Sunday, March 31, 2024
VMware VCF and vSphere Diagnostic tool-VDT
Thursday, March 28, 2024
CVE-2023-48795 Impact of Terrapin SSH Attack
CVE-2023-48795 describes a vulnerability in OpenSSH v9.5 and earlier. This vulnerability, also known as the "Terrapin attack", could allow an attacker to downgrade the security of an SSH connection by manipulating information transferred during the the connection's initial handshake/negotiation sequence. The attacker must have already gained access to the local network, and must be able to both intercept communications and assume the identity of both the recipient and the sender. The CVSS 3.x rating of "Medium" reflects the difficulty in successfully exploiting this vulnerability.
CVE-2023-48795 has since been resolved in OpenSSH v9.6. It's mitigation requires both client and server implementations to be upgraded to this fixed or later version. Additionally, this vulnerability can also be addressed by disabling use of the "ChaCha20-Poly1305" cipher in affected OpenSSH implementations.
This vulnerbility affects all systems having the openssh installed "Linux and Windows".
For VMware products like NSX Managers, Edge Nodes running on Linux kernel(same as Linux) are also affected by this vulnerbility.
Workaround to fix this on NSX Appliances is remove the affected ciphers from SSH and SSHD config files.
Login to NSX appliances(Managers & Edge nodes) via putty and switch to "root" account.
root@nsxmgr001:~# vi /etc/ssh/ssh_config
root@nsxmgr001:~# vi /etc/ssh/sshd_config
and remove the below ciphers from both of these files and save & exit.
# Cipher and MAC algorithms
chacha20-poly1305@openssh.com
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
Restart the ssh service then--
root@nsxmgr001:~# /etc/init.d/ssh restart
After removing the vulnerable ciphers & MAC Algorithms, both config files will looks like below:
Plz Note: There is no offically update on this vulnerability from VMware side as of now, so do it own risk.
Refer below documentation for more info.
https://learn.microsoft.com/en-us/answers/questions/1525235/need-solution-to-terrapin-vulnerability-cve-2023-4
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
Wednesday, March 13, 2024
VMware vSAN OSA and ESA overview.
VMware vSAN 8™, Introduces the revolutionary Express Storage Architecture™. This is an optional, alternative storage architecture to the vSAN original storage architecture also found in vSAN 8. When running on qualified hardware in approved vSAN ReadyNodes, the vSAN Express storage architecture will offer supreme levels of performance, scalability, resilience, and data services without compromising performance. The vSAN Express Storage Architecture unlocks the capabilities of modern hardware to allow the workloads of today and tomorrow.
Below are some key differences between OSA and ESA Architecture.
OSA: Original Storage Architecture
1. OSA is a vSAN
Distributed File System (vDFS)
2. Drives like SSDs, HDDs, and hybrid supported
by OSA.
3. 1 Cache drive per Disk group is supported by
OSA.
4. Hardware requirements for OSA is Varies as per
vSAN config.
5. With OSA we can get good performance by leveraging
different RAID policies with stripping options.
6. OSA is using disk groups with caching devices.
It can be configured with various hardware, including spinning disks.
7. OSA can run on vSphere 6.x,7.x and 8.x
versions.
8. Minimum 10Gbps network required for host networking.
9. Minimum storage device required to configure OSA is 2.
ESA: Express Storage Architecture
1. ESA is a Log
Structured File System (vSAN LFS)
2. Drives Certified with NVMe SSDs are supported
by ESA.
3. There are no disk groups, hence no caching drive
needed.
4. ESA supports only vSAN ReadyNodes.
5. Performance is excellent with ESA as compared
to OSA.
6. ESA uses a storage pool instead of disk
groups. This makes it more storage effective.
7. ESA is available from vSphere 8.x version
only.
8. Minimum 25GBps network required for host networking.
9. Minimum storage device required to configure ESA is 4.
For more information about VMware vSAN ESA, refer below article.
https://core.vmware.com/blog/comparing-original-storage-architecture-vsan-8-express-storage-architecture
Edge node vmid not found on NSX manager
Hello There, Recently , we faced an issue in our NSX-T envrironment running with 3.2.x version. We saw below error message while running t...
-
VMware Cloud Foundation is VMware’s comprehensive software-defined infrastructure (SDI) platform for deploying and managing private and hy...
-
You can import an unmanaged virtual machine to a vRealize Automation environment. An unmanaged virtual machine exists in a vCenter but...
-
Native File Services on vSAN 7.0 Hello Everyone, Today, we are covering up about ...