18:40
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
EE Fellow, MVE, Expert of the Year 2021,2017-11, Scribe 2016-2012, Author of the Year 2018-6,2013-2012 VMware vExpert Pro, vExpert 2022-2011
This video builds on the last videos in this series of Hancock's VMware Half Hour, where we continue to build our VMware vSphere 7.0 Lab, and in this video, we start to explore the Warning messages appearing on several of our hosts in the cluster.
If you see the Warning message This host is potentially vulnerable to issues described in CVE-2018-3646. please refer to http://kb.vmware.com/s/article/55636 for details and VMware recommendations KB 55636. then this secuerity fix is required for your VMware vSphere Hypervsior (ESXi 7.0) host.
In this video, I will show you HOW TO: FIX VMware vSphere Hypervisor (ESXi) Host vulnerability L1 Terminal Fault’ (L1TF) Speculative-Execution in Intel processors: CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615.
Modern Intel CPU do not suffer this issue, but earlier processors do have these security issues, in March 2018, security issues were detected in Intel processors called Meltdown, Spectre and L1 Terminal Fault.
The previous videos are listed here for your convenience
Part 5: HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 7.0 (ESXi 7.0).
Part 24: HOW TO: Cross vCenter Server vMotion (export) between standalone vCenter Servers 7.0 not linked to the current SSO domain.
Part 25: HOW TO: Add a Synology NAS providing NFS Storge to VMware vSphere Hypervisor ESXi 7.0.
Part 26: HOW TO: Create a VMware vSphere Cluster add an EVC Baseline and then present a Synology NAS to multiple hosts in the cluster.
Part 27: HOW TO: Migrate VMware vCenter Server 7.0 in an enabled EVC VMware vSphere 7.0 Cluster of ESXi 7.0 hosts using "Andy's Towers of Hanoi solution"
Part 28: HOW TO: FIX the Warning System logs on host are stored on non-persistent storage, Move system logs to NFS shared storage.
HOW TO: Suppress Configuration Issues System logs on host are stored on non-persistent storage
If you see the Warning message This host is potentially vulnerable to issues described in CVE-2018-3646. please refer to http://kb.vmware.com/s/article/55636 for details and VMware recommendations KB 55636. then this secuerity fix is required for your VMware vSphere Hypervsior (ESXi 7.0) host.
In this video, I will show you HOW TO: FIX VMware vSphere Hypervisor (ESXi) Host vulnerability L1 Terminal Fault’ (L1TF) Speculative-Execution in Intel processors: CVE-2018-3646, CVE-2018-3620, and CVE-2018-3615.
Modern Intel CPU do not suffer this issue, but earlier processors do have these security issues, in March 2018, security issues were detected in Intel processors called Meltdown, Spectre and L1 Terminal Fault.
The previous videos are listed here for your convenience
Part 5: HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 7.0 (ESXi 7.0).
Part 24: HOW TO: Cross vCenter Server vMotion (export) between standalone vCenter Servers 7.0 not linked to the current SSO domain.
Part 25: HOW TO: Add a Synology NAS providing NFS Storge to VMware vSphere Hypervisor ESXi 7.0.
Part 26: HOW TO: Create a VMware vSphere Cluster add an EVC Baseline and then present a Synology NAS to multiple hosts in the cluster.
Part 27: HOW TO: Migrate VMware vCenter Server 7.0 in an enabled EVC VMware vSphere 7.0 Cluster of ESXi 7.0 hosts using "Andy's Towers of Hanoi solution"
Part 28: HOW TO: FIX the Warning System logs on host are stored on non-persistent storage, Move system logs to NFS shared storage.
HOW TO: Suppress Configuration Issues System logs on host are stored on non-persistent storage
Video Steps
1. Connect to vCenter Server 7.0.
Using a web browser, enter the fully qualified domain name of the vCenter Server 7.0 in the URL.2. Privacy Notice.
If using the VMware self-signed certificate (the default), click Accept to proceed.3. Launch vSphere Client (HTML5).
Click the Launch vSphere Client (HTML5) button.4. Enter SSO credentials.
Enter the Administrator@vsphere.loca5. Enable SSH and Console Shell.
Select and enable SSH Secure Shell and ESXi Console.6. SSH Connection.
Using the Windows application PuTTY or another SSH client, connect to the IP address of the ESXi host server, and enter the following commands7. Check current values.
esxcli system settings kernel list -o hyperthreadingMitigation
8. Check current values.
esxcli system settings kernel list -o hyperthreadingMitigationIntraVM
9. Enable ESXi Side-Channel-Aware Scheduler.
esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
esxcli system settings kernel set -s hyperthreadingMitigationIntraVM -v FALSE
10. Reboot the host.
0 Comments
Suggested Videos
The possibilities of AI/ML Technology are vast, but it is essential to understand its potential security risks. By understanding the risks and taking the necessary steps to protect against AI/ML-focused cyberattacks, organizations can minimize the c…
In this article we will see how Identity and Access Management plays a key role any enterprise-level database management system.
