For Three Years Running, vSAN named the CRN…

For Three Years Running, vSAN named the CRN…

VMware is pleased to announce that, for the third year in a row, vSAN is the CRN Product of the Year in the Software Defined Storage category. We are thankful for the recognition from our partner community, and we’re excited to see the continued leadership momentum. This year, vSAN was named a leader twice by The post For Three Years Running, VMware vSAN named the CRN Product of the Year in the Software Defined Storage Category! appeared first on Virtual Blocks.


VMware Social Media Advocacy

Advertisements

VMware Once Again a Leader in the Gartner Magic…

VMware Once Again a Leader in the Gartner Magic…

Today, we’re pleased that VMware was once again named a Leader in the 2018 revision of the Gartner Magic Quadrant for Hyperconverged Infrastructure (HCI), improving on both the Completeness of Vision and Ability to Execute axes. VMware believes this is a validation not only of our strategy, but also our ability to execute on our The post VMware Once Again a Leader in the Gartner Magic Quadrant for Hyperconverged Infrastructure, November 2018 appeared first on Virtual Blocks.


VMware Social Media Advocacy

vSphere-Land Top vBlog 2018

Once again vSphere-Land are running their Top vBlogs for 2018….

http://vsphere-land.com/uncategorized/introducing-top-vblog-2018.html

This is where the general public can vote for their favourite vBlog of 2018!

I’m again listed, so if you feel that what I write isn’t a pile of crud and you fine some of the stuff interesting, then feel free to vote away…

I think I ranked 177 last year, although if I’m honest there are so many good blogs out there that I think I’ll end up outside the top 200 this year!

Still surprised that there are some great blogs missing (to name a few):

  • Emad Younis, who writes so much good stuff on vCSA and now more recently on VMware Cloud on AWS!
  • Chanaka Ekanayake, great blogger from a VMware partner.
  • My good friends at vMusketeers who write on a variety of VMware content!
  • Mike Foley, a blog site I’ve used a lot this year with regards to security on vSphere.
  • Paul Wynne, great guy from Dell EMC who loves VxRail & vSAN as much as I do!!

 

Anyways, head over to vSphere-Land and give out some love to the community!

As One Chapter Closes…..

…. another opens!

After 5 amazing years at MTI Technology, I’ve decided that it’s time I moved on in order to progress my career….. this has been one of the hardest decisions I’ve had to make because I’m leaving behind a great bunch of folks and a team that’s helped me get to where I am today!

5 years ago I was one of the unfortunate ones who got caught up in the train-crash that was 2e2…. a huge reseller that was badly managed, borrowed too heavily for acquisitions and pretty much went bust over night when their banks refused to restructure their debt! Coming from a large reseller where I was under-valued and just one of a thousand employees to a much smaller reseller where everyone knew you by name was an eye-opener! All of a sudden I was valued for my input, trusted to get on with my job and given the opportunity to pro-actively pursue my own thirst for knowledge. I quickly picked up Dell EMC and Cisco knowledge, and was encouraged to continue expanding my VMware skills…..

In the 5 years at MTI, I started my blog, got recognised as a VMware vExpert (4th year now), became a Dell EMC VxRail Xpert, grown my network within VMware and Dell EMC, and helped to drive the VMware business within MTI… I even got to propose a marketing campaign (MTI Secure HCI) and pull together the content that led to MTI winning Best Marketing Campaign of the year at the recent CRN Sales & Marketing Awards!

So a lot has been achieved in a short period of time! As the VMworld tagline this year says…. “Possible Begins with You!”

So where am I off to….. well to those who know me it’s not going to be a big surprise…. I’m joining VMware!! =)

TBH, I’ve had opportunities to join VMware (and even Dell EMC) in the past but the roles haven’t really been enticing enough for me to leave MTI… I was happy with my role and also with the team around me! I even had opportunities to join other VARs, but I’ve always valued my work-life balance more than chasing a bigger paycheck so a sideways career move makes no sense to me!

About 5 months ago, I stumbled across a new role that was being advertised – Partner Solutions Architect – it was a role within a team focused on driving VMware’s partner engagement model. VMware have always valued the channel, and they’ve quickly realised that it’s the channel that’s going to drive any increase in their revenue!
My role is to help with the technical enablement of partners, as well as working alongside the Practise Development Managers to help the next set of partners along their VMware journey – most importantly to help them increase their VMware revenue!
It’s a very different role than what I’m used to…. a channel-focused role that’s moving me away from end-users and customers. Ironic thing is, MTI are one of those partners and I may even end up back looking after them! =P

Working for a Solutions Provider or VAR (Value-Added Reseller) like MTI has given me huge exposure to new technologies (recently that’s been Rubrik and Cohesity), and in a way I’m going to miss that wide-spectrum of exposure! However, having worked with VMware products for nearly 12+ years I finally decided it was time to join the V-mothership!

If anyone reading this blog is at an end-user or unsure of what to do with their careers, then if you want a challenge and quickly pick up skills from multiple vendors you need to join a VAR!

 

Finally before I end, I have to admit that I am very grateful to the management at MTI for allowing me to go to VMworld next week as part of the MTI team, even though I’m leaving. It just goes to show the respect and appreciation that the management have shown me over the years!

So those of you heading out to VMworld next week, I hope to see you there whilst still wearing the MTI badge…. and a week later I’ll be wearing the VMware badge! =)

 

I’m going to miss the team at MTI… they’re a great bunch of guys to work with and the future looks very interesting and rosy! I’m also going to miss the customers that I’ve worked with (yup – surprisingly).

The only regret I have is not being able to find a replacement during my notice period (can’t believe the marketplace is so short of decent pre-sales consultants!!). So as I sign off…. I’ll leave by advertising that there’s still a role at MTI for a VMware pre-sales consultant if anyone reading this blog is interested! =)

Intel L1 Terminal Fault Vulnerabilities – VxRail fix

So Dell EMC have finally released an update to VxRail that fixes the Intel vulnerability which Intel disclosed last month…. Software version 4.0.520 and 4.5.218….

I know a lot of customers have been asking why it’s taken so long, but they have to understand that the VxRail is a turnkey appliance which means Dell EMC and VMware do a whole bunch of testing and validation to ensure any patches/upgrades do not impact the end-user. VxRail’s update process is fully automated and the validation ensures that end-users can be reassured that when they upload the update file and hit ‘install’ that they will go from one good known state to another!

Anyways…..

VxRail Appliance software 4.0.520 contains vSphere 6.0 Express Patch 15 / Upgrade
3h which addresses the L1 Terminal Fault vulnerability.

VxRail 4.5.218 contains vSphere 6.5 EP8/U2c which addresses the L1 Terminal Fault vulnerability.

Refer to VMware KB reference 55636 for a centralized source of information. A high-level introduction follows:

  • CVE-2018-3646 (L1 Terminal Fault – VMM), requires Hypervisor-Specific Mitigations for hosts running on Intel hardware.
    • Sequential-Context attack vector: mitigated through a vSphere update process including vCenter and ESXi. Mitigation enabled by default and does not impose a significant performance impact.
    • Concurrent-context attack vector: mitigated by enabling a new advanced configuration option hyperthreading Mitigation included in the update. This option also known as the ESXi Side-Channel-Aware Scheduler. The initial version of this feature will only schedule the hypervisor and VMs on one logical process of an Intel Hyperthreading-enabled core. This feature may impose a non-trivial performance impact and is not enabled by default. Please take time to analyze your environment’s capacity prior to enabling the mitigation.
    • For technical details please see VMware KB reference 55806.
  • CVE-2018-3620 (L1 Terminal Fault – OS)
    • Local privilege escalation, requires Operating System-Specific Mitigations. vCSA (and PSC) 6.x are impacted, workaround is available.
    • For technical details please see VMware Security Bulletin VMSA-2018-0021, VMware KB reference 55807 and 52312.
  • CVE-2018-3615 (L1 Terminal Fault – SGX)
    • Does not affect VxRail and VMware products. See VMware KB reference 54913.

 

Upgrades should be available to download and run…. Alternatively speak to your Dell EMC representative (or contact me or my company: MTI)

VMworld 2018 US – Day 1 General Session Round Up

So the great thing about VMworld US is that they live stream the General Session for the rest of us who can’t make it over to Vegas… whilst you can’t get the whole VMworld US experience just by watching the GS live stream, at least you get to hear the same news as those in Vegas.

Pat Gelsinger opened up the GS by showing the world his bad-ass “VMware” tattoo… not quite sure if it’s real – many commenting on VMware’s tweet that the tattoo gun doesn’t look like it has ink in it… =P
https://twitter.com/vmwarenews/status/1034109813129535488

A nice little montage to celebrate the 20th anniversary of VMware… 1998… long time… From Server Virtualisation to EUC to Network Virtualisation to Cloud and now Hybrid/Multi-Cloud.

VMware’s Vision is still the same – Any Device, Any App, Any Cloud… and we’re told businesses are still on a multi-cloud journey! The thing is, so many companies have a ‘cloud’ strategy, but many just can’t execute that cloud adoption because they are stuck trying to migrate workloads off their traditional DC into the public cloud!
This is where VMware stands apart with their partnership with AWS and their Cloud Foundations solution! Move your on-prem DC to a SDDC and then “ruthlessly automate everything!!” =)

Project Dimension was quickly mentioned as a Tech Preview that will extend VMware Cloud to the data center, ROBO and edge. It combines VMware Cloud Foundations with HCI and a VMware Cloud managed service to deliver an SDDC solution, end-to-end, operated and supported by VMware. The solution will simplify cloud deployments handling all aspects of configuration, security, and management – leaving customers to worry-less about infrastructure and focus more on their business innovations!

Dimension

There were a few nice VMC on AWS announcements…

  • firstly the rollout of its services in Sydney to serve APJ
  • secondly that vSAN will be using Amazon Elastic Block Storage (EBS) allowing customers to independently scale compute and storage requirements (and effectively allowing users to deploy storage-dense workloads)
  • thirdly Amazon Relational Database Service (RDS) on VMware making it easy for customers to set up, operate, scale and migrate Relational DBs on-prem and in VMC on AWS.

It’s amazing how far the partnership has come in a single year!

Roadmap for further rollouts:
vmconaws.png

More here: https://cloud.vmware.com/community/2018/08/26/vmware-cloud-aws-charging-ahead/

Finally there was an announcement of the acquisition of CloudHealth Technologies… From what I can see, CloudHealth Tech delivers a SAAS platform that offers Cloud Operations across AWS, Azure and GCP – it helps customers to analyze, manage cloud costs, usage and monitor performance across multi-clouds. This looks like a CMP on steroids and should complement VMware’s existing CMP and SAAS offerings (vRealize/Cloud Automation Services and Wavefront). CloudHealth will become ‘the’ Cloud Operations Platform of choice for the industry…. allowing customers to control, analyze the costs, compliance and performance of their compute environments across on-prem and public clouds!

To end it all, VMware’s CTO – Ray O’Farrell – came on stage to demo several of the new announcements and new products:

  • Migrating workloads from on-prem to the cloud – demo’ing bulk migration of an entire data centre using vSphere replication and then vMotion – with no downtime!
  • Project Dimension showing how cloud services can be ‘stretched’ between VMC on AWS and a customers on-prem DC. Also how both on-prem and edge infrastructure can be monitored as part of VMware’s managed service.
  • Short Amazon RDS demo showing the service running on-prem and in AWS.
  • A mention of something called Project Magna which leverages AI and Machine Learning to self-optimize a virtual environment…. changing the SD in SDDC from Software-Defined to Self-Driving!
  • A demo of VMware PKS showing the integration of NSX with PKS and how you can automate security of kubernetes.
  • A nice demo showing vROPs monitoring workloads requiring GPUs and the new feature of vMotion for GPU enabled VMs (a limitation previously of Horizon/vSphere)
  • Blockchain is everywhere!! Project Concord is an open source infrastructure for Enterprise Blockchains focusing on performance and scalability.
  • Dell EMC’s new factory-provisioning service for VMware Workspace ONE, where devices will ship ready for integration as end-points.
  • Workspace ONE intelligence, advising IT operations of problems with incompatible applications and patches (automate patch testing to predict whether a new patch will work).
  • A demo to show the support of ESXi on 64-bit ARM platforms.

And to close the GS, two major annoucements around security, one for compute and one for Network…

  • Firstly – vSphere Platinum, packaging AppDefense with vSphere ESXi. This new offering will have AppDefense built in which uses machine learning and a variety of other inputs to baseline known good states of a VM. AppDefense can then act on deviations of that baseline, executing automated actions – such as changing firewall settings, alerting, offloading for deeper network packet inspection.
  • Secondly – Adaptive Micro-Segmentation, integrating AppDefense and NSX. Security solutions should “Learn, Lock and Adapt” to threats… AppDefense will offer the dynamic learning and adaption looking into the VM and applications, NSX will offer the Lock.

 

And with that…. I end my summary of the first day’s GS…. =)

 

EDIT: Day 1 General Session is now available for replay: https://www.vmworld.com/en/us/learning/general-sessions.html

VMware vExpert vSAN 2018 Announced

Phew…. *sigh of relief* ….. thankfully this year I’ve made the cut again for the vExpert vSAN track! =)

Almost didn’t make it as I was on holiday during the application process and missed the original deadline. Thankfully the application was still live so I sneaked in an application and sent my apologies to the vExpert admin team.

Anyways, congrats to all returning vExpert vSAN members and welcome to all new members joining for the 1st time!

https://blogs.vmware.com/vmtn/2018/06/vexpert-vsan-2018-announcement.html

Let’s keep evangelising about vSAN and drive that customer demand…… as VMware announced recently, there are now over 14,000 vSAN and VxRail customers (as of the end of Q1)! That’s impressive for a product that was only launched in 2014!

I’m a big big advocate of VxRail and love talking about the HCI solution to my customers… I’m also proud that MTI are one of the leading partners in the UK for VxRail (and also one of the very first partners to sell/deploy VxRail when it launched)!

VMware vSphere 6.7 & 6.5 update 2 – Resources

Just over a fortnight ago VMware released their latest version of vSphere and vSAN – 6.7…. unfortunately for me, I was neck-deep in a tender response and was in Paris for a number of days for a meeting – so spent most of my travels looking at a small mobile phone screen trying to read up on what’s new… (mental note: time for a new phone with a bigger screen – must be getting old as my eyesight isn’t as good as it was).

When I finally got back online and started thinking about what to write about, I realised that the net was already inundated with bloggers writing about “What’s new in vSphere 6.7”. I quickly realised that I didn’t just want to regurgitate the same thing as a lot of the ‘newer’ bloggers were doing, so I decided to spend some time pulling together all the good resources that I have read over the last few weeks and write a blog about where people should go to learn about vSphere/vCenter and vSAN 6.7.

Note: This blog article has actually been in draft mode for 2 weeks as I’ve been waiting for the vSphere 6.7 lightboards to be re-released by VMware marketing – if you didn’t already know, it was posted onto VMware’s YouTube channel a week before launch and then quickly disappeared!! I’ve been waiting for them to turn up again before posting this article but for some reason they haven’t re-appeared (makes me wonder if marketing deleted the only copy they had of the lightboards… lol).
https://www.theregister.co.uk/2018/04/09/vsphere_6_7_vids_vanish/

 

The Knowledge Journey

The most obvious place to start your knowledge journey is none other than VMware’s own vSphere Blog and Virtual Blocks blog, the best blogs are:
https://blogs.vmware.com/vsphere/2018/04/introducing-vmware-vsphere-6-7.html
https://blogs.vmware.com/vsphere/2018/04/introducing-vcenter-server-6-7.html
https://blogs.vmware.com/virtualblocks/2018/04/17/whats-new-vmware-vsan-6-7/

These were the first blog posts I read to understand what new features were in the latest release, and they’re very good summaries.

As always, Duncan Epping was one of the first to release his articles on “What’s new” and they were very concise articles going over some of the more interesting features:
http://www.yellow-bricks.com/2018/04/17/whats-new-vsan-6-7/
http://www.yellow-bricks.com/2018/04/17/vsphere-6-7-announced/

I then started reading around the other products released as well:
What’s New with SRM and vSphere Replication 8.1 – https://blogs.vmware.com/virtualblocks/2018/04/17/srm-vr-81-whats-new/
What’s New in vRealize Automation 7.4 – https://blogs.vmware.com/management/2018/03/whats-new-vrealize-automation-7-4.html

If you want a deep-dive into all things vSphere/vCenter, then head over to Emad Younis’s blog: http://emadyounis.com.

For a deeper-dive into all things related to security, head over to Mike Foley’s blog: https://www.yelof.com.

All finally, there’s the vSphere Blog: https://blogs.vmware.com/vsphere/launch

 

KB article on Update sequence for vSphere 6.7 and compatible products – https://kb.vmware.com/s/article/53710
KB article on Important information before upgrading to vSphere 6.7 – https://kb.vmware.com/s/article/53704
Blog article on upgrading vCenter Appliance from 6.5 to 6.7 – https://blogs.vmware.com/vsphere/2018/05/upgrading-vcenter-server-appliance-6-5-6-7.html

Note: Upgrades from vCenter Server 6.0 and later to vCenter Server 6.7 is supported. To upgrade from vCenter Server 5.0, 5.1 or 5.5, you must first upgrade the vCenter Server instance to version 6.0 or later releases, and then upgrade to vCenter Server 6.7.

These products are not compatible with vSphere 6.7 at this time:

  • VMware NSX
  • VMware Integrated OpenStack (VIO)
  • VMware vSphere Integrated Containers (VIC)

 

Some YouTube videos:
vSAN 6.7 Technical Overview Video – https://youtu.be/Ss5KWAtGvXo
vSAN 6.7 What’s New Technical – https://youtu.be/YzurWX5m4m8
Faster Host Upgrades to vSphere 6.7 – https://youtu.be/8fqE5zsnkTQ

So here’s a list of all new product releases:

  • vSphere ESXi & vCenter Server 6.7
  • vSAN 6.7
  • vSphere Replication 8.1
  • Site Recovery Manager 8.1
  • vRealize Operations Manager 6.7
  • vRealize Automation 7.4.0
  • vRealize Orchestrator Appliance 7.4.0
  • vRealize Log Insight 4.6.0
  • vRealize Business for Cloud 7.4.0
  • vRealize Suite Lifecycle Manager 1.2
  • vRealize Code Stream 2.4
  • NSX SD-WAN Edge by VeloCloud 3.2.0
  • Horizon 7.4.1 Enterprise

Finally here’s list of all the documentations:

 

It’s worth noting that last week VMware also released vSphere 6.5 update 2 which back-ports a few of the new features in 6.7 into 6.5. For more information point your browsers here: https://blogs.vmware.com/vsphere/2018/05/vsphere-6-5-update-2-now-available.html

Additional updates:

MTI Secure Hyper-Converged Infrastructure Webinar & Guide

Back end of February I presented a webinar with my colleague, Andrew Tang, around Key Challenges and Considerations for Securing Hyper-Converged Infrastructure.

The webinar has been uploaded for public consumption by the marketing team at MTI Technology.

As I mentioned previously in my blog, I don’t really touch upon product in this webinar as the last thing customers want is to be shoehorned into a certain vendor product… instead I hope the webinar gives enough information about what HCI is in general, why customers should be looking at HCI during their next infrastructure refresh, and more importantly what to consider when evaluating a HCI solution!

You can access the webinar recording here: https://mti.com/secure-hci-webinar-page/ (sorry, you have to fill in your details to gain access….)

Marketing has also finally released the HCI guide that both Andrew and myself put together around HCI, feel free to download that here: https://bit.ly/2qMY6qJ

Finally, if you’re interested in talking more about HCI then feel free to contact me or register for one of MTI’s HCI Discovery Workshops: https://bit.ly/2vQO3Gb

Dell EMC VxRail Software Update – Spectre Guest OS leakage mitigation

I posted earlier in the year that Dell EMC had released a Security Advisory to address Spectre (Meltdown doesn’t really affect VMware and hence VxRail).

One of the items that wasn’t addressed in the original fix was Guest OS leakage mitigation between processes within the VM – this required CPU/BIOS microcode updates which were not yet available from Intel.

Those updates were made available from Intel at the beginning of April and it’s taken a while for it to filter through to vSphere and VxRail – the delay is down to VxRail being a fully turn-key appliance which means all software/firmware updates from Dell EMC are fully tested and validated before release.

Updates 4.0.402 and 4.5.152 are now available to download from Dell EMC’s support portal.

Release notes can be found here:
https://support.emc.com/docu80740_VxRail-Appliance-Software-4.0.x-Release-Notes.pdf?language=en_US
https://support.emc.com/docu86659_VxRail-Appliance-Software-4.5.x-Release-Notes.pdf?language=en_US

The accompanying Dell EMC Security Advisory is available here: DSA-2018-074: Dell EMC VxRail Security Update for Multiprocessor Side-Channel Analysis Attacks (Meltdown and Spectre)

VxRail Appliance software 4.0.402 and 4.5.152 contains the Intel microcode fix to complete the resolution of the speculative execution security issues.
VxRail Appliance software 4.0.402 includes fixes for the following security vulnerabilities:

  1. CVE-2017-5753 (Variant 1: bounds check bypass, also known as Spectre) – Complete fix in 4.0.401 and above.
  2. CVE-2017-5715 (Variant 2: branch target injection, also known as Spectre):
    • Mitigates leakage from the hypervisor or guest VMs into a malicious guest VM – Complete fix in 4.0.401 and above.
    • Guest OS leakage mitigation between processes within the VM requires BIOS or CPU microcode update released by Intel and included in this release – Complete fix with either BIOS or CPU microcode update automatically applied through the VxRail 4.0.402 automated software upgrade. No manual BIOS update required for any supported VxRail hardware platforms.
  3. CVE-2017-5754 (Variant 3: rogue data cache load, also known as Meltdown): Does not affect VxRail Appliance.

NOTE: Manual steps are required after the VxRail Appliance software upgrade to 4.0.402 to power cycle the VMs for branch target injection to take effect. More info available within this KB article: https://support.emc.com/kb/519601

Also note that this update does not patch Guest OS!

For more information about Spectre/Meltdown, have a meander to my original posts:
Spectre & Meltdown Vulnerabilities
Spectre & Meltdown Update