So according to the security announce email from VMware, there is a fix for vCenter 5.5 for the heartbleed flaw.
Its recommending upgrading to 5.5.0c for my version of vCenter (5.5.0 Build 1312298).
Has anyone done this yet, how did it go? Any issues? Any tips/tricks/gotcha's we need to be aware of?
I would like to hear some other people's experiences before we dive in based in horror stories of vCenter 'upgrades' or 'patches' in the past.
5.5.0c would be the one if you want to stay in the pre-U1 branch.
As always with updates you should do a full backup of the system and the database just in case. As you are coming from GA and not from 5.5.0b you will get other patches as well and not only the heartbleed fixes. Read through the release notes for the known issues.
I did not do the update from 5.5 GA to 5.5.0c but rather from 5.5 U1 to 5.5 U1a which went smoothly without any issues at all.
Lots of people viewing this thread and no responses. Not sure if I should worry or not!
Next week I have no choice but to do this without any tips if no one shares. Looking for any feedback!
There was an issue in OpenSSL third party library and it is fixed in 5.5.C and 55U1a.As I have seen in your comment, you are using this virtual Center (5.5.0 Build 1312298).You can directly upgrade your setup to 5.5.c or 5.5U1a.you wont be facing any issues while upgrading or after upgrading.I have done it for both releases.For more info see the release note. vCenter Server 5.5.0c Release Notes.
You need to replace the certificate after upgrading you virtual center and SSO if you are using default certificate.For more info see the KB article VMware KB: Resolving OpenSSL Heartbleed for VMware vCenter Server 5.5
Please let me know if you have any other doubts and concerns.
Thank you, its nice to hear that someone has done so with no issues. I appreciate the feed back.
I will be upgrading our vCenter installation early next week. I will post my results and experiences in an effort to help out others.
Out of curiosity, did you do the simple install or custom install. If you did custom what was the upgrade order of the components you did?
Well folks I didn't wait until next week, I broke one of the cardinal rules of IT by making changes to a system on a Friday! :smileyshocked:
Actually I gotta work tomorrow so it doesn't matter...
Upgrade to 5.5.0c was smooth as can be no issues. I did a custom install (simple install was not allowed by the program since vCenter was already installed).
I Installed each component by going down the list in order for a custom install.
There were a few tense moments when I did the vCenter module upgrade itself appeared to have stalled at the beginning saying "Installing Directory Services" it sat at that screen for the better part of 30 minutes. During that time I started to panic a bit and looked on Google. Turns out that's a common problem for vCenter installations on Windows Server 2012. Too bad my setup was windows 2008! About this point in time I thought I had set myself up for a long weekend.
We have a very large and complex active directory so much so that when we reboot our vCenter server it takes a good 15 minutes for the services to finally start. So with that in mind I just keep waiting and low and behold a short while later it moved passed that and finished installing the vCenter components. Whew!
I then followed the VMware KB article to replace the SSL certs and changed our passwords for the email@example.com account.
Everything worked out beautifully. Ran some penetration software against that server and its no longer coming back as vulnerable for heartbleed.
That was my experience, hope it helps others or at least help ease any upgrade woes you might have. Since I didn't really have any issues I'm not sure how helpful this post will be but I thought I would share anyways.
Thanks for the info. I too upgraded from 5.5b to 5.5c and got stuck at the simple installation. I was afraid to run through the custom install as I did not know what it was going to do. Nice to see someone else had the same concerns and documented the process - so thanks!
I wish VMware would have documented the b->c upgrade better.