vSphere 6.7 Released

VMware is announcing vSphere 6.7, the latest release of the industry-leading virtualization and cloud platform. vSphere 6.7 is the efficient and secure platform for hybrid clouds, fueling digital transformation by delivering simple and efficient management at scale, comprehensive built-in security, a universal application platform, and seamless hybrid cloud experience.

vSphere 6.7 delivers key capabilities to enable IT organizations address the following notable trends that are putting new demands on their IT infrastructure:

  • Explosive growth in quantity and variety of applications, from business-critical apps to new intelligent workloads.
  • The rapid growth of hybrid cloud environments and use cases.
  • On-premises data centers growing and expanding globally, including at the Edge.
  • Security of infrastructure and applications attaining paramount importance.

 

Let’s take a look at some of the key capabilities in vSphere 6.7:

 

Simple and Efficient Management, at Scale

vSphere 6.7 builds on the technological innovation delivered by vSphere 6.5, and elevates the customer experience to an entirely new level. It provides exceptional management simplicity, operational efficiency, and faster time to market, all at scale.

vSphere 6.7 delivers an exceptional experience for the user with an enhancedvCenter Server Appliance (vCSA). It introduces several new APIs that improve the efficiency and experience to deploy vCenter, to deploy multiple vCenters based on a template, to make management of vCenter Server Appliance significantly easier, as well as for backup and restore. It also significantly simplifies the vCenter Server topology through vCenter with embedded platform services controller in enhanced linked mode, enabling customers to link multiple vCenters and have seamless visibility across the environment without the need for an external platform services controller or load balancers.

Moreover, with vSphere 6.7 vCSA delivers phenomenal performance improvements (all metrics compared at cluster scale limits, versus vSphere 6.5):

  • 2X faster performance in vCenter operations per second
  • 3X reduction in memory usage
  • 3X faster DRS-related operations (e.g. power-on virtual machine)

These performance improvements ensure a blazing fast experience for vSphere users, and deliver significant value, as well as time and cost savings in a variety of use cases, such as VDI, Scale-out apps, Big Data, HPC, DevOps, distributed cloud native apps, etc.

vSphere 6.7 improves efficiency at scale when updating ESXi hosts, significantly reducing maintenance time by eliminating one of two reboots normally required for major version upgrades (Single Reboot). In addition to that, vSphere Quick Boot is a new innovation that restarts the ESXi hypervisor without rebooting the physical host, skipping time-consuming hardware initialization.

Another key component that allows vSphere 6.7 to deliver a simplified and efficient experience is the graphical user interface itself. The HTML5-based vSphere Client provides a modern user interface experience that is both responsive and easy to use. With vSphere 6.7, it includes added functionality to support not only the typical workflows customers need but also other key functionality like managing NSX, vSAN, VUM as well as third-party components.

 

Comprehensive Built-In Security

vSphere 6.7 builds on the security capabilities in vSphere 6.5 and leverages its unique position as the hypervisor to offer comprehensive security that starts at the core, via an operationally simple policy-driven model.

vSphere 6.7 adds support for Trusted Platform Module (TPM) 2.0 hardware devices and also introduces Virtual TPM 2.0, significantly enhancing protection and assuring integrity for both the hypervisor and the guest operating system. This capability helps prevent VMs and hosts from being tampered with, prevents the loading of unauthorized components and enables guest operating system security features security teams are asking for.

Data encryption was introduced with vSphere 6.5 and very well received.  With vSphere 6.7, VM Encryption is further enhanced and more operationally simple to manage.  vSphere 6.7 simplifies workflows for VM Encryption, designed to protect data at rest and in motion, making it as easy as a right-click while also increasing the security posture of encrypting the VM and giving the user a greater degree of control to protect against unauthorized data access.

vSphere 6.7 also enhances protection for data in motion by enabling encrypted vMotion across different vCenter instances as well as versions, making it easy to securely conduct data center migrations, move data across a hybrid cloud environment (between on-premises and public cloud), or across geographically distributed data centers.

vSphere 6.7 introduces support for the entire range of Microsoft’s Virtualization Based Security technologies. This is a result of close collaboration between VMware and Microsoft to ensure Windows VMs on vSphere support in-guest security features while continuing to run performant and secure on the vSphere platform.

vSphere 6.7 delivers comprehensive built-in security and is the heart of a secure SDDC. It has deep integration and works seamlessly with other VMware products such as vSAN, NSX and vRealize Suite to provide a complete security model for the data center.

 

Universal Application Platform

vSphere 6.7 is a universal application platform that supports new workloads (including 3D Graphics, Big Data, HPC, Machine Learning, In-Memory, and Cloud-Native) as well as existing mission critical applications. It also supports and leverages some of the latest hardware innovations in the industry, delivering exceptional performance for a variety of workloads.

vSphere 6.7 further enhances the support and capabilities introduced for GPUs through VMware’s collaboration with Nvidia, by virtualizing Nvidia GPUs even for non-VDI and non-general-purpose-computing use cases such as artificial intelligence, machine learning, big data and more. With enhancements to Nvidia GRID™ vGPU technology in vSphere 6.7, instead of having to power off workloads running on GPUs, customers can simply suspend and resume those VMs, allowing for better lifecycle management of the underlying host and significantly reducing disruption for end-users. VMware continues to invest in this area, with the goal of bringing the full vSphere experience to GPUs in future releases.

vSphere 6.7 continues to showcase VMware’s technological leadership and fruitful collaboration with our key partners by adding support for a key industry innovation poised to have a dramatic impact on the landscape, which is persistent memory. With vSphere Persistent Memory, customers using supported hardware modules, such as those available from Dell-EMC and HPE, can leverage them either as super-fast storage with high IOPS, or expose them to the guest operating system as non-volatile memory. This will significantly enhance performance of the OS as well as applications across a variety of use cases, making existing applications faster and more performant and enabling customers to create new high-performance applications that can leverage vSphere Persistent Memory.

 

Seamless Hybrid Cloud Experience

With the fast adoption of vSphere-based public clouds through VMware Cloud Provider Program partners, VMware Cloud on AWS, as well as other public cloud providers, VMware is committed to delivering a seamless hybrid cloud experience for customers.

vSphere 6.7 introduces vCenter Server Hybrid Linked Mode, which makes it easy and simple for customers to have unified visibility and manageability across an on-premises vSphere environment running on one version and a vSphere-based public cloud environment, such as VMware Cloud on AWS, running on a different version of vSphere. This ensures that the fast pace of innovation and introduction of new capabilities in vSphere-based public clouds does not force the customer to constantly update and upgrade their on-premises vSphere environment.

vSphere 6.7 also introduces Cross-Cloud Cold and Hot Migration, further enhancing the ease of management across and enabling a seamless and non-disruptive hybrid cloud experience for customers.

As virtual machines migrate between different data centers or from an on-premises data center to the cloud and back, they likely move across different CPU types. vSphere 6.7 delivers a new capability that is key for the hybrid cloud, called Per-VM EVC. Per-VM EVC enables the EVC (Enhanced vMotion Compatibility) mode to become an attribute of the VM rather than the specific processor generation it happens to be booted on in the cluster. This allows for seamless migration across different CPUs by persisting the EVC mode per-VM during migrations across clusters and during power cycles.

Previously, vSphere 6.0 introduced provisioning between vCenter instances. This is often called “cross-vCenter provisioning.” The use of two vCenter instances introduces the possibility that the instances are on different release versions. vSphere 6.7 enables customers to use different vCenter versions while allowing cross-vCenter, mixed-version provisioning operations (vMotion, Full Clone and cold migrate) to continue seamlessly. This is especially useful for customers leveraging VMware Cloud on AWS as part of their hybrid cloud.

 

Learn More

As the ideal, efficient, secure universal platform for hybrid cloud, supporting new and existing applications, serving the needs of IT and the business, vSphere 6.7 reinforces your investment in VMware. vSphere 6.7 is one of the core components of VMware’s SDDC and a fundamental building block of your cloud strategy. With vSphere 6.7, you can now run, manage, connect, and secure your applications in a common operating environment, across your hybrid cloud.

This article only touched upon the key highlights of this release, but there are many more new features. To learn more about vSphere 6.7, please see the following resources.

 

Note:

As part of any new vSphere release, VMware expects to make compatible versions of dependent products available within one quarter of general availability in most cases. At vSphere 6.7 general availability, compatible versions of VMware Horizon, VMware NSX, VMware Integrated OpenStack and VMware vSphere Integrated Containers will not be availableExisting Horizon, NSX, VIC and VIO customers are advised not to upgrade to vSphere 6.7 until compatible versions become available. For additional information on Horizon, NSX, VIC and VIO compatibility, please contact your VMware account team or reseller partner.

 

How to add a persistent static route to Windows

To view the existing routes,

C:\> ROUTE PRINT

To add a static route,

SYNTAX:

C:\> ROUTE ADD <TARGET> MASK <NETMASK> <GATEWAY IP> METRIC <METRIC COST> IF <INTERFACE>

EXAMPLE:

C:\> ROUTE ADD 10.10.10.0 MASK 255.255.255.0 192.168.1.1 METRIC 1

Note: If there is more than one Network Interface and if the interface is not mentioned, the interface is selected based on the gateway IP.

This Static route gets erased when the system reboots. To avoid this, use the -p (Persistent) switch to the above command:

C:\> ROUTE -P ADD 10.10.10.0 MASK 255.255.255.0 192.168.1.1 METRIC 1

This writes the persistent route to the following Windows Registry key as a string value (REG_SZ):

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\PERSISTENTROUTES

Also, you can write a small batch file with the route commands and add it to the startup folder to add the routes at startup (similar to the startup scripts in Solaris)

For more options like flushing the IP Routing table or to delete, modify IP Routing table entry use the route command with no arguments. This displays the various options for the route command.

C:\> ROUTE

This should help.

VMware ESXi Release and Build Number History

The following listings are a comprehensive collection of the flagship hypervisor product by VMware. All bold versions are downloadable releases. All patches have been named by their release names. Please note that the ESXi hypervisor is available since version 3.5.

vSphere ESXi 6.5

Name Patch Date Build
ESXi 6.5 U1e* ESXi650-201801001 2018-01-09 7526125
ESXi 6.5 Patch 2* ESXi650-201712001 2017-12-19 7388607
ESXi 6.5 Patch 2* (Security only) ESXi650-201712001 2017-12-19 7273056
ESXi 6.5 Express Patch 4 ESXi650-201710401 2017-10-05 6765664
ESXi 6.5 Update 1 ESXi650-update1 2017-07-27 5969303
ESXi 6.5 Update 1 (Security only) ESXi650-update1 2017-07-27 5969300
ESXi 6.5d (vSAN 6.6 Patch) ESXi650-201704001 2017-04-18 5310538
ESXi 6.5 Express Patch 1a ESXi650-201703002 2017-03-28 5224529
ESXi 6.5 Patch 1 ESXi650-201703001 2017-03-09 5146846
ESXi 6.5 Patch 1 (Security Only) ESXi650-201703001 2017-03-09 5146843
ESXi 6.5a ESXi650-201701001 2017-02-02 4887370
ESXi 6.5 GA 2016-11-15 4564106

vSphere ESXi 6.0

Name Patch Date Build
ESXi 6.0 U3d* ESXi600-201801001 2018-01-09 7504637
ESXi 6.0 Patch 6* ESXi600-201711001 2017-11-09 6921384
ESXi 6.0 Patch 6* (Security Only) ESXi600-201711001 2017-11-09 6856897
ESXi 6.0 Express Patch 11 ESXi600-201710301 2017-10-05 6765062
ESXi 6.0 Update 3a (Patch 5) ESXi600-201706001 2017-06-06 5572656
ESXi 6.0 Update 3a (Patch 5) (Security Only) ESXi600-201706001 2017-06-06 5485776
ESXi 6.0 Update 2 (VMSA-2017-0006) ESXi600-201703003 2017-03-28 5251623
ESXi 6.0 Update 1 (VMSA-2017-0006) ESXi600-201703002 2017-03-28 5251621
ESXi 6.0 Express Patch 7a ESXi600-201703001 2017-03-28 5224934
ESXi 6.0 Update 3 ESXi600-update3 2017-02-24 5050593
ESXi 6.0 Update 3 (Security Only) ESXi600-update3 2017-02-24 5047589
ESXi 6.0 Patch 4 ESXi600-201611001 2016-11-22 4600944
ESXi 6.0 Patch 4 (Security Only) ESXi600-201611001 2016-11-22 4558694
ESXi 6.0 Express Patch 7 ESXi600-201610001 2016-10-17 4510822
ESXi 6.0 Patch 3 ESXi600-201608001 2016-08-04 4192238
ESXi 6.0 Patch 3 (Security Only) ESXi600-201608001 2016-08-04 4179598
ESXi 6.0 Express Patch 6 ESXi600-201605001 2016-05-12 3825889
ESXi 6.0 Update 2 ESXi600-update2 2016-03-15 3620759
ESXi 6.0 Update 2 (Security Only) ESXi600-update2 2016-03-15 3568943
ESXi 6.0 Express Patch 5 ESXi600-201602001 2016-02-23 3568940
ESXi 6.0 Update 1b ESXi600-201601001 2016-01-07 3380124
ESXi 6.0 Update 1b (Security only) ESXi600-201601001 2016-01-07 3341439
ESXi 6.0 Express Patch 4 ESXi600-201511001 2015-11-25 3247720
ESXi 6.0 Update 1a ESXi600-201510001 2015-10-06 3073146
ESXi 6.0 Update 1 ESXi600-update1 2015-09-10 3029758
ESXi 6.0 Update 1 (Security only) ESXi600-update1 2015-09-10 3017641
ESXi 6.0b ESXi600-201507001 2015-07-07 2809209
ESXi 6.0b (Security Only) ESXi600-201507001 2015-07-07 2809111
ESXi 6.0 Express Patch 2 ESXi600-201505001 2015-05-14 2715440
ESXi 6.0 Express Patch 1 ESXi600-201504001 2015-04-09 2615704
ESXi 6.0 GA 2015-03-12 2494585

vSphere ESXi 5.5

Name Patch Date Build
ESXi 5.5 U3?* ESXi550-201801002 2018-01-22 7618464
ESXi 5.5 U3g* ESXi550-201801001 2018-01-09 7504623
ESXi 5.5 Patch 11 ESXi550-201709001 2017-09-14 6480324
ESXi 5.5 Patch 11 (Security only) ESXi550-201709001 2017-09-14 6480267
ESXi 5.5 Express Patch 11 ESXi550-201703001 2017-03-28 5230635
ESXi 5.5 Patch 10 (Security only) ESXi550-201612001 2016-12-20 4756874
ESXi 5.5 Patch 10 ESXi550-201612001 2016-12-20 4722766
ESXi 5.5 Patch 9 ESXi550-201609001 2016-09-15 4345813
ESXi 5.5 Patch 9 (Security only) ESXi550-201609001 2016-09-15 4345810
ESXi 5.5 Patch 8 ESXi550-201608001 2016-08-04 4179633
ESXi 5.5 Patch 8 (Security only) ESXi550-201608001 2016-08-04 4179631
ESXi 5.5 Express Patch 10 ESXi550-201602001 2016-02-21 3568722
ESXi 5.5 Express Patch 9 ESXi550-201601001 2016-01-04 3343343
ESXi 5.5 Update 3b ESXi550-201512001 2015-12-08 3248547
ESXi 5.5 Update 3b (Security Only) ESXi550-201512001 2015-12-08 3247226
ESXi 5.5 Update 3a ESXi550-201510001 2015-10-06 3116895
ESXi 5.5 Update 3 ESXi550-update3 2015-09-16 3029944
ESXi 5.5 Update 3 (Security Only) ESXi550-update3 2015-09-16 3029837
ESXi 5.5 Patch 5 re-release ESXi550-201505002 2015-05-08 2718055
ESXi 5.5 Patch 5 (Security Only) ESXi550-201505002 2015-05-08 2702869
ESXi 5.5 Patch 5 (Recalled) ESXi550-201504002 2015-04-30 2702864
ESXi 5.5 Express Patch 7 ESXi550-201504001 2015-04-07 2638301
ESXi 5.5 Express Patch 6 ESXi550-201502001 2015-02-05 2456374
ESXi 5.5 Patch 4 ESXi550-201501001 2015-01-27 2403361
ESXi 5.5 Patch 4 (Security Only) ESXi550-201501001 2015-01-27 2352327
ESXi 5.5 Express Patch 5 ESXi550-201412001 2014-12-02 2302651
ESXi 5.5 Patch 3 ESXi550-201410001 2014-10-15 2143827
ESXi 5.5 Patch 3 (Security Only) ESXi550-201410001 2014-10-15 2093874
ESXi 5.5 Update 2 ESXi550-update2 2014-09-09 2068190
ESXi 5.5 Update 2 (Security Only) ESXi550-update2 2014-09-09 1980513
ESXi 5.5 Patch 2 ESXi550-201407001 2014-07-01 1892794
ESXi 5.5 Patch 2 (Security Only) ESXi550-201407001 2014-07-01 1892623
ESXi 5.5 Express Patch 4 ESXi550-201406001 2014-06-10 1881737
ESXi 5.5 Express Patch 3 ESXi550-201404020 2014-04-19 1746974
ESXi 5.5 Update 1a ESXi550-201404001 2014-04-19 1746018
VMware ESXi 5.5.1 Driver Rollup ESXi550-update1 2014-03-11 1636597
ESXi 5.5 Update 1 ESXi550-update1 2014-03-11 1623387
ESXi 5.5 Update 1 (Security Only) ESXi550-update1 2014-03-11 1598313
ESXi 5.5 Patch 1 ESXi550-201312001 2013-12-22 1474528
ESXi 5.5 Patch 1 (Security Only) ESXi550-201312001 2013-12-22 1474526
vSAN Beta Refresh 2013-11-25 1439689
ESXi 5.5 GA 2013-09-22 1331820

vSphere ESXi 5.1

Name Patch Date Build
ESXi 5.1 Patch 9 ESXi510-201605001 2016-05-24 3872664
ESXi 5.1 Patch 9 ESXi510-201605001 2016-05-24 3872638
ESXi 5.1 Patch 8 ESXi510-201510001 2015-10-01 3070626
ESXi 5.1 Patch 8 (Security Only) ESXi510-201510001 2015-10-01 3021178
ESXi 5.1 Patch 7 ESXi510-201503001 2015-03-26 2583090
ESXi 5.1 Patch 7 (Security Only) ESXi510-201503001 2015-03-26 2575044
ESXi 5.1 Update 3 ESXi510-update3 2014-12-04 2323236
ESXi 5.1 Update 3 (Security Only) ESXi510-update3 2014-12-04 2323231
ESXi 5.1 Patch 6 ESXi510-201410001 2014-10-31 2191751
ESXi 5.1 Patch 6 (Security Only) ESXi510-201410001 2014-10-31 2191354
ESXi 5.1 Patch 5 ESXi510-201407001 2014-07-31 2000251
ESXi 5.1 Patch 5 (Security Only) ESXi510-201407001 2014-07-31 1904929
ESXi 5.1 Express Patch 5 ESXi510-201406001 2014-06-17 1900470
ESXi 5.1 Patch 4 ESXi510-201404001 2014-04-29 1743533
ESXi 5.1 Patch 4 (Security Only) ESXi510-201404001 2014-04-29 1743201
ESXi 5.1 Express Patch 4 ESXi510-201402001 2014-02-27 1612806
ESXi 5.1 Update 2 ESXi510-update2 2014-01-16 1483097
ESXi 5.1 Update 2 (Security Only) ESXi510-update2 2014-01-16 1472666
ESXi 5.1 Patch 3 (Security Only) ESXi510-201310001 2013-10-17 1312874
ESXi 5.1 Patch 3 ESXi510-201310001 2013-10-17 1312873
ESXi 5.1 Patch 2 ESXi510-201307001 2013-07-25 1157734
ESXi 5.1 Patch 2 (Security Only) ESXi510-201307001 2013-07-25 1142907
ESXi 5.1 Express Patch 3 ESXi510-201305001 2013-05-22 1117900
ESXi 5.1 Update 1 ESXi510-update1 2013-04-25 1065491
ESXi 5.1 Update 1 (Security Only) ESXi510-update1 2013-04-25 1063671
ESXi 5.1 Express Patch 2 ESXi510-201303001 2013-03-07 1021289
ESXi 5.1 Patch 1 ESXi510-201212001 2012-12-20 914609
ESXi 5.1 Patch 1 (Security Only) ESXi510-201212001 2012-12-20 911593
ESXi 5.1a ESXi510-201210001 2012-10-24 838463
PP Hot-Patch KB2034796 2012-10-24 837262
ESXi 5.1 GA 2012-09-11 799733

vSphere ESXi 5.0

Name Patch Date Build
ESXi 5.0 Patch 13 ESXi500-201606001 2016-06-14 3982828
ESXi 5.0 Patch 13 (Security Only) ESXi500-201606001 2016-06-14 3982819
ESXi 5.0 Patch 12 ESXi500-201510001 2015-10-01 3086167
ESXi 5.0 Patch 12 (Security Only) ESXi500-201510001 2015-10-01 3021432
ESXi 5.0 Patch 11 ESXi500-201502001 2015-02-26 2509828
ESXi 5.0 Patch 11 (Security Only) ESXi500-201502001 2015-02-26 2486588
ESXi 5.0 Patch 10 ESXi500-201412001 2014-12-04 2312428
ESXi 5.0 Patch 10 (Security Only) ESXi500-201412001 2014-12-04 2216931
ESXi 5.0 Patch 9 ESXi500-201408001 2014-08-28 2000308
ESXi 5.0 Patch 9 (Security Only) ESXi500-201408001 2014-08-28 1979317
ESXi 5.0 Express Patch 6 ESXi500-201407001 2014-07-01 1918656
ESXi 5.0 Patch 8 ESXi500-201405001 2014-05-29 1851670
ESXi 5.0 Patch 8 (Security Only) ESXi500-201405001 2014-05-29 1749766
ESXi 5.0 Patch 7 ESXi500-201401001 2014-01-23 1489271
ESXi 5.0 Patch 7 (Security Only) ESXi500-201401001 2014-01-23 1478905
ESXi 5.0 Update 3 (Security Only) ESXi500-update3 2013-10-17 1311177
ESXi 5.0 Update 3 ESXi500-update3 2013-10-17 1311175
ESXi 5.0 Patch 6 ESXi500-201308001 2013-08-29 1254542
ESXi 5.0 Patch 6 (Security Only) ESXi500-201308001 2013-08-29 1197855
ESXi 5.0 Express Patch 5 ESXi500-201305001 2013-05-15 1117897
ESXi 5.0 Patch 5 ESXi500-201303001 2013-03-28 1024429
ESXi 5.0 Patch 5 (Security Only) ESXi500-201303001 2013-03-28 1022489
ESXi 5.0 Update 2 ESXi500-update2 2012-12-20 914586
ESXi 5.0 Update 2 (Security Only) ESXi500-update2 2012-12-20 912577
ESXi 5.0 Patch 4 (Security Only) ESXi500-201209001 2012-09-27 822948
ESXi 5.0 Patch 4 ESXi500-201209001 2012-09-27 821926
ESXi 5.0 Patch 3 ESXi500-201207001 2012-07-12 768111
ESXi 5.0 Patch 3 (Security Only) ESXi500-201207001 2012-07-12 764879
ESXi 5.0 Express Patch 4 ESXi500-201206001 2012-06-14 721882
ESXi 5.0 Express Patch 3 ESXi500-201205001 2012-05-03 702118
ESXi 5.0 Express Patch 2 ESXi500-201204001 2012-04-12 653509
ESXi 5.0 Update 1 ESXi500-update1 2012-03-15 623860
ESXi 5.0 Update 1 (Security Only) ESXi500-update1 2012-03-15 608089
ESXi 5.0 Patch 2 ESXi500-201112001 2011-12-15 515841
ESXi 5.0 Express Patch 1 ESXi500-201111001 2011-11-03 504890
ESXi 5.0 Patch 1 ESXi500-201109001 2011-09-13 474610
ESXi 5.0 2011-08-24 469512

vSphere ESXi 4.1

Name Patch Date Build
ESXi 4.1 Patch 11 ESXi410-201404001 2014-04-10 1682698
ESXi 4.1 Patch 10 ESXi410-201312001 2013-12-05 1363503
ESXi 4.1 Patch 9 ESXi410-201307001 2013-07-31 1198252
ESXi 4.1 Patch 8 ESXi410-201304001 2013-04-30 1050704
ESXi 4.1 Patch 7 ESXi410-201301001 2013-01-31 988178
ESXi 4.1 Patch 6 ESXi410-201211001 2012-11-15 874690
ESXi 4.1 U3 ESXi410-update3 2012-08-30 800380
ESXi 4.1 Express Patch 3 ESXi410-201206001 2012-06-14 721871
ESXi 4.1 Express Patch 2 ESXi410-201205001 2012-05-03 702113
ESXi 4.1 Patch 5 ESXi410-201204001 2012-04-26 659051
ESXi 4.1 Patch 4 ESXi410-201201001 2012-01-30 582267
ESXi 4.1 U2 ESXi410-update2 2011-10-27 502767
ESXi 4.1 Patch 3 ESXi410-201107001 2011-07-28 433742
ESXi 4.1 Patch 2 ESXi410-201104001 2011-04-28 381591
ESXi 4.1 U1 ESXi410-update1 2011-02-10 348481
ESXi 4.1 Express Patch 1 ESXi410-201011001 2010-11-29 320137
ESXi 4.1 Patch 1 ESXi410-201010001 2010-11-15 320092
ESXi 4.1 GA 2010-07-13 260247

vSphere ESXi 4.0

Name Patch Date Build
ESXi 4.0 Patch 20 ESXi400-201404001 2014-04-10 1682696
ESXi 4.0 Patch 19 ESXi400-201310001 2013-10-24 1335992
ESXi 4.0 Patch 18 ESXi400-201305001 2013-05-30 1070634
ESXi 4.0 Patch 17 ESXi400-201302001 2013-02-07 989856
ESXi 4.0 Patch 16 ESXi400-201209001 2012-09-14 787047
ESXi 4.0 Patch 15 ESXi400-201206001 2012-06-12 721907
ESXi 4.0 Patch 14 ESXi400-201205001 2012-05-03 702116
ESXi 4.0 Patch 13 ESXi400-201203001 2012-03-30 660575
ESXi 4.0 U4 ESXi400-update4 2011-11-17 504850
ESXi 4.0 Patch 12 ESXi400-201110001 2011-10-13 480973
ESXi 4.0 U3 ESXi400-update3 2011-05-05 398348
ESXi 4.0 Patch 11 ESXi400-201104001 2011-04-28 392990
ESXi 4.0 Patch 10 ESXi400-201103001 2011-03-07 360236
ESXi 4.0 Patch 9 ESXi400-201101001 2011-01-04 332073
ESXi 4.0 Patch 8 ESXi400-201009001 2010-09-30 294855
ESXi 4.0 U2 ESXi400-update2 2010-06-10 261974
ESXi 4.0 Patch 7 ESXi400-201005001 2010-05-27 256968
ESXi 4.0 Patch 6 ESXi400-201003001 2010-04-01 244038
ESXi 4.0 Patch 5 ESXi400-201002001 2010-03-03 236512
ESXi 4.0 Patch 4 ESXi400-200912001 2010-01-05 219382
ESXi 4.0 U1 ESXi400-update1 2009-11-19 208167
ESXi 4.0 Patch 3 ESXi400-200909001 2009-09-24 193498
ESXi 4.0 Patch 2 ESXi400-200907001 2009-08-06 181792
ESXi 4.0 Patch 1 ESXi400-200906001 2009-07-09 175625
ESXi 4.0 GA 2009-05-21 164009

ESXi 3.5

Name Version Release Build
ESXe350-201302401-O-SG 3.5 Patch 27 2013-2-21 988599
ESXe350-201206401-O-SG 3.5 Patch 26 2012-06-14 725354
ESXe350-201205401-O-SG 3.5 Patch 25 2012-05-03 702112
ESXe350-201203401-O-SG 3.5 Patch 24 2012-03-09 604481
VMware ESXi 3.5 June 2011 Rollup 3.5 June 2011 Rollup 2011-06-30 391406
ESXe350-201105401-O-SG 3.5 Patch 23 2011-06-02 391406
ESXe350-201012401-O-BG 3.5 Patch 22 2010-12-07 317866
ESXe350-201008401-O-SG 3.5 Patch 21 2010-09-01 283373
ESXe350-201006401-O-SG 3.5 Patch 20 2010-06-24 259926
ESXe350-201003401-O-BG 3.5 Patch 19 2010-03-29 238493
ESXe350-201002401-O-SG 3.5 Patch 18 2010-02-16 226117
ESXe350-200912401-O-BG 3.5 Patch 17 2009-12-29 213532
VMware ESXi 3.5 Update 5 3.5 U5 2009-12-03 207095
ESXe350-200910401-I-SG 3.5 Patch 16 2009-10-16 199239
ESXe350-200908401-I-BG 3.5 Patch 15 2009-08-31 184236
ESXe350-200907401-I-BG 3.5 Patch 14 2009-07-30 176894
ESXe350-200906401-I-BG 3.5 Patch 13 2009-06-30 169697
ESXe350-200905401-I-BG 3.5 Patch 12 2009-05-28 163429
ESXe350-200904401-I-SG 3.5 Patch 11 2009-04-29 158874
VMware ESXi 3.5 Update 4 3.5 U4 2009-03-30 153875
ESXe350-200903411-I-BG 3.5 Patch 10 2009-03-20 153480
ESXe350-200901401-I-SG 3.5 Patch 9 2009-01-30 143129
ESXe350-200811401-I-SG 3.5 Patch 8 2008-12-02 130755
VMware ESXi 3.5 Update 3 3.5 U3 2008-11-06 123629
ESXe350-200809401-I-SG 3.5 Patch 7 2008-10-03 120505
ESXe350-200808501-I-SG 3.5 Patch 6 2008-09-18 113338
VMware ESXi 3.5 Update 2 (reissued) 3.5 U2 2008-08-13 110271
ESXe350-200807812-I-BG 3.5 Patch 5 2008-08-12 110180
VMware ESXi 3.5 Update 2 (timebombed) 3.5 U2 2008-07-25 103909
ESXe350-200805501-I-SG 3.5 Patch 4 2008-06-03 94430
ESXe350-200804401-O-BG 3.5 Patch 3 2008-04-30 85332
VMware ESXi 3.5 Update 1 3.5 U1 2008-04-10 82664
ESXe350-200802401-I-BG 3.5 Patch 2 2008-03-10 76563
ESXe350-200712401-O-BG 3.5 Patch 1 2008-01-17
VMware ESXi 3.5 Initial Release 3.5 2008-01-10 70348
VMware ESXi 3.5 First Public Release 3.5 2007-12-31 67921

The Spectre and Meltdown situation

170px-SPECTRE_Logo

Many blog posts have been written about the two biggest security vulnerabilities discovered so far in 2018. In fact, we are talking about three different vulnerabilities:

  • CVE-2017-5715 (branch target injection)
  • CVE-2017-5753 (bounds check bypass)
  • CVE-2017-5754 (rogue data cache load)

CVE-2017-5715 and CVE-2017-5753 are known as “Spectre”, CVE-2017-5754 is known as “Meltdown”. If you want to read more about these vulnerabilities, please visit spectreattack.com & meltdownattack.com

Multiple steps are necessary to be protected, and all necessary information are often repeated, but were distributed over several websites, vendor websites, articles, blog posts or security announcements.

How to protect yourself against these attacks

Two (apparent simple) steps are necessary to be protected against these vulnerabilities:

  1. Apply operating system updates
  2. Update the microcode (BIOS) of your server/ workstation/ laptop

If you use a hypervisor to virtualize guest operating systems, then you have to update your hypervisor as well. Just treat it like an ordinary operating system. Also if your using vendor created software appliances that may be based on OS distributions like CentOS then those need to be protected also.

Sounds pretty simple, but it’s not. I will focus on three vendors in this blog post:

  • Microsoft
  • Linux
  • VMware

Let’s start with Microsoft. Microsoft has published the security advisory ADV180002  on 01/03/2018.

Microsoft Windows (Client)

The necessary security updates are available for Windows 7 (SP1), Windows 8.1, and Windows 10. The January 2018 security updates are ONLY offered in one of theses cases (Source: Microsoft):

  • An supported anti-virus application is installed
  • Windows Defender Antivirus, System Center Endpoint Protection, or Microsoft Security Essentials is installed
  • A registry key was added manually

 

Update
Windows 10 (1709) KB4056892
Windows 10 (1703) KB4056891
Windows 10 (1607) KB4056890
Windows 10 (1511) KB4056888
Windows 10 (initial) KB4056893
Windows 8.1 KB4056898
Windows 7 SP1 KB4056897

Please note, that you also need a microcode update! Reach out to your vendor.

Windows Server

The necessary security updates are available for Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016 and Windows Server Core (1709). The security updates are NOT available for Windows Server 2008 and Server 2012!. The January 2018 security updates are ONLY offered in one of theses cases (Source: Microsoft):

  • An supported anti-virus application is installed
  • Windows Defender Antivirus, System Center Endpoint Protection, or Microsoft Security Essentials is installed
  • A registry key was added manually

 

OS Update
Windows Server, version 1709 (Server Core Installation) KB4056892
Windows Server 2016 KB4056890
Windows Server 2012 R2 KB4056898
Windows Server 2008 R2 KB4056897

After applying the security update, you have to enable the protection mechanism. This is different to Windows Windows 7, 8.1 or 10! To enable the protection mechanism, you have to add three registry keys:

VMware has published two VMware Security Advisories (VMSA):

VMware Workstation Pro, Player, Fusion, Fusion Pro, and ESXi are affected by CVE-2017-5753 and CVE-2017-5715. VMware products seems to be not affected by CVE-2017-5754. On 09/01/2017, VMware has published VMSA-2018-0004, which also addresses CVE-2017-5715. Just to make this clear:

  • Hypervisor-Specific Remediation (documented in VMSA-2018-0002)
  • Hypervisor-Assisted Guest Remediation (documented in VMSA-2018-0004)

Before you apply any security updates, please make sure that you :

  • Deploy the updated version of vCenter listed in the table (only if vCenter is used).
  • Deploy the ESXi security updates listed in the table.
  • Ensure that your VMs are using Hardware Version 9 or higher. For best performance, Hardware Version 11 or higher is recommended.

For more information about Hardware versions, read VMware KB article 1010675.

VMSA-2018-0002

OS Update
ESXi 6.5 ESXi650-201712101-SG
ESXi 6.0 ESXi600-201711101-SG
ESXi 5.5 ESXi550-201709101-SG

VMSA-2018-0004

OS Update
ESXi 6.5 ESXi650-201801401-BG, and
ESXi650-201801402-BG
ESXi 6.0 ESXi600-201801401-BG, and
ESXi600-201801402-BG
ESXi 5.5 ESXi550-201801401-BG
vCenter 6.5 6.5 U1e
vCenter 6.0 6.0 U3d
vCenter 5.5 5.5 U3g

All you have to do is:

  • Update your vCenter to the latest update release, then
  • Update your ESXi hosts with all available security updates
  • Apply the necessary guest OS security updates and enable the protection (Windows Server)

Make sure that you also apply microcode updates from your server vendor!

 

QNAP TS-431X NAS with 10G SFP+

QNAP today announced the new TS-431X NAS with a built-in 10GbE SFP+ port. It is powered by a dual-core AnnapurnaLabs, an Amazon company Alpine AL-212 1.7 GHz processor and 2GB/8GB DDR3 RAM (upgradable to 8GB). The TS-431X delivers up to 956 MB/s read speed with 10GbE.

266_1

Along with its application-aware design and abundant productive features including containerized virtualization, centralized email management, a private-cloud-based note-taking tool, and Virtual JBOD, the 10GbE-ready TS-431X is a perfect NAS for small and midsize businesses looking for backup, restoration, private cloud, and higher bandwidth for rigorous data processing.

The integrated 10GbE SFP+ port enables exceptional throughput for intensive data transfer, and fast backup and restoration for an ever-growing amount of data.

“Designed to solve more complex and demanding applications in today’s IT environments, the TS-431X is well suited for organizations that have budget constraints but require high bandwidth to tackle inefficiencies.” said Dan Lin, Product Manager of QNAP.

The TS-431X features Container Station that integrates LXC and Docker® lightweight virtualization technologies, enabling unlimited containerized applications. It offers the innovative QIoT Containers to store Internet of Things (IoT) data, and helps organizations boost IoT-based microservices and modernize legacy applications to drive more business opportunities.

The TS-431X is an all-in-one NAS supporting not only essential cross-platform file sharing, backup, restoration, and security, but also exclusive productivity apps. QmailAgent allows users to centrally manage multiple email accounts from popular email services and IMAP servers; Notes Station provides an online note-taking tool enabling collaborative writing; Qsync enables cross-devices file synchronization and team folders sync; and the powerful Qsirch full-text search engine helps quickly find files on the NAS. The TS-431X also supports VPN server and VPN client, IP surveillance system, and VJBOD (Virtual JBOD) to expand the storage capacity of other QNAP NAS.

Key specifications

    • TS-431X-2G: 2GB DDR3 RAM (2GB x1)
    • TS-431X-8G: 8GB DDR3 RAM (8GB x1)

4-bay tower model; AnnapurnaLabs, an Amazon company Alpine AL-212 1.7 GHz dual-core processor, hardware-accelerated encryption engine; hot-swappable 2.5″/3.5″ SATA 6Gbps HDD or SSD; 1 x 10 Gigabit SFP+ port, 2 x Gigabit RJ45 ports; 3 x USB 3.0 port, Kensington security slot

Openstack – Configuring for LVM Storage Backend

The volume service is able to make use of a volume group attached directly to the server on which the service runs. This volume group must be created exclusively for use by the block storage service and the configuration updated to point to the name of the volume group.
The following steps must be performed while logged into the system hosting the volume service as the root user:
  1. Use the pvcreate command to create a physical volume.
    # pvcreate DEVICE
      Physical volume "DEVICE" successfully created
    Replace DEVICE with the path to a valid, unused, device. For example:

    # pvcreate /dev/sdX
  2. Use the vgcreate command to create a volume group.
    # vgcreate cinder-volumes DEVICE
      Volume group "cinder-volumes" successfully created
    Replace DEVICE with the path to the device used when creating the physical volume. Optionally replace cinder-volumes with an alternative name for the new volume group.
  3. Set the volume_group configuration key to the name of the newly created volume group.
    # openstack-config --set /etc/cinder/cinder.conf \
    DEFAULT volume_group cinder-volumes
    The name provided must match the name of the volume group created in the previous step.
  4. Ensure that the correct volume driver for accessing LVM storage is in use by setting the volume_driverconfiguration key to cinder.volume.drivers.lvm.LVMISCSIDriver.
    # openstack-config --set /etc/cinder/cinder.conf \
    DEFAULT volume_driver cinder.volume.drivers.lvm.LVMISCSIDriver
The volume service has been configured to use LVM storage.

Openstack Liberty Error: Unable to retrieve volume limit information.

After an Openstack Liberty deployment  you may encounter the following error: Error: Unable to retrieve volume limit information. OR Danger: There was an error submitting the form. Please try again.

unable to retreive size limit

These errors are a result of a miss-configuration within CINDER, to resolve this all you need to do is edit the ‘/etc/cinder/cinder.conf‘ file and make sure the following two lines exist

[keystone_authtoken]
auth_uri = http://keystone_ip:5000
auth_url = http://keystone_ip:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = services
username = cinder
password = [ccinder password] <- find from answer file. password is stored in CONFIG_CINDER_KS_PW

After you had verified or added the lines you will need to restart the cinder services by running:

# service openstack-cinder-api restart
# service openstack-cinder-backup restart
# service openstack-cinder-scheduler restart
# service openstack-cinder-volume restart