VMSA-2023-0007.1 | Upgrading VMware Aria Operations for Logs from 8.10.2 to 8.12.0

By Lerpong Intaraworrapath | September 7th ,2023

The version of the VMware Aria Operations for Logs (previously VMware vRealize Log Insight) program running on the remote system is 8.10.2. As a result, it is vulnerable to a remote code execution vulnerability caused by dangerous deserialization. An unauthenticated, a threat actor with network access to VMware Aria Operations for Logs can exploit this to execute arbitrary code as root.



The issue has been fixed on VMware Aria Operations for Logs 8.12.

How can you update VMware Aria Operations for Logs from 8.10.2 to 8.12.0?

*In this article, we will upgrade a VMware Aria Operations for Logs cluster of three nodes.

1.Download the VMware Aria Operations for Logs version 8.12.0 update file.


  • VMware Aria Operations for Logs 8.12 – Upgrade Package
  • VMware-vRealize-Log-Insight-8.12.0-21696970.pak
  • File size: 742.68 MB

2.Take a snapshot of three nodes in VMware Aria Operations for Logs.

3.Log in to VMware Aria Operations and navigate to “Configuration” and “Cluster“.


5.Cluster upgrade can only be performed when connected directly to the primary node.

6. You may navigate to “Configuration” and “Cluster” on the primary node, then click “UPGRADE CLUSTER” and choose an upgrade file..

7.Click “UPGRADE

8.Click “ACCEPT“.

This image has an empty alt attribute; its file name is Screen-Shot-2566-09-05-at-13.05.09-1024x875.png

9.Upgrade Log Insight is now progress. (Do not refresh or leave this page)

10.One node of the VMware Aria Operations for Logs cluster has been successfully upgraded.

11.Log in to VMware Aria Operations for Logs master node to verify upgrade status.

  • Node 1 has been completed.
  • Node 2 has been completed.
  • Node 3 has been completed.

12.VMware Aria Operations for Logs has been updated successfully

13.Log in to VMware Aria Operations to verify the version.

14.Check the dashboard and additional integrations.





Failed to deploy OVF package Throwable with Proxy enable

By Lerpong Intaraworrapath | July 11th ,2023

After upgrading vCenter Server from 7.0U2 to 7.0U3, I encountered an issue with my customer. They attempted to use vCenter Server to deploy an OVA file. They discovered the following error:

Failed to deploy OVF package.ThrowableProxy.cause A general system error occurred: Transfer failed: Invalid response code: 400, note that HTTP/s proxy is configured for the transfer

vCenter Server version build 21477706

Below are some additional workarounds.

Option 1 – Deploy through vSphere ESXi host

1.Login directly through vSphere ESXi host.

2.If you connect with your FQDN and you will still be unable to deploy the OVA file. Change the vSphere ESXi host login to an IP address and try again to deploy the OVA file.

Option 2 – Disable proxy setting in vCenter Server

1.In a Web browser, go to the vCenter Server Management Interface, https://appliance-IP-address-or-FQDN:5480.

Note:If you need to make changes to vCenter Server, we recommend taking a snapshot.

2.Login as root.

3.Go to the Networking section.

4.Click EDIT under the Proxy Setting section.

5.Uncheck both HTTPS and HTTP proxy enabled and click SAVE.

6.The OVA file will be successful.

However, we discovered a new issue in which we were unable to enable the proxy and input the proxy server into the proxy settings.

7.We follow the VMware KB81565 to bring proxy configuration back to vCenter Server.

7.1)Change the HTTPS PROXY settings.

7.2)We make a backup of the proxy file.

7.3)Change the /etc/sysconfig/proxy file. Change the HTTPS_PROXY line to update the value from https to http:




Note: The proxy URL is determined by your proxy server.

7.4)If you are using a version previous to 7.0 U1, restart the VCSA.Otherwise, use the command to restart services, then logout and log back in:

# service-control --stop --all && service-control --start --all

If the problems persist, we recommend submitting a support request to the VMware support staff.

Announcing VMware Cloud Foundation 5.0

By Lerpong Intaraworrapath | June 30th ,2023

VMware Cloud Foundation 5.0 is now available, as announced by the VMware Cloud Foundation team. This important platform update adds scalability, security, and other critical advancements to handle cloud scale infrastructure as a service (IaaS), easier on-premises cloud deployment, and enhanced cyberattack protection.

Software Building Blocks for the Private Cloud

  • SDDC Manager 5.0 (Cloud Builder 5.0)
  • vSphere 8.0 U1a (ESXi 8.0 U1a, vCenter 8.0 U1a)
  • vSAN 8.0 U1a (vSAN Witness 8.0 U1a)
  • NSX 4.1
  • vRealize Suite Lifecycle Manager* 8.10 Patch 1

SDDC Manager Enhancements

VMware Cloud Foundation 5.0 includes a new capability called Isolated SSO Workload Domains, allow administrators the option to configure new workload domains using a separate Single Sign On (SSO) instance.
This scenario is useful for large enterprises that need workload isolation and for Managed Service Providers (MSPs) who can allocate workload domains to different tenants with their own SSO domains.  Isolated SSO domains are each configured with their own NSX instance. The added benefit is that configuring workload domains as an isolated workload domain also allows the option to configure a separate identity provider (Active Directory or LDAP).

Workload Domain Scaling also increases when using isolated workload domains from 15 to 25 workload domains within a single VMware Cloud Foundation instance. Note that workload domains configured to use the shared management domain SSO are still limited to a maximum of 15 domains.  Additional scaling is made possible through the parallelization of tasks in order to reduce the time to add Workload Domains within a VMware Cloud Foundation instance.

VMware Cloud Foundation Platform and Scaling Enhancements

When one considers all of the new capabilities delivered within VMware Cloud Foundation 5.0, the platform and scale enhancements are probably the most highly anticipated customer feature requests, especially as they continue to scale their production of VMware Cloud Foundation environments.  It is also important to emphasize that upgrades to VMware Cloud Foundation 5.0 are direct, customer led skip-level upgrades from VMware Cloud Foundation versions 4.3, 4.4 and 4.5.

More resources









VMSA-2023-0012 | Aria Operations for Networks (Formerly vRealize Network Insight)

By Lerpong Intaraworrapath | June 15th ,2023

Critical severity

Impacted Products

Aria Operations for Networks (Formerly vRealize Network Insight)


CVE-2023-20887, CVE-2023-20888, CVE-2023-20889


VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-20887, CVE-2023-20888, CVE-2023-20889)


Multiple vulnerabilities in Aria Operations for Networks were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Aria Operations Networks6.xAnyCVE-2023-20887, CVE-2023-20888, CVE-2023-208899.8, 9.1, 8.8CriticalKB92684NoneN/A


Fixed Version(s) and Release Notes:

VMware Aria Operations for Networks 6.x HF: KB92684

Change Log

2023-06-07 VMSA-2023-0012

Initial security advisory.

VMware Security Advisories



VMSA-2023-0007 | VMware Aria Operations for Logs (formerly vRealize Log Insight)

By Lerpong Intaraworrapath | May 27th ,2023

Critical severity

Impacted Products

VMware Aria Operations for Logs (formerly vRealize Log Insight).


CVE-2023-20864, CVE-2023-20865


VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)


Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products

Response Matrix

ProductVersionRunning OnFixed VersionWorkaroundsAdditional Documentation
VMware Aria Operations for Logs (Operations for Logs)8.10.2, 8.10, 8.8.x,
VMware Cloud Foundation (VMware Aria Operations for Logs)4.xAnyKB91865KB91865KB91831

Change Log

2023-04-20 VMSA-2023-0007

Initial security advisory

VMware Security Advisories



All products in the cloud management family have been rebranded “VMware Aria”.

By Lerpong Intaraworrapath | April 24th, 2023

VMware has announced the official renaming of all products in our cloud management family to VMware Aria.

What is VMware Aria?

A unified management solution for cloud native applications and multi-cloud.

VMware Aria, a multi-cloud management portfolio that provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and applications. Expressly designed for the operational challenges of cloud-native applications and public cloud environments, VMware Aria truly delivers a wholly new perspective on multi-cloud management. 

The VMware Aria Product List

Previous NameNew Name
vRealize Automation / CloudVMware Aria Automation
VMware Cloud AssemblyVMware Aria Automation Assembler
VMware Service BrokerVMware Aria Automation Service Broker
VMware Code StreamVMware Aria Automation Pipelines
VMware Cloud TemplatesVMware Aria Automation Templates
vRealize OrchestratorVMware Aria Automation Orchestrator
vRealize Automation SaltStack ConfigVMware Aria Automation Config
vRealize Automation SaltStack SecOpsVMware Aria Automation for Secure Hosts
CloudHealth Secure StateVMware Aria Automation for Secure Clouds
vRealize Operations / CloudVMware Aria Operations
vRealize Log Insight / CloudVMware Aria Operations for Logs
vRealize Network Insight / CloudVMware Aria Operations for Networks
Tanzu Observability by WavefrontVMware Aria Operations for Applications
vRealize True Visibility SuiteVMware Aria Operations for Integrations
CloudHealthVMware Aria Cost powered by CloudHealth
vRealize Cloud UniversalVMware Aria Universal Suite
vRealize SuiteVMware Aria Suite
vCloud SuiteVMware vCloud Suite
CloudHealth by VMware SuiteDiscontinued Name
CloudHealth Partner PlatformDiscontinued Name – see Aria Cost powered by CloudHealth
Platform & Cross-Cloud Services
Project EnsembleVMware Aria Hub
NewVMware Aria Graph
vRealize Migration ManagerVMware Aria Migration
vRealize Automation Cloud GuardrailsVMware Aria Guardrails
Project Ensemble InsightsVMware Aria Business Insights
SkylineVMware Skyline
vRealize Suite Lifecycle ManagerVMware Aria Suite Lifecycle
vRealize Cloud Subscription ManagerVMware Aria Hub Subscription
vRealize AI CloudDiscontinued Name – functionality now part of Aria Hub


Please see the links listed below for further information about VMware Aria and the portfolio products.

What’s in a Name? Multi-Cloud Management and VMware Aria

Introducing VMware Aria

VMware Aria Hub powered by Aria Graph

Aria Hub Free Tier

Upgrading VMware Aria Operations for Logs from 8.6.2 to 8.10.2 using VMware Aria Suite Lifecycle 8.10.0

By Lerpong Intaraworrapath | March 27th, 2023

In this article, we will demonstrate you how to upgrade VMware Aria Operations for Logs (formerly vRealize Log Insight) version 8.6.2 to 8.10.2 using VMware Aria Suite Lifecycle (formerly vRealize Suite Lifecycle Manager) version 8.10.0.


The VMware Aria Suite Lifecycle version must be supported in order to upgrade of VMware Aria Operations for Logs to version 8.10.2.

VMware vRealize Suite Lifecycle Manager 8.10.x Release Notes

VMware vRealize Suite Lifecycle Manager 8.10.x Product Support Pack Release Notes

As suggested by the support pack, you must upgrade pack for VMware Aria Suite Lifecycle to pack 6 (alternatively you may update to the most recent support pack).

Noted: Whenever possible, we recommend upgrading the pack to the newest version.

Noted: In this article, we had upgraded VMware Aria Suite Lifecycle to 8.10.0 Pack7

We can see from the upgrade path that VMware Aria Operations for Logs 8.6.2 requires an update to 8.8.2 and subsequently to version 8.10.2.


vRealize Log Insight 8.10.2 Release Notes


To reduce the upgrading procedure and internet connection from VMware Aria Suite Lifecycle, we downloaded 2 ISO images for VMware Aria Operations for Logs versions 8.8.2 and 8.10.2.



Step-by-Step instruction how to upgrade VMware Aria Operations for Logs

1.After downloading VMware Aria Operations for Logs iso images for versions 8.8.2 and 8.10.2. We transferred the image to the /data/temp directory of the VMware Aria Suite Lifecycle appliance.
Note: VMware recommends SCP protocol to transfer the file to the appliance. Tools such as winscp can also be used to transfer the file to the appliance.

2.Login to VMware Aria Suite Lifecycle, click “Environment” and then pick “vRealize Log Insight” to verify the version.

3.Choose “Setting” then “Binary Mapping” to confirm the product appear in the Binary Mapping list.


5.Choose “Local” as the location type. Enter “/data/temp” in the base location and press “DISCOVER“.

6.The list of product binaries will show below. Tick the box next to “VMware-vRealize-Log-Insight-8.8.2-20056468.pak” and type “upgrade” and then click “ADD“.

7.You can see the status of product mapping request by “Click here“.

8.Step 4 should be repeated to include “VMware-vRealize-Log-Insight-8.10.2-21145187.pak” and enter “upgrade”.

9.There will be 2 files in binary mapping upgrade for VMware Aria Operations for Log.

10.Log in to VMware Aria Operations for Log to check the version and the status of the cluster (3 nodes’ statuses must be displayed as connected.).

11.Back to VMware Aria Suite Lifecycle and, after choosing “Environment,” click “VIEW DETAILS” in vRealize Log Insight.

12.Choose “Trigger Inventory Sync” by clicking the 3 dots.

13.Wait until the sync is complete.

14.Back to VMware Aria Suite Lifecycle and, after choosing “Environment,” click “VIEW DETAILS” in vRealize Log Insight.

15.Select “UPGRADE“.

16.Click “PROCEED“.

17.Choose version 8.8.2 from the drop down menu.

18. Click the box to take a snapshot and then click “NEXT“.

19.Click “RUN PRECHECK“.

20.Read the “PRECHECK” report to check if there are any warnings or errors (you may download the report).

21.Read the upgrade summary and then click “SUBMIT“.

22.Upgrade in progress and wait from stage 1 to stage 10.

23.Login to VMware Aria Operations for Logs to view status and version.

24.Following the completion of the upgrade from 8.6.2 to 8.8.2, the next stage will be to upgrade from 8.8.2 to 8.10.2.

25.Repeat the step 15 and proceed to choose version 8.10.2.

26.Login to VMware Aria Operations for Logs to view status and version.

Guidance and Technical Recommendations.

vRealize Log Insight provides intelligent log management for infrastructure and applications in any environment. This highly scalable log management solution delivers intuitive, actionable dashboards, sophisticated analytics, and broad third-party extensibility across physical, virtual, and cloud environments. Update to the newest version to take advantage of new features, improve security, and get support for a new product.

VMSA-2022-0034 | Fixed version for VMware vRealize Operations (vROps) 8.6.x by KB90232

By Lerpong Intaraworrapath | March 7th, 2023

VMware issued a security alert for VMware vRealize Operations (vROps) due to the VMSA-2022-0034 severity. According to the advisory, VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708).


To remediate CVE-2022-31707 apply the fixes listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware vRealize Operations (vROps)8.10AnyCVE-2022-31707, CVE-2022-317084.4, 7.2Important8.10.1N/AN/A
VMware vRealize Operations (vROps)8.6.xAnyCVE-2022-31707, CVE-2022-317084.4, 7.2ImportantKB90232N/AN/A

In this article, we will demonstrate how to apply patching from KB90232 in VMware vRealize Operations version 8.6.4.

Important: Take snapshots of each of the vRealize Operations nodes before applying the Hot Fix by following How to take a Snapshot of vRealize Operations.

Step-by-Step Instructions for Applying a Patch

1.Take a snapshot of the vROps node to which we want to apply the patch (How to take a Snapshot of vRealize Operations.).

2.Download the vRealize Operations 8.6 Hot Fix 8 PAK file from the VMware Patch Portal.


3.You will proceed to the “Product Patches” page.

4.Choose the product and version, then press the “Search” button.

Product: vRealize Operations Manager
Version: 8.6

5.The “vROps-8.6-HF8” will be shown. Verify and validate the KB90232 patch file, then click “DOWNLOAD NOW.”.

6.Once the file download and snapshot have been completed, Log in to the vRealize Operations Manager administration interface


7.Click “Software Update“.

8.Click “Install a Software Update“.

9.Go through the pack file you already downloaded.

10.Click “UPLOAD” after you’ve browsed the pack file.

11.The pack file had been uploaded. Click “NEXT”.

12.To accept the EULA, tick the box, then click “NEXT“.

13.After reading the release notes, click “NEXT”.

14.To install software, Click “INSTALL”.

15.The Administrator interface logs you out. Return to the primary node Administrator interface. In the left side, click Software Update. The update patch status will be shown.

16.Waiting for the pack to be installed.

17.Refresh the page. The cluster status is changed to Online.

18.Once the upgrade is finished, delete the snapshots you took prior to the software update.

Guidance and Technical Recommendations.

VMware security advisory with critical security severity for VMware vRealize Operations was released. A major vulnerability was discovered in VMware vRealize Operations. Using administrator rights in the vROps application, a malicious actor can get root access to the underlying operating system. We advise applying the patch or upgrading to the patched version to preventing a malicious attacker from accessing critical information in the vROps.

vCenter Server warning Storage “File system /storage/log is low on storage space” – Expand disk.

By Lerpong Intaraworrapath | 26th January 2023

In this article, we are planning to upgrade vCenter Server appliance version build number 18455184 (vCenter Server 7.0 Update 2d) to vCenter Server 7.0 Update 3g ( build number 20150588 or higher.

Before upgrading vCenter Server, we must first check its health status by logging onto

User: root
Password: xxxxx

After login to vCenter Server appliance, go to summary and check on the “Health Status”.

We discovered that “Overall Health” displays a yellow alert warning on “Storage“.

Expand “Storage“, we found alert show “File system /storage/log is low on storage space increase the size of disk /storage/log

Go to “Monitor“, then “Disks“, and see which hard disks have alerts.

Hard drive 5 (log) has a utilization rate of more than 80%.

Run “df-h” command to display file system disk space statistics in “human-readable” format.

Return to the vCenter Server web client. There was no snapshot on the vCenter Server appliance.

Right-click vCenter Server and choose “Edit Settings“.

Select Hard disks and expand Hard disk 5.

We will increase the size of hard disk 5 from 25 GB to 30 GB and then click OK.

Log in to the vCenter Server Appliance through SSH.

User: root
Password: xxxx

Run this command to expand any logical volumes whose physical volumes have been increased (https://kb.vmware.com/s/article/2145603).


Scripts will scan and expand disk volumes.

Logical volumes had been resized successfully.

Waiting for the procedure to complete.

Run df-h command to display file system disk space statistics in “human-readable” format.

Log in vCenter Server appliance VAMI page.


View the hard drive’s disk space of hard disk 5

The usage rate of hard disk 5 (log) is less than 80%.

The summary page indicates that the health status is good, and you can proceed to upgrade vCenter Server.

How to Resolve vCenter Server appliance 7.x- Expired Machine SSL Certificate?

By Lerpong Intaraworrapath | 15th September 2022

When we use the vSphere Web Client to connect to vCenter Server appliance 7.x. We are unable to access with the message “HTTP Status 500 – Internal Server Error.

Steps to resolving these issues.

1.SSH into the vCenter Server appliance.

2.To see the status certificate expiration date, use the command below.
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done

3.You will see an output similar to:

4.As you can see, the Machine SSL certificate expires on September 1 06:40:37 2022 GMT.

5.The Name, Hostname and VMCA values should match the PNID of the Node where you are replacing the Certificates. PNID should always match the Hostname. In order to obtain the PNID please run these commands:
/usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost

6.Run command below to replace “Machine SSL certificate”.

7.You will have the option to replace or reset the certificate with in output.

Please keep in mind that this command may be used with both vCenter Server appliances 6.x and 7.x.

8.To replace Machine SSL certificate with VMCA Certificate, we choose option 3.

9.Provide credential

10.Enter these values as prompted by the VMCA (See Step 5 to confirm the Name/Hostname/VMCA):

11.To proceed, answer Yes (Y) to the confirmation request.

12.Wait till the status is 100% completed.

13.Re-run command to check Machine SSL certificate
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done

14.Machine SSL certificate has been updated to August 31 12:14:11 2024 GMT.