Check and Modify Security Protocols in VMware Appliances(KB#00093)

Overview

It is just to centralize the configuration method of security protocols like TLS or SSL in all VMware appliances. VMware did a good job in documenting this process and I am just putting all in one view.  I will add the product in the list if I feel that it needs to be here.

For vCenter Server -

To check :

1. Connect with vCenter server appliance with SSH with its management IP address
2. Run below command#

#cd /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator/
#./reconfigureVC scan

Below is the sample output : TLS Version is TLSv1.2. It means that TLSv1.2 is enabled and any other version is disabled. 


To update in vCenter version 6.5 and 6.7:

Managing TLS protocol configuration for vSphere 6.5/6.7 (2147469) (vmware.com)

To update in vCenter version 7.x

Enable or Disable TLS Versions on vCenter Server Systems (vmware.com)


For vCD or VMware Cloud Director

To check :

1. Login vCD or cloud director appliance
2. Run below command#

#cd /opt/vmware/vcloud-director/bin
#./cell-management-tool ssl -protocols -l

Below is the sample output :


To update:

Note : It need downtime and need to update on each cell individually. So please shutdown the vCD services first before doing this. Follow this article for this vCD | Upgrade from version 9.5 to 10.1.2 ~ My vCloud Notes (vcnotes.in)

#./cell-management-tool ssl-protocols -d SSLv3,SSLv2Hello

Follow this VMware article to update 


For vRealize Automation 

To check and update, just follow this article

For vRealize Log Insight

Good article by vendor.

For NSX for vSphere (NSX-V)

Please see this documentation.

For ESXI Host

Worth to check this page here.

For vROPS

Please click here to check this.

0 Comments:

Post a Comment