Category Archives: Security

Security

Disaster Recovery for VMware View and vCloud Director

Leave a comment

Chris Colotti has written detailed instructions on vCloud Director Disaster Recovery

Creating DR solutions for vCloud Director poses multiple challenges. These challenges all have a common theme. That is the automatic creation of objects by VMware vCloud Director such as resource pools, virtual machines, folders, and portgroups. vCloud Director and vCenter Server both heavily rely on management object reference identifiers (MoRef ID’s) for these objects. Any unplanned changes to these identifiers could, and often will, result in loss of functionality. vSphere Site Recovery Manager currently does not support protection of virtual machines managed by vCloud Director.

Security

Changing VCVA SSL Certificates

Leave a comment

Michael Webster at Long White Virtual Clouds has a great post on changing the SSL certificates for the vCenter Server Virtual Appliance (VCVA):

…because the vCenter Server Virtual Appliance is Suse Linux Enterprise Server based you will have to be used to a Linux command line, using scp, and generally navigating around in order to successfully change your certificates. All operations will be done as root. The default password is vmware. Like in my previous articles regarding changing SSL Certificates I have included an example OpenSSL configuration file that you can use to generate your certificates.

The following directories on the VCVA contain SSL certificates in one form or another:

/opt/vmware/etc/lighttpd/

/etc/vmware-vpx/ssl

/usr/lib/vmware-vpx/inventoryservice/ssl

/usr/lib/vmware-vsphere-client/server/config

I will go through what needs to go where after I’ve given you what you need to create the certificates.

Security

Congress: Cyber Security & the Private Sector. FBI Hacked

Leave a comment

This week the House Energy & Commerce Subcommittee on Communications & Technology held hearings on how to address the cyber security threat and better implement private/public cooperation to mitigate the threat.  A question was raised about current laws and whether they hamper the private sectors’ ability to defend itself.  The Committee recognized the White House commission report on cyber security and its discussion on current law gaps (White House Cyber Security Policy Review).  At least in my opinion, the laws clearly hamper the private sectors’ ability to defend themselves.

Every time I lecture on my article, “Hacking Back In Self-Defense: . . .,” there is at least one or two people in the audience who argue that my theory is illegal. Is hacking back illegal? Yes, in some respects, and no in others.  It all depends.  I also receive pushback when I claim self-defense does exist in cyberspace. Regardless of where you stand on these issues, the discussion needs to be had and pushed down the road quickly. The naysayers do not provide solutions but only roadblocks. Attacks move at the speed of light and can severely damage and destroy companies. We need answers and solutions sooner rather than later.

Case in point, the FBI as they spoke to Scotland Yard about how to take down the Anonymous hacker group was hacked. Their 15 minute conversation was recorded by Anonymous and put out on the Internet. 

We are being challenged in cyberspace and must act now.  If you are interested in further discussion on tools and techniques for the private sector, attend a webinar on 16 Feb. titled, “Mitigative Counterstrike.”