Monday, April 21, 2014

Horizon Workspace 1.8.1 and Heartbleed patch

This day and age marks a great new release bound to get techies everywhere a mouth watering treat (no not that one). VMware released a patch for Horizon Workspace bringing the software to version 1.8.1!

Among numerous enhancements and fixes, this patch also includes an update to OpenSSL 1.0.1g which resolves the widespread vulnerability known as the Heartbleed Bug. You can check out the list of fixes in the Release Notes


Alongside this patch, you can apply a Heartbleed-only patch to your vApp if desired. If you're running Horizon Workspace 1.0, you must upgrade to at least version 1.5 to apply the Heartbleed fix manually. Likewise you can apply the Heartbleed fix to Workspace 1.8.0, but if you're taking the time to patch it, you might as well update to 1.8.1. See more info about that patch here: kb.vmware.com/kb/2076551


Applying the Heartbleed-Only fix (updating OpenSSL)


Applying the Heartbleed-only patch from the above KB, you should copy the RPM to somewhere on the Gateway-va (/tmp for example). I like to use WinSCP for copying files to and from my appliances. Then run the RPM and you will see it stop nginx and apply the patch:




You can always check the status of nginx afterward by running /etc/rc.d/nginx status

 

Per the KB, after running the OpenSSL fix you'll want to regenerate your SSL Certs. The steps are slightly different if you terminate SSL at the gateway-va vs a Load Balancer, so be sure to refer to the article.

 

You can find more details on the Heartbleed vulnerability here: www.vmware.com/security/advisories/VMSA-2014-0004.html

 

 

Updating Workspace 1.8.0 to 1.8.1
Be sure to check out the Release Notes


1. Take a snapshot of each appliance and the external DB VM
2. Login to the Configurator as root
3. Run /usr/local/horizon/lib/menu/updatemgr.hzn check and ensure you see the 1.8.1 update, then run /usr/local/horizon/lib/menu/updatemgr.hzn update
4.  Reboot the vApp.
NOTE: If you didn't apply the Heartbleed-specific patch above prior to updating to 1.8.1, then you must generate new SSL Certs and apply them to your gateway-va. See the post-installation steps outlined in kb.vmware.com/kb/2076551

<Screenshots coming soon>


Don't forget to also upgrade your Workspace Clients to 1.8.1!

If you have further queries or concerns about how Heartbleed could affect your Horizon View environment, take a gander at kb.vmware.com/kb/2076796  along with the VMware Security Advisories page.
Share:

Friday, April 18, 2014

Horizon Workspace 1.8.1 Client Update & Heartbleed bug

Last night VMware quietly released a patched Windows and OSX Client for Horizon Workspace 1.5 and 1.8 bringing the client to version 1.8.1. This client release includes an updated OpenSSL 1.0.1g. Alongside the release is a KB with the remediation steps for the Client regarding the pesky CVE-2014-0160 vulnerability.

You can continue to track the VMware advisory for this vulnerability here: http://www.vmware.com/security/advisories/VMSA-2014-0004.html

Get the downloads from the VMware Product Page.
Share:

Wednesday, April 9, 2014

Horizon 6 Announced



If you weren't able to attend the live webcast of the Horizon 6 announcement this morning, keep an eye on Twitter's @vmwarehorizon account for a link to watch it later.

Horizon 6 is the latest big news from VMware and is all the buzz for EUC land. There are a number of new features and capabilities that make this a very exciting release. Check out VMware's CTO announcement of it here: http://cto.vmware.com/introducing-horizon-6/?sf24825866=1

Sumit Dhawan, VP and GM of Desktop Products at VMware, frontlined the event and claimed Horizon 6 as an "Innovation Packed Release."

Horizon 6 will come in 3 flavors of licensing:

  1. View Standard - Simple, powerful VDI with great user experience
  2. Horizon Advanced - Cost-effective delivery of desktops and apps through a unified workspace
  3. Horizon Enterprise - Desktops and apps delivered with cloud automation and management
You can find more info in the Horizon 6 FAQ
Share:

Follow by Email