6.4
Table Of Contents
- VMware vRealize Operations for Horizon Security
- Contents
- VMware vRealize Operations for Horizon Security
- Managing RMI Communication in vRealize Operations for Horizon
- Changing the Default TLS Configuration in vRealize Operations for Horizon
- Managing Authentication in vRealize Operations for Horizon
- Index
2 In a text editor, open the msgserver.properties le.
Platform File Location
Linux
/usr/lib/vmware-
vcops/user/plugins/inbound/V4V_adapter3/work/msgserver.prop
erties
Windows
C:\vmware\vcenter-
operations\user\plugins\inbound\V4V_adapter3\work\msgserver
.properties
3 Modify the properties for the RMI service ports that you want to change.
4 Save your changes and close the msgserver.properties le.
What to do next
Open the new RMI service port or ports on the vRealize Operations Manager rewall. See “Update the
vRealize Operations Manager Firewall,” on page 10.
Update the vRealize Operations Manager Firewall
If you change the default port for an RMI service, you must open the new port on the
vRealize Operations Manager rewall.
Note If the Horizon adapter is running on a remote collector, see the documentation for the rewall on the
remote collector node for information about updating the rewall.
Procedure
1 On the cluster node where the Horizon adapter is running, use a text editor to open the vmware-vcops-
firewall.conf le.
2 Update the appropriate ports in the vmware-vcops-firewall.conf le and save the le.
3 Restart the rewall service to make your changes take eect.
service vmware-vcops-firewall restart
RMI Considerations for Remote Collector Use
vRealize Operations Manager can use remote collectors to improve performance and scalability in
environments that have multiple data centers. A remote collector can be installed on Windows or Linux and
can host one or more adapter instances. This conguration enables data collection to be distributed across
multiple datacenters.
The use of remote collectors has several serious security implications.
n
To connect the remote collector to vRealize Operations Manager, you must publically expose the RMI
interface of vRealize Operations Manager. No authentication is performed on connections to this
interface. An aacker can use this interface to retrieve arbitrary data, send rogue data, and potentially
take control of vRealize Operations Manager.
n
The connection between the remote collector and vRealize Operations Manager is not encrypted. An
aacker can sni the network and gain access to data sent from a View adapter instance to
vRealize Operations Manager.
n
Conguration data that is sent from vRealize Operations Manager to the adapter instances on the
remote collector is not encrypted. An aacker can sni the network to gain access to the conguration
information for any View adapter instance on the remote collector. This vulnerability includes, but is
not limited to, the vRealize Operations for Horizon server key as well as vCenter Server credentials that
the VMware adapter uses.
VMware vRealize Operations for Horizon Security
10 VMware, Inc.