VMworld 2019 US – Day 1 General Session Round Up

So I guess there’s no better time to dust off my keyboard and get back to blogging than talking about VMworld and what was announced during the Day 1 General Session!

This year it’s a bit funny as I’m no longer blogging as an outsider as I now work for VMware…. so without breaking any NDAs I’m just going to talk about what was announced during the keynote!

I’ve been reading a lot of tweets and comments mentioning about how flustered Pat Gelsinger looked on stage during the keynote, but considering all that’s happened within the past week or so you could probably forgive him for not practicing his presentation – especially given he probably had it re-written by marketing a few days ago post the Pivotal and Carbon Black acquisitions!

So first up… VMware Tanzu, a portfolio of products and services to transform the way the world builds, runs and manages software on Kubernetes!
Over the past year or so, VMware has really thrown their weight behind K8, acquiring a number of companies they saw as key to growing the services they could offer around containers. The acquisition of Bitnami and Pivotal now provides a platform to build, package and deploy modern applications on Kubernetes.

But the exciting announcement is what they are planning for vSphere – a re-architecture of vSphere with Kubernetes embedded as its control plane, Project Pacific (Tech Preview)! This is probably the biggest evolution of the ESXi hypervisor in decades (since the transition from VI3 to vSphere)! Now you can run containers and VMs side-by-side which means modern apps can run in containers yet link in to legacy VMs all being managed by the same vSphere client. A Single and Consistent platform for the future! You can read a Technical Overview of Project Pacific here.

The third piece of Tanzu is Tanzu Mission Control, a SaaS solution offering a single pane of glass control platform that gives admins and developers visibility and the ability to manage all their Kubernetes clusters, regardless of where they reside – ensuring that customers gain that consistency and governance by leveraging a policy engine to provision a kubernetes environment.

Next up was a product launch I’ve been following very closely (for obvious reasons) – CloudHealth Hybrid! This new service will extend the same rich cost optimization, governance and security functionality that CloudHealth delivers to public cloud environments, to VMware hybrid cloud environments – namely VMware Cloud on AWS! It’s been something a lot of customers and partners have been asking for since VMware acquired CloudHealth almost a year ago. CloudHealth Hybrid will bring together the functionality of CloudHealth Data Center and the functionality of VMware vRealize Business for Cloud (vRBC) and Cost Insight into a single standalone SaaS offering. CloudHealth Hybrid will provide a single platform with visibility into cost, usage, and performance of all hybrid cloud resources – and we’re looking at a GA in Q3!

Last up was the expansion of VMware’s Hybrid Cloud solutions…. if you haven’t already realised, it’s all about Hybrid Cloud these days! =P

  • VMware Cloud Foundation is the key building block for the hybrid cloud, providing the full SDDC on AWS, Azure, Google, IBM Cloud and numerous other cloud partners.
  • VMware Cloud on Dell EMC was announced as GA – deploying vCF on Dell EMC VxRail (my favourite HCI solution!!) – in fact my last blog was about DTW and I wrote a bit about it already (so go read that post)…
  • VMware Cloud on AWS got new HCX capabilities – enabling push-button migration and interconnectivity between VMware Cloud on AWS SDDCs running in different AWS Regions and new Elastic vSAN support further improves storage scaling.
  • We got new versions of vRealize Operations and vRealize Automation (vROps 8.0 and vRA 8.0) giving customers self-driving operations and hybrid cloud automation.

To round it all up, we heard about Digital Employee Experience and some new features in Workspace One to help put the employee at the heart of everything a business does. As well as a short message about how VMware + Carbon Black + Ecosystem = Better Together… VMware’s Intrinsic Security! (Workload Security – vSphere + Carbon Black, Workspace Security – Workspace One + Carbon Black, Network Threat Security – NSX + Carbon Black, Cloud Security – Secure State + Carbon Black)

Roll on Day 2…..

Dell EMC VxRail Software Update – Spectre Guest OS leakage mitigation

I posted earlier in the year that Dell EMC had released a Security Advisory to address Spectre (Meltdown doesn’t really affect VMware and hence VxRail).

One of the items that wasn’t addressed in the original fix was Guest OS leakage mitigation between processes within the VM – this required CPU/BIOS microcode updates which were not yet available from Intel.

Those updates were made available from Intel at the beginning of April and it’s taken a while for it to filter through to vSphere and VxRail – the delay is down to VxRail being a fully turn-key appliance which means all software/firmware updates from Dell EMC are fully tested and validated before release.

Updates 4.0.402 and 4.5.152 are now available to download from Dell EMC’s support portal.

Release notes can be found here:
https://support.emc.com/docu80740_VxRail-Appliance-Software-4.0.x-Release-Notes.pdf?language=en_US
https://support.emc.com/docu86659_VxRail-Appliance-Software-4.5.x-Release-Notes.pdf?language=en_US

The accompanying Dell EMC Security Advisory is available here: DSA-2018-074: Dell EMC VxRail Security Update for Multiprocessor Side-Channel Analysis Attacks (Meltdown and Spectre)

VxRail Appliance software 4.0.402 and 4.5.152 contains the Intel microcode fix to complete the resolution of the speculative execution security issues.
VxRail Appliance software 4.0.402 includes fixes for the following security vulnerabilities:

  1. CVE-2017-5753 (Variant 1: bounds check bypass, also known as Spectre) – Complete fix in 4.0.401 and above.
  2. CVE-2017-5715 (Variant 2: branch target injection, also known as Spectre):
    • Mitigates leakage from the hypervisor or guest VMs into a malicious guest VM – Complete fix in 4.0.401 and above.
    • Guest OS leakage mitigation between processes within the VM requires BIOS or CPU microcode update released by Intel and included in this release – Complete fix with either BIOS or CPU microcode update automatically applied through the VxRail 4.0.402 automated software upgrade. No manual BIOS update required for any supported VxRail hardware platforms.
  3. CVE-2017-5754 (Variant 3: rogue data cache load, also known as Meltdown): Does not affect VxRail Appliance.

NOTE: Manual steps are required after the VxRail Appliance software upgrade to 4.0.402 to power cycle the VMs for branch target injection to take effect. More info available within this KB article: https://support.emc.com/kb/519601

Also note that this update does not patch Guest OS!

For more information about Spectre/Meltdown, have a meander to my original posts:
Spectre & Meltdown Vulnerabilities
Spectre & Meltdown Update

Dell EMC updates VxRail software to address Spectre

So Dell EMC have finally released the patches for their VxRail appliances, I know many of my customers were asking about these patches – in a way it’s good it was slightly delayed given how many normal VMware customers experienced issues when patching and how one patch was pulled by VMware!

The good thing about VxRail is that any software patches or updates released have been tried and tested by the Dell EMC CPSD engineering team, so they should be ready for roll out with minimum disruption!

Updates 4.0.401 and 4.5.150 are now available to download from Dell EMC’s support portal.

Release notes can be found here:
https://support.emc.com/docu80740_VxRail-Appliance-Software-4.0.x-Release-Notes.pdf?language=en_US
https://support.emc.com/docu86659_VxRail-Appliance-Software-4.5.x-Release-Notes.pdf?language=en_US

It’s worth noting that at present this patch only contains 2 of the 3 required fixes for Intel to address the Speculative Execution vulnerability (Spectre – Meltdown doesn’t really affect VMware and hence VxRail). The 3rd fix has not yet been released by Intel and Dell EMC basically decided they couldn’t wait any longer as Intel drag their heels!