As per VMware Advisory VMSA-2022-0034, there are multiple vRealize Operations (vROps) vulnerabilities reported to VMware.
For vulnerable VMware products, patches and updates are readily available.
The new release 10.8.1 resolves a few important security and functionality issues identified in the product and an added features:
- Resolves CVE-2022-31707 & CVE-2022-31708. A malicious actor with admin privileges in the vROps application can read sensitive information from the underlying operating system.
- vRealize Application Remote Collector
vRealize Application Remote Collector is not supported from vRealize Operations 8.10 and above. Migrate all Telegraf end points to cloud proxy before upgrading to vRealize Operations 8.10 and above.
- Granular Settings for Conservative Risk-Level
You can tune the level of conservativeness from one to five, with level 1 being the least conservative and level 5 being the most conservative. The default strength of conservativeness remains the same as in the previous releases and corresponds to level 3.
- Metrics and Properties Modifications
Metrics added in vRealize Operations 8.10
- Instanced Metrics
Instanced metrics are deactivated by default after deploying or upgrading to vRealize Operations 8.2 or later, and after importing a policy from older versions. To re-activate instanced metrics in vRealize Operations 8.2 or later, see KB 81119.
- Basic Authentication
Basic authentication using the REST API is deprecated and deactivated in vRealize Operations 8.10.1 new deployments by default. Instances that have been upgraded to vRealize Operations 8.10.1, will inherit the same properties before the upgrade. It is recommended that you use token-based authentication instead. If you still need to activate or deactivate basic authentication, see KB 77271.
- Active Directory Authentication Sources
Logging in to vRealize Operations with a short name will be successful only if the user name’s domain suffix matches the domain name specified in the Base DN option. Otherwise, the full user name with the domain suffix is required during login. For more information, see KB 68131
For the full list of new features and enhancements, please refer to https://docs.vmware.com/en/vRealize-Operations/8.10.1/rn/vrealize-operations-8101-release-notes/index.html
Upgrading vRealize Operations
Before proceeding with the update, it is essential to note the following:
|As part of the software update procedure, upgrading to vRealize Operations 8.10.1 resets out-of-the-box content.|
The default user-modified content, such as alert definitions, symptom definitions, recommendations, policies, views, dashboards, widgets, and reports, are ostensibly replaced by this. Before upgrading to vRealize Operations 8.10.1, you must clone or backup the content.
|While upgrading to vRealize Operations 8.10.1, the expected size of the /dev/sda for Photon OS is 20 GB (hard disk 1). For information about this requirement, see KB 75298|
|To see the supported direct upgrade path, refer to the Product Interoperability Matrix.|
|You can use vRealize Suite Lifecycle Manager 8.10 to perform the upgrade.|
|Before the update, use the Pre-Upgrade Assessment tool. You will receive a pre-upgrade assessment report with the suggested replacements in it. This tool gives you an examination of the impact of reducing metrics in different product versions.|
Running Pre-upgrade Assessment tool
- Download upgrade assessment tool : vRealize Operations 8.6 – Pre-Upgrade Readiness Assessment Tool ( Name of File: APUAT-220.127.116.1179730.pak, Size of File: 6.05 MB )
2. Log in to the master node vRealize Operations Manager Administrator interface of your cluster at https://master-node-FQDN-or-IP-address/admin.
3. Click Software Update in the left panel.
4. Click Install a Software Update in the main panel.
5. Follow the steps in the wizard to locate and install your PAK file. ( Check Install the PAK file even if it is already installed )
6. Install the Upgrade Assessment Tool.
7. Wait for the software update to complete.
8. Access to Pre-upgrade Readiness assessment report:
- Navigate to the Support > Support Bundles tab.
- Download the light support bundle that was generated from the installation of the Pre-Upgrade Readiness Assessment Tool.
- In the downloaded support bundle, open the cluster_timestamp_nodeaddress/nodeaddress_timestamp_nodeaddress/apuat-data/report/index.html file.
- A list of all potentially impacted user content is displayed in the Removed/Disconnected Metrics tab, while the system’s upgrade ability can be found on the System Validation Checks tab
- If there are any remediations suggested for “System Validation Checks” in the above step , run the pre-upgrade assessment tool again after remediation tasks are completed. This is to make sure that all the upgrade pre-requisites are met before proceeding to the next phase of upgrade.
- Proceed to the next phase ONLY after all remediation activities, if required, and all the system validation checks are green.
Upgrading to vROps 8.10.1 from vROps 8.10
- Log into the primary node vRealize Operations administrator interface of your cluster at
2. Click Software Update in the left pane.
3. Click Install a Software Update in the main pane. Follow the steps in wizard to locate and install your PAK file. ( Check Install the PAK file even if it is already installed ). This updates the OS on the virtual appliance and restarts each virtual machine.
4. Read the End User License Agreement and Update Information, and click Next.
5. Click Install to complete the installation of software update
6. Log back into the primary node administrator interface.The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it.
7. Clear the browser caches and if the browser page does not refresh automatically, refresh the page.The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.
Click Software Update to check that the update is done