vRealize Operations Manager can use remote collectors to improve performance and scalability in environments that have multiple data centers. A remote collector can be installed on Windows or Linux and can host one or more adapter instances. This configuration enables data collection to be distributed across multiple datacenters.
The use of remote collectors has several serious security implications.
To connect the remote collector to vRealize Operations Manager, you must publically expose the RMI interface of vRealize Operations Manager. No authentication is performed on connections to this interface. An attacker can use this interface to retrieve arbitrary data, send rogue data, and potentially take control of vRealize Operations Manager.
The connection between the remote collector and vRealize Operations Manager is not encrypted. An attacker can sniff the network and gain access to data sent from a View adapter instance to vRealize Operations Manager.
Configuration data that is sent from vRealize Operations Manager to the adapter instances on the remote collector is not encrypted. An attacker can sniff the network to gain access to the configuration information for any View adapter instance on the remote collector. This vulnerability includes, but is not limited to, the vRealize Operations for Horizon server key as well as vCenter Server credentials that the VMware adapter uses.