Trend DS 8 Feature #873 – 300 VMs are not protected?


Argh, well I was performing some security hardening last week. One of my tasks was to tidy up the Administrators group in vCenter.

Yes, dangerous I know and it looks like a few service accounts were without vCenter admins for a while.

My fault completely, I had no one to blame this time, but I wasn’t expecting the fall out. All my other applications were fine – VUM, SRM, vShield, VC Ops,  etc but not Trend.

I got an email alert that 300 VMs were not protected. That took me by surprise. Must be some sort of mistake, so I login to the Trend Manager, and every single virtual machine and every single appliance was unmanaged.

WTF!

Looks like Trend DSM shat itself without admin privileges. According to Trend, apparently its expected behaviour. Sounds like pretty shite expected behaviour to me!

Thankfully re-activating all virtual appliances and VMs only took a few minutes, but then I noticed that none of the virtual appliances were updating. A quick check of my relay groups showed they had no members.

I deactivated and reactivated my relays again. No change. Relay groups still empty. I deactivated, uninstalled the agent, rebooted, reinstalled the agent, activated again. No change.  Both my internal, DMZ and even the default relay group remained empty with no members. WTF?

Then I installed the relay agent on brand new servers to see if they would come up in the Default Relay Group when they were activated. Nope, nothing. Weird.

At this stage I started to panic and raised a call with Trend. While investigating the issue further, we found that on the System-Updates view the relays were being shown, but when viewing the Relay Groups in the System Settings-Updates tab, they were not showing any members.

So it looks like there was some issue with the relay groups I had created. To fix the issue I had to deactivate all relays, set all VMs and virtual appliances to the Default Relay Group so I could delete my custom relay groups, and then deactivate and reactivate the agents.

Finally the relays appeared as members in the Default Relay Group and I could re-create the Internal and DMZ Relay groups and assign the members to the correct groups to recreate my update hierarchy. Lastly my virtual appliances were assigned to the internal relay group and they were able to pick up the latest definitions.

So, you’ve been warned. Trend DSM needs admin rights all the time!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s