Tuesday, January 18, 2022

VMware on the Road - Janeiro 2022

 There's not doubt VMware is an innovation machine, releasing new features, functionalities and products one a scale that's no possible to keep up closely, so every couple of months I create a kind of newsletter with what I believe to be most relevant to share with my customers.

I decided that I'll share it here fro easier access. There's one down size.... it's in Portuguese... yeah I know, this contet is more appropriate for my Brazilian readers ; )


É com grande esperança em dias melhores que começamos esse ano de 2022, assim como nos outros anos, cheios de desafios e oportunidades pela frente.

Espero que vocês tenham tido a oportunidade de passar as festas de final de ano com saúde e junto dos entes queridos e que 2022 seja de muita prosperidade para todos.

Continuem se cuidando e vamos pra cima que o ano já começou !!!


Log4J

Não poderia começar esse newsletter com assunto outro que não seja a vulnerabilidade no Log4j, um componente open-source do Java. Em Dezembro fomos todos pegos de surpresa com a divulgação dessa vulnerabilidade day-0, impactando diversos (para não dizer todos) fornecedores de tecnologia mundo a fora, sem falar nas aplicações construídas dentro de casa. O que começou com apenas uma vulnerabilidade (CVE-2021-44228), logo se desmembrou para outras vulnerabilidade (CVE-2021-45046 e CVE2021-45105).

A VMware se mobilizou rapidamente para fornecer informação relevante, medidas de contenção enquanto desenvolvia e testava correções para os produtos afetados. Caso ainda existam sistemas em seu ambiente sem a devida correção, recomendamos FORTEMENTE a correção dos mesmos o quanto antes, e para auxiliá-los deixo aqui os links mais relevantes sobre o assunto:

 


Novidades

Recentemente anunciamos a versão 3.2 do NSX-T, uma das maiores evoluções dos últimos tempos, melhorias que vão desde gerenciamento multi-cloud, escalabilidade e principalmente segurança.

Veja como Network Traffic Analysis (NTA) e sandboxing integrado ao distributed firewall identifica comportamentos anômalos e ataques na sua rede eliminando espelhamento de tráfego ou hairpins, além de provisionamento do NSX Advanced Load Balanced através do NSX Manager; veja todos as inovações no artigo.

 

VMware HCX , é um componente crucial na jornada para a nuvem de nossos clientes, permitindo a mobilidade de aplicações sem a necessidade de troca de endereçamento.

Além das melhorias em sua capacidade de migração, com uma previsão mais precisa do tempo de migração em blocos e no processo de recuperação de migrações falhas ou canceladas também foi lançado a funcionalidade de Mobility Optimized Networking que otimiza o roteamento do trafego eliminando hairpin ou trombone, veja o anuncio.

 

Horizon 8 2111 também já está disponível, e inclui novas funcionalidades para o provisionamento de serviços estendidos, melhorias de segurança, experiência do usuário. Dentre elas a incorporação do Fling Windows OS Optimization Tool for VMware Horizon agora como parte do produto oficial, gravação das sessões RDSH, otimização de experiência com Microsoft Teams entre outros, para uma lista completa veja o anuncio.

 

  Tanzu 

 

Em Setembro de 2021 a VMware anunciou a versão beta de sua nova plataforma baseada em Kubernetes, Tanzu Application Plataform, TAP para os íntimos. 

Após inúmeras melhorias durante esses últimos meses agora temos o prazer de anunciar que a ferramenta está oficialmente General Availability (GA).

 

Deem uma espiada como a experiência do desenvolver é melhorada desde a concepção de um novo projeto, criação do código, interação e debug até o momento de estar pronto para o check-in ou merge de seu código.

 

 


Não menos importante, o TAP também melhora drasticamente o dia a dia do time de plataforma (SecOps) ao integrar toda uma cadeia de suprimentos com Testes, escaneamento de vulnerabilidades, criação da imagem e provisionamento da aplicação.
 

  Multi-Cloud


Quando o assunto é multi-cloud, indiscutivelmente a VMware é a líder nesse quesito, pois é a única que consegue prover uma infraestrutura consistente, operacionalizar, modernizar e agilizar o provisionamento de aplicações modernas através de qualquer provedora de nuvem e o seu data-center de maneira simples como se fosse apenas uma.

Ainda tem dúvidas ?! Por que não testa você mesmo em sua provedora preferida (ou em todas elas) através um dos nossos laboratórios gratuitos ; )

 

Em Dezembro também participamos do evento da Amazon re:invente 2021 e tivemos grandes anúncios para a plataforma VMware Cloud on AWS, sem querer dar spolier...mas vocês viram a possibilidade de apresentar um datastore NFS para os seus hosts ?! isso e muito mais pode ser visto no anuncio aqui.

 

 Fique de olho

 

Não fique sem suporte !!!

Suporte ao vSphere 6.5 e 6.7 foi prorrogado até 15 de Outubro de 2022, permitindo que vocês tenham tempo para se planejar e realizar a atualização, mais detalhes podem ser encontrados na Matrix de ciclo de vida.

 

vRealize Automation 8.6 ou inferior tem como data final de suporte o dia 31 de Outubro de 2022, detalhes na Matrix de ciclo de vida.Recomendamos o upgrade para a versão mais recente a fim de estender o suporte a solução, tarefa essa que pode ser incrivelmente simplificada e automatizada com o VMware LifeCycle Manager. 

 

Comece hoje o seu planejamento para migração/atualização de seu ambiente.



 

 

Thursday, January 6, 2022

Year in Review 2021

It's hard to imagine a 2021 review without thinking about the challenges we all faced with the COVID-19 pandemic, especially for the ones who lost someone down the road, and from all my heart here are my condolences to all of you, let's keep our selves safe while we still see this pandemic fade away.

On the professional aspect, I'm proud of myself for the content I produced last year, it was far from my glorious years but still way better than the last 2 years, so I have nothing to complain about.

And now the Numbers.

In 2021 alone my blog got 26,402 pages view, coming from all parts of the globe, to be precise from 162 different countries. The US is still my #1 source of users representing more than 20% of the traffic.





Let's see what topics most interest you.... yeah.... the script to remove VMs still smashing skulls since 2010. (Go figure)

But I'm also glad to see that one post from 2021 made it to TOP 10.... can you guys guess each one ?

#1.  VMware script to delete/remove VMs, guest (Kept #1 from previous year)
#6.  vSphere 5.5 Guest OS support matrix (not ranked last year) 
#8.  Demystifying vSphere Replication 8.4 (not ranked last year)
#9.  vSAN stretched cluster topology explained (not ranked last year)
#10  NSX reference poster (not ranked last year)
 
Without creating any goals or expectations for 2022 I start this year with the intention to keep blogging, it's good for my creativity, for my well-being but especially with a sense that I'm helping someone out there.
 
Keep Safe!!!

Tuesday, December 7, 2021

Carbon Black Cloud Workload Protection

Companies have been dealing with security for decades, but the escalate of incidents and attacks like Ransomware has been proving that we are losing this war. 


There was always this idea of prevent/detect it on upper layers, like border firewalls, IDS/IPS systems which on the actual distributed environment, on-prem/cloud/edge, remote workforces, is becoming more and more challenged, specially with the use of traditional approaches/tools.


Prevent/Detect is as important as is to reduce the attack surface, no doubt if there was no vulnerability to exploit than there's nothing to worry about, right ? of course there's no such thing as 100% guarantee of security, and if someone is telling you that be suspicious (at least).


To reduce the attack surface you can implement a few disciplines like Hardening Guides and Vulnerability Management. That is one of the areas VMware can help with.
 

Carbon Black Cloud Workload Protection is aimed to bring Infrastructure and Security Teams together with a unified view, identifying and prioritizing vulnerabilities in your environment so you can act upon it accordingly, lets see what I'm talking about:
 

*** Integration ***

 
Workload Protection is integrated with vCenter, meaning that Infrastructure teams don't have to learn any new tool, it's already there in the environment they know and love. Also, they will have the same vulnerabilities view the security teams have.

It starts with a nice Overview of your environment. You can immediately see your inventory's status, how many systems are affected, and the categorization of them.









*** Prioritization ***

 
It's not news that everybody is overloaded with activities, there's no way anyone of us could do everything, be on top of vulnerabilities popping up every single day, adding to that constant changes on your environment, workloads being provisioned automatically, it's really hard to keep track of all of it without proper tools. would not be nice if you could focus your efforts on what's really important ?!?
 

Your welcome ; )
 

By default, the Vulnerabilities page point you to the critical systems that need immediate attention. It's by far the greatest way of saving hours of you have to dig on the systems/vulnerabilities to understand what's  critical or not.








You can make your analysis by grouping them by affected systems or by vulnerabilities. Either way, you will see the Risk Score, systems affects, and more..










The way we rank the vulnerabilities is the most innovative way in order  to help you focus on what's critical.

 

Despite the score provided by Common Vulnerability Scoring System (CVSS), you would need more information of the vulnerability, like the method of attack, likelihood of being attacked, that's where VMware in Partnership with Kenna Security come to rescue and master the risk score based on a few extra criteria

 

- Easily Exploitable: Is that a vulnerability easy to be exploited, have the method being recorded

- Malware Exploitable: Has this been productized/weaponized on tools or exploit kits 

- Active Internet Breach: Is it presence on your location or real-time exploitation

 

Based on those criteria we can reassess the risk and provide you with a more realistic risk of each vulnerability, allowing you to focus on the critical ones.

 











*** Agentless - Scanless ***


Because we are integrated with vSphere there's no need to install and lifecycle extra agents on the Virtual Machines, we could collect all required information through VMware tools.
 

On the Inventory tab, you can select the assets that are not being monitored. To enable the collection, simply just select the VMs and hit the button ENABLE













With time is common that you have to update the sensor collecting the data, a simple task with the vSphere integration.


Just select the desired assets and hit the UPDATE button.











As you can see Workload Protection is doing a fantastic job bringing together  Infrastructure Team and Security Team together,  but most important is to give you insights on where to focus your efforts to keep the environment safe.


Please, let me know what measurements you are using to keep the bad guys out.


Wednesday, September 22, 2021

VMworld 2021 - Top Pick


VMworld is only two weeks away, once again this ever the event will be all virtual but even better FREE of charges, so if you did not register yet, dont miss this opportunity to hear from VMware's leaders all the news, the strategy and the direction the company is heading to. Also Michael J. Fox and Will Smith will be joining us for great talks.

So wait no more and do your registration now !!!

There'll be more than 800 technical sessions and even though the Catalog is available it takes time to build your schedule and you might fell buried with all the content available.

So, to give you a good start here's my top pick sessions for your appreciation;

Multi Cloud

 

Deliver the Same Infrastructure to a Multi-Cloud Deployment [MCL1268]

Learn how VMware vRealize Automation Cloud integrates with Azure VMware Solution, Google Cloud VMware Engine, and Oracle Cloud VMware Solution, and their differences and considerations for running VMware deployments.

 

VMware Cloud on AWS: Architecture Deep-Dive [MCL1811]

Expand your technical knowledge of VMware Cloud on AWS and learn more about the underlying elements of a software-defined data center as we focus on the architecture and options for deployment topologies. 

 

Kubernetes

 

Get Started with vSphere with Tanzu [MCL1648]

This session will introduce VMware vSphere admins to vSphere with VMware Tanzu. We will go over the requirements and set up a basic configuration so admins can deploy a VMware Tanzu Kubernetes cluster and application. 

 

Modernize Infrastructure with S3-Compatible Object Storage on VMware HCI [APP1980]

Modern applications create new storage requirements for unstructured and semi-structured data. Join this talk and demo session to learn how you can run S3-compatible object storage from Cloudian and MinIO on VMware Cloud Foundation with VMware.

 

 

Security

 

Ransomware Protection: Unlocking the Power of Security and Resiliency [SEC1177]

Security and resiliency are not the same thing, but they are a perfect combination. Join us for a solutions session where we’ll focus on how VMware Carbon Black Cloud and VMware Cloud Disaster Recovery work together to drive confidence in...

 

Architecting VMware DR Solutions to meet your Recovery Goals [MCL2232]

VMware customers have a variety of options when deciding how to architect their disaster recovery environment. The selection and configuration of products and services such as VMware Cloud Disaster Recovery, VMware Site Recovery, and Site Recovery..

 

Automating Ransomware Remediation with VMware Carbon Black Cloud [CODE2782]

Are you prepared for the next Ransomware attack? With our Next Generation Anti-Virus and Behavioral EDR in the VMware Carbon Black Cloud, you can feel confident that your employees and sensitive infrastructure will be better protected. 

 

 

Networking

 

Understand Hybrid Connectivity for VMware Cloud on AWS [MCL2840S]

Some organizations running VMware vSphere on premises have use cases that require them to extend their data centers to the cloud using VMware Cloud on AWS. Configuring network connectivity between on premises and the AWS Cloud is a crucial.

 

Automated Problem Resolution in Modern Networks [NET2160]

Legacy network operations and management solutions have been primarily reactive. Once an issue is detected (such as packet drops, jitters, congestion), network operators are alerted to resolve them manually. 

 

 

Storage

 

vSAN Technicical Deep Dive [MCL1654]

VMware vSAN is the largest and fastest growing HCI product in the market today. vSAN has always been at the forefront of technology innovation. Are you interested in learning about the latest innovations in vSAN? 

 

VMware’s Vision for Storage and Data in a Multi Cloud world [MCL2505]

VMware continues to innovate storage and availability solutions for use on-premises and in the cloud. The speakers in this session will share VMware's vision and direction for the current and next-generations of products such as vSAN, vVols.

 

Disaggregating Storage and Compute with HCI Mesh: Why, When and How [MCL1683}

There are multiple use cases for disaggregating Hyperconverged Infrastructure (HCI) storage. Common scenarios include environments with disproportionate requirements for compute and storage resources and architectures with limited local storage.

 

Operations

 

A Big Update on vRealize Operations [MCL1277]

Give us 30 minutes and we will give you an update on VMware vRealize Operations you won’t forget. The premier cloud management tool has some great things coming for ease of use, time to value, troubleshooting, capacity and cost efficiency.

 

60 Minutes of Non-Uniform Memory Access (NUMA) 3rd Edition [MCL1853]

Although we enrich the stack with multiple layers of abstraction, obtaining consistent performance boils down to understanding the fundamentals. This requires the admin and the architect to focus on individual host components again. 

 

vRealize Automation – Now and into the future [MCL2448]

In this session, you will see all the great capabilities that have been released this year within vRealize Automation and vRealize Automation Cloud. We will also discuss what's coming in the future with vRealize Automation.

 

 

Workforce

 

Advanced Architecture for Deploying Horizon in the Cloud [EUS1129]

This session will dive into many of the advanced VMware Cloud on AWS design considerations and topologies that impact delivering VMware Horizon on VMware Cloud on AWS. These design considerations and topologies are not limited to Horizon. 

 

Anywhere Worspace Expert (EUS2610]

Anywhere Workspace is an industry-first architecture that enables any employee to work from anywhere. This integrated solution combines Unified Endpoint Management, Desktop and App Virtualization, Endpoint Security and Secure Access Service Edge.

 

Technical Deep Dive on SASE and Horizon – Part II [EUS2467]

The EUC Solution keynote continues with a deep dive into two important topics. First, Shawn Bass will talk about VMware SASE, VMware Secure Access, and what they mean for end-user computing strategies in a world of distributed work. 

 

Designing and Implementing a High Performance Virtual Desktop Solution [EUS3074S]

In this session, we will present the design and implementation of a virtual desktop infrastructure (VDI) solution to support migration of high-performance developer desktops from local workstations to VDI. We will summarize the customer’s key.

 

Empower the future of Work for a 130.000 Distributed Workforce [EUS2276]

Executing a successful distributed workforce strategy requires rethinking where and how team members work. Dell Technologies has built flexibility into their culture for the past decade by removing friction to allow team members to connect and.


I know there are hundreands of good sessions out there, if you have any good suggestion please, leave on the comments bellow.



Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive