Two vulnerabilities in VMware ESXi may lead to virtual Domain Controller compromise (Critical, VMSA-2020-0026, CVE-2020-4004, CVE-2020-4005)

Today, VMware released an update that addresses a use-after-free vulnerability in the XHCI USB controller (CVE-2020-4004) and a VMX elevation-of-privilege vulnerability CVE-2020-4005). Together these two vulnerabilities can be used to compromise virtual Domain Controllers running on ESXi. Note: The vulnerabilities exist in VMware Cloud Foundation, too. The two vulnerabilities were responsibly disclosed to VMware by … Continue reading "Two vulnerabilities in VMware ESXi may lead to virtual Domain Controller compromise (Critical, VMSA-2020-0026, CVE-2020-4004, CVE-2020-4005)"

Ten Things You should know about vCenter Identity Provider Federation

vCenter in VMware vSphere 7 introduces support for role-based access control (RBAC), based on standards-based federation. While this sounds fantastic, there are a couple of things you should know about this vCenter Identity Provider Federation feature, before you blindly implement it.   vCenter 7.0 or later The vCenter Identity Provider Federation feature is only available … Continue reading "Ten Things You should know about vCenter Identity Provider Federation"

VMware updated the patch for CVE-2020-3992 to completely address the Remote Code Execution Vulnerability (Critical, CVSSv3 9.8)

In October 2020, VMware published update VMSA-2020-0023 that claimed to fix the CVE-2020-3992 vulnerability in OpenSLP service in ESXi. OpenSLP is used for service location. This component has a use-after-free issue, that could allow a malicious person who has access to port 427 on an ESXi machine remote code execution. The vulnerability was rated with … Continue reading "VMware updated the patch for CVE-2020-3992 to completely address the Remote Code Execution Vulnerability (Critical, CVSSv3 9.8)"

vSphere 7’s vCenter Server Identity Provider Federation feature allows for MFA

In this series on virtualizing Active Directory on VMware vSphere, we’ve discussed earlier how to set up a straight-forward vCenter delegation model for running virtual Domain Controllers safely. Today, I want to discuss a new feature in VMware vSphere 7 that improves the lives of Identity and Access Management (IAM) professionals working with both technologies: … Continue reading "vSphere 7’s vCenter Server Identity Provider Federation feature allows for MFA"

The video of our Active Directory session at VMware VMworld 2020 is now available

VMworld is a global conference for virtualization and cloud computing, hosted by VMware. It is the largest virtualization-specific event. No wonder, I was pleased to announce my return to this awesome event. And now, you can enjoy Deji Akomolafe’s, Matt Liebowitz’s and my efforts in creating a demo-packed, full-featured version of the ‘Virtualize Active Directory … Continue reading "The video of our Active Directory session at VMware VMworld 2020 is now available"

Active Directory-related sessions at VMware VMworld 2020

VMware’s VMworld 2020 event kicks off in one week. For 2020, VMworld is organized differently to align with the new reality. Instead of multiple VMworld events, one virtual VMworld event is organized. This VMworld 2020  ‘Online Around the Globe’ event is held from September 29th to October 1st, 2020. The big advantage for you, is … Continue reading "Active Directory-related sessions at VMware VMworld 2020"

I’m speaking at VMware VMworld 2020

I’m pleased to announce that I will be delivering a 1-hour break-out session with Deji Akomolafe, Staff Solutions Architect at VMware and Matt Liebowitz, Staff Architect at VMware, at VMware VMworld 2020 on September 29th – October 1st, 2020.   About VMware VMworld VMworld is a global conference for virtualization and cloud computing, hosted by … Continue reading "I’m speaking at VMware VMworld 2020"

vSphere 7’s vMotion interface notifies for time differences between vSphere hosts

In the series Virtualizing Domain Controllers on vSphere, I explained the importance of proper time synchronization for virtualized Active Directory Domain Controllers and how to keep these Domain Controllers on trusted vSphere hosts only. Recent versions of the VMware Tools have time synchronization disabled by default. This means the reliance on proper time on vSphere hosts … Continue reading "vSphere 7’s vMotion interface notifies for time differences between vSphere hosts"

Building a straight-forward vSphere delegation model for running virtual Domain Controllers safely

When Active Directory Domain Controllers run as virtual machines on top of VMware vSphere, virtualization, storage and backups admins may be considered equal to enterprise admins in Active Directory, because they have the equivalent of physical access to Domain Controllers. Admittingly, you don’t want everyone to use root or administrator@vsphere.local to manage the virtualization platform, … Continue reading "Building a straight-forward vSphere delegation model for running virtual Domain Controllers safely"

Achieving Active Directory-as-a-Service with VMware vRealize Orchestrator

VMware’s vRealize Orchestrator is a product used by many virtualization admins to automate common tasks. Today, we’re looking at using vRealize Orchestrator to enable automation of common Active Directory tasks, so Active Directory admins may benefit from this solution using the publicly available blueprints for Active Directory.   About vRealize Orchestrator vRealize Orchestrator helps simplify … Continue reading "Achieving Active Directory-as-a-Service with VMware vRealize Orchestrator"