Attending VMworld And Interested In vSphere 6.5 Security?
Try My “vSphere 6.5 Security – Getting Started” Lab!
If you are attending VMworld US 2017 from August 27-31st in Las Vegas, NV and you are interested in the new vSphere 6.5 Security feature sets, then I have a lab for you! I am a lab captain for the Hands On Labs and have two labs that I created for this years VMworld sessions.
These new labs as well as the many other will only be available at the VMworld US and Europe conferences initially. After both conferences are over, we slowly release most of the new labs to the public-facing Hands On Labs environment that anyone can get to with an internet connection. You will see some labs to start showing up on the public side right after VMworld and then the rest typically will be released within or month or so. No guarantee on what labs will make it to the public site and when they will show up though, that is just what I’ve typically seen over the past few years.
This is my first time as a lab captain and creating labs, so I would love to see some HUGE numbers of people taking my labs! It would make me feel good knowing that people learned something by taking my labs. If you end up taking either lab at VMworld or even after they have been released to the public-facing HOL site, let me know what you think! You can reach out to me on my social media outlets, the links to them are on the right side of the page.
Below are the labs that I have built and a summary of each of them:
(HOL-1811-01-SDC) vSphere 6.5 –What’s New:
Description: Explore some of the new features of vSphere 6.5 including VM Encryption, vCenter High Availability, and the new HTML5 vSphere Client. You will also learn about the improved vCenter Server Appliance and how to migrate from a Windows-based vCenter Server installation.
Description: Experience new security features of vSphere 6.5, including VM Encryption, Audit Quality Logging, Encrypted vMotion, Key. We also use our vRealize Log Insight solution to look at the enhanced logging of the vCenter server logs. Add Key Management Servers (KMS) to the vCenter server and create a trust between them. Then we use PowerCLI commands to encrypt/decrypt virtual machines as well as other encryption related tasks.
Don’t forget to stop into the Hands On Labs at VMworld and take some labs…see you there!
Many VMware customers tend to wait to upgrade to the next version for several reasons. Some of these are no time to do the upgrade, scared of issues that may arise during the upgrade process especially from vSphere 5.x versions, or wanting to wait until the first update is out so that all the fixes have been addressed. These are all valid concerns in which I can appreciate due to my operation experience and background supporting vSphere environments!
On July 21, 2017, VMware released vSphere 6.5 Update 1which has many enhancements. Once of the enhancements that most are excited about is the fact that the new HTML5-based vSphere Web Client is now at approximately 90% feature parity to the old Java-based vSphere Web Client which was know for being slow and clunky. Hopefully, by the next update of vSphere, the HTML5 client will be at full feature parity. At which time, VMware will retire the old Java-based client.
The HTML5 client enhancements are just one of numerous reasons why you should consider updating to vSphere 6.5. Another primary reason is that there are many new featured within the vCenter Server Appliance (VCSA) like embedded Backup/Restore Tool, vSphere Update Manager is embedded, and the new vCenter Server Appliance High Availability (HA) configuration option. So there are some great enhancements that should encourage you to upgrade to the latest version of vSphere and vCenter server!
VMware has created a Migration Assistance Tool to help migrate your vSphere 5.5/6.x environments to the new vSphere 6.5. Even if you are currently running a Windows based version of vCenter in the older version, the tool can migrate the vCenter database, performance data and metrics, etc. to the new vCenter Server Appliance 6.5. There are several supported migration options based on your vCenter server, Single-Sign-On (SSO), or Platform Service Controller (PSC) architectures you may be currently running.
So take a look at my Useful Links page on this site to see the links to below resources that can help you migrate to the new vSphere 6.5!
Top Reasons to Upgrade to vSphere 6.5 Infographic
vSphere 6.5 Upgrade Considerations – Part 1
vSphere 6.5 Upgrade Considerations – Part 2
Announcing the vSphere 6.5 Topology and Upgrade Planning Tool
vCenter Server Appliance 6.5 Migration Walkthrough
VMware Doc’s – Migration Assistance Tool
vSphere 6.5 – Upgrade Guide
VMware vCenter Server Appliance Poster
Platform Services Controller Topology Decision Tree Poster
The release of vSphere 6.5 in November 2016 introduced many new features and enhancements. These include the vCenter Server Appliance (VCSA) now becoming the default deployment. vCenter Server native high availability, which protects vCenter Server from application failure. Built-in File-Based backup and restore allows customers the ability to backup their vCenter Server from the VAMI or by API. The VSCA restore can simply be done by mounting the original ISO used to deploy the VCSA and selecting the restore option. These features and more are exclusive only to the vCenter Server Appliance. The new HTML5 vSphere Client is making its first official product debut with vSphere 6.5.
Did someone say security? We now have better visibility of vSphere changes with actionable logging. VM Encryption allows the encryption of a virtual machine, including disks and snapshots. Secure Boot for ESXi ensures that only digitally signed code runs on the hypervisor. Secure Boot for VM’s is as simple as checking a box. We’ve only begun to scratch the surface of all the new vSphere 6.5 features.
As you start preparing for your vSphere 6.5 upgrade, a checklist will be the run book used to ensure its success. The upgrade process can be divided into three phases:
Phase 1: Pre-upgrade – all the upfront work that should be done before starting an upgrade.
Phase 2: Upgrade – mapping the steps of each component that will upgraded.
Phase 3: Post-upgrade – validation to ensure everything went according to plan.
The first part of any successful upgrade is determining the benefits of the new features and the value add they will provide to your business. Next is getting familiar with these new features and how they will be implemented in your environment. The following list will get you started learning each of the new vSphere 6.5 features and their benefits.
Another consideration to getting familiar with the new features and upgrade process is the hands on approach in a lab environment. If you have a lab environment at your disposal, try building it as close to your production environment as possible to simulate both the upgrade process and new feature implementation. If a lab environment is not available, there are options like VMware’s Workstation or Fusion if you have the resources to run them. Last, but not least, there is also the Hands on Labs that do not require any resources and provide a guided approach. No matter which option you select, the key is getting familiar and comfortable with the upgrade process.
Have you ever wondered about the FREE version of vSphere and what limitations there are? I have created the below summary of limitations that are associated to the free version. For those using it for a home or test lab, the free version may do the trick for you. But even if using it for those situations, you still need to understand the limitations you have. One aspect to keep in mind especially is that the free version DOES NOT come with any type of technical support for it which is critical to understand!
Because of the below list of limitations and there not being any technical support for it, I highly recommend it not be used in corporate environments even in their Test/Dev labs! Instead, if you are trying to reduce the costs associated to vSphere licensing and have a limited budget, I would recommend that you look at the vSphere Essentials Kits which are very reasonably priced and offer two editions (Essentials & Essentials Plus). These offer you the ability to get support for them so if using in a production environment, you can be assured to get support from VMware to help keep your environment up and running at all times!
Last October, when VMware unveiled a strategic partnership with Amazon Web Services (AWS), many in the tech industry were surprised. The two companies, once spirited competitors, announced they were collaborating on a new hybrid cloud solution called VMware Cloud on AWS.
For every powered on VM a .vswp file is created in VM’s datastore, this file is needed by the hypervisor to satisfy the VM memory demand in case of over-commitment is done and as well as when vm memory limit is configured. This gets created when the VM is powered on and deleted when VM is powered off.
After attending VMware TechSummit 2017 last week, I’ve got a ton of takeaways to share over the next few months, but I wanted to get this article out there because it’s about two of the most common requests I hear: product compatibility and the order of product upgrades.
Certificates have always been an interesting topic to me. I have seen complex PKI infrastructures on several occasions but more often than not most environments have utilized certificates in a limited capacity. In regards to vSphere, a majority of the time the default certificates provided by vSphere were sufficient for most deployments.
It was about this time in 2013 that Michael Corey, Jeff Szastak and I started writing Virtualizing SQL Server with VMware: Doing IT Right (VMware Press) 2014. Microsoft SQL Server was the single most virtualized business critical app in the world then, and it is still the case today.
Among the new features in vSphere 6.5, there are a set of significant enhancements to the venerable vSphere HA capability. I am excited to announce a new set of content aimed at helping you learn more about these new features. In particular, these resources go over Orchestrated Restart and HA Admission Control.
The way of installing or creating ESXi hosts as VMs (mean nested virtualization) has changed many times in the past. But as VMware introduces new features and improvements in every release of vSphere, the time has come again to check what’s the best practices and How to create a nested ESXi 6.5 template.
Yes that’s not a typo…this post is focusing on upgrading Windows vCenter 5.5 to 6.0 via an in-place upgrade. There is the option to use the vSphere 6.0 Update2M build with the included Migrate to VCSA tool to achieve this and move away from Windows, but I thought it was worth documenting my experiences with a mature vCenter that’s at version 5.5 Update 2 and upgrade that to 6.0 Update 2.
A vCenter HA cluster consists of three vCenter Server Appliance instances. The first instance, initially used as the Active node, is cloned twice to a Passive node and to a Witness node. Together, the three nodes provide an active-passive failover solution.
DEMO: vCenter Server Appliance (VCSA) 6.5 – Part 3
This enablement video is Part 3 of a video series. In part 1, I showed you how to deploy the vCenter Server Appliance 6.5. In Part 2, I show you how to configure the appliance itself from the appliance admin console and go through some initial settings. If you have not watched Part 1 & 2, I highly recommend you go back and watch them first in order. The links to all (3) videos are listed below.
In the Part 3 video, I show you some basic initial configurations in the vCenter Server Appliance 6.5 from the vSphere Web Client. These configurations include adding the appliance to an Active Directory domain, adding Active Directory as an Identity Source, etc.
DEMO: vCenter Server Appliance (VCSA) 6.5 – Part 2
(Configuration, Backup, & Restore)
This enablement video is part 2 of a video series. In part 1, I showed you how to deploy the vCenter Server Appliance 6.5. In Part 2, I show you how to configure the appliance itself from the appliance admin console and go through some initial settings. Then I show you the new feature in the VCSA 6.5 appliance where you can directly backup and restore VCSA from the appliance itself. This is one of the new features of the VCSA 6.5. This like some of the other new features (Builtin – HA / Update Manager) are only available in the VCSA 6.5, but not in the Windows-based version of vCenter Server 6.5.
If you missed Part 1 of this demo series, I highly recommend you watch it first before watching Part 2. Then after watching Part 1 & 2, watch Part 3 which covers configuring the vCenter Server via the vSphere Web Client.
DEMO: vCenter Server Appliance (VCSA) 6.5 – Part 1 (Deploying)
Are you looking to deploy the new vCenter Server Appliance (VCSA) 6.5 into your lab or production environment? If so, check out my demo video that will walk you through how to deploy the VCSA 6.5. I cover the basic configuration settings to get you up and running quickly!
After you watch this video, then watch Part 2 & 3 of this demo series covering the configuration of the appliance itself from the appliance admin console and then from within the vSphere Web Client.
In previous post of this series, we’ve discussed virtual hardware and virtual version of a VM. And in this post, we’ll discuss about virtual disk and its types for a VM. if you missed previous posts of this series, you can follow them here.
While attending an offsite this week, there were some discussions amongst my colleagues about their new Apple Mac Pro and its USB-C only ports. The discussion was completely unrelated to work, however that did get me thinking about the USB-C peripheral market and specifically their ethernet adapters.
Network File Systems, generally known as NFS is file-level storage which is allocated by shared storage. It is Network attached storage that can be shared across a cluster in vSphere. It allow an user on a client computer to access filers over network similar as local storage.
This tip will allow you to add a security banner to the ESXi direct console. It can be a security message or informative message. Sometimes within an organization, there is a need to have such a message displayed prior to login. This post How-to Create a Security Banner for ESXi, was brought to you by ESX Virtualization.
vSphere with Operations Management leverages vRealize Operations to better optimize a vSphere environment’s resources and workloads. This video focuses on how vR Ops can manage workloads within datacenter or custom datacenter objects. Workload Placement also features its own dashboard which is available out of the box. This dashboard takes a look at metrics such as CPU Demand, Memory Consumed, and vSphere Configuration Limit. It then applies those across datacenter and/or custom datacenters, clusters, and individual hosts themselves. The video will walk through a high-level overview of what Workload Placement is, how it interacts with vSphere’s DRS, and then walking through a use case of balancing a workload imbalance between clusters….Read More
The VMware Certificate Authority (VMCA) was first introduced in vSphere 6.0 to improve the lifecycle management of SSL Certificates. This post will explain a little bit about the VMCA and its capabilities while also making a recommendation on how to deploy certificates in your environment. Finally, a new click-by-click walkthrough has been created to serve as a guide as you are planning the certificate replacement process.
The ability to perform an ESXi Scripted Installation over the network has been a basic capability for non-Apple hardware customers since the initial release of classic ESX. However, for customers who run ESXi on Apple Mac Hardware (first introduced in vSphere 5.0), being able to remotely boot and install ESXi over the network has not been possible and customers could only dream of this capability which many of us have probably taken for granted.
A virtual switch helps admins connect virtual machines and direct traffic throughout a virtual network. But the VMware vSphere Distributed Switch (VDS) provides more: more features and support for highly scalable environments. With the right configuration, VDS can help you manage the virtual resources of your entire network. In this course, author Brandon Neill shows how to configure and manage the VDS.
I had the pleasure of joining my first ever internal security conference called MooseCon (Making Our Organization Security Experts Conference). There were a variety of topics discussed, but one particular talk by Noah Wasmer, Senior Vice President of Mobile Products, stayed with me the most. Noah discussed recent cyber attacks in the news, and he asked, “If you were on the front page of the Wall Street Journal because of a security breach, what would that do to your business?”
With the rise in popularity of hybrid cloud computing, where VM sensitive data leaves the traditional IT environment and traverses over the public networks, IT administrators and architects need a simple and secure way to protect critical VM data that traverses across clouds and over long distances.
Today we’re happy to announce version 3.0 of the HTML5 based vSphere Client Fling. For a long while we’ve been running with 2.x, but now there’s a big enough change that warrants a new version. There are a few big things available now (3 new, one very recent) which are worth highlighting: