Installing vCenter Appliance 6.5

With the general availability (GA) release of vSphere 6.5 I decided to upgrade my home lab and learning environment to the latest and greatest of VMware’s product. Not only for learning, but for running the systems I use daily in my lab.

Preparation work:

  • Download and Install ESXi 6.5 to my new lab hardware – Configure ESXi 6.5
  • Download the VCSA 6.5 Installation media and start the install process – See below

I mounted the installation media (ISO) on my Windows notebook and started the installation by navigating to \vcsa-ui-installer\win32\ and starting the installer.exe application.

This will display the Center Server Appliance 6.5 Installer. Seeing how this install will be a new installation of vCenter I selected “Install”

Here you find a two step installation process. The first step will deploy a vCenter Server 6,5 appliance and the second step will be configuring this deployed appliance.

Accept the standard End User License Agreement (EULA) to move forward into the installation.

Next you select the type of installation you need for your environment needs. In my case I have chosen the embedded Platform Services Controller deployment.

Next, choose the ESXi host where you would like to have this vCenter appliance deployed and provide the root credentials of the host for authentication.

Then, provide a name for the vCenter appliance VM that is going to be deployed and set the root password for the appliance.

Based upon your environment size, select the sizing of the vCenter appliance. I went with Tiny as it fits the needs of my Lab environment. Note: It will configure the Virtual Appliance with 10GB of ram so be sure you can support this in yours.

Next, select the datastore where the vCenter appliance files need to reside.

Configure the networking of vCenter appliance. Please have a valid IP which can be resolved both forward / reverse prior to this to prevent any failures during installation.

Review and finish the deployment, and the progress for stage 1 begins. Upon completion, Continue to proceed to configure the appliance. This is stage 2.

The stage 2 wizard begins at this point. The first section is to configure Network Time Protocol (NTP) setting for the appliance and enable Shell access for the same.

Next configure an SSO domain name, the SSO password and the Site name for the appliance. Once the configuration wizard is completed you can login to the web client.

The following short video I made gives you an feel for the install process. Enjoy.

 

 

vSphere 6.5 release notes & download links

 

This weekend I had the fun of getting my hands and feet wet with installs of VMware’s ESXi 6.5 and vCenter 6.5. The links below should be useful to any of you looking to learn about the new release and download bits to install.

Release Notes:

Downloads:

Documentation:

Emoluments Clause

​Article I, Section 9, Clause 8: Emoluments Clause

Emoluments Clause. No Title of Nobility shall be granted by the United States: And no Person holding any Office of Profit or Trust under them, shall, without the Consent of the Congress, accept of any present, Emolument, Office, or Title, of any kind whatever, from any King, Prince, or foreign State.

Ref: https://www.archives.gov/founding-docs

Over 1 Million Google Accounts Hacked by ‘Gooligan’

As you know by now from the latest buzz. Over 1 Million #Google Accounts Hacked by ‘Gooligan’. Gooligan itself isn’t new, as its just a variant of  Ghost Push, a piece of Android malware

Researchers from security firm Check Point Software Technologies have found the existence of this malware in apps available in third-party marketplaces.

Once installed it then roots the phone to to gain system level access.  The rooted devices then download and install software that steals the authentication tokens that allow the phones to access the owner’s Google-related accounts without having to enter a password. The tokens work for a variety of Google properties, including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite

In a recent blog post by the folks over at Check Point:  http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

“The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages. After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server.

Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.

After achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad. The module allows Gooligan to:

  • Steal a user’s Google email account and authentication token information
  • Install apps from Google Play and rate them to raise their reputation
  • Install adware to generate revenue

Ad servers, which don’t know whether an app using its service is malicious or not, send Gooligan the names of the apps to download from Google Play. After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the C&C server.”

Android users who have downloaded apps from third-party markets can visit the Check Point blog post for a list of the apps known to contain Gooligan.

Also Check Point has released what is being called the Gooligan Checker web page to be used to check if you have been compromised by this latest threat.

 

 

Fix for Checkpoint VPN tunneling Option being grayed out on Check Point Endpoint Security Client

I noticed that my Windows VPN client on my computer was forcing all traffic through the gateway of my VPN endpoint. Something that in most cases would be find however this limited my ability to access local network resources in addition to browsing the internet via my local internet provider (Split Tunneling).

What I soon noticed was that I could not remove the setting that encrypted all traffic, routing it to the gateway

To make these changes to the client the following needs to be done.

Step 1: Modify configuration allowing for trac.config to be edited as its obscured for security purpose.

  1. Exit the Check Point Endpoint Security Client
  2. Stop the “Check Point Endpoint Security” service
  3. Edit c:\program files (x86)\checkpoint\endpoint connect\trac.defaults

Change the top line from:

OBSCURE_FILE INT 1 GLOBAL 0

to

OBSCURE_FILE INT 0 GLOBAL 0

Step 2:

  1. Start the “Check Point Endpoint Security” service
  2. Start the Check Point Endpoint Security client
  3. Verify that the c:\program files (x86)\checkpoint\endpoint connect\trac.config file is de-obscured.
  4. Shutdown the Check Point Endpoint Security Client
  5. Stop the “Check Point Endpoint Security” service
  6. Edit c:\program files (x86)\checkpoint\endpoint connect\trac.config

Search and edit the following line:

From: <PARAM neo_route_all_traffic_through_gateway=”false”></PARAM>

To: <PARAM neo_route_all_traffic_through_gateway=”true”></PARAM>

Step 3:

  1. Delete c:\program files (x86)\checkpoint\endpoint connect\trac.config.bak
  2. Start the “Check Point Endpoint Security” service
  3. Start the Check Point Endpoint Security Client

Notes: Pros and Cons of Split VPN you should know about

Pros

If you are going to split tunnel, then you are going to reduce the overall bandwidth impact on your Internet circuit. Only the traffic that needs to come over the VPN will, so anything a user is doing that is not “work related” will not consume bandwidth. In addition, anything external to your network that is also latency sensitive will not suffer from the additional latency introduced by tunneling everything over the VPN to the corporate network. Users will get the best experience in terms of network performance, and the company will consume the least bandwidth.

Cons

If security is supposed to monitor all network traffic, and protect users from malware and other Internet threats by filtering traffic, users who are split tunneling will not get this protection and security will be unable to monitor traffic for threats or inappropriate activity. Traffic to websites that use HTTPS will still be protected, but other traffic will be vulnerable.

Ref: https://www.cpug.org/forums/archive/index.php/t-14545.html

The PiDrive Foundation Edition Makes Installing Multiple Operating Systems on Your Pi Easy

Priced at right around what you’d pay for any other hard drive and SD card, at $28.99 for 250GB and $37.49 for 375GB.

The PiDrive Foundation Edition is essentially a hard drive that also comes with an SD card installer that lets you install and boot from multiple operating systems.
Source: Lifehacker

FAA tests antidrone tech at Denver International Airport – CNET Share 

Pretty glad the FAA is looking into this.

As a person who flies periodically I’m comforted to know that somebody’s investigating this and possibly putting it to an end.

https://www.cnet.com/news/faa-federal-aviation-adminstration-drones-airports-safety/#ftag=CAD590a51e

We Are America ft. John Cena | Love Has No Labels | Ad Council

Well said…

To love America is to love all Americans. John Cena takes a break between dropping body slams to drop some truth – that patriotism is more than pride of country, it’s love beyond labels.

While the vast majority of Americans consider themselves unprejudiced, many of us unintentionally make snap judgments about people based on what we see – whether it’s race, age, gender, religion, sexuality, or disability. The Love Has No Labels campaign challenges us to open our eyes to our implicit, or unconscious, bias and work to stop it in ourselves, our families, our friends, and our colleagues. Rethink your bias at www.lovehasnolabels.com.

Share your support for love and inclusion by creating your own #WeAreAmerica gif at www.lovehasnolabels.com

Microsoft and Code.org announce free Minecraft Hour of Code tutorial for Computer Science Education Week, Dec. 5–11 | News Center

https://news.microsoft.com/2016/11/15/microsoft-and-code-org-announce-free-minecraft-hour-of-code-tutorial-for-computer-science-education-week-dec-5-11/

vSphere 6.5 – vCenter High Availability (VCHA) Overview – Enterprise Daddy

http://www.enterprisedaddy.com/2016/11/vsphere-6-5-vcenter-high-availability-vcha/