vRealize Operations Manager 安全修補程式修復

背景：記錄一次安全同事在檢測中發現 vRealize Operations Manager 存在安全漏洞，需要整改修復，於是到VMware官網找到對應版本vRealize Operations Manager的最新安全修補程式下載並修復。

參考連結：vRealize Operations 8.4 Security Patch for VMSA-2021-0018 (85383) (vmware.com)

操作過程

升級前準備工作

注意：升級前先給vRealize Operations Manager所在虛擬機器器建立快照，防止修復失敗導致平臺不可用。

檢視vRealize Operations Manager當前版本（瀏覽器輸入vRealize Operations Manager的ip地址，回車，輸入admin賬號密碼登入）

升級過程工作

1.下載最新安全修補程式。

從 https://customerconnect.vmware.com/patch 下載vRealize Operations 8.4 Security Patch PAK檔案。（需要VMware賬號）

2.登入叢集主節點vRealize Operations Manager管理員介面(https://master-node-FODN-or-IP-address/admin)。

注意：這裡網址需要注意不能直接在瀏覽器輸入vROM的ip就開啟，需要ip地址加上admin(https://ip-address/admin)

3.單擊左側面板中的Software Update。

4. 在主面板上單擊「安裝軟體更新」。

5. 按照嚮導中的步驟定位並安裝PAK檔案。

6. 安裝產品更新PAK檔案。等待軟體更新完成。期間，管理員介面會將你登出。

根據提示，下一步下一步直到安裝就行。安裝修復過程約半個小時。

7. 重新登入主節點管理員介面。彈出「Cluster Status」主介面，叢集自動上線。狀態頁面還顯示「聯機」按鈕，但不要單擊它。

8. 清除瀏覽器快取，如果瀏覽器頁面沒有自動重新整理，請重新整理頁面。叢集狀態變為「線上」。當叢集狀態變為「線上」時，表示升級完成。(注意:在PAK檔案更新的安裝過程中，如果叢集失敗，狀態變為離線，那麼一些節點將不可用。要解決此問題，您可以存取「管理員」介面，手動使叢集離線，然後單擊「完成安裝」繼續安裝過程。)

9. 單擊「軟體更新」檢查更新是否完成。在主窗格中出現一條指示更新成功完成的訊息。

安全修補程式修復後，vRealize Operations Manager版本號。

官方解決方案

vRealize Operations 8.4 Security Patch for VMSA-2021-0018 (85383)

Important:

• Take snapshots of each of the vRealize Operations nodes before applying the Security Patch.  See How to take a Snapshot of vRealize Operationsfor more information.
• Download and run the attached APUAT-18484177.pak to run the Pre-Upgrade Readiness Assessment Tool for this Security Patch.  Follow vRealize Operations Pre-Upgrade Readiness Assessment Tools (67311)for the latest instructions.

Resolution

1. Download the vRealize Operations 8.4 Security Patch PAK file from the VMware Patch Portal.

Note: Select vRealize Operations Manager as the Product and select 8.4.0 as the version and click Search.
Select the option below.

2. Log in to the primary node vRealize Operations Manager Administrator interface of your cluster at https://master-node-FQDN-or-IP-address/admin.
3. Click Software Update in the left panel.
4. Click Install a Software Update in the main panel.
5. Follow the steps in the wizard to locate and install your PAK file.
6. Install the product update PAK file.
   Wait for the software update to complete. When it does, the Administrator interface logs you out.
7. Log back into the primary node Administrator interface.
   The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it.
8. Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
   The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.
   
   Note: If a cluster fails and the status changes to offline during the installation process of a PAK file update then some nodes become unavailable. To fix this, you can access the Administrator interface and manually take the cluster offline and click Finish Installation to continue the installation process.
9. Click Software Update to check that the update is done.
   A message indicating that the update completed successfully appears in the main pane.

Once the update is complete delete the snapshots you made before the software update.