adds VM capacity into existing Std, Ent, Ent+ system. Packs of 25 VMs. Feature set roughly equivalent to Ent+
Essentials Standard For very small enterprises. Cut down vCenter(vCenter Server Essentials), up to 3 servers with 2CPUs each
Essentials Advanced Essentials Std plus: vMotion, HA, DP, vShield endpoint, vSphere replication.
ESXi Hypervisor Free Basic Hypervisor. No central management. No advanced features.

These editions break down into five basic categories:

  1. The hypervisor – not really a vSphere edition at all, and unable to connect to vCenter server. Included for completeness.
  2. Essentials – A reduced feature set, only usable on up to three hosts, designed for the SMB. Upgrade capacity is limited.
  3. ROBO (Remote Office/Branch Office) – Designed to add hosts in remote locations to an existing vSphere installation.
  4. vSphere – The baseline for medium to large enterprise. A nice upgrade path from fewer to more features by licensing. Most additional products assume this as a base. Most documentation assumes this edition set.
  5. vSphere with Operations Management – Basically a way to purchase vSphere along with the vRealise suit to gain orchestration, insight and automation.

Identify the various data centre solutions that interact with vSphere (Horizon, SRM, etc.)

In addition to the vSphere system with gives you the ability to virtualise, there are the VMware add in products that extend the functionality.

  • Horizon extends vSphere into the Virtual Desktop domain.
  • Site Recovery Manager (SRM) gives active/passive DR capabilities, with the ability to fail your virtual infrastructure to a remote location.
  • vRealise gives operations management and insight, along with Orchestration.
  • vCloud Suite gives the ability to create multi-tenant private clouds.
  • NSX gives fine grained network virtualisation with distributed routing and fire-walling along with data protection.
  • VSAN moves storage closer to compute by implementing a virtual SAN in your ESXi hosts
  • Airwatch allows Enterprise mobility and builds on Horizon.

Explain ESXi and vCenter Server architectures

There are a few ways we can design our VMware infrastructure depending upon the constraints. These start simple, and get more complex, but the added complexity often has distinct benefits. For any given customer, a solution will usually fit broadly into one of these schemes, but I have seen situations where more than one has been implemented.

ESXi Standalone

This is the only solution we can use for the ESXi Free Hypervisor. There can be external storage, but this is not necessary. In this case we use a single ESXi host with no vCenter.

ESXi Architecture

This gives us the benefits of consolidating physical servers onto a single host and better resource utilisation.

This system is harder to manage with multiple hosts, and does not scale well. There are no advanced features such as live migrations.

I have used this in an instance where I needed a couple of low utilisation VMs at multiple sites, but didn’t need to manage them often, or worry about fail-over.

Single Cluster

This is the solution introduced in the Essentials Product line, and the simplest of Full Fat vSphere deployments. Here we introduce vCenter and Shared Storage, to gain the advantages of live migration, and manageability. The image below shows the architecture. Note that vCenter is shown as a Floating VM. This is because it can be either contained on one of the hosts (usual) or on a bare metal server (unusual). vCenter is also available as a windows application, or as a Virtual Appliance.

vSphere Architecture

This solution is more scaleable than the first solution we discussed, but the limit of 64 hosts per cluster means that is doesn’t scale as well as the final architecture we will look at.

By including Management (i.e. vCenter) and usually DMZ (De-militarised zone, or “unsafe”) traffic into the cluster we have a single failure domain where failure of a host, or compromise of a single network affects the whole system.

This is the standard SME solution that most businesses start out with. The constraints are loose enough that this is a good fit for a large number of clients.

Many, specialised clusters

This is the most scaleable system available. This is used for cloud environments and large deployments, or when VDI is introduced.

Enterprise Architecture

In this system the servers doing the work (Compute) are in dedicated clusters. The servers doing management and DMZ traffic get clusters dedicated to them. Servers holding VDI user sessions get dedicated clusters. There are usually multiple vCenter servers, one serving the Management cluster, one serving the compute clusters, and one serving the VDI clusters. This level of segregation makes the system very scaleable. Adding in new compute capacity is a modular process. The separate clusters also become separate failure domains. Finally, delegation of admin work is easier and more secure, so VDI admins can be kept away from Compute admin privileges and vice versa.

The downside to this architecture is it’s complexity.

Multiple vCenter systems

The final architecture we will look at runs parallel to the others. It is possible to have multiple vCenters running in different data centres, and now to vMotion between them. This is new in vSphere 6.0. This means that vCenter traffic can be kept local to a DC and not transported across the WAN.

Identify new solutions offered in the current version

Along with the usual slew of performance and scalability improvements, vSphere 6 has introduced new solutions that allow a wide range of systems that were not possible before. These are detailed below.

ESXi Security Enhancements

A range of security enhancements have been made to vSphere, with the addition of account lockout and password complexity rules.

NVIDIA GRID Support

Gives the ability for Horizon View to use hardware GPUs for guest VMs. This means that VDI sessions can benefit from full GPU acceleration for graphics intense workloads. This is either access to the GPU in a time-sliced fashion similar to how ESX grants access to the Host CPU, or in a direct 1 VM to 1 GPU fashion for direct GPU access that bypasses the hypervisor.

vCenter Server Architecture Changes

As well as having the option of Windows install or Appliance install, the vCenter Appliance in vSphere 6 brings with it two different architectures. The first embedded runs a single machine with all services. The second – External – runs the PSC and vCenter rolls on separate machines. This allows for more flexibility and scalability. This also makes it easier to upgrade where there are other services using the PSC such as NSX or Horizon.

Enhanced Linked Mode

Linked mode is now automatic if two vCenter servers are connected to the same PSC. This makes set up and maintenance much easier.

vSphere vMotion

vMotion between data centres is now possible, so long as the connection supports a RTT (Round Trip Time) of 150ms or less, vMotion between different vCenters is also available. This also allows a path to upgrade seamlessly from Windows based vCenter to the Appliance.

Multi site Content Library

The content library keeps a synchronised library of ISOs, updates and Templates making automated deployment much easier, and critically, centrally managed.

Virtual Volumes

Virtual volumes or vVols, allow fine grained control of the storage underlying VMs. They allow the use of per VM storage and make snapshotting and other management tasks easier. They also allow the underlying storage to advertise capabilities which vCenter can then take advantage of. This is done through the vSphere API for Storage.

Determine appropriate vSphere edition based on customer requirements

This has been a long blog post, and if you have stuck with it to the end, well done! It should have served to give you the tools you need to answer the final item on this section though. Determining the edition required depends on the customer requirements. Are they small enough that essentials with it’s three host limit is suitable? Do they need dvSwitch and so Enterprise Plus licensing? If you have the rest of this post covered, this section should be a breeze.

VSAN is Great, but their Licensing Sucks

On April 1st I tweeted that


And I still stand by this remark. Building and configuring a New VSAN is simple, even if you have to spend most of the morning in 4 machines LSI Bios configuring several single disk RAID0 groups and associated vDisks and then manually marking your SSD as such in ESXCLI. Continue reading “VSAN is Great, but their Licensing Sucks”

VMware Security Advisory:VMSA-2012-0005.2

I have been a little remise, and have not been posting these regularly. so in an attempt to catch up, there is unfortunately a big batch coming today

Synopsis: VMware vCenter Server, Orchestrator, Update Manager,  vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issues
Issue date: 2012-03-15
Updated on: 2012-08-30
CVE numbers: CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1512, CVE-2012-1513, CVE-2012-1514, CVE-2011-3190, CVE-2011-3375, CVE-2012-0022, CVE-2010-0405
— JRE —
See references

1. Summary

VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issues

2. Relevant releases

Workstation 7.1.4
Player 3.1.4
VMware vCenter Server 5.0
VMware vSphere Client 5.0
VMware vSphere Client 4.1 Update 1 and earlier
VMware vCenter Orchestrator 4.2
VMware vCenter Orchestrator 4.1 Update 1 and earlier
VMware vCenter Orchestrator 4.0 Update 3 and earlier
VMware vShield Manager 4.1 Update 1
VMware vShield Manager 1.0 Update 1
VMware Update Manager 5.0
ESXi 5.0 without patches ESXi500-201203101-SG, ESXi500-201112402-BG
ESXi 4.1 without patch ESXi410-201110202-UG
ESXi 4.0 without patch ESXi400-201110402-BG
ESX 4.1 without patch ESX410-201110201-SG, ESX410-201208101-SG
ESX 4.0 without patch ESX400-201110401-SG

3. Problem Description

a. VMware Tools Display Driver Privilege Escalation

The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems.

VMware would like to thank Tarjei Mandt for reporting theses issues to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names:
CVE-2012-1509 (XPDM buffer overrun),
CVE-2012-1510 (WDDM buffer overrun),
CVE-2012-1508 (XPDM null pointer dereference) to these issues.

Note: CVE-2012-1509 doesn’t affect ESXi and ESX.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Product Version Running on Replace with/Apply Patch **
vCenter any Windows not affected
Workstation 8.x any not affected
Workstation 7.x any 7.1.5 or later
Player 4.x any not affected
Player 3.x any 3.1.5 or later
Fusion 4.x Mac OS/X not affected
ESXi 5.0 ESXi ESXi500-201112402-BG
ESXi 4.1 ESXi ESXi410-201110202-UG
ESXi 4.0 ESXi ESXi400-201110402-BG
ESXi 3.5 ESXi Not Affected
ESX 4.1 ESX ESX410-201110201-SG
ESX 4.0 ESX ESX400-201110401-SG
ESX 3.5 ESX Not Affected

* Remediation for VMware View is described in VMSA-2012-0004.

** Notes on updating VMware Guest Tools:

After the update or patch is applied, VMware Guest Tools must be updated in any pre-existing Windows-based Guest Operating System. The XPDM and WDDM drivers are part of Tools.  Windows-Based Virtual Machines that have moved to Workstation 8 or Player 4 from a lower version of Workstation or Player are affected unless:

  • – They were moved from Workstation 7.1.5 or Player 3.1.5,

AND

  • – The Tools version was updated before the move.

Windows-Based Virtual Machines that have moved to Fusion 4 from a lower version of Fusion are affected.

b. vSphere Client internal browser input validation vulnerability

The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn’t properly sanitize input and may run script that is introduced into the log files. In order for the script to run, the user would need to open an individual, malicious log file entry. The script would run with the permissions of the user that runs the vSphere Client.

VMware would like to thank Edward Torkington for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1512 to this issue.

In order to remediate the issue, the vSphere Client of the vSphere 5.0 Update 1 release or the vSphere 4.1 Update 2 release needs to be installed. The vSphere Clients that come with vSphere 4.0 and vCenter Server 2.5 are not affected.

c. vCenter Orchestrator Password Disclosure

The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password.

VMware would like to thank Alexey Sintsov from Digital Security Research Group for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1513 to this issue.

VMware Product Product Version Running on Replace with/Apply Patch **
vCO 4.2 Windows vCO 4.2 Update 1
vCO 4,04.1 Windows vCO 4.1 Update 2
vCO 7.x Windows vCO 4.0 Update 4

d. vShield Manager Cross-Site Request Forgery vulnerability

The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated request to the server.

VMware would like to thank Frans Pehrson of Xxor AB (www.xxor.se) and Claudio Criscione for independently reporting this issue to us

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1514 to this issue.

VMware Product Product Version Running on Replace with/Apply Patch **
vSM 5.0 Linux not affected
vSM 4.1 Linux 4.1.0 Update 2
vSM 4.0 Linux 1.0.1 Update 2

e. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30

Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE.

Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0_29 and JRE 1.6.0_30 in the Oracle Java SE Critical Patch Update Advisory of October 2011. The References section provides a link to this advisory.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product Product Version Running on Replace with/Apply Patch **
vCenter 5.0 Windows Patch Pending
vCenter 4.1 Windows See VMSA-2012-0013
vCenter 4.0 Windows not applicable **
VirtualCenter 2.5 Windows not applicable **
Update Manager 5.0 Windows Update Manager 5.0 Update 1
Update Manager 4.1 Windows not applicable **
Update Manager 4.0 Windows not applicable **
Hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.1 ESX See VMSA-2012-0013
ESX 4.0 ESX not applicable **
ESX 3.5 ESX not applicable **

* hosted products are VMware Workstation, Player, ACE, Fusion.

** this product uses the Oracle (Sun) JRE 1.5.0 family

f. vCenter Server Apache Tomcat update 6.0.35

Apache Tomcat has been updated to version 6.0.35 to address multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3190, CVE-2011-3375, CVE-2011-4858, and CVE-2012-0022 to these issues.

VMware Product Product Version Running on Replace with/Apply Patch **
vCenter 5.0 Windows vCenter 5.0 Update 1
vCenter 4.1 Windows vCenter 4.1 Update 3
vCenter 4.0 Windows patch pending
VirtualCenter 2.5 Windows not applicable **
Hosted * any any Not Affected
ESXi any ESXi Not Applicable
ESX 4.1 ESX ESX410-201208101-SG
ESX 4.0 ESX Patch Pending
ESX 3.5 ESX Not Applicable **

* hosted products are VMware Workstation, Player, ACE, Fusion.

** this product uses the Apache Tomcat 5.5 family

g. ESXi update to third party component bzip2

The bzip2 library is updated to version 1.0.6, which resolves a security issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue.

VMware Product Product Version Running on Replace with/Apply Patch **
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 ESXi ESXi500-201203101-SG
ESXi 4.1 ESXi Not Affected
ESXi 4.0 ESXi Not Affected
ESXi 3.5 ESXi Not Affected
ESX any ESX Not Applicable

* hosted products are VMware Workstation, Player, ACE, Fusion.

4. Solution

Please review the patch/release notes for your product and version and verify  the checksum of your downloaded file.

VMware Workstation 7.1.5

http://www.vmware.com/go/downloadworkstation
Release notes:
https://www.vmware.com/support/ws71/doc/releasenotes_ws715.html
VMware Workstation for Windows 32-bit and 64-bit with VMware Tools
md5sum: 40a0a39377a6ba804d5e76e59449d51f
sha1sum: 25462e18bf9439876c63948415f7ba7b09baa8e6
VMware Workstation for Linux 32-bit with VMware Tools
md5sum: 9c9b4d7a749f1baa485f26e6f366c070
sha1sum: 31033424656b8eaaa814f3e9c3b5b9c5c53b783b
VMware Workstation for Linux 64-bit with VMware Tools
md5sum: 482b8b2890f75488addfc31418031864
sha1sum: b1f73650f70c94249e5add5d9516d0e45c4ae87d

VMware Player 3.1.5

http://www.vmware.com/go/downloadplayer
Release notes:
https://www.vmware.com/support/player31/doc/releasenotes_player315.html
VMware Player for 32-bit and 64-bit Windows
md5sum: fcc91227963e58efcb63fb791d2fd813
sha1sum: d39d9da694c22530a7fa701e3ded6cccdc3ea390
VMware Player for 32-bit Linux
md5sum: c96867c8093d23065bed7e71e020bb19
sha1sum: 4156bdfb7f679114671b416d178028fdc4d3beb4
VMware Player for 64-bit Linux
md5sum: 1ec954f1baaf6a60e451979b5e88f2d6
sha1sum: a253a486d6c6848620de200ef1837ced903daa1c

vCenter Server 5.0 Update 1

The download for vCenter Server includes vSphere Update Manager, vSphere Client, and vCenter Orchestrator

Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0

Release Notes: vSphere vCenter Server
https://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html
https://www.vmware.com/support/pubs/vum_pubs.html
File: VMware-VIMSetup-all-5.0.0-639890.iso
md5sum:f860ac4b618e2562ebffa2318446fa5b
sha1sum:62830e3061b983e98944ae6d9d3b2e820cebe270
File: VMware-VIMSetup-all-5.0.0-639890.zip
md5sum:a8bdde277aeeffc382ec210acf510479
sha1sum:0b675a47349fdc09104c62ad84bd302846213fc8

vCenter Server 4.1 Update 3

The download for vCenter Server includes vSphere Update Manager, vSphere Client, and vCenter Orchestrator

Download link
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1

Release Notes
https://www.vmware.com/support/vsphere4/doc/vsp_vc41_u3_rel_notes.html
VMware-VIMSetup-all-4.1.0-816786.iso
md5sum: c1fd9189783e615fec4864ff6b8c86bd
sha1sum: 38c03ac195939bd23da666b9ee98ef7c9c912a55
VMware-VIMSetup-all-4.1.0-816786.zip
md5sum: d20705520fc4b5bccd71b060283e5b59
sha1sum: ea2a84544cd6cd29447c4ce905111e7dfc62f4cd

vCenter Server 4.0 Update 4

The download for vCenter Server includes vCenter Orchestrator.
Download link:
http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_0
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx40_vc40.html
File: VMware-VIMSetup-all-4.0.0-502539.iso
md5sum: b418ff3d394f91b418271b6b93dfd6bd
sha1sum: 56c2ec60f8b8a734a8312d9e38d5d70cd20c0927
File: VMware-VIMSetup-all-4.0.0-502539.zip
md5sum: 2acfadde1ec0cd6d37063d87246d6942
sha1sum: ea1f3a3cb178f23fc2cf49bfc1450d10e5f699f8

vShield Manager 4.1.0 Update 2

The download for VMware vShield App contains vShield Manager

Download link:
http://www.vmware.com/download/download.do?downloadGroup=VSHIELD_APP10U2

Release Notes:
https://www.vmware.com/support/vshield/doc/releasenotes_vshield_410U2.html
File: VMware-vShield-Manager-upgrade-bundle-4.1.0U2-576124.tar.gz
md5sum:9a80fc347bc4a19ad0fd4c9fcb4ab475
sha1sum:f5780c1615da0493d0955a1343876c4111d85203

vShield Zones 1.0 Update 2

The download for VMware vShield Zones contains vShield Manager

Download link:
http://www.vmware.com/download/download.do?downloadGroup=ZONES10U2

Release Notes
https://www.vmware.com/support/vsz/doc/releasenotes_vsz_10U2.html
File: VMware-vShieldZones-1.0U2-638154.exe
md5sum:73515f4732c3a1ecc91ef21a504ca6d9
sha1sum:ed4d858e1c05f54679ba99b739270c054efaf63e

ESXi and ESX

Download br>http://downloads.vmware.com/go/selfsupport-download

ESXi 5.0

File: update-from-esxi5.0-5.0_update01
md5sum: 55c25bd990e2881462bc5b66fb5f6c39
sha1sum: ecd871bb09b649c6c8c13de82d579d4b7dcadc88
http://kb.vmware.com/kb/2011432
update-from-esxi5.0-5.0_update01 contains ESXi500-201203101-SG
File: ESXi500-201112001
md5sum: 107ec1cf6ee1d5d5cb8ea5c05b05cc10
sha1sum: aff63c8a170508c8c0f21a60d1ea75ef1922096d
http://kb.vmware.com/kb/2007672
ESXi500-201112001 contains ESXi500-201112402-BG

Note: subsequent ESXi releases are cumulative and ESXi500-201203101-SG includes the security fixes that are present in ESXi500-201112402-BG

ESXi 4.1

update-from-esxi4.1-4.1_update02
md5sum: 57e34b500ce543d778f230da1d44e412
sha1sum: 52f4378e2f1a29c908493182ccbde91d58b4112f
http://kb.vmware.com/kb/2002341
update-from-esxi4.1-4.1_update02 contains ESXi410-201110202-UG

ESXi 4.0

File: ESXi400-201110001
md5sum: fd47b5e2b7ea1db79a2e0793d4c9d9d3
sha1sum: 759d4fa6da6eb49f41def68e3bd66e80c9a7032b
http://kb.vmware.com/kb/1039199
ESXi400-201110001 contains ESXi400-201110402-BG

ESX 4.1

File: update-from-esx4.1-4.1_update3.zip
md5sum: a4a45aba880d64210badade8d7c81904
sha1sum: 4ed1ef2b56fa30deec999916367ab278dc5b1840
http://kb.vmware.com/kb/2020362
update-from-esx4.1-4.1_update03 contains ESX410-201208101-SG
update-from-esx4.1-4.1_update02
md5sum: 96189a6de3797e28b153f89e01d5a15b
sha1sum: b1823d39d0e4536a421fb933f02380bae7ee7a5d
http://kb.vmware.com/kb/2002303
update-from-esx4.1-4.1_update02 contains ESX410-201110201-SG

ESX 4.0

File: ESX400-201110001
md5sum: 0ce9cc285ea5c27142c9fdf273443d78
sha1sum: fdb5482b2bf1e9c97f2814255676e3de74512399
http://kb.vmware.com/kb/1036392
ESX400-201110001 contains ESX400-201110401-SG

5. References

Oracle Java SE Critical Patch Update Advisory of October 2011

http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405

6. Change log

2012-03-15 VMSA-2012-0005 Initial security advisory in conjunction with the release of vSphere 5.0 Update 1, Orchestrator 4.2 Update 1, Update Manager 5.0 Update 1, vShield 1.0 Update 2, and ESXi and ESX 5.0 patches on 2012-03-15.
2012-06-13 VMSA-2012-0005.1 Updated Relevant Releases, Problem Description, and Solution sections to include information regarding updates for Workstation 7 in conjunction with the release of Workstation 7.1.6 on 2012-06-13.
2012-08-30 VMSA-2012-0005.2 Updated Relevant Releases, Problem Description, and Solution sections to include information regarding updates for ESX, ESXi, and vCenter Server in conjunction with the release of vSphere 4.1 U3 on 2012-08-30.

7. Contact

E-mail list for product security notifications and announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  • security-announce at lists.vmware.com
  • bugtraq at securityfocus.com
  • full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com

PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html