Review system security

Ensure that the Converged Systems adheres to established security settings.

The upgrade does not change security for Converged Systems.
See the following links for important security considerations:

VMware vSphere 6.7 disables the TLS 1.0 and TLS 1.1 protocols for improved security.

Note: Some applications only support the older protocols. To revert to the less secure TLS 1.0 and TLS 1.1 protocols, run the TLS Reconfigurator tool.
To run the tool, go the following locations:
  • vCenter Server Appliance: /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator
  • vCenter Server on Windows: %VMWARE_CIS_HOME%\TlsReconfigurator\VcTlsReconfigurator

See the following KB article for more information: https://kb.vmware.com/kb/2147469

For security issues related to speculative execution in Intel processors, see https://kb.vmware.com/s/article/55806.

For a description of those security issues, see the following:

  • CVE-2018-3646 (L1 Terminal Fault - VMM)
  • CVE-2018-3620 (L1 Terminal Fault - OS)