VMworld 2019 US – Day 1 General Session Round Up

So I guess there’s no better time to dust off my keyboard and get back to blogging than talking about VMworld and what was announced during the Day 1 General Session!

This year it’s a bit funny as I’m no longer blogging as an outsider as I now work for VMware…. so without breaking any NDAs I’m just going to talk about what was announced during the keynote!

I’ve been reading a lot of tweets and comments mentioning about how flustered Pat Gelsinger looked on stage during the keynote, but considering all that’s happened within the past week or so you could probably forgive him for not practicing his presentation – especially given he probably had it re-written by marketing a few days ago post the Pivotal and Carbon Black acquisitions!

So first up… VMware Tanzu, a portfolio of products and services to transform the way the world builds, runs and manages software on Kubernetes!
Over the past year or so, VMware has really thrown their weight behind K8, acquiring a number of companies they saw as key to growing the services they could offer around containers. The acquisition of Bitnami and Pivotal now provides a platform to build, package and deploy modern applications on Kubernetes.

But the exciting announcement is what they are planning for vSphere – a re-architecture of vSphere with Kubernetes embedded as its control plane, Project Pacific (Tech Preview)! This is probably the biggest evolution of the ESXi hypervisor in decades (since the transition from VI3 to vSphere)! Now you can run containers and VMs side-by-side which means modern apps can run in containers yet link in to legacy VMs all being managed by the same vSphere client. A Single and Consistent platform for the future! You can read a Technical Overview of Project Pacific here.

The third piece of Tanzu is Tanzu Mission Control, a SaaS solution offering a single pane of glass control platform that gives admins and developers visibility and the ability to manage all their Kubernetes clusters, regardless of where they reside – ensuring that customers gain that consistency and governance by leveraging a policy engine to provision a kubernetes environment.

Next up was a product launch I’ve been following very closely (for obvious reasons) – CloudHealth Hybrid! This new service will extend the same rich cost optimization, governance and security functionality that CloudHealth delivers to public cloud environments, to VMware hybrid cloud environments – namely VMware Cloud on AWS! It’s been something a lot of customers and partners have been asking for since VMware acquired CloudHealth almost a year ago. CloudHealth Hybrid will bring together the functionality of CloudHealth Data Center and the functionality of VMware vRealize Business for Cloud (vRBC) and Cost Insight into a single standalone SaaS offering. CloudHealth Hybrid will provide a single platform with visibility into cost, usage, and performance of all hybrid cloud resources – and we’re looking at a GA in Q3!

Last up was the expansion of VMware’s Hybrid Cloud solutions…. if you haven’t already realised, it’s all about Hybrid Cloud these days! =P

  • VMware Cloud Foundation is the key building block for the hybrid cloud, providing the full SDDC on AWS, Azure, Google, IBM Cloud and numerous other cloud partners.
  • VMware Cloud on Dell EMC was announced as GA – deploying vCF on Dell EMC VxRail (my favourite HCI solution!!) – in fact my last blog was about DTW and I wrote a bit about it already (so go read that post)…
  • VMware Cloud on AWS got new HCX capabilities – enabling push-button migration and interconnectivity between VMware Cloud on AWS SDDCs running in different AWS Regions and new Elastic vSAN support further improves storage scaling.
  • We got new versions of vRealize Operations and vRealize Automation (vROps 8.0 and vRA 8.0) giving customers self-driving operations and hybrid cloud automation.

To round it all up, we heard about Digital Employee Experience and some new features in Workspace One to help put the employee at the heart of everything a business does. As well as a short message about how VMware + Carbon Black + Ecosystem = Better Together… VMware’s Intrinsic Security! (Workload Security – vSphere + Carbon Black, Workspace Security – Workspace One + Carbon Black, Network Threat Security – NSX + Carbon Black, Cloud Security – Secure State + Carbon Black)

Roll on Day 2…..

Advertisements

My Big Bets for 2019 – Intro

Over the Christmas period I started to plan out what I wanted to blog about at the start of 2019. I realised during my vExpert application (damn, it’s so much more stringent now!!) that I haven’t blogged as much as I used to – and that’s mainly because I didn’t want to just post meaningless blogs about how to install/configure the next iteration of vSphere or vSAN. I find there’s been a huge uptake in new bloggers just posting how to “install, configure, manage” certain VMware products and I really didn’t want to take my blog back down that path… especially since it’s very easy to just google “how to install/configure vSAN” – not to mention that VMware have now made the installations so damn easy that my 8 year old nephew could do it!! (Which kind of makes me wonder why people would want to blog about it?!?)

I decided that I wanted to take my blog in a different direction and make it more ‘advisory’ by posting my thoughts on VMware’s vision, what products are new to the market and their benefits, what are they being used for, etc. At the start of the new year I was planning on writing a blog article about products I see taking off in 2019, but due to other events that occurred in my life (like getting made redundant) my blog got put on the back burner for a while.

Now that I have a bit more time on my hands (being freshly unemployed) I’ve decided to resurrect the idea and expand it into several posts.

I decided to look over the VMware portfolio and pick out products that I think are going to make big waves in 2019 – much like how vSAN and HCI did in 2018.

So without further ado….. My Three Big Bets for 2019 are:

  1. CloudHealth
  2. VMware Cloud Foundation
  3. VMware Cloud on AWS

Why have I chosen these 3 products? Well if you look at the general market and what businesses are exploring, there’s a big sense of urgency to do something in the ‘cloud’… but many businesses have failed to execute their cloud strategy due to the problems they encounter with migrating over workloads and managing their public cloud alongside their existing on-premise infrastructure. These 3 products in my opinion now form the vision VMware has with regards to hybrid cloud… a public cloud platform, a private cloud platform, all built on the same software stack giving consistent infrastructure and now with a cloud management tool that provides consistent operations across multiple clouds!

Over the next couple of weeks (or depending on how quickly I can write the articles given my wife has a long list of chores for me to do) I’ll be blogging about each solution, what it’s used for and why I believe it will succeed in 2019.

Stay tuned! =)

vSphere-Land Top vBlog 2018

Once again vSphere-Land are running their Top vBlogs for 2018….

http://vsphere-land.com/uncategorized/introducing-top-vblog-2018.html

This is where the general public can vote for their favourite vBlog of 2018!

I’m again listed, so if you feel that what I write isn’t a pile of crud and you fine some of the stuff interesting, then feel free to vote away…

I think I ranked 177 last year, although if I’m honest there are so many good blogs out there that I think I’ll end up outside the top 200 this year!

Still surprised that there are some great blogs missing (to name a few):

  • Emad Younis, who writes so much good stuff on vCSA and now more recently on VMware Cloud on AWS!
  • Chanaka Ekanayake, great blogger from a VMware partner.
  • My good friends at vMusketeers who write on a variety of VMware content!
  • Mike Foley, a blog site I’ve used a lot this year with regards to security on vSphere.
  • Paul Wynne, great guy from Dell EMC who loves VxRail & vSAN as much as I do!!

 

Anyways, head over to vSphere-Land and give out some love to the community!

VMware vExpert vSAN 2018 Announced

Phew…. *sigh of relief* ….. thankfully this year I’ve made the cut again for the vExpert vSAN track! =)

Almost didn’t make it as I was on holiday during the application process and missed the original deadline. Thankfully the application was still live so I sneaked in an application and sent my apologies to the vExpert admin team.

Anyways, congrats to all returning vExpert vSAN members and welcome to all new members joining for the 1st time!

https://blogs.vmware.com/vmtn/2018/06/vexpert-vsan-2018-announcement.html

Let’s keep evangelising about vSAN and drive that customer demand…… as VMware announced recently, there are now over 14,000 vSAN and VxRail customers (as of the end of Q1)! That’s impressive for a product that was only launched in 2014!

I’m a big big advocate of VxRail and love talking about the HCI solution to my customers… I’m also proud that MTI are one of the leading partners in the UK for VxRail (and also one of the very first partners to sell/deploy VxRail when it launched)!

VMware vSphere 6.7 & 6.5 update 2 – Resources

Just over a fortnight ago VMware released their latest version of vSphere and vSAN – 6.7…. unfortunately for me, I was neck-deep in a tender response and was in Paris for a number of days for a meeting – so spent most of my travels looking at a small mobile phone screen trying to read up on what’s new… (mental note: time for a new phone with a bigger screen – must be getting old as my eyesight isn’t as good as it was).

When I finally got back online and started thinking about what to write about, I realised that the net was already inundated with bloggers writing about “What’s new in vSphere 6.7”. I quickly realised that I didn’t just want to regurgitate the same thing as a lot of the ‘newer’ bloggers were doing, so I decided to spend some time pulling together all the good resources that I have read over the last few weeks and write a blog about where people should go to learn about vSphere/vCenter and vSAN 6.7.

Note: This blog article has actually been in draft mode for 2 weeks as I’ve been waiting for the vSphere 6.7 lightboards to be re-released by VMware marketing – if you didn’t already know, it was posted onto VMware’s YouTube channel a week before launch and then quickly disappeared!! I’ve been waiting for them to turn up again before posting this article but for some reason they haven’t re-appeared (makes me wonder if marketing deleted the only copy they had of the lightboards… lol).
https://www.theregister.co.uk/2018/04/09/vsphere_6_7_vids_vanish/

 

The Knowledge Journey

The most obvious place to start your knowledge journey is none other than VMware’s own vSphere Blog and Virtual Blocks blog, the best blogs are:
https://blogs.vmware.com/vsphere/2018/04/introducing-vmware-vsphere-6-7.html
https://blogs.vmware.com/vsphere/2018/04/introducing-vcenter-server-6-7.html
https://blogs.vmware.com/virtualblocks/2018/04/17/whats-new-vmware-vsan-6-7/

These were the first blog posts I read to understand what new features were in the latest release, and they’re very good summaries.

As always, Duncan Epping was one of the first to release his articles on “What’s new” and they were very concise articles going over some of the more interesting features:
http://www.yellow-bricks.com/2018/04/17/whats-new-vsan-6-7/
http://www.yellow-bricks.com/2018/04/17/vsphere-6-7-announced/

I then started reading around the other products released as well:
What’s New with SRM and vSphere Replication 8.1 – https://blogs.vmware.com/virtualblocks/2018/04/17/srm-vr-81-whats-new/
What’s New in vRealize Automation 7.4 – https://blogs.vmware.com/management/2018/03/whats-new-vrealize-automation-7-4.html

If you want a deep-dive into all things vSphere/vCenter, then head over to Emad Younis’s blog: http://emadyounis.com.

For a deeper-dive into all things related to security, head over to Mike Foley’s blog: https://www.yelof.com.

All finally, there’s the vSphere Blog: https://blogs.vmware.com/vsphere/launch

 

KB article on Update sequence for vSphere 6.7 and compatible products – https://kb.vmware.com/s/article/53710
KB article on Important information before upgrading to vSphere 6.7 – https://kb.vmware.com/s/article/53704
Blog article on upgrading vCenter Appliance from 6.5 to 6.7 – https://blogs.vmware.com/vsphere/2018/05/upgrading-vcenter-server-appliance-6-5-6-7.html

Note: Upgrades from vCenter Server 6.0 and later to vCenter Server 6.7 is supported. To upgrade from vCenter Server 5.0, 5.1 or 5.5, you must first upgrade the vCenter Server instance to version 6.0 or later releases, and then upgrade to vCenter Server 6.7.

These products are not compatible with vSphere 6.7 at this time:

  • VMware NSX
  • VMware Integrated OpenStack (VIO)
  • VMware vSphere Integrated Containers (VIC)

 

Some YouTube videos:
vSAN 6.7 Technical Overview Video – https://youtu.be/Ss5KWAtGvXo
vSAN 6.7 What’s New Technical – https://youtu.be/YzurWX5m4m8
Faster Host Upgrades to vSphere 6.7 – https://youtu.be/8fqE5zsnkTQ

So here’s a list of all new product releases:

  • vSphere ESXi & vCenter Server 6.7
  • vSAN 6.7
  • vSphere Replication 8.1
  • Site Recovery Manager 8.1
  • vRealize Operations Manager 6.7
  • vRealize Automation 7.4.0
  • vRealize Orchestrator Appliance 7.4.0
  • vRealize Log Insight 4.6.0
  • vRealize Business for Cloud 7.4.0
  • vRealize Suite Lifecycle Manager 1.2
  • vRealize Code Stream 2.4
  • NSX SD-WAN Edge by VeloCloud 3.2.0
  • Horizon 7.4.1 Enterprise

Finally here’s list of all the documentations:

 

It’s worth noting that last week VMware also released vSphere 6.5 update 2 which back-ports a few of the new features in 6.7 into 6.5. For more information point your browsers here: https://blogs.vmware.com/vsphere/2018/05/vsphere-6-5-update-2-now-available.html

Additional updates:

MTI Secure Hyper-Converged Infrastructure Webinar & Guide

Back end of February I presented a webinar with my colleague, Andrew Tang, around Key Challenges and Considerations for Securing Hyper-Converged Infrastructure.

The webinar has been uploaded for public consumption by the marketing team at MTI Technology.

As I mentioned previously in my blog, I don’t really touch upon product in this webinar as the last thing customers want is to be shoehorned into a certain vendor product… instead I hope the webinar gives enough information about what HCI is in general, why customers should be looking at HCI during their next infrastructure refresh, and more importantly what to consider when evaluating a HCI solution!

You can access the webinar recording here: https://mti.com/secure-hci-webinar-page/ (sorry, you have to fill in your details to gain access….)

Marketing has also finally released the HCI guide that both Andrew and myself put together around HCI, feel free to download that here: https://bit.ly/2qMY6qJ

Finally, if you’re interested in talking more about HCI then feel free to contact me or register for one of MTI’s HCI Discovery Workshops: https://bit.ly/2vQO3Gb

Dell EMC VxRail Software Update – Spectre Guest OS leakage mitigation

I posted earlier in the year that Dell EMC had released a Security Advisory to address Spectre (Meltdown doesn’t really affect VMware and hence VxRail).

One of the items that wasn’t addressed in the original fix was Guest OS leakage mitigation between processes within the VM – this required CPU/BIOS microcode updates which were not yet available from Intel.

Those updates were made available from Intel at the beginning of April and it’s taken a while for it to filter through to vSphere and VxRail – the delay is down to VxRail being a fully turn-key appliance which means all software/firmware updates from Dell EMC are fully tested and validated before release.

Updates 4.0.402 and 4.5.152 are now available to download from Dell EMC’s support portal.

Release notes can be found here:
https://support.emc.com/docu80740_VxRail-Appliance-Software-4.0.x-Release-Notes.pdf?language=en_US
https://support.emc.com/docu86659_VxRail-Appliance-Software-4.5.x-Release-Notes.pdf?language=en_US

The accompanying Dell EMC Security Advisory is available here: DSA-2018-074: Dell EMC VxRail Security Update for Multiprocessor Side-Channel Analysis Attacks (Meltdown and Spectre)

VxRail Appliance software 4.0.402 and 4.5.152 contains the Intel microcode fix to complete the resolution of the speculative execution security issues.
VxRail Appliance software 4.0.402 includes fixes for the following security vulnerabilities:

  1. CVE-2017-5753 (Variant 1: bounds check bypass, also known as Spectre) – Complete fix in 4.0.401 and above.
  2. CVE-2017-5715 (Variant 2: branch target injection, also known as Spectre):
    • Mitigates leakage from the hypervisor or guest VMs into a malicious guest VM – Complete fix in 4.0.401 and above.
    • Guest OS leakage mitigation between processes within the VM requires BIOS or CPU microcode update released by Intel and included in this release – Complete fix with either BIOS or CPU microcode update automatically applied through the VxRail 4.0.402 automated software upgrade. No manual BIOS update required for any supported VxRail hardware platforms.
  3. CVE-2017-5754 (Variant 3: rogue data cache load, also known as Meltdown): Does not affect VxRail Appliance.

NOTE: Manual steps are required after the VxRail Appliance software upgrade to 4.0.402 to power cycle the VMs for branch target injection to take effect. More info available within this KB article: https://support.emc.com/kb/519601

Also note that this update does not patch Guest OS!

For more information about Spectre/Meltdown, have a meander to my original posts:
Spectre & Meltdown Vulnerabilities
Spectre & Meltdown Update

vExpert 2018 Award Announcement

So last Thursday/Friday the vExpert slack channel was awash with lots of nervous energy as people were eagerly waiting for the announcement to see if they had been accepted back into the vExpert program for 2018…. Strange, but to me it seemed that everyone was a little bit more nervous this year then previous years!

On a side note – my newly favourited key stroke on Slack is Shift+Esc which clears all unread messages and notifications! =P

What probably didn’t help the nerves was when someone posted up a tweet by Eric Nielsen (who helps run the community alongside Corey Romero) showing that 1366 were accepted into the 2018 vExpert program, 305 were rejected and 183 deferred!!
Definitely made me a bit more nervous when I saw that…. >_<”

I think some people take it for granted that they’ll be re-accepted, I for one am always nervous and never take these things for granted because I see a lot of other people around me who blog a lot more than me or help out in the community a lot more than me.

Nerves were finally settled close to midnight on Friday, just as I was getting ready to go to bed…. an email pinged through with some welcoming words:
vexpert

I’m obviously glad and honoured to be considered part of this amazing group for the 4th year running. =)

The new vExpert portal looks brilliant and the directory has even updated our profiles:
vexpert-profile

For those who don’t know, the VMware vExpert program is VMware’s global evangelism and advocacy program. It’s a select group held in high regards within the VMware community as a bunch of IT professionals who ‘give back’ to the community whether by sharing their VMware knowledge by blogging or by helping within the community forums.

 

As always, much thanks has to go to those in the background who help run the vExpert and VMTN communities…. Eric NielsenCorey Romero and Katie Bradley (to name just a few… apologies if I’ve missed anyone out).

 

Finally well done to all the new and returning vExperts for 2018.

https://blogs.vmware.com/vmtn/2018/03/vexpert-2018-award-announcement.html

 

MTI Secure Hyper-Converged Infrastructure Webinar

So last Thursday I was asked by the marketing peeps at my company, MTI Technology, to run a webinar with my colleague, Andrew Tang, around what Hyper-Converged Infrastructure is all about, why it’s suddenly become so popular within the industry, and how best to secure a HCI solution.

The webinar has now been uploaded for public consumption…. and since it kind of went ok – apart from me suffering from a runny nose throughout (sorry for all the sniffing) – I’ve decided to blog about the webinar for you all to watch.

I don’t really touch upon product in this webinar, as the last thing customers want is to be shoehorned into a certain vendor product… instead I hope the webinar gives enough information about what HCI is in general, why customers should be looking at HCI during their next infrastructure refresh, and more importantly what to consider when evaluating a HCI solution!

Feel free to pop along and access the webinar recording here: https://mti.com/secure-hci-webinar-page/ (sorry, you have to fill in your details to gain access….)

Finally, if you’re interested in talking more about HCI then feel free to contact me or register for one of MTI’s HCI Discovery Workshops: http://bit.ly/2C8vS14

Spectre & Meltdown Update

So it seems that the microcode patches released by VMware associated with their recent Security Advisory (VMSA-2018-0004) have been pulled….
https://kb.vmware.com/s/article/52345
So that’s ESXi650-201801402-BG, ESXi600-201801402-BG, or ESXi550-201801401-BG.

The microcode patch provided by Intel was buggy and there seems to be issues when VMs access the new speculative execution control mechanism (Haswell & Broadwell processors). However, I can’t seem to find much around what these issues are…

For the time being, if you haven’t applied one of those microcode patches, VMware recommends not doing so and to apply the patches listed in VMSA-2018-0002 instead.

If you have applied the latest patches you will have to edit the config files of each ESXi host and add in a line that hides the new speculative execution control mechanism and reboot the VMs on that host. Detailed information can be found in the KB above.

 

Finally William Lam has created a very handy PowerCLI script that will help provide information about your existing vSphere environment and help identify whether you have hosts that are impacted by Spectre and this new Intel Sighting issue: https://www.virtuallyghetto.com/2018/01/verify-hypervisor-assisted-guest-mitigation-spectre-patches-using-powercli.html