VMware has pointed out that even if you don’t want to move to a newer version of vCenter, Adobe may have already effectively made the decision for you.
The situation is the culmination of VMware’s long effort to develop a vSphere web client that doesn’t rely on Adobe Flash.
VMware started its move in 2016 when it announced that Flash's reputation as a security cesspit meant it was moving the vSphere client to HTML 5. While VMware quickly produced working code it only reached feature parity between its Flash client and HTML 5 effort in May 2019 with vSphere 6.7 Update 1.
Adobe, meanwhile, set a December 2020 death date for Flash and big-browser makers followed suit.
But vSphere 6.5 and 6.7 will be supported until 15 November 2021 and both shipped with the Flash client. Which leaves what VMware calls “a window of about 11 months where the Flash client might not work in customer environments when they upgrade their browsers to a latest version.”
What to do? VMware’s recommendation is to move VMware vCenter servers to 6.7 Update 3 by Dec 2020 as it can work with the HTML5 client and doesn’t need a full vSphere upgrade.
If that’s not tenable, VMware says you might consider nobbling auto-update on browsers so you avoid upgrades that won't run Flash.
VMware points out it does not recommend this approach! But it will at least make sure it advises which browser versions can run the known-to-be-scary Flash code.
Seeing as the company knows a thing or two about virtual appliances, perhaps it could even cook one up for this purpose!
In other VMware news, Flatcar Container Linux has become a supported guest OS under vSphere 6.7 or higher. VMware recommends it as a fine replacement for CoreOS – which is of course now a RedHat offering. And with VMware’s new Tanzu portfolio pitched very much against Red Hat OpenShift, supporting Flatcar probably seems like a fine idea down Virtzilla way. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks