BenediktFrenzel's Posts

Hi Tom, please run passive checks and/or SNMP-based checks against the appliance as running 3rd party software on the vCSA is not supported. See VMware Knowledge Base - "VMware Virtual Appliances and customizations to operating system and included packages" for more details. Thanks Benedikt

Hi @Vosman If you cannot connect to the webpage and esxcli is not working on the host, you may have a problem with the management services on the host itself. Can you run the following commands? /etc/init.d/hostd status If it is not running start it via /etc/init.d/hostd start If it is running restart it via /etc/init.d/hostd restart You may also have to reboot the host, depens on the outcome of the previus actions. - Benedikt

Hi brandonwinstead, when I understand you correctly, you want to build your setup like this: VM Name Public IP vCenter HA IP vcsa-01a 198.51.100.1/24 192.0.2.1/24 vcsa-01a_peer 198.51.100.1/24 (down) 192.0.2.2/24 vcsa-01a_witness 192.0.2.3/24 Then you want to shut down the VM "vcsa-01a_peer", but the vCenter will power it on again? vCenter HA is an active-standby setup, but the replication is happening on a file-based level. So the "vcsa-01a_peer" has to be powered on. Some more information about how to set it up can be found here: - Product Walkthroughs - Enabling vCenter HA - Basic - Product Walkthroughs - Enabling vCenter HA - Advanced Hope this helps. - Benedikt

"Hypervisor-Specific Mitigation Mitigates leakage from the hypervisor or guest VMs into a malicious guest VM. VMware’s hypervisor products are affected by the known examples of variant 1 and variant 2 vulnerabilities and do require the associated mitigations. Known examples of variant 3 do not affect VMware hypervisor products. VMware hypervisors do not require the new speculative-execution control mechanism to achieve this class of mitigation and therefore these types of updates can be installed on any currently supported processor. No significant performance degradation is expected for VMware’s hypervisor-specific mitigations." - VMware Knowledge Base - VMware Virtual Appliances and CVE-2017-5753, CVE-2017-5715 (Spectre), CVE-2017-5754 (Meltdown) (52264) but as wila said, you may want to read the full articles. - Benedikt

Hi starwrz "Hypervisor-Specific Mitigation Mitigates leakage from the hypervisor or guest VMs into a malicious guest VM. VMware’s hypervisor products are affected by the known examples of variant 1 and variant 2 vulnerabilities and do require the associated mitigations. Known examples of variant 3 do not affect VMware hypervisor products. VMware hypervisors do not require the new speculative-execution control mechanism to achieve this class of mitigation and therefore these types of updates can be installed on any currently supported processor. No significant performance degradation is expected for VMware’s hypervisor-specific mitigations." - VMware Knowledge Base - VMware Virtual Appliances and CVE-2017-5753, CVE-2017-5715 (Spectre), CVE-2017-5754 (Meltdown) (52264) Cheers, Benedikt

Hi all, there is a new KB Article online, describing the "Hypervisor-Assisted Guest Mitigation for branch target injection". There also are some more KBs regarding the Issue. - VMware Response to Speculative Execution security issues, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 (aka Spectre and Meltdown) - VMware Virtual Appliances and CVE-2017-5753, CVE-2017-5715 (Spectre), CVE-2017-5754 (Meltdown) Cheers, Benedikt