VMworld 2019 US – Day 1 General Session Round Up

So I guess there’s no better time to dust off my keyboard and get back to blogging than talking about VMworld and what was announced during the Day 1 General Session!

This year it’s a bit funny as I’m no longer blogging as an outsider as I now work for VMware…. so without breaking any NDAs I’m just going to talk about what was announced during the keynote!

I’ve been reading a lot of tweets and comments mentioning about how flustered Pat Gelsinger looked on stage during the keynote, but considering all that’s happened within the past week or so you could probably forgive him for not practicing his presentation – especially given he probably had it re-written by marketing a few days ago post the Pivotal and Carbon Black acquisitions!

So first up… VMware Tanzu, a portfolio of products and services to transform the way the world builds, runs and manages software on Kubernetes!
Over the past year or so, VMware has really thrown their weight behind K8, acquiring a number of companies they saw as key to growing the services they could offer around containers. The acquisition of Bitnami and Pivotal now provides a platform to build, package and deploy modern applications on Kubernetes.

But the exciting announcement is what they are planning for vSphere – a re-architecture of vSphere with Kubernetes embedded as its control plane, Project Pacific (Tech Preview)! This is probably the biggest evolution of the ESXi hypervisor in decades (since the transition from VI3 to vSphere)! Now you can run containers and VMs side-by-side which means modern apps can run in containers yet link in to legacy VMs all being managed by the same vSphere client. A Single and Consistent platform for the future! You can read a Technical Overview of Project Pacific here.

The third piece of Tanzu is Tanzu Mission Control, a SaaS solution offering a single pane of glass control platform that gives admins and developers visibility and the ability to manage all their Kubernetes clusters, regardless of where they reside – ensuring that customers gain that consistency and governance by leveraging a policy engine to provision a kubernetes environment.

Next up was a product launch I’ve been following very closely (for obvious reasons) – CloudHealth Hybrid! This new service will extend the same rich cost optimization, governance and security functionality that CloudHealth delivers to public cloud environments, to VMware hybrid cloud environments – namely VMware Cloud on AWS! It’s been something a lot of customers and partners have been asking for since VMware acquired CloudHealth almost a year ago. CloudHealth Hybrid will bring together the functionality of CloudHealth Data Center and the functionality of VMware vRealize Business for Cloud (vRBC) and Cost Insight into a single standalone SaaS offering. CloudHealth Hybrid will provide a single platform with visibility into cost, usage, and performance of all hybrid cloud resources – and we’re looking at a GA in Q3!

Last up was the expansion of VMware’s Hybrid Cloud solutions…. if you haven’t already realised, it’s all about Hybrid Cloud these days! =P

  • VMware Cloud Foundation is the key building block for the hybrid cloud, providing the full SDDC on AWS, Azure, Google, IBM Cloud and numerous other cloud partners.
  • VMware Cloud on Dell EMC was announced as GA – deploying vCF on Dell EMC VxRail (my favourite HCI solution!!) – in fact my last blog was about DTW and I wrote a bit about it already (so go read that post)…
  • VMware Cloud on AWS got new HCX capabilities – enabling push-button migration and interconnectivity between VMware Cloud on AWS SDDCs running in different AWS Regions and new Elastic vSAN support further improves storage scaling.
  • We got new versions of vRealize Operations and vRealize Automation (vROps 8.0 and vRA 8.0) giving customers self-driving operations and hybrid cloud automation.

To round it all up, we heard about Digital Employee Experience and some new features in Workspace One to help put the employee at the heart of everything a business does. As well as a short message about how VMware + Carbon Black + Ecosystem = Better Together… VMware’s Intrinsic Security! (Workload Security – vSphere + Carbon Black, Workspace Security – Workspace One + Carbon Black, Network Threat Security – NSX + Carbon Black, Cloud Security – Secure State + Carbon Black)

Roll on Day 2…..

Advertisements

DTW 2019 – VMware, Dell EMC, Microsoft!!

Wow… what an announcement at Dell Technologies World in Vegas yesterday!!!

In fact I’m so excited by the announcement that I’ve broken my blog silence!! On that subject first – one the hardest things I’m doing at the moment is juggling my new job alongside my new baby. I told my boss recently that it feels like I currently have 2 jobs and 2 managers – the daytime one and the evening one! =D

The new job at CloudHealth is fantastic, but there’s such a steep onboarding (90 day plan) that I’m spending my working hours reading documents and doing training (even on my commute to work)… then when I go home I’m busy dealing with both my kids. My weekends are pretty much dedicated to family and I’ve really not had much time to sit down and write my final two “Big Bets” blog pieces… >_<”

 

So where to start, well the obvious place is the unveiling of a new platform call Dell Technologies Cloud, basically a new set of cloud infrastructure solutions to make cloud environments simpler to deploy and manage – a consistent infrastructure and operating model for both hybrid and public cloud.
It’s a comprehensive vision for cloud – “From the data centre, to the edge, to the cloud!” – across the whole Dell Technologies family!

There are basically two ways to consume this new platform, the traditional “purchased CapEx solution” and the cloud-like “subscription-based OpEx pricing”.
Both consumption models are based on VxRail HyperConverged Infrastructure pre-loaded with VMware Cloud Foundation software.
The traditional purchased solution is aimed for private cloud solutions using the recently announced vCF + VxRail VMware Validated Design (VVD).

The new Dell Technologies Cloud Data Center-as-a-Service offering – VMware Cloud on Dell EMC – will provide simple, more secure and scalable infrastructure delivered as-a-service to customer’s on-premises data centre and edge locations. This is the first productisation of what was announced at VMworld 2018 as “Project Dimension.”
This Dell Technologies Cloud offering enables organisations to consume infrastructure, like a public cloud service, allowing IT organisations to eliminate the need for basic tasks, such as infrastructure management, troubleshooting and maintenance, with subscription-based pricing. It will be a fully managed service by VMware.

More info available on their press-releases:
https://corporate.delltechnologies.com/en-us/newsroom/delltechnologies-cloud-accelerates-customers-multi-cloud-journey.htm
https://www.vmware.com/company/news/releases/vmw-newsfeed.VMware-Transforms-Data-Center-and-Edge-Infrastructure-with-VMware-Cloud-on-Dell-EMC.1811531.html
The other exciting announcement was the partnership between VMware, Microsoft and Dell EMC. Through this collaboration, Microsoft will offer a fully supported and certified VMware cloud infrastructure service on Microsoft Azure!
The service will be delivered through VMware Cloud Verified partners, Virtustream and CloudSimple, and will be called Azure VMware Solutions. It will be built on VMware Cloud Foundation and deployed in Azure along with an integrated set of Azure services.
This is exciting news as now you can consume VMware infrastructure and operations on both AWS and Azure public cloud…. The top two pubic cloud players who dominate the enterprise market!
I’m just waiting for a demo to appear where you can vMotion from your on-prem vSphere environment onto VMware Cloud on AWS and then onto Azure VMware Solutions!!
This really is bringing the whole VMware vision of “Any Application, Any Device, Any Cloud” into reality….
Super stoked to see what CloudHealth have in store to help manage this new “Multi-cloud VMware world!”

More info available in the press-releases:
https://www.vmware.com/company/news/releases/vmw-newsfeed.Dell-Technologies-and-Microsoft-Expand-Partnership-to-Help-Customers-Accelerate-Their-Digital-Transformation.1811530.html
https://blogs.microsoft.com/blog/2019/04/29/dell-technologies-and-microsoft-expand-partnership-with-new-vmware-solutions/

BTW, there was also other announcements (which I don’t have time to write about):

  • Dell Technologies Unified Workspace, which integrates solutions across Dell devices and services, VMware Workspace ONE and Secureworks – pretty much an evolution of Dell EMC’s VDI Complete solution now encompassing Secureworks.
  • Integration of Workspace ONE and Office365 – so many organisations are already on that Microsoft 365 journey and customers will now be able to use Workspace ONE to manage and secure Office 365 across devices via integration with Microsoft Intune and Azure Active Directory Premium as part of the Microsoft Enterprise Mobility + Security suite.
  • Support of Windows Virtual Desktop in VMware Horizon Cloud on Microsoft Azure – delivering a multi-session Windows 10 experience in the cloud, optimizations for Office 365 ProPlus, and support for Windows Server Remote Desktop Services (RDS) desktops and apps.

 

Intel L1 Terminal Fault Vulnerabilities – VxRail fix

So Dell EMC have finally released an update to VxRail that fixes the Intel vulnerability which Intel disclosed last month…. Software version 4.0.520 and 4.5.218….

I know a lot of customers have been asking why it’s taken so long, but they have to understand that the VxRail is a turnkey appliance which means Dell EMC and VMware do a whole bunch of testing and validation to ensure any patches/upgrades do not impact the end-user. VxRail’s update process is fully automated and the validation ensures that end-users can be reassured that when they upload the update file and hit ‘install’ that they will go from one good known state to another!

Anyways…..

VxRail Appliance software 4.0.520 contains vSphere 6.0 Express Patch 15 / Upgrade
3h which addresses the L1 Terminal Fault vulnerability.

VxRail 4.5.218 contains vSphere 6.5 EP8/U2c which addresses the L1 Terminal Fault vulnerability.

Refer to VMware KB reference 55636 for a centralized source of information. A high-level introduction follows:

  • CVE-2018-3646 (L1 Terminal Fault – VMM), requires Hypervisor-Specific Mitigations for hosts running on Intel hardware.
    • Sequential-Context attack vector: mitigated through a vSphere update process including vCenter and ESXi. Mitigation enabled by default and does not impose a significant performance impact.
    • Concurrent-context attack vector: mitigated by enabling a new advanced configuration option hyperthreading Mitigation included in the update. This option also known as the ESXi Side-Channel-Aware Scheduler. The initial version of this feature will only schedule the hypervisor and VMs on one logical process of an Intel Hyperthreading-enabled core. This feature may impose a non-trivial performance impact and is not enabled by default. Please take time to analyze your environment’s capacity prior to enabling the mitigation.
    • For technical details please see VMware KB reference 55806.
  • CVE-2018-3620 (L1 Terminal Fault – OS)
    • Local privilege escalation, requires Operating System-Specific Mitigations. vCSA (and PSC) 6.x are impacted, workaround is available.
    • For technical details please see VMware Security Bulletin VMSA-2018-0021, VMware KB reference 55807 and 52312.
  • CVE-2018-3615 (L1 Terminal Fault – SGX)
    • Does not affect VxRail and VMware products. See VMware KB reference 54913.

 

Upgrades should be available to download and run…. Alternatively speak to your Dell EMC representative (or contact me or my company: MTI)

MTI Secure Hyper-Converged Infrastructure Webinar & Guide

Back end of February I presented a webinar with my colleague, Andrew Tang, around Key Challenges and Considerations for Securing Hyper-Converged Infrastructure.

The webinar has been uploaded for public consumption by the marketing team at MTI Technology.

As I mentioned previously in my blog, I don’t really touch upon product in this webinar as the last thing customers want is to be shoehorned into a certain vendor product… instead I hope the webinar gives enough information about what HCI is in general, why customers should be looking at HCI during their next infrastructure refresh, and more importantly what to consider when evaluating a HCI solution!

You can access the webinar recording here: https://mti.com/secure-hci-webinar-page/ (sorry, you have to fill in your details to gain access….)

Marketing has also finally released the HCI guide that both Andrew and myself put together around HCI, feel free to download that here: https://bit.ly/2qMY6qJ

Finally, if you’re interested in talking more about HCI then feel free to contact me or register for one of MTI’s HCI Discovery Workshops: https://bit.ly/2vQO3Gb

Dell EMC VxRail Software Update – Spectre Guest OS leakage mitigation

I posted earlier in the year that Dell EMC had released a Security Advisory to address Spectre (Meltdown doesn’t really affect VMware and hence VxRail).

One of the items that wasn’t addressed in the original fix was Guest OS leakage mitigation between processes within the VM – this required CPU/BIOS microcode updates which were not yet available from Intel.

Those updates were made available from Intel at the beginning of April and it’s taken a while for it to filter through to vSphere and VxRail – the delay is down to VxRail being a fully turn-key appliance which means all software/firmware updates from Dell EMC are fully tested and validated before release.

Updates 4.0.402 and 4.5.152 are now available to download from Dell EMC’s support portal.

Release notes can be found here:
https://support.emc.com/docu80740_VxRail-Appliance-Software-4.0.x-Release-Notes.pdf?language=en_US
https://support.emc.com/docu86659_VxRail-Appliance-Software-4.5.x-Release-Notes.pdf?language=en_US

The accompanying Dell EMC Security Advisory is available here: DSA-2018-074: Dell EMC VxRail Security Update for Multiprocessor Side-Channel Analysis Attacks (Meltdown and Spectre)

VxRail Appliance software 4.0.402 and 4.5.152 contains the Intel microcode fix to complete the resolution of the speculative execution security issues.
VxRail Appliance software 4.0.402 includes fixes for the following security vulnerabilities:

  1. CVE-2017-5753 (Variant 1: bounds check bypass, also known as Spectre) – Complete fix in 4.0.401 and above.
  2. CVE-2017-5715 (Variant 2: branch target injection, also known as Spectre):
    • Mitigates leakage from the hypervisor or guest VMs into a malicious guest VM – Complete fix in 4.0.401 and above.
    • Guest OS leakage mitigation between processes within the VM requires BIOS or CPU microcode update released by Intel and included in this release – Complete fix with either BIOS or CPU microcode update automatically applied through the VxRail 4.0.402 automated software upgrade. No manual BIOS update required for any supported VxRail hardware platforms.
  3. CVE-2017-5754 (Variant 3: rogue data cache load, also known as Meltdown): Does not affect VxRail Appliance.

NOTE: Manual steps are required after the VxRail Appliance software upgrade to 4.0.402 to power cycle the VMs for branch target injection to take effect. More info available within this KB article: https://support.emc.com/kb/519601

Also note that this update does not patch Guest OS!

For more information about Spectre/Meltdown, have a meander to my original posts:
Spectre & Meltdown Vulnerabilities
Spectre & Meltdown Update

MTI Secure Hyper-Converged Infrastructure Webinar

So last Thursday I was asked by the marketing peeps at my company, MTI Technology, to run a webinar with my colleague, Andrew Tang, around what Hyper-Converged Infrastructure is all about, why it’s suddenly become so popular within the industry, and how best to secure a HCI solution.

The webinar has now been uploaded for public consumption…. and since it kind of went ok – apart from me suffering from a runny nose throughout (sorry for all the sniffing) – I’ve decided to blog about the webinar for you all to watch.

I don’t really touch upon product in this webinar, as the last thing customers want is to be shoehorned into a certain vendor product… instead I hope the webinar gives enough information about what HCI is in general, why customers should be looking at HCI during their next infrastructure refresh, and more importantly what to consider when evaluating a HCI solution!

Feel free to pop along and access the webinar recording here: https://mti.com/secure-hci-webinar-page/ (sorry, you have to fill in your details to gain access….)

Finally, if you’re interested in talking more about HCI then feel free to contact me or register for one of MTI’s HCI Discovery Workshops: http://bit.ly/2C8vS14

Dell EMC updates VxRail software to address Spectre

So Dell EMC have finally released the patches for their VxRail appliances, I know many of my customers were asking about these patches – in a way it’s good it was slightly delayed given how many normal VMware customers experienced issues when patching and how one patch was pulled by VMware!

The good thing about VxRail is that any software patches or updates released have been tried and tested by the Dell EMC CPSD engineering team, so they should be ready for roll out with minimum disruption!

Updates 4.0.401 and 4.5.150 are now available to download from Dell EMC’s support portal.

Release notes can be found here:
https://support.emc.com/docu80740_VxRail-Appliance-Software-4.0.x-Release-Notes.pdf?language=en_US
https://support.emc.com/docu86659_VxRail-Appliance-Software-4.5.x-Release-Notes.pdf?language=en_US

It’s worth noting that at present this patch only contains 2 of the 3 required fixes for Intel to address the Speculative Execution vulnerability (Spectre – Meltdown doesn’t really affect VMware and hence VxRail). The 3rd fix has not yet been released by Intel and Dell EMC basically decided they couldn’t wait any longer as Intel drag their heels!