Apache Struts 2 vulnerability and vCenter

News came out last week about the Apache Struts 2 vulnerability. There are numerous products affected by this vulnerability, but on the VMware side you have Horizon DaaS, vCenter, VROps and Hyperic. This is listed as a Critical severity.

On the vCenter side, this is for the virtual appliance and the Windows version of vCenter for 6.0.x and 6.5.

The question came up, is it a specific build of vCenter 6.0.x? If you look at KB 2149434 it lists 6.0.x. There is no 6.1 version of vCenter. VMware vCenter only has updates 1 through 3. VMware went directly from 6.0.x to 6.5. VMware only has a work around for now until they come out with a patch.

Storage adapter best practices and Tintri

I recently had a coworker come to me with a stack of articles on configuring adapters for storage arrays. He is new to Tintri and didn’t know about the best practice feature added in to the web plugin.

Did you know, that in the web plugin there is a feature to set the best practices for each host connected to Tintri storage? Once your storage is mounted to a host, you can apply the best practices to the host. This is not a new feature, it has been around for  while and works with all models of Tintri storage. It is just not common to see vendors offer such a feature. Most often when you get one of the big storage vendors, it require consulting hours to fine tune the array and hosts connected.

Page 12 of the admin guide explains how it works. In later 2.x versions the function may move around in the web client.