Thursday, January 6, 2022

Year in Review 2021

It's hard to imagine a 2021 review without thinking about the challenges we all faced with the COVID-19 pandemic, especially for the ones who lost someone down the road, and from all my heart here are my condolences to all of you, let's keep our selves safe while we still see this pandemic fade away.

On the professional aspect, I'm proud of myself for the content I produced last year, it was far from my glorious years but still way better than the last 2 years, so I have nothing to complain about.

And now the Numbers.

In 2021 alone my blog got 26,402 pages view, coming from all parts of the globe, to be precise from 162 different countries. The US is still my #1 source of users representing more than 20% of the traffic.

Let's see what topics most interest you.... yeah.... the script to remove VMs still smashing skulls since 2010. (Go figure)

But I'm also glad to see that one post from 2021 made it to TOP 10.... can you guys guess each one ?

#1.  VMware script to delete/remove VMs, guest (Kept #1 from previous year)
#6.  vSphere 5.5 Guest OS support matrix (not ranked last year) 
#8.  Demystifying vSphere Replication 8.4 (not ranked last year)
#9.  vSAN stretched cluster topology explained (not ranked last year)
#10  NSX reference poster (not ranked last year)
Without creating any goals or expectations for 2022 I start this year with the intention to keep blogging, it's good for my creativity, for my well-being but especially with a sense that I'm helping someone out there.
Keep Safe!!!

Tuesday, December 7, 2021

Carbon Black Cloud Workload Protection

Companies have been dealing with security for decades, but the escalate of incidents and attacks like Ransomware has been proving that we are losing this war. 

There was always this idea of prevent/detect it on upper layers, like border firewalls, IDS/IPS systems which on the actual distributed environment, on-prem/cloud/edge, remote workforces, is becoming more and more challenged, specially with the use of traditional approaches/tools.

Prevent/Detect is as important as is to reduce the attack surface, no doubt if there was no vulnerability to exploit than there's nothing to worry about, right ? of course there's no such thing as 100% guarantee of security, and if someone is telling you that be suspicious (at least).

To reduce the attack surface you can implement a few disciplines like Hardening Guides and Vulnerability Management. That is one of the areas VMware can help with.

Carbon Black Cloud Workload Protection is aimed to bring Infrastructure and Security Teams together with a unified view, identifying and prioritizing vulnerabilities in your environment so you can act upon it accordingly, lets see what I'm talking about:

*** Integration ***

Workload Protection is integrated with vCenter, meaning that Infrastructure teams don't have to learn any new tool, it's already there in the environment they know and love. Also, they will have the same vulnerabilities view the security teams have.

It starts with a nice Overview of your environment. You can immediately see your inventory's status, how many systems are affected, and the categorization of them.

*** Prioritization ***

It's not news that everybody is overloaded with activities, there's no way anyone of us could do everything, be on top of vulnerabilities popping up every single day, adding to that constant changes on your environment, workloads being provisioned automatically, it's really hard to keep track of all of it without proper tools. would not be nice if you could focus your efforts on what's really important ?!?

Your welcome ; )

By default, the Vulnerabilities page point you to the critical systems that need immediate attention. It's by far the greatest way of saving hours of you have to dig on the systems/vulnerabilities to understand what's  critical or not.

You can make your analysis by grouping them by affected systems or by vulnerabilities. Either way, you will see the Risk Score, systems affects, and more..

The way we rank the vulnerabilities is the most innovative way in order  to help you focus on what's critical.


Despite the score provided by Common Vulnerability Scoring System (CVSS), you would need more information of the vulnerability, like the method of attack, likelihood of being attacked, that's where VMware in Partnership with Kenna Security come to rescue and master the risk score based on a few extra criteria


- Easily Exploitable: Is that a vulnerability easy to be exploited, have the method being recorded

- Malware Exploitable: Has this been productized/weaponized on tools or exploit kits 

- Active Internet Breach: Is it presence on your location or real-time exploitation


Based on those criteria we can reassess the risk and provide you with a more realistic risk of each vulnerability, allowing you to focus on the critical ones.


*** Agentless - Scanless ***

Because we are integrated with vSphere there's no need to install and lifecycle extra agents on the Virtual Machines, we could collect all required information through VMware tools.

On the Inventory tab, you can select the assets that are not being monitored. To enable the collection, simply just select the VMs and hit the button ENABLE

With time is common that you have to update the sensor collecting the data, a simple task with the vSphere integration.

Just select the desired assets and hit the UPDATE button.

As you can see Workload Protection is doing a fantastic job bringing together  Infrastructure Team and Security Team together,  but most important is to give you insights on where to focus your efforts to keep the environment safe.

Please, let me know what measurements you are using to keep the bad guys out.

Wednesday, September 22, 2021

VMworld 2021 - Top Pick

VMworld is only two weeks away, once again this ever the event will be all virtual but even better FREE of charges, so if you did not register yet, dont miss this opportunity to hear from VMware's leaders all the news, the strategy and the direction the company is heading to. Also Michael J. Fox and Will Smith will be joining us for great talks.

So wait no more and do your registration now !!!

There'll be more than 800 technical sessions and even though the Catalog is available it takes time to build your schedule and you might fell buried with all the content available.

So, to give you a good start here's my top pick sessions for your appreciation;

Multi Cloud


Deliver the Same Infrastructure to a Multi-Cloud Deployment [MCL1268]

Learn how VMware vRealize Automation Cloud integrates with Azure VMware Solution, Google Cloud VMware Engine, and Oracle Cloud VMware Solution, and their differences and considerations for running VMware deployments.


VMware Cloud on AWS: Architecture Deep-Dive [MCL1811]

Expand your technical knowledge of VMware Cloud on AWS and learn more about the underlying elements of a software-defined data center as we focus on the architecture and options for deployment topologies. 




Get Started with vSphere with Tanzu [MCL1648]

This session will introduce VMware vSphere admins to vSphere with VMware Tanzu. We will go over the requirements and set up a basic configuration so admins can deploy a VMware Tanzu Kubernetes cluster and application. 


Modernize Infrastructure with S3-Compatible Object Storage on VMware HCI [APP1980]

Modern applications create new storage requirements for unstructured and semi-structured data. Join this talk and demo session to learn how you can run S3-compatible object storage from Cloudian and MinIO on VMware Cloud Foundation with VMware.





Ransomware Protection: Unlocking the Power of Security and Resiliency [SEC1177]

Security and resiliency are not the same thing, but they are a perfect combination. Join us for a solutions session where we’ll focus on how VMware Carbon Black Cloud and VMware Cloud Disaster Recovery work together to drive confidence in...


Architecting VMware DR Solutions to meet your Recovery Goals [MCL2232]

VMware customers have a variety of options when deciding how to architect their disaster recovery environment. The selection and configuration of products and services such as VMware Cloud Disaster Recovery, VMware Site Recovery, and Site Recovery..


Automating Ransomware Remediation with VMware Carbon Black Cloud [CODE2782]

Are you prepared for the next Ransomware attack? With our Next Generation Anti-Virus and Behavioral EDR in the VMware Carbon Black Cloud, you can feel confident that your employees and sensitive infrastructure will be better protected. 





Understand Hybrid Connectivity for VMware Cloud on AWS [MCL2840S]

Some organizations running VMware vSphere on premises have use cases that require them to extend their data centers to the cloud using VMware Cloud on AWS. Configuring network connectivity between on premises and the AWS Cloud is a crucial.


Automated Problem Resolution in Modern Networks [NET2160]

Legacy network operations and management solutions have been primarily reactive. Once an issue is detected (such as packet drops, jitters, congestion), network operators are alerted to resolve them manually. 





vSAN Technicical Deep Dive [MCL1654]

VMware vSAN is the largest and fastest growing HCI product in the market today. vSAN has always been at the forefront of technology innovation. Are you interested in learning about the latest innovations in vSAN? 


VMware’s Vision for Storage and Data in a Multi Cloud world [MCL2505]

VMware continues to innovate storage and availability solutions for use on-premises and in the cloud. The speakers in this session will share VMware's vision and direction for the current and next-generations of products such as vSAN, vVols.


Disaggregating Storage and Compute with HCI Mesh: Why, When and How [MCL1683}

There are multiple use cases for disaggregating Hyperconverged Infrastructure (HCI) storage. Common scenarios include environments with disproportionate requirements for compute and storage resources and architectures with limited local storage.




A Big Update on vRealize Operations [MCL1277]

Give us 30 minutes and we will give you an update on VMware vRealize Operations you won’t forget. The premier cloud management tool has some great things coming for ease of use, time to value, troubleshooting, capacity and cost efficiency.


60 Minutes of Non-Uniform Memory Access (NUMA) 3rd Edition [MCL1853]

Although we enrich the stack with multiple layers of abstraction, obtaining consistent performance boils down to understanding the fundamentals. This requires the admin and the architect to focus on individual host components again. 


vRealize Automation – Now and into the future [MCL2448]

In this session, you will see all the great capabilities that have been released this year within vRealize Automation and vRealize Automation Cloud. We will also discuss what's coming in the future with vRealize Automation.





Advanced Architecture for Deploying Horizon in the Cloud [EUS1129]

This session will dive into many of the advanced VMware Cloud on AWS design considerations and topologies that impact delivering VMware Horizon on VMware Cloud on AWS. These design considerations and topologies are not limited to Horizon. 


Anywhere Worspace Expert (EUS2610]

Anywhere Workspace is an industry-first architecture that enables any employee to work from anywhere. This integrated solution combines Unified Endpoint Management, Desktop and App Virtualization, Endpoint Security and Secure Access Service Edge.


Technical Deep Dive on SASE and Horizon – Part II [EUS2467]

The EUC Solution keynote continues with a deep dive into two important topics. First, Shawn Bass will talk about VMware SASE, VMware Secure Access, and what they mean for end-user computing strategies in a world of distributed work. 


Designing and Implementing a High Performance Virtual Desktop Solution [EUS3074S]

In this session, we will present the design and implementation of a virtual desktop infrastructure (VDI) solution to support migration of high-performance developer desktops from local workstations to VDI. We will summarize the customer’s key.


Empower the future of Work for a 130.000 Distributed Workforce [EUS2276]

Executing a successful distributed workforce strategy requires rethinking where and how team members work. Dell Technologies has built flexibility into their culture for the past decade by removing friction to allow team members to connect and.

I know there are hundreands of good sessions out there, if you have any good suggestion please, leave on the comments bellow.

Thursday, September 9, 2021

Customizing VMs with Cloud-Init

 Last post was all about creating Virtual Machines through VM Services operator provided by vSphere with Tanzu, which would give immediately freedom of choice to Developers when it comes to choose how their application might be made of; Containers, Pods, VMs, a mix of all of them .... in fact it does not matter anymore, they can build and run any of them just the same way.

Honestly, my previous post just shows how to create VMs, All the fun comes now when we can customize it during provisioning.

Guest customization is performed by the use of Cloud-Init, mainly because it became one of the most popular customization tools out there, meaning that you can leverage all that beauty you already have created.

Cloud-Init also provides dozens of modules since basic things like creating Users and Groups, Repo configuration, Packages installation, but also more advanced functions like integration with Puppet and Chef. As a start I suggest going through the examples available on their portal.

Back to my initial ConfigMap, it just had basic customization

Let's see how we can pimp this code:

First create your cloud-init file with the customization you want to make. I made a basic one, just user's creation, set it's password, install some package and run a command.

Although it's available on my git, it's far from being considered best practices, use it at your own risk !!

Once it's done, you will add it to ConfigMap under user-data section, which by the way need to be base64

just run: cat "cloud-init-file" | base64

Now just copy the code and past under the user-data... make sure it's a single line of code.

It's all set now, you can create your VMs just as I showed on the previous post.


Good customization !!!

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive