As One Chapter Closes…..

…. another opens!

After 5 amazing years at MTI Technology, I’ve decided that it’s time I moved on in order to progress my career….. this has been one of the hardest decisions I’ve had to make because I’m leaving behind a great bunch of folks and a team that’s helped me get to where I am today!

5 years ago I was one of the unfortunate ones who got caught up in the train-crash that was 2e2…. a huge reseller that was badly managed, borrowed too heavily for acquisitions and pretty much went bust over night when their banks refused to restructure their debt! Coming from a large reseller where I was under-valued and just one of a thousand employees to a much smaller reseller where everyone knew you by name was an eye-opener! All of a sudden I was valued for my input, trusted to get on with my job and given the opportunity to pro-actively pursue my own thirst for knowledge. I quickly picked up Dell EMC and Cisco knowledge, and was encouraged to continue expanding my VMware skills…..

In the 5 years at MTI, I started my blog, got recognised as a VMware vExpert (4th year now), became a Dell EMC VxRail Xpert, grown my network within VMware and Dell EMC, and helped to drive the VMware business within MTI… I even got to propose a marketing campaign (MTI Secure HCI) and pull together the content that led to MTI winning Best Marketing Campaign of the year at the recent CRN Sales & Marketing Awards!

So a lot has been achieved in a short period of time! As the VMworld tagline this year says…. “Possible Begins with You!”

So where am I off to….. well to those who know me it’s not going to be a big surprise…. I’m joining VMware!! =)

TBH, I’ve had opportunities to join VMware (and even Dell EMC) in the past but the roles haven’t really been enticing enough for me to leave MTI… I was happy with my role and also with the team around me! I even had opportunities to join other VARs, but I’ve always valued my work-life balance more than chasing a bigger paycheck so a sideways career move makes no sense to me!

About 5 months ago, I stumbled across a new role that was being advertised – Partner Solutions Architect – it was a role within a team focused on driving VMware’s partner engagement model. VMware have always valued the channel, and they’ve quickly realised that it’s the channel that’s going to drive any increase in their revenue!
My role is to help with the technical enablement of partners, as well as working alongside the Practise Development Managers to help the next set of partners along their VMware journey – most importantly to help them increase their VMware revenue!
It’s a very different role than what I’m used to…. a channel-focused role that’s moving me away from end-users and customers. Ironic thing is, MTI are one of those partners and I may even end up back looking after them! =P

Working for a Solutions Provider or VAR (Value-Added Reseller) like MTI has given me huge exposure to new technologies (recently that’s been Rubrik and Cohesity), and in a way I’m going to miss that wide-spectrum of exposure! However, having worked with VMware products for nearly 12+ years I finally decided it was time to join the V-mothership!

If anyone reading this blog is at an end-user or unsure of what to do with their careers, then if you want a challenge and quickly pick up skills from multiple vendors you need to join a VAR!

 

Finally before I end, I have to admit that I am very grateful to the management at MTI for allowing me to go to VMworld next week as part of the MTI team, even though I’m leaving. It just goes to show the respect and appreciation that the management have shown me over the years!

So those of you heading out to VMworld next week, I hope to see you there whilst still wearing the MTI badge…. and a week later I’ll be wearing the VMware badge! =)

 

I’m going to miss the team at MTI… they’re a great bunch of guys to work with and the future looks very interesting and rosy! I’m also going to miss the customers that I’ve worked with (yup – surprisingly).

The only regret I have is not being able to find a replacement during my notice period (can’t believe the marketplace is so short of decent pre-sales consultants!!). So as I sign off…. I’ll leave by advertising that there’s still a role at MTI for a VMware pre-sales consultant if anyone reading this blog is interested! =)

Advertisements

Intel L1 Terminal Fault Vulnerabilities – VxRail fix

So Dell EMC have finally released an update to VxRail that fixes the Intel vulnerability which Intel disclosed last month…. Software version 4.0.520 and 4.5.218….

I know a lot of customers have been asking why it’s taken so long, but they have to understand that the VxRail is a turnkey appliance which means Dell EMC and VMware do a whole bunch of testing and validation to ensure any patches/upgrades do not impact the end-user. VxRail’s update process is fully automated and the validation ensures that end-users can be reassured that when they upload the update file and hit ‘install’ that they will go from one good known state to another!

Anyways…..

VxRail Appliance software 4.0.520 contains vSphere 6.0 Express Patch 15 / Upgrade
3h which addresses the L1 Terminal Fault vulnerability.

VxRail 4.5.218 contains vSphere 6.5 EP8/U2c which addresses the L1 Terminal Fault vulnerability.

Refer to VMware KB reference 55636 for a centralized source of information. A high-level introduction follows:

  • CVE-2018-3646 (L1 Terminal Fault – VMM), requires Hypervisor-Specific Mitigations for hosts running on Intel hardware.
    • Sequential-Context attack vector: mitigated through a vSphere update process including vCenter and ESXi. Mitigation enabled by default and does not impose a significant performance impact.
    • Concurrent-context attack vector: mitigated by enabling a new advanced configuration option hyperthreading Mitigation included in the update. This option also known as the ESXi Side-Channel-Aware Scheduler. The initial version of this feature will only schedule the hypervisor and VMs on one logical process of an Intel Hyperthreading-enabled core. This feature may impose a non-trivial performance impact and is not enabled by default. Please take time to analyze your environment’s capacity prior to enabling the mitigation.
    • For technical details please see VMware KB reference 55806.
  • CVE-2018-3620 (L1 Terminal Fault – OS)
    • Local privilege escalation, requires Operating System-Specific Mitigations. vCSA (and PSC) 6.x are impacted, workaround is available.
    • For technical details please see VMware Security Bulletin VMSA-2018-0021, VMware KB reference 55807 and 52312.
  • CVE-2018-3615 (L1 Terminal Fault – SGX)
    • Does not affect VxRail and VMware products. See VMware KB reference 54913.

 

Upgrades should be available to download and run…. Alternatively speak to your Dell EMC representative (or contact me or my company: MTI)

VMworld 2018 US – Day 1 General Session Round Up

So the great thing about VMworld US is that they live stream the General Session for the rest of us who can’t make it over to Vegas… whilst you can’t get the whole VMworld US experience just by watching the GS live stream, at least you get to hear the same news as those in Vegas.

Pat Gelsinger opened up the GS by showing the world his bad-ass “VMware” tattoo… not quite sure if it’s real – many commenting on VMware’s tweet that the tattoo gun doesn’t look like it has ink in it… =P
https://twitter.com/vmwarenews/status/1034109813129535488

A nice little montage to celebrate the 20th anniversary of VMware… 1998… long time… From Server Virtualisation to EUC to Network Virtualisation to Cloud and now Hybrid/Multi-Cloud.

VMware’s Vision is still the same – Any Device, Any App, Any Cloud… and we’re told businesses are still on a multi-cloud journey! The thing is, so many companies have a ‘cloud’ strategy, but many just can’t execute that cloud adoption because they are stuck trying to migrate workloads off their traditional DC into the public cloud!
This is where VMware stands apart with their partnership with AWS and their Cloud Foundations solution! Move your on-prem DC to a SDDC and then “ruthlessly automate everything!!” =)

Project Dimension was quickly mentioned as a Tech Preview that will extend VMware Cloud to the data center, ROBO and edge. It combines VMware Cloud Foundations with HCI and a VMware Cloud managed service to deliver an SDDC solution, end-to-end, operated and supported by VMware. The solution will simplify cloud deployments handling all aspects of configuration, security, and management – leaving customers to worry-less about infrastructure and focus more on their business innovations!

Dimension

There were a few nice VMC on AWS announcements…

  • firstly the rollout of its services in Sydney to serve APJ
  • secondly that vSAN will be using Amazon Elastic Block Storage (EBS) allowing customers to independently scale compute and storage requirements (and effectively allowing users to deploy storage-dense workloads)
  • thirdly Amazon Relational Database Service (RDS) on VMware making it easy for customers to set up, operate, scale and migrate Relational DBs on-prem and in VMC on AWS.

It’s amazing how far the partnership has come in a single year!

Roadmap for further rollouts:
vmconaws.png

More here: https://cloud.vmware.com/community/2018/08/26/vmware-cloud-aws-charging-ahead/

Finally there was an announcement of the acquisition of CloudHealth Technologies… From what I can see, CloudHealth Tech delivers a SAAS platform that offers Cloud Operations across AWS, Azure and GCP – it helps customers to analyze, manage cloud costs, usage and monitor performance across multi-clouds. This looks like a CMP on steroids and should complement VMware’s existing CMP and SAAS offerings (vRealize/Cloud Automation Services and Wavefront). CloudHealth will become ‘the’ Cloud Operations Platform of choice for the industry…. allowing customers to control, analyze the costs, compliance and performance of their compute environments across on-prem and public clouds!

To end it all, VMware’s CTO – Ray O’Farrell – came on stage to demo several of the new announcements and new products:

  • Migrating workloads from on-prem to the cloud – demo’ing bulk migration of an entire data centre using vSphere replication and then vMotion – with no downtime!
  • Project Dimension showing how cloud services can be ‘stretched’ between VMC on AWS and a customers on-prem DC. Also how both on-prem and edge infrastructure can be monitored as part of VMware’s managed service.
  • Short Amazon RDS demo showing the service running on-prem and in AWS.
  • A mention of something called Project Magna which leverages AI and Machine Learning to self-optimize a virtual environment…. changing the SD in SDDC from Software-Defined to Self-Driving!
  • A demo of VMware PKS showing the integration of NSX with PKS and how you can automate security of kubernetes.
  • A nice demo showing vROPs monitoring workloads requiring GPUs and the new feature of vMotion for GPU enabled VMs (a limitation previously of Horizon/vSphere)
  • Blockchain is everywhere!! Project Concord is an open source infrastructure for Enterprise Blockchains focusing on performance and scalability.
  • Dell EMC’s new factory-provisioning service for VMware Workspace ONE, where devices will ship ready for integration as end-points.
  • Workspace ONE intelligence, advising IT operations of problems with incompatible applications and patches (automate patch testing to predict whether a new patch will work).
  • A demo to show the support of ESXi on 64-bit ARM platforms.

And to close the GS, two major annoucements around security, one for compute and one for Network…

  • Firstly – vSphere Platinum, packaging AppDefense with vSphere ESXi. This new offering will have AppDefense built in which uses machine learning and a variety of other inputs to baseline known good states of a VM. AppDefense can then act on deviations of that baseline, executing automated actions – such as changing firewall settings, alerting, offloading for deeper network packet inspection.
  • Secondly – Adaptive Micro-Segmentation, integrating AppDefense and NSX. Security solutions should “Learn, Lock and Adapt” to threats… AppDefense will offer the dynamic learning and adaption looking into the VM and applications, NSX will offer the Lock.

 

And with that…. I end my summary of the first day’s GS…. =)

 

EDIT: Day 1 General Session is now available for replay: https://www.vmworld.com/en/us/learning/general-sessions.html

VMware vExpert vSAN 2018 Announced

Phew…. *sigh of relief* ….. thankfully this year I’ve made the cut again for the vExpert vSAN track! =)

Almost didn’t make it as I was on holiday during the application process and missed the original deadline. Thankfully the application was still live so I sneaked in an application and sent my apologies to the vExpert admin team.

Anyways, congrats to all returning vExpert vSAN members and welcome to all new members joining for the 1st time!

https://blogs.vmware.com/vmtn/2018/06/vexpert-vsan-2018-announcement.html

Let’s keep evangelising about vSAN and drive that customer demand…… as VMware announced recently, there are now over 14,000 vSAN and VxRail customers (as of the end of Q1)! That’s impressive for a product that was only launched in 2014!

I’m a big big advocate of VxRail and love talking about the HCI solution to my customers… I’m also proud that MTI are one of the leading partners in the UK for VxRail (and also one of the very first partners to sell/deploy VxRail when it launched)!

VMware vSphere 6.7 & 6.5 update 2 – Resources

Just over a fortnight ago VMware released their latest version of vSphere and vSAN – 6.7…. unfortunately for me, I was neck-deep in a tender response and was in Paris for a number of days for a meeting – so spent most of my travels looking at a small mobile phone screen trying to read up on what’s new… (mental note: time for a new phone with a bigger screen – must be getting old as my eyesight isn’t as good as it was).

When I finally got back online and started thinking about what to write about, I realised that the net was already inundated with bloggers writing about “What’s new in vSphere 6.7”. I quickly realised that I didn’t just want to regurgitate the same thing as a lot of the ‘newer’ bloggers were doing, so I decided to spend some time pulling together all the good resources that I have read over the last few weeks and write a blog about where people should go to learn about vSphere/vCenter and vSAN 6.7.

Note: This blog article has actually been in draft mode for 2 weeks as I’ve been waiting for the vSphere 6.7 lightboards to be re-released by VMware marketing – if you didn’t already know, it was posted onto VMware’s YouTube channel a week before launch and then quickly disappeared!! I’ve been waiting for them to turn up again before posting this article but for some reason they haven’t re-appeared (makes me wonder if marketing deleted the only copy they had of the lightboards… lol).
https://www.theregister.co.uk/2018/04/09/vsphere_6_7_vids_vanish/

 

The Knowledge Journey

The most obvious place to start your knowledge journey is none other than VMware’s own vSphere Blog and Virtual Blocks blog, the best blogs are:
https://blogs.vmware.com/vsphere/2018/04/introducing-vmware-vsphere-6-7.html
https://blogs.vmware.com/vsphere/2018/04/introducing-vcenter-server-6-7.html
https://blogs.vmware.com/virtualblocks/2018/04/17/whats-new-vmware-vsan-6-7/

These were the first blog posts I read to understand what new features were in the latest release, and they’re very good summaries.

As always, Duncan Epping was one of the first to release his articles on “What’s new” and they were very concise articles going over some of the more interesting features:
http://www.yellow-bricks.com/2018/04/17/whats-new-vsan-6-7/
http://www.yellow-bricks.com/2018/04/17/vsphere-6-7-announced/

I then started reading around the other products released as well:
What’s New with SRM and vSphere Replication 8.1 – https://blogs.vmware.com/virtualblocks/2018/04/17/srm-vr-81-whats-new/
What’s New in vRealize Automation 7.4 – https://blogs.vmware.com/management/2018/03/whats-new-vrealize-automation-7-4.html

If you want a deep-dive into all things vSphere/vCenter, then head over to Emad Younis’s blog: http://emadyounis.com.

For a deeper-dive into all things related to security, head over to Mike Foley’s blog: https://www.yelof.com.

All finally, there’s the vSphere Blog: https://blogs.vmware.com/vsphere/launch

 

KB article on Update sequence for vSphere 6.7 and compatible products – https://kb.vmware.com/s/article/53710
KB article on Important information before upgrading to vSphere 6.7 – https://kb.vmware.com/s/article/53704
Blog article on upgrading vCenter Appliance from 6.5 to 6.7 – https://blogs.vmware.com/vsphere/2018/05/upgrading-vcenter-server-appliance-6-5-6-7.html

Note: Upgrades from vCenter Server 6.0 and later to vCenter Server 6.7 is supported. To upgrade from vCenter Server 5.0, 5.1 or 5.5, you must first upgrade the vCenter Server instance to version 6.0 or later releases, and then upgrade to vCenter Server 6.7.

These products are not compatible with vSphere 6.7 at this time:

  • VMware NSX
  • VMware Integrated OpenStack (VIO)
  • VMware vSphere Integrated Containers (VIC)

 

Some YouTube videos:
vSAN 6.7 Technical Overview Video – https://youtu.be/Ss5KWAtGvXo
vSAN 6.7 What’s New Technical – https://youtu.be/YzurWX5m4m8
Faster Host Upgrades to vSphere 6.7 – https://youtu.be/8fqE5zsnkTQ

So here’s a list of all new product releases:

  • vSphere ESXi & vCenter Server 6.7
  • vSAN 6.7
  • vSphere Replication 8.1
  • Site Recovery Manager 8.1
  • vRealize Operations Manager 6.7
  • vRealize Automation 7.4.0
  • vRealize Orchestrator Appliance 7.4.0
  • vRealize Log Insight 4.6.0
  • vRealize Business for Cloud 7.4.0
  • vRealize Suite Lifecycle Manager 1.2
  • vRealize Code Stream 2.4
  • NSX SD-WAN Edge by VeloCloud 3.2.0
  • Horizon 7.4.1 Enterprise

Finally here’s list of all the documentations:

 

It’s worth noting that last week VMware also released vSphere 6.5 update 2 which back-ports a few of the new features in 6.7 into 6.5. For more information point your browsers here: https://blogs.vmware.com/vsphere/2018/05/vsphere-6-5-update-2-now-available.html

Additional updates:

MTI Secure Hyper-Converged Infrastructure Webinar & Guide

Back end of February I presented a webinar with my colleague, Andrew Tang, around Key Challenges and Considerations for Securing Hyper-Converged Infrastructure.

The webinar has been uploaded for public consumption by the marketing team at MTI Technology.

As I mentioned previously in my blog, I don’t really touch upon product in this webinar as the last thing customers want is to be shoehorned into a certain vendor product… instead I hope the webinar gives enough information about what HCI is in general, why customers should be looking at HCI during their next infrastructure refresh, and more importantly what to consider when evaluating a HCI solution!

You can access the webinar recording here: https://mti.com/secure-hci-webinar-page/ (sorry, you have to fill in your details to gain access….)

Marketing has also finally released the HCI guide that both Andrew and myself put together around HCI, feel free to download that here: https://bit.ly/2qMY6qJ

Finally, if you’re interested in talking more about HCI then feel free to contact me or register for one of MTI’s HCI Discovery Workshops: https://bit.ly/2vQO3Gb

Dell EMC VxRail Software Update – Spectre Guest OS leakage mitigation

I posted earlier in the year that Dell EMC had released a Security Advisory to address Spectre (Meltdown doesn’t really affect VMware and hence VxRail).

One of the items that wasn’t addressed in the original fix was Guest OS leakage mitigation between processes within the VM – this required CPU/BIOS microcode updates which were not yet available from Intel.

Those updates were made available from Intel at the beginning of April and it’s taken a while for it to filter through to vSphere and VxRail – the delay is down to VxRail being a fully turn-key appliance which means all software/firmware updates from Dell EMC are fully tested and validated before release.

Updates 4.0.402 and 4.5.152 are now available to download from Dell EMC’s support portal.

Release notes can be found here:
https://support.emc.com/docu80740_VxRail-Appliance-Software-4.0.x-Release-Notes.pdf?language=en_US
https://support.emc.com/docu86659_VxRail-Appliance-Software-4.5.x-Release-Notes.pdf?language=en_US

The accompanying Dell EMC Security Advisory is available here: DSA-2018-074: Dell EMC VxRail Security Update for Multiprocessor Side-Channel Analysis Attacks (Meltdown and Spectre)

VxRail Appliance software 4.0.402 and 4.5.152 contains the Intel microcode fix to complete the resolution of the speculative execution security issues.
VxRail Appliance software 4.0.402 includes fixes for the following security vulnerabilities:

  1. CVE-2017-5753 (Variant 1: bounds check bypass, also known as Spectre) – Complete fix in 4.0.401 and above.
  2. CVE-2017-5715 (Variant 2: branch target injection, also known as Spectre):
    • Mitigates leakage from the hypervisor or guest VMs into a malicious guest VM – Complete fix in 4.0.401 and above.
    • Guest OS leakage mitigation between processes within the VM requires BIOS or CPU microcode update released by Intel and included in this release – Complete fix with either BIOS or CPU microcode update automatically applied through the VxRail 4.0.402 automated software upgrade. No manual BIOS update required for any supported VxRail hardware platforms.
  3. CVE-2017-5754 (Variant 3: rogue data cache load, also known as Meltdown): Does not affect VxRail Appliance.

NOTE: Manual steps are required after the VxRail Appliance software upgrade to 4.0.402 to power cycle the VMs for branch target injection to take effect. More info available within this KB article: https://support.emc.com/kb/519601

Also note that this update does not patch Guest OS!

For more information about Spectre/Meltdown, have a meander to my original posts:
Spectre & Meltdown Vulnerabilities
Spectre & Meltdown Update

vExpert 2018 Award Announcement

So last Thursday/Friday the vExpert slack channel was awash with lots of nervous energy as people were eagerly waiting for the announcement to see if they had been accepted back into the vExpert program for 2018…. Strange, but to me it seemed that everyone was a little bit more nervous this year then previous years!

On a side note – my newly favourited key stroke on Slack is Shift+Esc which clears all unread messages and notifications! =P

What probably didn’t help the nerves was when someone posted up a tweet by Eric Nielsen (who helps run the community alongside Corey Romero) showing that 1366 were accepted into the 2018 vExpert program, 305 were rejected and 183 deferred!!
Definitely made me a bit more nervous when I saw that…. >_<”

I think some people take it for granted that they’ll be re-accepted, I for one am always nervous and never take these things for granted because I see a lot of other people around me who blog a lot more than me or help out in the community a lot more than me.

Nerves were finally settled close to midnight on Friday, just as I was getting ready to go to bed…. an email pinged through with some welcoming words:
vexpert

I’m obviously glad and honoured to be considered part of this amazing group for the 4th year running. =)

The new vExpert portal looks brilliant and the directory has even updated our profiles:
vexpert-profile

For those who don’t know, the VMware vExpert program is VMware’s global evangelism and advocacy program. It’s a select group held in high regards within the VMware community as a bunch of IT professionals who ‘give back’ to the community whether by sharing their VMware knowledge by blogging or by helping within the community forums.

 

As always, much thanks has to go to those in the background who help run the vExpert and VMTN communities…. Eric NielsenCorey Romero and Katie Bradley (to name just a few… apologies if I’ve missed anyone out).

 

Finally well done to all the new and returning vExperts for 2018.

https://blogs.vmware.com/vmtn/2018/03/vexpert-2018-award-announcement.html

 

MTI Secure Hyper-Converged Infrastructure Webinar

So last Thursday I was asked by the marketing peeps at my company, MTI Technology, to run a webinar with my colleague, Andrew Tang, around what Hyper-Converged Infrastructure is all about, why it’s suddenly become so popular within the industry, and how best to secure a HCI solution.

The webinar has now been uploaded for public consumption…. and since it kind of went ok – apart from me suffering from a runny nose throughout (sorry for all the sniffing) – I’ve decided to blog about the webinar for you all to watch.

I don’t really touch upon product in this webinar, as the last thing customers want is to be shoehorned into a certain vendor product… instead I hope the webinar gives enough information about what HCI is in general, why customers should be looking at HCI during their next infrastructure refresh, and more importantly what to consider when evaluating a HCI solution!

Feel free to pop along and access the webinar recording here: https://mti.com/secure-hci-webinar-page/ (sorry, you have to fill in your details to gain access….)

Finally, if you’re interested in talking more about HCI then feel free to contact me or register for one of MTI’s HCI Discovery Workshops: http://bit.ly/2C8vS14

End of General Support for vSphere 5.5 and other Products

So there’s 7 months left from today until vSphere 5.5 and complimentary VMware products go out of General Support. The official EoGS date for vSphere 5.5 is 19th September 2018.

The products going EoGS on that same date are:

  • Site Recovery Manager 5.5/5.8
  • vSAN 5.5
  • vCenter Server 5.5 (including Update Manager 5.5)
  • vSphere Replication 5.5/5.6/5.8
  • vSphere Data Protection 5.5/5.8

When products go End of General Support, this typically means those products stop getting updates/upgrades and patches – including any new security/bug fixes! The only support offered is web based Support Requests for assistance on existing patches and bug fixes. Fortunately any issues with Spectre/Meltdown will still be addressed post Sept 19th as they’re classed as existing security issues (phew).

My suggestion is that you start planning your upgrades to vSphere 6.5 now as typically from experience with my customers, an upgrade project tends to take 2-3 months to plan/design and another month to execute.

There are quite a number of differences with 6.5, and I’ve blogged about it previously here:

There are 2 VMware KBs I recommend people reading before planning an upgrade:

 

Finally the best website to visit to help with any upgrades is VMware’s own Upgrade Center: https://www.vmware.com/products/vsphere/upgrade-center.html