CloudPhysics: Heartbleed Health Checks for vCenter and ESXi

The power of a service like CloudPhysics continues to grow almost weekly as they add new features and Cards. Not only is it brilliant for analytics and metrics but we are now seeing CloudPhysics release cards that aim to help VMware Administrators keep track of possible security vulnerabilities in their platforms.

This week they started a campaign to alert CloudPhysics subscribers to the fact that approx. 57% of vCenter servers and 58% of ESXi Hosts are still not patched with the latest Heartbleed update builds. Based on their own big data analytics they have found that 40% of their client base is still unprotected.

Emails where sent out to affected users earlier this week and @virtualirfan has written a blog on the CloudPhysics site detailing the concern over those numbers quoted above. If you are a current CloudPhysics user, go to the Card Store and search for Heartbleed. Add the card to the desk and run the check.

If you are not a current subscriber follow the steps below:

Three easy steps to rid yourself of Heartbleed

Is your organization part of the 40%? There’s no reason you should be. The fix is easy and the risk is not worth taking. And CloudPhysics is making it even easier: we’ve packaged up the VMware Heartbleed analytic we ran across our global data set, and it’s now available in our community (free) edition for users to run on their own VMware environments. What you can do:

  1. If you haven’t already, get CloudPhysics up and running in your datacenter (takes just a few minutes).
  2. Select and run the “Heartbleed Check.” You’ll find it in the Card Store. It will immediately show you precisely which ESXi hosts remain unprotected in your datacenter.
  3. Apply the patch(es). Here’s the table listing build numbers for the patches we’ve discussed here.

Source: http://www.cloudphysics.com/blog/vmware-heartbleed/