All Posts

Hello guys, I'm coming with an issue, asking for help if anyone has ideas I got an HP ProLiant DL385p Gen8 running ESXi 6.5.0 Update 3. After an electric breakdown, the whole server and its VMs started showing performance issues (very slow on every aspects : virtual cpus, ram, etc...). The only errors I could find in the whole logs are in the VMkernel warnings :   2021-10-20T21:29:51.193Z cpu6:349581)WARNING: SVM: 5631: scsi0:0 VMX took 2280 msecs to send copy bitmap for offset 15032385536. This is greater than expected latency. If this is a vvol disk, check with array latency.   ILO shows green regarding disks and array controllers. After a normal reboot, still show performance issues. After another reboot (few days later), it's now working well.   If you guys have any ideas and can help me in this, it'd be great !

Hello to Everyone,   I have a question for increase VHD. When I tried the increased VHD I seen specs as grayed out . I checked snapshots bu I didn't see any snapshots for related VM. Could you please help me ?

Hello! Posting this in the hope someone can shed some light on this issue as ive been struggling with it for the past few weeks now! We are currently experiencing an issue with Scanners connecting via USB Redirection. (Yes, I know we should be using 'Scanner Redirection'! However this doesn’t appear to be compatible with the main scanning software we use which is Kofax)   Scenario as follows: USB Scanner is connected to host via USB and scanner is powered on The Scanner in question is usually a Fujitsu scanner (This issue is not affecting all scanners, or even all Fujitsu Scanners, but is affecting Fujitsu FI 7160 and Fujitsu FI 7180 scanners among others models and manufacturers) User logs onto Horizon desktop session USB scanner is automatically passed through successfully to the VM Once logged on, the scanner appears both as a device within 'printers and scanners' and within device manager. However the following symptoms are then present: Upon launching our scanning software (ie. Kofax, or any of our other software that relies on Kofax) and then attempting to scan, the user receives an error 'Mini Port driver not present' or ‘no device found’ If the driver is manually reinstalled within device manager with admin credentials within that session, it will then function correctly. If the scanner is not plugged in via USB to the thin client when the Horizon session is launched, and is then plugged in after a couple of minutes or so, it will occasionally work (but this is intermittent)   Rapidfs Login

Nessus Vulnerability Scanner results: A CGI application hosted on the remote web server is potentially prone to SQL injection attack. This issue is found on VCSA 6.7 virtual Machine. VCSA 6.7 Build 15129973   How can I resolve this concern? Does patching this to the latest help?

Hi Team, I am working on automation of App Volume 4 and creating packaging when executing "app_volumes/app_packages/xx/start_package" API giving  "not found" error. Any one please help me to resolve this issue. Regards, Jyothi      

Hi Is there an equivalent of the amazon API that returns the metadata of an instance from within the instance itself without using the instance id   http://169.254.169.254/latest/meta_data I am migrating from AWS to VCloud and I want to maintain the same code of all servers. on OpenStack we can achieve this by installing ec2 API, I don't know if this is possible with VCloud  

You can extend the password expiration time manually to number of days required for the AppDefense Appliance. If needed, you can also disable the password expiration permanently. Default setting is to expire both ‘admin’ & ‘root’ account password after every 90 days as per VMware’s security policy. To change the password expiration to X days as per your organizations security policy below commands can be run on the appliance via SSH session – sudo chage -I -1 -m 0 -M <X days> -E -1 admin sudo chage -I -1 -m 0 -M <X days> -E -1 root Replace the <X days> with the integer value which should be set as password expiration days Also, you can disable the password expiration permanently for the AppDefense Appliance. To disable password expiration permanently run the below commands on the appliance sudo chage -I -1 -m 0 -M 99999 -E -1 admin sudo chage -I -1 -m 0 -M 99999 -E -1 root Happy AppDefending!

This feature delivers full suite of capabilities around vulnerability assessment. AppDefense enumerates vulnerabilities on vSphere components, Operating Systems, as well as the applications running on top. As processes execute, AppDefense determines the vulnerabilities associated with that software. This feature requires outbound internet access. In addition to enumerating the vulnerabilities in your environment, AppDefense prioritizes every vulnerability using real-time threat information collected from sensors around the world. AppDefense ingests this feed from Kenna Security, the leader in vulnerability prioritization, to determine the overall risk for your environment. As a vCenter Server administrator, you always want to minimize the emergency downtime. You can now monitor all data center vulnerabilities from the AppDefense plug-in. To enable the vulnerability assessment feature, you should make sure that AppDefense Service (SaaS) subscription and the AppDefense Appliance are connected to AppDefense Service (SaaS). AppDefense provides risk score to each vulnerability. The Risk Score combines publicly available CVSS information with proprietary threat data and advanced modeling to produce a metric that accurately represents the risk of a given vulnerability in your data center. https://docs.vmware.com/en/VMware-AppDefense/2.3/install-appdefense-plugin/GUID-E8FD1FBB-1167-434B-89A1-BDE0751D0328.html​ Hosts affected by the vulnerability are listed in the Affected Hosts panel. Click the host and go to the Host > Monitor > AppDefense > Vulnerabilities tab. The AppDefense > Vulnerabilities tab lists all the vulnerabilities affecting that host. Similarly for OS & applications running inside VM vulnerabilities can be found under Windows & Linux OS tab. Happy AppDefending!

This article describes the locations where AppDefense stores the logs and can help customer to monitor and troubleshoot the AppDefense by using the AppDefense Appliance, vSphere Client, vCenter Server, AppDefense Manager, and other AppDefense components, as needed. You can collect log files using Export logs option from the appliance that can help to troubleshoot any issues with AppDefense. If you would like to investigate any particular components logs or have them forwarded to a centralized syslog server below logs directories could be useful. AppDefense Appliance – /var/log/appdefense/ AppDefense host module – Most recent logs - /var/log/glx.log Rolled over logs - /var/run/log/glx.X.gz AppDefense guest module – Most recent logs - /vmfs/volumes/[datastore]/[vm_name]/vmware.log Rolled over logs - /vmfs/volumes/[vm_name]/ vmware-X.log Happy AppDefending!

Introduction In VMware AppDefense, there are a few different methods in which we can roll out the Guest OS modules for the VMs. You might have heard VMware speaking about AppDefense being agentless which is a really cool feature of this security product. But, what do we exactly mean by agentless? Are there other methods of installing the module in the Guest OS without having use VMtools? Thankfully, yes! There are two distinct methods of installing the AppDefense Guest Module that we will cover today. Method 1 - VMtools VMtools is a package of system level drivers and tools that make navigating and working within a VM much easier. Many of our customers have implemented VMtools across their entire infrastructure and thus it made sense to just add in this new VMware Security functionality into it. When you enable AppDefense within VMtools it does NOT show AppDefense as a stand-alone program within the operating system but still provides all the security functionality. This is pretty cool but there are some downsides. Versions of the AppDefense module correlate directly to the version of VMtools you are running. For example, if you have VMtools 11 you’ll get AppDefense Module version 2.2 But if you have VMtools version 10.0.10 you would get AppDefense Module version 2.1. Now, to be fair, you do have the ability to upgrade the module once it’s already been enabled in VMtools but this workflow does tend to require a little bit more effort to deploy across workloads. Unless you're willing to upgrade all of your VMtools installs to the latest available version and then enable AppDefense, the best method is method 2. Method 2 - Standalone Module Rather than just offer AppDefense via VMtools we also chose to make the AppDefense Guest Module available as it's own standalone install package. We offer a very light weight MSI that installs the AppDefense Module onto supported Windows OS's. The great thing about this option is that with the latest module (version 2.3) this is a completely non-impactful install. This means that there's no reboot required to get the process and network attestation info reported to AppDefense. Also, because it's a standalone package, this can easily be pushed out to Windows machines via readily available package managers such as SCCM. The downside to this method is that AppDefense appears as its own program within the operating system and has a program listed under Programs and Features. Other than that, the module does the exact same thing, with less work and impact than done within VMtools. Conclusion In our opinion as implementation experts, we've seen more success utilizing the standalone module for AppDefense. There are, however, benefits and drawbacks to each use case and I hope I've clearly laid out those in this short post and you can determine the best rollout method for your implementation! Happy AppDefending!

When we move Scopes within AppDefense to "Protected" mode from "Discovery" mode we are locking down the manifest of learned behaviors and telling AppDefense to alert us on any new behaviors or deviations from the known good behaviors. When a new behavior or deviated behavior shows up within in a protected scope, AppDefense triggers an event. Using AppDefense's App Verification Cloud we have the ability to look at that event and classify it with different severities based on a number of factors. The criticality of an event can be one of four severity levels: Critical, Serious, Minor or Info. The corresponding indicator for the different severities are represented by different colored symbols shown below. The difference between "Events" and "Alerts" within AppDefense is quite simple. All events that are classified as critical are what we call "Alerts" and anything classified lower than a critical (Serious, Minor or Info) we continue to call an "Event". Currently you can get to your Alerts (Critical Events) by clicking the "Alerts" button in the top left hand corner of the AppDefense home page. To get to events you click the gear icon next to your email address in the bottom left hand corner and select "Events" at the top of the menu. We hope that this has helped you understand a little bit better how to use AppDefense and it's categorization of events. Happy AppDefending!

AppDefense is one of VMware's newest SaaS products which means that you have the ability to get support directly from within the product. If you are having any issues ranging from full on technical problems with the products to the simplest "how do I do this?" question, you can reach out directly to a technical support engineer via our built in chat tool within the product. At this point, you're probably asking yourself, "Great! Now how do I open a chat?" It's quite simple really and I'll lay it out for you in 3 easy steps. 1. Log into appdefense.vmware.com with your credentials that you setup previously. NOTE: this is NOT the same account as your myvmware.com account. 2. Click on the "SUPPORT" tab on the far right hand side of the screen. 3. Click on "Return to Chat". The wording may be different based on if you've logged a chat before or not. Once you click on that button you'll have the opportunity to start a new chat or return to an old chat you logged in the past. I hope this helps you on your journey to more robust application protection and gives you some peace of mind having technical support so easily accessible within the product. Happy AppDefending!

Hello there, I have a possible hack breach within my iPhone Ios13.3, so here we go, I've worked within the IT field and felt strange about some features or lack there of within this phone.  Last night, I decided to dig deeper into the phone and came across a SHU portal which has Linux Ubuntu, oracle, vnc, and a KDE server connection. What alarmed me was that I pressed to connect and I was connected without entering any credentials or the server information. Which of course leads me to who is managing my phone without my knowledge??? I'm.self employed and do not have any of these things subscribed at all. Now to the VMWARE, I have found that VMware Skyline services is also running onto my phone. I would love for ANY one to give me a call or try to research this for me. I would love to know who the author or administrator that has done such an unlawful crime and have them prosecuted. Examples of what I'm mentioning with VMware are VMware cloud on AWS - SDDC provisional failures. VMWARE skyline login failures. VMWARE skyline Degradation service performance. Intermittent APPDEFENSE logs. I would love to figure this one out and hope someone can give me the honest answers I seek. I can be reached at Micahstewart778@gmail.com

AppDefense now defines two user roles for the operation of the SaaS Manager i.e. “Admin” and “Analyst”. Admins have full privileges, including user configuration and remediation settings (block, suspend, kill, etc). Analyst is the default user role and cannot change remediation settings. Users in the ‘Administrator’ role have overall responsibility of the organization, so are assigned with additional permissions. There can be more than one administrator in the organization. By default, when administrator invites a user, the user is assigned with the ‘Analyst’ role. An ‘Analyst’ role assigned user cannot perform below tasks in the SaaS manager console – Analyst is the default user role. Analyst cannot access user management or remediation action settings. Analyst cannot view the advanced remediation audit log. Only when provided by administrator, the user with an analyst role can perform advanced remediation actions such as Quarantine, Suspend, or Power Off. Administrator is a user who has an administrative responsibility of the organization. Administrator has the following privileges. Advanced Remediation Settings: Control the setting to provide access to perform manual and automatic remediation action for all users within the organization. Administrator can enable or disable the advanced remediation action from the Settings tab. User Management: Administrator can perform following actions from the Users tab: Assign a user role. Invite users to the organization. Invite an existing user again, when needed. Block or unblock users. Advanced: Administrator can take the remediation action on a virtual machine for any triggered alert or set the automatic remediation rules to take advanced remediation action in individual services. Remediation action includes Quarantine, Suspend, or Power Off the virtual machine. Audit Log: Administrator can view the advanced remediation log from the settings -> Audit Logs tab. These new roles are now available in every AppDefense SaaS manager org. Let us know if you have questions! Happy AppDefending! The AppDefense Architects Team.