TheSaffaGeek

My ramblings about all things technical


1 Comment

VMworld Day 2 Recap

VMworld day 2 is always a good one for me personally as it’s the day you get the tech really spoken about and shown that has been announced at the show. If you missed my blog postings around some of the big announcements from day 1 then have a look below:

My day started with the keynote and again i watched it from the VMVillage in the bloggers area which I always enjoy as you can watch the keynote over the big screens but also sit with fellow vExpert bloggers. If you missed the keynote from either of the days then you can re-watch them here. One of the big announcements from the keynote was Pivotal Container Service, I was fortunate enough to be on a early access program where they went over the solution. It looks to be a really great solution and certainly has made me think I need to learn Kubernetes as I can see some amazing use cases for my customers.

imageimage

After the keynote I went and watched a bit of a vBrownbag session. The vBrownbag of which I am one of the team have been doing TechTalks all week and record the sessions as well as stream it live. I will certainly be watching these after the conference as there has been some amazing content and now that the sessions are in the content catalog we have been getting solid crowds all week with some being three people deep standing and watching due to all the seats being gone.

 

Next I attended VMware Cloud on AWS: An Architectural and Operational Deep Dive [LHC3174BU]-the session was really interesting although i was slightly disappointed that the session was more a walk through of how to build your SDDC rather than anything around architecture design which i found disappointing seeing as this was meant to be a deep dive.Also he stated he was engineer so there’s no demo it’s all screenshots. I took some notes from the session

  • Covered what AWSonVMC offers.
  • What organisations are and how these map across all VMware Cloud Services.
  • Covered the real requirement of ensuring you choose the correct CIDR block as this cannot be changed
  • vCenter permissions and the lock down required to ensure there were essentially a VMware owned Admin and a customer owned admin.

image1

  • Showed what the architecture is and what it uses from AWS to allow VMC
  • Hybrid linked mode explained

image4

  • Covered at a high level what provision management, remediation/troubleshooting, release coordination, auto-scaler, configuration management, telemetry and alerting service do

image3

  • Broke down the networking concepts – recommended watching/attending Ray Budavari’s session to learn much much more.
  • Walked through the flow of a failure of a host- covered all the players if what is required for VMware to fix the issues in an automated fashion.

image5

  • Covered how there is an SRE team to ensure the SaaS service works as it should (copy steps from picture)

image6

All these sessions make me feel you need to really learn AWS to a certain level so you understand what VPC’s are etc as a fair amount of people in the VMC sessions I’ve been to seem to struggle to understand the AWS side of the service.

Next I attended AWS Native Services Integration with VMware Cloud on AWS: Technical Deep Dive [LHC3376BUS]. – this sessions was really good and the live demo and technical depth was what i was hoping for from the previous session, Again I wrote down a bunch of notes from the session below and would highly recommend watching this session after the show

  • Nice to hear from the AWS side and what their side of the partnership is.
  • Integrations to things like S3, EC2, RDS, IAM,ACM,ELB, Route53, CloudFront,WAF, AWS Shield/Shield Advanced, Athena , QuickSight, Lambda, CodeDeploy
  • Covered the base topology

image1

  • Recommended reporting services like cloudwatch and cloudtrail, VMware are using these as well for part of their monitoring for you
  • Gave a use case and how to deliver the services for the fake company ACME distribution
  • Did a demo of building and running all the components required by ACME utilising VMC and AWS services.

After this I participated in a design studio UX session where we went through vRealize Lifecycle manager and gave feedback on what I liked and didn’t like and what i expected. I really enjoyed this as it was just me and the engineer and seeing as I’ve done vRA,vRO etc I was able to give some solid feedback from someone who knows the products and how to install them outside the usage of lifecycle manager. The engineer was very grateful which i always nice to be able to help.

Gregg

Advertisements


3 Comments

#NSX Announcements at #VMworld US

At todays VMworld US there are a number of NSX announcements as NSX grows it’s capabilities and features and raises the bar for SDN. Some of of the announcements at todays VMworld US conference in Las Vegas will be around a new version of NSX-T called NSX-T 2.0, VMware Cloud on AWS which provides a service that delivers a seamless extension for vSphere customers into AWS and NSX Secure Networking and the the ability for network virtualisation and security for native AWS workloads.

Firstly if you don’t know what NSX-T is then I would recommend you read the overview of it here or register for session NET1510BU . For version 2.0 there are a number of announcements, the high level  such as:

  • Cloud-Native App Frameworks
    • VMs and Containers
    • CNI Plugin Integration for Kubernetes (K8s) /Pivotal Cloud Foundry
    • NSX-T PaaS /CaaS Integration
      • NSX integration with Kubernetes
      • NSX Container Plugin (NCP) for integration with PaaS with NSX Manager
      • Native Container Networking:
        • IP address per container / POD
        • Container Network integration with DC network via routing and BGP
        • Micro-segmentation – inter project and intra project isolation
        • Network and Security Automation – created as part of app deployment
        • Multi-tenant network topologies
        • Multiple Containers (PODs for K8s) in a VM (Container Host)
        • Support for vSphere and KVM

For VMware cloud on AWS there is an extensive amount of announcements and features about the service but for NSX in particular it is about centralised management, comprehensive visibility and enterprise-class security

  • Discovery
    • Visibility into apps and resources they consume
    • Analyse usage and utilisation across clouds
    • Possible with AWS (Native), Azure (Compute) and Private Cloud (vSphere)
  • Cost Insight
    • Accounting and cost optimisation for multiple clouds
    • Track and analyse your costs and trends
    • Possible with AWS (Native), Azure (Compute) and Private Cloud (vSphere)
  • Network Insight
    • Operational visibility, control and compliance across clouds
    • Optimise performance, health and availability
    • Possible with AWS (Native) and Private Cloud (vSphere)
  • Secure Networking
    • Secure networks with micro-segmentation
    • Create private networks within or across clouds
    • Possible with AWS (Native)

For NSX Secure Networking

  • On-Prem Automation and Networking & Security
    • Multi-domain networking
    • Automation with OpenStack
    • Micro-segmentation
    • Consistent and scalable micro segmentation security – unified policy management across multiple public clouds
    • Precise control over cloud networking topologies, traffic flows, IP addressing and protocols
    • Standard network data works with existing Day 2 operations tools and processes

If you are looking for some top sessions around these announcements then the following top 10 networking and security sessions should be a great fit:

  • Transforming networking and security for the digital era – TS7003KU –Tuesday August 29,12:30pm – 13:30 pm
  • Use virtualization to secure application infrastructure – SAI3237SU – Monday August 28,11am – 12pm
  • Why networking is at the heart of digital transformation – NET3235SU – Monday August 28,1pm – 2pm
  • NSX everywhere: The network bridge for on premises, private, and native public clouds – NET3236SU – Monday August 28,4pm – 5pm
  • Introduction to VMware NSX – NET1152BU – Monday August 28,4pm – 5pm
  • Application security reviews made easy with VMware latest security solution – SAI2895BU – Tuesday August 29,4pm – 5pm
  • The NSX practical path – NET3282BU – Monday August 28,2:30pm – 3:30pm
  • When clouds collide, lightning strikes – NET3282BU – Wednesday August 30, 1pm – 2pm
  • The future of networking and security with NSX-T – NET1821BU – Tuesday August 29, 11:30am –12:30pm
  • Container networking with NSX-T overview – NET1521GU – Monday August 28, 1pm – 2pm

Gregg


3 Comments

VMware AppDefense Announced at #VMworld US

At todays VMworld US there are a number of announcements coming out but one of the big ones in my opinion is the announcement of VMware AppDefense.

AppDefense provides an number of features, notably:

  • Application Control: Comprehensive view/grouping of VMs in the datacenter, their intended state and allowed behaviour
  • Runtime anomaly detection and response: Monitor the real time state of the OS and user applications – alert and control process, network, and kernel events
  • Process Analysis: Built-in process analysis engine gives overall process maliciousness as well as specific traits that are potentially suspicious
  • Orchestrate Remediation: Our infrastructure reach provides a more effective way to orchestrate remediation during a security incident

image

Application Scope

  • Security Team View of Intended Application State
  • Security-team owned viewpoint of application infrastructure
  • Provides a lens to evaluate runtime behaviour against known good
  • An abstraction to validate and audit the placement of security policy

image

 

Attesting Runtime Behaviour

  • Writing Rules to Inspect Validate Endpoint Processes and Network Connectivity
  • Enforce behaviour by blocking activity or audit/alerting
  • Evaluate a number of endpoint events from a trusted location:
    • Process network activity (inbound/outbound)
    • Process activity
    • OS Kernel
    • Virtual Enclave

image

 

Built-In Process Analysis

  • Deep Level In-Memory Analysis of Process Capability to Provide Detail on Anomalies
  • Evaluate the in-memory state of a process before/after anomalies are recognized
  • Does not rely on signatures or hashes at all
  • Provides overall risk score and individual traits within the process

image

 

Orchestrating Remediation

  • Blocking Behaviour or Responding on Alarms Through Virtual Infrastructure
  • Each rule can be associated with a recommended remediation workflow
  • Alerts integrate with standard SIEM tools and other notification methods
  • Enforcement can be automated or manual
  • Leverages the mutability of the virtual infrastructure (ESX layer and NSX security policy)

image

AppDefense Architecture

image

 

I’m really looking forward to learning more about AppDefense and seeing how it can fit my customers needs.

Gregg


2 Comments

VMware Cloud Services

Customers aren’t just running their workloads in their vSphere datacenters but are also now running more and more workloads natively in the public cloud providers and this can be a challenge for businesses who might not have the current skillset or mechanisms to monitor and manage these public workloads. VMware have now announced a way of homogenising the cloud and providing a mechanism for you to consume all the cloud providers and manage across these various providers where you can manage, provision and migrate workloads easily between you on premises environment to the public cloud providers.

image

VMware did a survey recently and the amount of their customers who are using or evaluating a public cloud provider has now almost reached 100 percent with the feedback being 97% and an increase of 11% since 2016.

image

The amount of workloads these surveyed customers have running in these public clouds however are still very small although most see it where being on multiple public cloud providers is the ideal end state but this brings two major problems:

Operational Complexity

  • Application and management tool sprawl
  • Inefficient cost management across multiple clouds
  • Compliance gaps due to different architectures

Increased Risk Exposure

  • Inconsistent security architectures and policies
  • Lack of visibility into and across multiple clouds
  • Lack of expertise on specific platforms

image

For  VMware Cloud Services there are mainly five different services that are being announced at todays VMworld and they are:

Discovery: Holistic View of All Cloud Resources

  • Visibility into apps and resources they consumer
  • Analyse usage and utilisation across clouds
  • Public and private cloud inventory and metrics collection in minutes
  • AWS and Azure inventory collection using cloud user credentials and APIs
  • Private cloud inventory collection using a lightweight VMware vCenter data-collector
  • Central repository for all public and private cloud inventory
  • Inventory search based on cloud resource attributes
  • Expose native cloud tags and group cloud resources to simplify reporting, operations and actions across other VMware Cloud Services
  • Single place to add public and private cloud account credentials
  • Secure management of cloud credentials and account owners
  • Shared configurations of Clouds Accounts for data collections across multiple VMware Cloud Services

image

image

Cost Insight

  • Accounting and cost optimisation for multiple clouds
  • Track and analyse your costs and trends
  • Estimate total cloud spend across public and private clouds
  • Compare spend by cloud providers, regions, accounts or other groups
  • Analyse costs and drill deeper to identify key cost drivers
  • Track cloud costs over time and project future costs based on historical data
  • Compare actual spend with assigned budgets
  • Share cloud costs and budget comparisons with application teams
  • Identify powered off virtual machines
  • Identify unused cloud storage resources
  • Customise threshold limits for identifying unused resources

image

image

VMware NSX Cloud

  • Secure networks with micro-segmentation
  • Create private networks with or across clouds
  • Network abstraction through overlays
  • Segmentation control independent of cloud
  • Stamp out consistent overlay networks
  • Ops consistency and improved visibility
  • Improved IT efficiency and lower OpEx

image

Network Insight

  • Operational visibility, control and compliance across clouds.
  • Optimise performance, health and availability
  • Understand application dependencies by analysing traffic flow patterns between VMs
  • accelerate micro-segmentation planning and use firewall rule recommendations to improve cloud security
  • Continuously monitor, troubleshoot and audit cloud security posture over time
  • Discover AWS,VMW and physical network infrastructure resources including AWS VPCs, security groups and cloud tags
  • Troubleshoot network connectivity issues between VMs with visibility into virtual and physical data center network layers
  • Rapidly identify issues through pro-active events and alerts
  • Scale across large NSX deployments with powerful visualisations for topology and health
  • Avoid configuration issues with NSX deployments based on health checklists
  • Quickly pinpoint issues for resolution with the help of intuitive UI and search

Wavefront

  • Metrics-driven monitoring and real-time analytics
  • Real time metrics monitoring at scale
  • “First pane of glass” visibility
  • Shared Model of application/system for both developers and ops

image

 

If you are interested in any of the solutions above then I would recommend getting to the VMware booth at VMworld US if attendign the conference or speak to your VMware sales executive if you aren’t attending to get a demo setup

Gregg


Leave a comment

Why you should attend VMworld US

VMworld US is just around the corner (58 days to be exact) and I have been graciously allocated a bloggers pass for the conference and given backing from my company Dell EMC to attend. This will be my sixth time attending and my third time attending the US one. VMworld has something for everyone from those just learning about virtualisation to those who have been part of the industry for a number of years and are looking to those in depth sessions and discussions with the evangelists and guru’s of VMware plethora of offerings and solutions. If you haven’t yet booked your place then let me list some of the reasons I think you should attend as they are the reasons I try to attend every year:

  • On the Sunday of VMworld is Partner Exchange and TAM day where VMware partners can attend exclusive sessions talking about everything from future roadmaps for all of VMware product lines but also new solutions VMware are looking to release. The sessions are always extremely interesting and from my experience are the best chance to speak to the “rockstars” who evangelise and breath the various solutions. If you aren’t a partner or are looking  for something community driven then the vBrownbag crew along with the VMUnderground crew are again running opening acts and then the VMUnderground party in the Evening (unfortunately the party tickets are now sold out). I will be attending opening acts and have actually submitted a panel idea that I hope will be accepted.

vbrownbag

  • My next reason is about the community again but this time the ability to network with like minded individuals at the bloggers tables, fellow vExperts, fellow VCDX at the VCDX townhall on the Saturday before VMworld and all those I hope to meet over lunch and at the vBrownbag TechTalks who are working in collaboration with the VMTN team to run the infamous TechTalks. If you have never heard of the TechTalks then a brief overview is below:
    • Tech Talks originated at VMworld 2012 where they provided an opportunity for community members, whose presentation submissions were not accepted into the main catalogue, to present the core of  a topic.  #TechTalks are a ten minute presentation by a community member for the benefit of the community. Since almost everyone working in technology has solved problems and learned something almost everyone could present a #TechTalk.  The format can be a slide deck or simply talking, they are usually about how to solve a problem or get the most out of a product. The TechTalk is captured on video and published on the vBrownBag YouTube channel.
    • If the conference Internet connection allows, the talk is also live streamed from the show.
    • #TechTalks are for community members to reach other community members, any topic that will help other people is good.  The one thing that TechTalks are not is an opportunity to present the corporate slide deck about a great product you would like us to buy.  #TechTalks are about up skilling and education, the only marketing should be from the TechTalk sponsors who help make the whole thing happen.
  • Next are the breakout sessions, group discussions and expert panels. The content catalog is now live and it is packed with amazing sessions by some of the biggest names in the industry and those up and coming in the industry. I’m personally really looking forward to all of the VMware Cloud on AWS sessions as it bridges my existing knowledge and interest in VMware with my exponentially growing interest in AWS. The sessions are also recorded so if you can’t make it to a sessions due to a conflict then by registering for VMworld you get access to all the recorded sessions after the conference for you to watch in your own time.
  • My next reason are the VMware Hands-On Labs which cover all VMware technologies and allow you to play with the latest releases and offerings not just from VMware but also VMware partners. Alike to the sessions the hands on labs are available after the conference but I would recommend going to a few that really interest you (again I’ve allocated some walk trough’s of the VMConAWS solution) and then you can do the remaining ones after the conference. If however you really want to hit the labs hard then I know they normally give a free pass to next years VMworld to the top few people who have completed the most labs.
  • The solution exchange is my next reason as this is the perfect opportunity to speak to those vendors who are offering the latest solution that might save your business and team loads of money and or time and this is the perfect opportunity to speak to that vendor who might be offering the solution that will fix the issues your company is experiencing and take that knowledge back to your company and impress your management with how you’ve found a great solution and to prove that your going to VMworld was worth it and that they should send you again next year. I would be remise if I didn’t encourage you to go speak to Dell EMC and hear about their amazing offerings all the way through the stack as well as pre-packaged and validated solutions for SMB’s all the way to large enterprises.
  • If you are looking to obtain that next VMware certification or want to speak to the certification team about the performance of your latest VCAP-Deploy exam then there are loads of  VMware Certification opportunities. You can also book reduce cost exams at VMworld which I have personally never decided to do but loads of the community swear by it and due to the reduced cost it means if you unfortunately don’t make it then it isn’t that much of a dent to your pocket and lets you scope out the exam to better prepare for next time.
  • Last is the parties and due to the conference being in Vegas you can imagine the amount of them there are and the amount of meet ups after the parties that happen.  There are parties for everyone so if you are looking for a chilled drinks evening then there are loads of opportunities for that and if you want to party all night (save some sleep to be able to attend the conference) then there are plenty of those as well. If you haven;t got a ticket to VMUnderground on Sunday then the Welcome Reception kicks off the conference experience with food, drinks, and networking in the Solutions Exchange. There are normally loads of announcements about the parties closer to the time so keep an eye out on social media as the parties fill up fast and remember the strip is big so unless you plan to uber it then getting to three parties in a night might not be possible. The VMworld party finishes off the conference on Wednesday night, the venue hasn’t been announced as far as I’ve seen but he bands have been and teenage Gregg is super excited about it as  Blink 182 and Bleachers will be performing. Last years aprty at the Las Vegas Motor Speedway was really fun and fall out boy were awesome in my opinion

If you are looking to attend then sign up here https://reg.rainfocus.com/flow/vmware/vmworldus17/reg/account?src=so_590b899c53598&cid=70134000001K6I4 and make sure to come find me and say hi as well as i encourage you to attend the TechTalks which are due to be added to the content catalog very soon.

Gregg


4 Comments

vSphere 6.5 Operations Management Announcements

At today’s VMworld Europe conference in Barcelona VMware are announcing vSphere 6.5. There are a plethora of new features and fixes in this series of postings I plan to cover the ones that caught my eye and so for the first second one let us cover the updates to vSphere 6.5 Operations Management.

vR Ops – New Home Dashboard

The vR Ops home dashboard as part of vSOM has had a makeover where you can now filter and find important things to the environment easily such as

Pasted image at 2016_10_17 04_47 PM (1)

Quickly identity top problem objects

image

Filter by severity

image

Condensed alert and information and remediation guidance

image

Enhanced vSphere DRS Cluster settings dashboard

Pasted image at 2016_10_17 04_48 PM

Conveniently monitor each cluster workload

image

Updated Workload Utilisation Dashboard

Pasted image at 2016_10_17 04_47 PM

Easily visualise separate workloads

image

Quicker access to rebalance plan

image

vR Ops – Additional Improvements

vCenter Configuration

  • Combined Configuration of vCenter and Action Adapters
  • One-button ease of enabling or disabling actions
  • Create and apply global monitoring goals to multiple vCenters

Automation

  • New CaSA public REST API interface
  • Documentation available@ <vrops>/casa/api-guide.html
  • Allows for cluster and node management

Security and Compliance

  • Added support for the vSphere 6.0 hardening guide
  • New certificate validation checks
  • Import certificates via CaSA REST API

Log Insight Integration

  • Log Insight management pack comes pre-installed
  • Improvements of Log Insight alerting to vR Ops

Log insight – New Clarity UI

image

Log Insight – Additional Improvements

vSphere Content Pack

  • New vCenter Server Dashboards
    • Overview
    • Performance
  • Updated Dashboards
    • General- Problems
    • vSphere – vMotion

Widget Updates

  • New Event Widgets
    • Event Types
    • Event Trends
  • New vSphere widgets:
    • Replicated VMs
    • Recovered VMs
    • Upgraded VMs

Other Notables

  • Added PSP PhoneHome Support
  • API-Based Improvements
    • Install
    • Upgrade
    • Query API Enhancements
  • Streaming Support Bundles

Make sure you attend one of (if not all) the multiple sessions by Kyle Gleed to learn and see more if you are at the show or watch once the recordings have been released

Gregg


2 Comments

vSphere 6.5 VCSA and Clients Announcements

At today’s VMworld Europe conference in Barcelona VMware are announcing vSphere 6.5. There are a plethora of new features and fixes in this series of postings I plan to cover the ones that caught my eye and so for the first one let us cover the vSphere 6.5 VCSA and Clients announcements.

Overview

  • Native high availability – An all new HA solution that reduces RTO and is easy to configure. No dependency on expensive 3rd party database clustering solutions of RDMs while eliminating the single point of failure for vCenter Server
  • VMware Update Manager – is now integrated into the vCenter Server Appliance. Simple, enabled by default, and removes the requirement for a separate Windows VM.
  • Improved appliance management – an improved vCenter Server Appliance Management Interface (VMAI) brings more CPU, Memory, Network and Database monitoring right into the UI. Reduces reliance on CLI for simple monitoring tasks.
  • Native Backup and Restore – Simplified backup and restore with a new native file-based solution. Restore the vCenter server configuration to a fresh appliance and stream backups to external storage using HTTP, FTP or SCP protocols (Only available on the vCenter Server appliance)

VCSA Deployment

  • Installer support now for windows, Mac and Linux
  • An updated menu where you cannot just select to install or upgrade but also migrate and restore.

clip_image002

  • VMware vSphere Update Manager included
  • VCSA and PSC install is now a two stage process
    • Stage 1- Deploy OVF
    • Stage 2 – Configuration
  • The benefits of the 2-stage deployment are:
    • Improved validation and checks
    • Manual snapshot between stages for rollback
    • Create a template for additional deployments

VCSA Migration – 6.5

  • 6.5 support for Windows vCenter 5.5 or 6.0 -> 6.5
  • Migrations for both embedded and external topologies
  • VMware vSphere Update Manager included as part of migration
  • Assumes the identity of the source Windows vCenter (UUID, IP, OS Name, Certificates)
  • Embedded and external Database support: MSSQL, MSSQL Express, Oracle
  • Migration Assistant pre-checks
  • Option to select historical and performance data

clip_image004

VCSA Monitoring

clip_image006

  • New vCenter Server Appliance Management Interface
  • Built in monitoring: Network, CPU and Memory
  • Visibility to vPostgres DB
  • Remote syslog configuration
  • vMon: Enhanced watchdog functionality

Native vCenter Server Appliance Backup & Restore

clip_image008

  • Removes dependency on 3rd party backup solutions
  • Restore vCenter Server instance to a brand new appliance
  • Supports backup/restore of VCSA & PSC appliances
  • Includes embedded and external deployments
  • Supported protocols include:
    • HTTP/S
    • SC
    • FTP/S
  • Option for Encryption
  • Restore directly from VCSA ISO

Native vCenter High Availability

clip_image010

  • VCSA Only
  • Active/Passive with witness
  • Required network configuration:
    • Eth0 – Public network
    • Eth1 – Private network (added during configuration)
  • Two configuration options: Basic and Advanced

Client Integration Plugin Deprecation

  • In 6.5 CIP is no longer required
    • Replaced by native browser functions
    • Optional plugin called Enhanced Authentication Plugin for smart card and Integrate Windows Authentication login capabilities.

vSphere HTML5 Web Client

clip_image012

· Clarity UI standard

· No browser plugins

· Integrated into vCenter Server 6.5

· Fully supports Enhanced Linked Mode

Make sure you attend one of the multiple sessions by Emad Younis and Adam Eckerle to learn and see more.

Gregg