Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000187489

VxRail: Information on VMSA-2021-0010 and VxRail environments

Summary: This article will outline the response from VxRail Engineering to the security issue described in VMware Security Advisory VMSA-2021-0010 and recommendations to fix or mitigate against the issue ...

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Instructions

VMware have published information on a serious security issue with a number of vCenter plugins as described in VMSA-2021-0010. For more information on this issue refer to the following VMware articles:
VxRail Appliance Software releases are available with the updated vCenter builds which fixes the issue. Details on these releases can be found below.

 

VxRail environments with VxRail deployed/managed vCenter

This issue has been resolved in the following VxRail Appliance Software releases:
  • VxRail Appliance Software release 4.5.461
  • VxRail Appliance Software release 4.7.531
  • VxRail Package Software release 7.0.201

If you have deployed the previous recommended workaround to disable the VMware vSAN H5 client plugin then you must revert those changes after upgrading to the VxRail Appliance Software release which contains the fix for VMSA-2021-0010. The procedure to revert change and enable the VMware vSAN H5 client plugin is outlined in the following VMware KB article:
How to Disable VMware Plugins in vCenter Server (83829)

 

Workaround for the issue described in VMSA-2021-0010 

For customers with a VxRail deployed/managed vCenter the recommendation to mitigate against the issue is to upgrade to the appropriate VxRail Appliance Software release which contains the fix.

For customers who are not in a position to upgrade to a VxRail Appliance Software release with a fix. There is an alternative temporary workaround in disabling the VMware vSAN H5 client plugin to avoid the issue described in VMSA-2021-0010. The procedure to disable the plugin is outlined in the following VMware KB article:
How to Disable VMware Plugins in vCenter Server (83829)

When you have upgraded to a VxRail Appliance Software release with the the fix then you will need to revert the changes outlined in the article after upgrading. This procedure to revert the workaround is also covered in the same article.

As outlined in the above VMware KB disabling the vSAN H5 plugin will have the following impact:
  • vSAN will continue to function normally, and vSAN related alarms will continue to trigger for any events in the environment. These features are not dependent on the vSAN H5 plugin.
  • The vSAN sections in the Monitoring and Configuration tabs in the vCenter UI will be unavailable, and thus you cannot make changes to the existing vSAN configuration.
  • The Skyline/vSAN Health UI interface will be unavailable but the underlying logic monitoring the environment is still functional.
VxRail Manager will continue to receive alarms and other events from the vSAN Health Service on vCenter (this is a separate service from the vSAN H5 plugin). Thus it will continue to report any VXR0xxxx alarms related to traditional vSAN related events or issues. There will also be no issue reporting issues through Secure Remote Services (SRS).

Note: If there is a critical issue with vSAN then the plugin may need to be temporarily enabled to assist with troubleshooting and quicker resolution. When the issue has been fixed the plugin can be disabled again. In this scenario vCenter will be exposed to the vulnerability as described in VMSA-2021-0010 while the plugin is enabled.

 

VxRail environments with customer/external managed vCenter

For customers with their own managed or external vCenter then the recommendation is to upgrade to the latest version with the fix for your major version of vCenter (such as 6.5, 6.7, 7,0 etc.). The vCenter versions/builds with the fix are outlined in the VMSA-2021-0010 official advisory KB article referenced above.

For more information on compatibility between vCenter and VxRail Software Appliance releases see the following KB:
VxRail: VxRail and external vCenter interoperability matrix (157682)

 

VMware Cloud Foundation on Dell EMC VxRail and APEX Hybrid Cloud

For customers with VMware Cloud Foundation/APEX Hybrid Cloud on Dell EMC VxRail details on fixes are outlined in the VMSA-2021-0010 official advisory KB article reference above. vCenter upgrades in VMware Cloud Foundation are managed by its internal Lifecycle Management interface in SDDC Manager.

For more information on VxRail Engineering's recommendation regarding this issue and VMware Cloud Foundation see the following KB:
Dell EMC VCF on VxRail: Information on VMSA-2021-0010 (188543)

Article Properties

Affected Product

VxRail, VxRail Appliance Family, VxRail Appliance Series, VxRail Software

Product

VxRail E560 VCF, VxRail E560F VCF, VxRail E560N VCF, VxRail G560 VCF, VxRail G560F VCF, VxRail P570 VCF, VxRail P570F VCF, VxRail P580N VCF, VxRail S570 VCF, VxRail V570 VCF, VxRail V570F VCF

Last Published Date

30 Aug 2022

Version

21

Article Type

How To

Back to Top