VMware has released two important updates for virtual infrastructure management server – VMware vCenter 6.5 Update 1d and 1e . Both updates have significantly improved the functionality of the vCenter management server, despite it’s just one more letter added to Update 1.
vCenter 6.5 Update 1d is interesting because it includes an updated HTML5 client for administrating vSphere virtual infrastructure. Its previous version has been included in vSphere Update 1 and since that time, there has been more than a dozen of vSphere Client updates released on VMware Labs website.
Keep in mind that this client still doesn’t support the functionality of vSphere in full. You can learn about its current functionality difference from vSphere Web Client in this article. These differences are described for 3.31 client version included in vCenter 6.5 Update 1d and at the moment of writing this article, the 3.32 version was released.
Let’s take a closer look at the vSphere Client improvements in VMware vCenter 6.5 Update 1d:
An improved Clarity interface view. Thanks to the new VMware approach adopting the Clarity framework, the interface now looks more aesthetic, clear, and convenient. The top menu now looks neat.
Precise selection of Consumed Memory metric. Now, there’s the ability to switch between Active and Consumed Memory in vSphere Client.
Configure vSphere Proactive HA. Previously, you could do that only via Web Client. Now, it looks handy and convenient.
Configure Content Library. It’s a really important feature since it allows adding the already existing library with content (for example, from another vCenter server instance).
Configure Network IO Control (NIOC) on VDS. Now, this can be done via vSphere Client (along with LAGs and LACP configuration) for vSphere Distributed Switch (VDS), including changing Gateway settings on VMkernel adapters.
Configure Storage Policies. Earlier, this was available only via Web Client (for example, you couldn’t create a new policy in HTML5 client), but now, all the operations can be performed in a convenient workflow for vSphere Client, which, by the way, has been significantly simplified.
Manage VIB packages. A really convenient view allows you to find out what VIB packages are installed on an ESXi host. It is available here: Host –> Configure –> System –> Packages.
Manage VM Settings and Templates. Now, in VM Settings, you can configure all VMs’ parameters, including the addition of new virtual devices such as NVMe, SCSI, USB Controller, and Host-based USB Adapter. Also, the ability to work with VM templates has been added.
Configure VM Guest Customization Specifications. When deploying a VM from a template via HTML5 client, you can now use the specification created with the built-in wizard or select the already existing specification file.
As usual, the document on vSphere Client and vSphere Web Client differences has been also updated on December 19, 2017.
VMware vCenter 6.5 Update 1e and the Spectre vulnerability
Now, let’s move on to vCenter 6.5 Update 1e which has been released in January this year. First of all, it’s important since it prevents the possible impact of Spectre vulnerability found in Intel processors. This vulnerability is quite a concern for the IT community since it can affect all the desktop and server systems based on Intel processors.
It potentially allows local applications (the ones that attack locally when running specific programs) acquire access to the content of the virtual memory of a current application or another one.
Recently, VMware has published Security Advisory for its VMware vSphere platform, where the possible problem with Spectre has been described (the vulnerability itself with links to articles by various vendors is listed here). In the beginning of January, the patches allowing to eliminate the vulnerability have also been released.
Patches for VMware vCenter servers are available for download via this links:
VMware vCenter Server 5.5 Update 3g – Download
VMware vCenter Server 6.0 U3d – Download
VMware vCenter Server 6.5 U1e – Download
There were updates available not only for vCenter Server. For VMware ESXi server, administrators could go to VMware Patch Portal and download the ESXi650-201801401-BG / ESXi650-201801402-BG update(build number is 7526125) that updated servers’ microcode as well as ESXi software.
However, on January 17th VMware has pulled back these patches because Intel has notified VMware of recent sightings that may affect some of the initial microcode patches that provide the speculative execution control mechanism for a number of Intel Haswell and Broadwell processors.
The detailed information on this issue can be found in KB 52345.
For ESXi hosts that have not yet applied one of the following patches ESXi650-201801402-BG, ESXi600-201801402-BG, or ESXi550-201801401-BG, VMware recommends not doing so at this time. It is recommended to apply the patches listed in VMSA-2018-0002 instead.
The patch is also available for VMware desktop virtualization platforms:
VMware Workstation 14.1.1 Pro for Linux – Download
VMware Workstation 14.1.1 Pro for Windows – Download
VMware Fusion 10.1.1 (Intel-based Macs) – Download
VMware Fusion 8.5.10 ( Mac OS X) – Download
So, if you still haven’t updated your VMware vSphere 6.5 Update 1 platform, now is the right time to do this to take a look at a new vSphere Client and close the potential gap in your virtualized infrastructure security.