6.4

2 In a text editor, open the msgserver.properties le.
Platform File Location
Linux
/usr/lib/vmware-
vcops/user/plugins/inbound/V4V_adapter3/work/msgserver.prop
erties
Windows
C:\vmware\vcenter-
operations\user\plugins\inbound\V4V_adapter3\work\msgserver
.properties
3 Modify the properties for the RMI service ports that you want to change.
4 Save your changes and close the msgserver.properties le.
What to do next
Open the new RMI service port or ports on the vRealize Operations Manager rewall. See “Update the
vRealize Operations Manager Firewall,” on page 10.
Update the vRealize Operations Manager Firewall
If you change the default port for an RMI service, you must open the new port on the
vRealize Operations Manager rewall.
Note If the Horizon adapter is running on a remote collector, see the documentation for the rewall on the
remote collector node for information about updating the rewall.
Procedure
1 On the cluster node where the Horizon adapter is running, use a text editor to open the vmware-vcops-
firewall.conf le.
2 Update the appropriate ports in the vmware-vcops-firewall.conf le and save the le.
3 Restart the rewall service to make your changes take eect.
service vmware-vcops-firewall restart
RMI Considerations for Remote Collector Use
vRealize Operations Manager can use remote collectors to improve performance and scalability in
environments that have multiple data centers. A remote collector can be installed on Windows or Linux and
can host one or more adapter instances. This conguration enables data collection to be distributed across
multiple datacenters.
The use of remote collectors has several serious security implications.
n
To connect the remote collector to vRealize Operations Manager, you must publically expose the RMI
interface of vRealize Operations Manager. No authentication is performed on connections to this
interface. An aacker can use this interface to retrieve arbitrary data, send rogue data, and potentially
take control of vRealize Operations Manager.
n
The connection between the remote collector and vRealize Operations Manager is not encrypted. An
aacker can sni the network and gain access to data sent from a View adapter instance to
vRealize Operations Manager.
n
Conguration data that is sent from vRealize Operations Manager to the adapter instances on the
remote collector is not encrypted. An aacker can sni the network to gain access to the conguration
information for any View adapter instance on the remote collector. This vulnerability includes, but is
not limited to, the vRealize Operations for Horizon server key as well as vCenter Server credentials that
the VMware adapter uses.
VMware vRealize Operations for Horizon Security
10 VMware, Inc.