CloudPhysics Detects Heartbleed Bug in vCenter

CloudPhysics provides an interesting SaaS offering that watches over your vSphere environment for a number of reasons: performance monitoring, configuration drift, what-if scenarios to migrate your workloads, and so on. Because I run the Community Edition of CloudPhysics in my lab, I will occasionally get messages about improving the virtualized environment.

One email that caught my eye was related to the Heartbleed Bug. Although no longer something that is piping hot on the news rags, I still think it’s a relevant bit of information to receive.

My vCenter needs a patch
My vCenter needs a patch

That’s rather cool and helpful, right? It later goes on to state that my ESXi hosts are fine and patched already, and that my current issue is focused on the version of vCenter. This makes sense – I have been too lazy to bother upgrading the vCenter Server in the lab, which is only available via my home network anyway. But in a production or pre-production environment, I’d probably want to know about this and remediate it as soon as possible. I think it’ll be especially interesting to receive future alerts like this from CloudPhysics and other vendors that have data on an environment and can scrub it against vulnerabilities and KB alerts.

If you haven’t already, I’d advise giving the folks at CloudPhysics a spin using their free trial option. If you’re OK with limiting your report results to things like VM snapshots, guest tools, NTP settings on the hosts, vMotions, and some other tools, the Community Edition should be plenty to keep you busy. Otherwise, the Premium Edition is available on a per-host basis with an annual subscription.

As a bonus, here’s a view of my tools report.

A look at VMware Tools status in the lab
A look at VMware Tools status in the lab