Pages

Sunday 9 February 2014

VCSA Hardening

When you start to use VCSA you may think that it comes already secure enough. That's true, but... Always is a "but" and in this case is what you can do to protect VCSA additionally. VMware published Hardening Guide for vSphere 5.5 (Excel spreadsheet) and one of the tabs is about VCSA. There are only 3 recommendations:


  • Change Default Password. VCSA doesn't ask you to change root password during installation. Defaults are: user "root" and password "vmware". As we cannot add in Admin GUI a different user to administer VCSA, changing the root's password is the only option. Keep in mind that the password is required to be changed every 90 days. You can change a time interval as you wish or you can disable it. There is an additional field to enter an email address to send password expiration alerts.  



If you're interested in Hardening Guide for vSphere 5.5 (and not only) you should visit the following site:


Posted by at No comments:
Labels: , , , , ,

Friday 7 February 2014

How to add an additional NIC to vCenter Server Appliance 5.5 (VCSA)

The vCenter Server Appliance (VCSA) by default comes with one and only installed/configured vNIC. Sometimes there is a need to configure VCSA with additional one to allow connectivity on different virtual switches or networks.
As per my research, there's only some unofficial ways to this. A quick view into VCSA management web shows as only a single interface and no option or button to add subsequent one.

VCSA WebGUI -> Network ->Status

VCSA WebGUI -> Network ->Address
Theres a few articles found by Google referencing to vCSA v5.1, but not to 5.5 which I'm running. This was my starting point: http://vninja.net/virtualization/adding-secondary-nic-vcenter-5-1-appliance-vcsa/
I was not totally happy with all solution I found, so I scratched my head and realised  that we are talking about SuSE as an OS for VCSA!  If so, let's use old good YaST (Yet Another Setup Tool)! In this case YaST2.
OK, a first step is to add a vNIC to the configuration of VCSA's VM.

We see only a single vNIC present

A second vNIC has been added. We retain VMXNET3 as in the first one
Now is the time to log on to local console of VCSA as root.

Console's start screen
After the logon go to /inst-sys. There you'd find YaST2. Run it and navigate to Network Devices->Network Settings.

YaST2 Control Center initial screen

Our new vNIC will be easy to spot as it is 'Not configured'.

YaST2 Control Center - Network Settings

Let's focus on adding a static IP address. After entering all necessary fields (IP, subnet mask, hostname) press F10 to go next.

YaST2 Control Center - Network Card Setup

We will be back to Network Settings place. Press F10 to OK.
YaST2 Control Center - Network Settings

Networking configuration will be saved which takes a few seconds.
YaST2 Control Center - Saving Network Configuration

After a process of saving completes successfully, quit YaST2 and logoff from local console.
Now we can go back to VCSA Administration Web-GUI. Let's check what was changed on Networking tab.
vCSA WebGUI -> Network ->Status. Second interface is added
As you see we have now eth1 interface present and configured with IP address and mask we entered in YaST2.

VCSA Admin WebGUI -> Network ->Address
All the setting are present on Address tab as well and this in this place you can modify them as you need in the future.
This almost completes our exercise. Don't forget to test networking afterwards. A good idea is to make a snapshot of your VCSA before any manipulations.

Warning! This is my way of adding the second vNIC. I don't give any guarantee and I don't take any responsibility for what you do with your systems including VCSA.

Rafal

Posted by at 2 comments:
Labels: , , ,
Subscribe to: Posts (Atom)