The other day I was working on a vCenter and had to evacuate the vCLS virtual machines from a failed cluster I was working on. If you are unfamiliar with this, here is the kb that explains how to do it. The short version is that you navigate to the cluster, capture the cluster id from the URL bar, and then add an advanced setting. After about a minute or less, the vCLS virtual machines should power off and be deleted.
Continue reading “Removing Advanced vCenter Server Settings”MyLab: Secure File Transfer Protocol (SFTP) Server
Overview
I am going to deploy and configure a Fedora 38 Server for Secure File Transfer Protocol (SFTP). This server will be used to backup VMware vCenter Server.
Continue reading “MyLab: Secure File Transfer Protocol (SFTP) Server”Advanced Deploy VMware vSphere® 7.x (11/16/2020)
Overview
These are notes I used to study for the exam.
Continue reading “Advanced Deploy VMware vSphere® 7.x (11/16/2020)”PowerCLI: Multiple Virtual Machines Script
Overview
When I test for DISA STIG compliance, I see that they test an individual machine. I like to make a script that can test or add properties to multiple machines at a time; I find this is much more efficient.
Continue reading “PowerCLI: Multiple Virtual Machines Script”VMware Aria Operations to Monitor VMware vSphere 7.0 STIG
Important!
Alert Symptoms and Definitions can be set up in Aria Operations, but they will not truly monitor the the virtual machine accurately unless the virtual machines have already been secured!
A lot of the settings in the STIG do not exist by default and therefore cannot be monitored with confidence. It is very important to use a hardened template to save a lot of work. If virtual machines already exist, but have not been secured, you can use the following script (PowerCLI: Multiple Virtual Machines Script) to cut down on the level of effort by tackling more than one virtual machine at a time.
Overview
VMware Aria Operations (formerly vRealize Operations) can be used to monitor and alert on VMware vSphere 7.0 STIG compliance. This is helpful for when the environment has already been secured, but during troubleshooting, or other maintenance, the security standards were relaxed and never re-applied. Compliance drifts from the baseline are common and hard to detect without some sort of monitoring system. VMware Aria Operations can alert staff and remind them to button up the security compliance.
Continue reading “VMware Aria Operations to Monitor VMware vSphere 7.0 STIG”MyLab: Group Policy Objects
Overview
This post will contain a listing of Group Policies, in no particular order, that I like to set up. For reference, I generally follow C_ for computer objects and U_ for user objects. If there is a policy that applies to both, I will use CU_.
I like to get these built before I add computer objects to the domain, but sometimes that does not happen. If you add a computer object before a policy is created, you can wait for the policy to apply by default, reboot the computer or server two times (one to obtain the policy and the other to apply), or force an update by using gpupdate
on the new computer or server.
MyLab: Domain Name System (DNS)
Overview
The Domain Name System, or DNS, service is probably one of the most critical services to run in a network. Setting it up in the best available configuration is just as important to ensure there is no downtime.
In my lab, I am running two Microsoft Windows Server 2022 guests with the Microsoft Active Directory Domain Services role installed. This also installs the DNS Server role.
Continue reading “MyLab: Domain Name System (DNS)”