Cumulative Security Update for vRA 7.6

Updated March 9th 2021;
March 2021 Platform Security Update, Februari vRA7.6 Hotfix 20.

Recently I received a customer question about the installation of a vRA 7.6 Security update. The question was related to the Cumulative Security Update for vRealize Automation 7.6, which is mentioned in VMware KB80044; https://kb.vmware.com/s/article/80044

To be honest I was not even aware of the existence of these security updates. In this blogpost I want to share more information about this patch and other vRA and vRO 7.6 related updates and patches.

If you happen to have deployed vRA 7 through vRSLCM you won’t see the security patch. The only updates you see in vRSLCM are the Cumulative Updates for vRealize Automation 7.6 which are also mentioned in VMware KB70911; https://kb.vmware.com/s/article/70911. The latest version at the time of writing this blogpost is HF19, which can be downloaded from the KB Article itself or via vRSLCM.

From a content perspective, the difference between the two Cumulative Updates is that the Security update contains only appliance updates (more on that later) and the other Update contains vRA Product hotfixes.

Note: for vRealize Orchestrator (vRO), see the end of this post.

The Cumulative Security Update can be downloaded via MyVMware.

• Go to the top Menu, Select Products, Click Product Patches.
• Select vRealize Automation, version 7.6

• Download the Update.

The download contains one big perl script with embedded binaries. If you open the file you can see the following updates will take place:

kernel-default          to version  3.0.101-108.117.1.x86_64
kernel-default-base     to version  3.0.101-108.117.1.x86_64
libsqlite3-0            to version  3.7.6.3-1.4.7.12.1.x86_64
ntp                     to version  4.2.8p15-64.16.1.vmw.16745171.x86_64
tomcat-template         to version  8.5.57.0-1.vmw.16591559.x86_64
unzip                   to version  6.00-11.18.8.1.x86_64
vmware-jre              to version  1.8.0_261-1server.x86_64

The installation order of the Cumulative and Cumulative Security update should not matter, but validations are done by first installing the HF and then the Security patch.

Note: Read the installation notes in the KBs very carefully. Always make sure you have a proper, consistent backup (also MS SQL DB) and snapshots of all components!

The installation of the Security update is straight forward and should need no additional explanation besides the kb article. In my (simple, non ha environment) the installation of the patch ran without any problems.

The vRealize Automation Build Numbers can be found here; https://kb.vmware.com/s/article/2143850. Buildnumbers are not changed for Security Patches. You can check the /var/log/vmware directory for the existence of the patch logfile (for example vRA-hotfix-2609380 or platform-update-March2021.log)

Buildnumbers I see after HF19 + March Security Patch:

Appliance Console:

vRA default tenant

vRA About screen:

VAMI Cluster view:

---

vRealize Orchestrator (vRO) Updates

Now you maybe wondering: What if I have an external / standalone vRO instance? In that case the Cumulative Security Update is also applicable to external vRealize Orchestrator 7.6 appliances.

Another thing to mention is that there is also a Cumulative Update for vRealize Orchestrator 7.6, either embedded or external, which is mentioned in VMwareKB70629; https://kb.vmware.com/s/article/70629.

Finally, if you are looking for updated vRO Plugins for Active Directory and/or vSphere; have a look at the following:

• vRO Plug-In for Microsoft Active Directory
• vRO Plug-In for VMware vSphere