DCE CPU usage increase after upgrade 7.5.0

This comment was originally posted on DCIM Support by Luis Lopez Borbon on 2018-09-27

Hello support team,

According with your answer, I have some comments:

1)      you are talking about Linux Red Hat but DCE is running in Linux CentOS… all your comments related to these vulnerabilities apply to this OS?

2)      Reading the document “security fixes” the vulnerabilities that you are talking about were resolved in version 7.5.0… if these vulnerabilities were resolved, why the DCE has this behavior?

3)      The VMware is working in the last version (ISX 6.5)… and the DCE is installed in the central bank in our region with strong IT security policies… for this reason the vulnerabilities in the most of the cases are resolved and continuously they scan all the systems…

4)      Something important to highlight, after the upgrade to version 7.5.0 the DCE was working without any issue, but after 5 days, the DCE suddenly started to increase the resources, principally the CPU usage… no change was made in this server or additional nodes were added… if the server has problem with some vulnerabilities, the behavior must to appear immediately after the reboot…or not?

5)      If I talk with the IT department to scan again the server looking for these vulnerabilities, what are the next steps if these ones are not appear…?

thank you for your support

regards,

(CID:134036358)

This comment was originally posted on DCIM Support by spezialist on 2018-09-27

Dear Luis Lopez Borbon,

From your questions in the order they follow.

1. Absolutely right, because in fact it is one and the same OS, but with different levels of technical support.
2. I can not say... I can guess that the latest version of DCE-7.5.0 based on CentOS-6.9 (kernel-2.6.32-696.18.7.el6.x86_64) has security updates for January 2018. During this time, a lot of critical security updates for this OS have been released (currently is CentOS-6.10 with kernel-2.6.32-754.3.5.el6.x86_64), as well as for VMware ESXi 5.x and 6.x versions. It is very possible, that your end customer regularly installs these critical security updates on VMware ESXi hosts. But it is important, that the above-mentioned security updates also regularly installed on virtual VMware guest machines, for example, as a DCE-server. This is strictly indicated by the Red Hat bulletin, which I mentioned above.
3. See paragraph 2 above.
4. Again, it's hard to say... Several variants of events are possible.
5. I do not know how your IT department will be able to scan the DCE-server for the above mentioned vulnerabilities. After all, according to the above-mentioned Red Hat bulletin, this requires console root access to the DCE-server and the launch of a corresponding detection script. But, as you know, DCE-server is a closed black box that does not provide for regular installation of any updates.

Based on the above, at the moment I see two options for solving your problem.

1. I hope you make a regular full backup of your DCE-server? Then create a clean virtual machine DCE-7.5.0 from the provided SE ova-file (the MAC address must be the same). And then deploy a full backup to this virtual machine. Then it will be possible to see if the above problem will again appear or not?
2. If possible, roll back to version DCE-7.4.3: this requires a full backup of the same version, that is, a full backup from DCE-7.4.3 server. Then you just need to wait a few months until SE makes a new release of DCE-7.x software. This new release will already contain the entire mass of critical updates for the entire 2018 year. This new release can be tried and see how this software will work on your VMware ESXi hosts.

In my opinion, the first option is more simple and practical, it must be tried.

If you have any further questions, please ask.

With respect.

(CID:134036737)

This comment was originally posted on DCIM Support by Luis Lopez Borbon on 2018-09-28

Hello support team… I really appreciate your support regarding this issue. I will do the steps according your recommendation… regards,

(CID:134037172)