Monthly Archives: April 2016

Attention IT Recruiters – VCDX | VCIX | VCAP | VCP – Letters That Add Value!

There has been some discussion in the vExpert Slack channel over the last couple of days discussing how the vExpert Program which is an advocacy program that VMware awards to engaged members of the community was more recognized than actual VMware based certifications including the coveted VCDX. Without diminishing the value of the vExpert Program, this has been discussed in many circles for a while now and generally revolves around the fact the the VCAP exams are almost non existent when it comes to desirable certifications on resumes. Even the VCDX seems to be generally relegated to a “Explain what a VCDX is and aren’t vExperts the Virtulization Experts of choice?” conversation.

Within the VMware community we know and understand exactly when it means to achieve a VCP. We know the step up and the experience required to achieve VCAPs and VCIXs and many know the absolute effort and commitment it takes to persue and gain a VCDX. While the VCP can be achieved via braindumps the consensus is that the VCP 5 and 6 versions are no walk in the park. VCAPs and VCIX administration and design exams can’t be braindumped and to pass those exams shows advanced skills with VMware products. The VCDX is a whole different level and in addition to having to pass VCPs, at least two VCAPs/VCIXs successful candidates go through hundreds of hours of design documentation before sitting a defence in which candidates are put under immense pressure to be able to get enough points to become a VCDX…a master of architectural design and thinking.

So whats the problem here and why are these certifications not as well known and recognized as they should be? It’s apparent that there needs to be more education in the Tech HR and Recruitment space that goes some way to having these certs (and other industry certs) recognized more and have their true value understood. In addition to that IT managers who do the employing need to understand what each exam gets you in terms of the candidate filling a role.

How this is achieved I am not sure but maybe IT recruiters will stumble across this post and use it as a springboard to better understand the certifications listed above. It’s also up to the hiring manager to start understanding the value by adding them to job descriptions as desired certifications. These exams are not cheap and they represent significant investment in time and effort to pass and as the numbers around the globe show below…these certifications are not gained without effort.

Looking at data below it’s clear to see that with only 220 odd VCDXs, 4000 odd VCAPs and with the number of VCPs similar to the CCIE’s rough 50,000 you can start to see the uniqueness of the VMware certifications. Weather that translates to better skilled employees I can’t answer that and I’m certainly not advocating increased dollar values of potential candidates just because they hold these certifications but the aim here is to increase the understanding of the value that each certification brings.

I’d be interested to hear is this sentiment if felt in other certification areas such as Microsoft, Citrix and in newer areas like AWS and other vendor certifications…feel free to comment below.

VCDX Links:

http://vcdx.vmware.com/

VCAP/VCIX Links:

http://blogs.vmware.com/education/2016/04/where-in-the-world-are-vcaps-infographic.html

VCP Links:

http://blogs.vmware.com/education/2015/12/where-in-the-world-are-vcps-infographic.html

Example Certification Path:

https://mylearn.vmware.com/mgrReg/plan.cfm?plan=88888&ui=www_cert

References:

http://www.bradreese.com/worldwide-ccie-count.htm

New Rubrik r528 – Targeting Encrypted Backup Market

Rubrik have today announced an expansion to their existing Converged Data Management Backup Appliances adding the secure backup focused r528 to the rXXX appliances. They have also released version 2.2 of their hardware plus software backup platform which introduces a couple new features to the Rubrik Management UI. The r528 is a targeted shift for Rubrik aimed at looking to secure what was historically a niche part of the backup market but one that has become a more sort after feature so that backups can not only be there for recoverability…but also for security and encryption at rest.

The r528 comes in a 2U Appliance Brik and has 2 nodes per appliance. Each node contains 1xSSD and 6xHDDs of which the drives are rates for FIPS 140-2 L2 Self encryption and U.S Government NIST validated. In addition to that the r528s have all the same great features and interface goodness of the existing Rubrik Briks. Encryption at rest is done via Self-Encrypting Drives (SED) and is completely secure if a drive is removed. The Rubrik Cryptographic Library that secures the data will be certified via the Common Criteria at the EAL2+ level.

Converged Data Management 2.2

As mentioned above, Rubrik have also announced version 2.2 of their software platform which adds a bunch of new features.

  • Enhanced Auto Protect and SLA Inheritance
  • Enhanced Performance Based Throttling Detection
  • Increased Scalability
  • Cluster Policy Enhancements
  • Proxy Connection Support
  • NAT Support for Public Replication
  • Enhanced UI and Management

The new enhancements in 2.2 are more tweaks than new features as you would expect in a point release however it shows that the Rubrik team are listening to their customers as many of the new enhancements where direct requests from existing clients such as the proxy and NAT support as well as the ability with the Cluster Policies to achieve more granular SLAs and set blackout windows and have the ability for a global pause of cluster activity for maintenance tasks.

In terms of scale, Rubrik are now claiming 40 nodes capable of backing up 10,000 VMs under vSphere 6.0 and quicker live mount performance which includes Storage vMotion of VMs to primary storage. They have also introduced better latency monitoring thresholds to avoid possible impact to production workloads.

Overall more good news from Rubrik and certainly an interesting play releasing a specific use case type of appliance in the r528. Looking forward to seeing them continue to improve and add features in the lead up to VMworld.

References:

https://en.wikipedia.org/wiki/FIPS_140-2

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt1451.pdf

https://en.wikipedia.org/wiki/Evaluation_Assurance_Level#EAL2:_Structurally_Tested

HOTP: vCloud Air Japan to be Shutdown!

EDIT 2pm AWST: Seems as though the link and announcement has been pulled so take with a grain of salt until it’s confirmed or otherwise.
EDIT 3:15pm ASWT: Link is back.
EDIT 5:15pm ASWT: Link is pulled. Will continue to monitor but read below for info as it was earlier in the day.
Just saw a tweet come through sounded out the news that VMware was shutting down the vCloud Air Service in Japan. This to me was a bit of a shock as I was under the impression that vCloud Air in Japan was strong and the Japanese market had embraced the service.

http://vcloud.vmware.com/jp/using-vcloud-air/vca-customer-letter-japan2016

Above is the statement that just went out via the VCA Japanese page. I’ve copied the translation below:

So it’s good news for the vCloud Air Network providers who in theory will pick up all the business by the 31st of March…but I do wonder what % of current VCA in Japan will move across or feel slightly disgruntled and move to competing platforms.

Given that the page has been pulled down it seems like someone has jumped the gun in terms of the announcement going public. I don’t believe this was a mistake as the statement is too well structured to be that. This more than likely will be made offical over the next week or so. When it is offical it will be interesting to see how VMware deal with the insinuations that will follow in regards to their other VCA Zones.

Beta Participation Matters! – vSphere Beta Program

Over the past week there have been a number of posts around the new vSphere Beta which is the first step in testing the next major release from VMware following vSphere 6. As has become custom there is a private beta form that can be accessed here and people that are interested can fill out the form and register their intent to participate.

With all the issues that VMware have experienced over the past 12-18 months it’s massively important (I feel) that this beta is well represented and as many people as possible download the bits and put to the test the new vSphere platform. There is no doubt that this next release will be VMware’s most important when you think about the 5.5 and 6.0 issues as well as the perceived pressure being heaped by Nutanix and…to a less extent Microsoft with Hyper-V.

VMware need to nail .NEXT!

I say this because the one thing that VMware need to combat AHV, Hyper-V and other hypervisors out their is a return to core platform stability and that can be further achieved if there are enough people testing and then reporting back to the VMware beta teams about their issues…the more diverse the beta base is the great the exposure to potential issues and bugs. This isn’t a guarantee that the perception of reduced stability and increased bugs won’t be totally eradicated but it goes some way to helping.

If selected to participate in the beta there are a set of expectations that people need to commit to.

Participant Expectations:

  • Online acceptance of the Master Software Beta Test Agreement will be required prior to visiting the Private Beta Community
  • Install beta software within 3 days of receiving access to the beta product
  • Provide feedback within the first 4 weeks of the beta program
  • Submit Support Requests for bugs, issues and feature requests
  • Complete surveys and beta test assignments
  • Participate in the private beta discussion forum and conference calls

I highlighted the dot point above relating to participants being active when part of a beta program. If you are just wanting to download the bits and install them for a quick look then you are probably not going to get anything substantial out of a beta program. One of the key reasons they exist is to generate feedback and testing on software thats not yet feature set and potentially has undiscovered bugs. Computer game companies have of recent times been putting out open betas (such as the recent one for the new Doom) to put their software through harsh testing at the hands of their potential customer base…this is no different to what betas such as the vSphere Beta.

When I participate in Beta’s I know that I am helping to shape the future of the product…people that know me know that I am a bit of a “beta whore” but that’s only because I understand the benfits of being involved in the programs and understand that it’s not only important for the vendor…but also important for the customer…after all you are getting a look at what’s next and essentially get to contribute in the final release.

vSphere 6 Beta Details:

This program enables participants to help define the direction of the most widely adopted industry-leading virtualization platform. Folks who want to participate in the program can now indicate their interest by filling out this simple form. The vSphere team will grant access to the program to selected candidates in stages. This vSphere Beta Program leverages a private Beta community to download software and share information.

 

We will provide discussion forums, webinars, and service requests to enable you to share your feedback with us.

You can expect to download, install, and test vSphere Beta software in your environment or get invited to try new features in a VMware hosted environment. All testing is free-form and we encourage you to use our software in ways that interest you. This will provide us with valuable insight into how you use vSphere in real-world conditions and with real-world test cases, enabling us to better align our product with your business needs.

So if you want to contribute to the future of vSphere…register for the BETA and be active in your participation!

References:

http://info.vmware.com/content/35853_VMware-vSphere-Beta_Interest

Critical Security Issue Client Integration Plugin | vCloud Director 5.5.6 Released

Last week VMware released advisory VMSA-2016-0004 for a critical security issue found in the Client Integration Plugin which is found in versions of vCenter, vCloud Director and vRealize Automation. From going through the advisory the Client Integration Plugin does not handle session content in a “safe way” which may allow for a Man in the Middle attack or Web session hijacking in case the user of the vSphere Web Client visits a malicious Web site.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-2076 to this issue.

The systems at most risk are those who expose vSphere Web Clients on 5.5 U3x and 6.0 prior to Update 2 and those publicly running instances of vCloud Director 5.5.5 and vRA 6.2.4. For Service Providers, this issue does not present in vCloud Director SP 5.6.x. vCD SP 8.0.0 did not ship with a vulnerable CIP version while vCD SP 8.0.1 shipped with the updated version of the CIP.

vCloud Director 5.5.6 Released:

With that we have a new version of vCloud Director 5.5 bringing the release to 5.5.6 Build 3764659. This was released last Thursday (14th of April) and from the looks it was a release always on the cards as it contained more fixes and updates than just for the CIP security issue.

  • vSphere support: vCloud Director 5.5.6 adds support for vSphere 60u2 in backward compatibility mode.
  • NSX support: vCloud Director 5.5.6 supports NSX versions 6.2.2 and 6.1.6.
  • vCloud Networking and Security support: vCloud Director 5.5.6 supports vCloud Networking and Security versions 5.5.4.2.
  • browser support: vCloud Director 5.5.6 adds browser support for Microsoft Internet Explorer 11.
  • Guest operating system customization support: vCloud Director 5.5.6 adds customization support for the following guest operating systems. Red Hat Enterprise Linux 7.2/7.1/6.7

Good to see that the vCD team is still keeping tabs on the non SP form of the platform even though it’s been pulled from general availability for some time now. If you are still running vCD 5.5.x you need upgrade to 5.5.6 and patch that CIP security hole. After install you will also need to let all your end users know the Client Integration Plugin will need to be updated on all systems from which the vSphere Web Client is used to connect to vCenter Server, vCloud Director and vRealize Automation Identity Manager.

For more on what the Client Integration Client does, I’ve linked below a William Lam that explains it in great detail.

What is the VMware Client Integration Plugin (CIP)?

References:

http://www.vmware.com/security/advisories/VMSA-2016-0004.html

http://www.cvedetails.com/cve/CVE-2016-2076/

http://pubs.vmware.com/Release_Notes/en/vcd/556/rel_notes_vcloud_director_556.html

VCIX-NV Follow-up: Wearable Heart Rates and VCP Inheritance

Last week I sat and passed the VCIX-NV (VCXN610) exam and I thought I would follow-up last weeks Review Post with some interesting…well I think interesting observations I picked up from my JawBone device during the course of the exam as well as give an update on some questions around what passing the VCIX-NV in it’s current form gives you in terms of VCP inheritance and extension.

Exam Heart Rate Measurements:

During my first attempt I was asked to remove the JawBone as the testing center apparently thinks they can conceal answers even though the JawBone Up3 doesn’t have any sort of display except for come indicator lights. Last week, during my second attempt they didn’t notice it on me and I had it on during the course of the exam.

When I checked the Up App later the evening the heart rate pattern closely matched the ebs and flows I felt during the 4.5 hour exam. If you look at the image above I have numbered key moments based on the time the reading was taken and made notes below on what part of the exam they correspond to.

  1. 69bpm – Taken on the journey from home to the testing center…feeling nervous about taking the test. Who doesn’t get nervous before tests?
  2. 69bpm – After going in confident, things started going pear shaped as explained in the recap.
  3. 59bpm – After getting the time extension and getting through first couple of questions
  4. 56bpm – During this part of the exam I settled into a groove and was powering through questions feeling more and more relaxed.
  5. 73bpm – Nearing the end of the exam and trying to rush through last few questions and going back through answers.
  6. 80bpm – Waiting for exam results after walk back to office from test center
  7. 55bpm – About an hour after getting results and finally able to relax

It’s pretty cool to see what your heart (and body) goes through during the course of an exam and with a wearable like the JawBone it’s possible track back and find out exactly what was happening during that period.

VCIX-NV Inheritance:

Over the past couple of months I’ve seen some conversation on Twitter and Slack around what passing the VCIX-NV gives you from a VCP point of view. We know from the VMware Education site that passing the current VCIX-NV means that when the new NSX Based Design and Administration exams come out, current VCIX-NV holders will be automatically upgraded.

As shown above, what also happens is that you are awarded the VCP-NV certification as well as have your existing VCPs expiration dates extended. It seems like VMware are giving away a lot with the successful passing of this exam however it probably speaks more to the fact that NSX is core to VMware future and it wants people to certify against it…however that is not to say that it’s given away for free and as I talked about in the recap the VCIX-NV isn’t a cakewalk and everything mentioned above is definitely well earn’t.

The current VCIX-NV gets retired on the 2nd of June.

VCIX-NV Exam Recap

What a effort that was! Today I sat and passed the VCIX-NV (VCXN610) exam and I can say that this exam has taken a fair bit out of me over the last month or so. I had been aiming to take this exam late last year but other commitments got in the way and I took my first shot at the am a couple of weeks ago…more on that first attempt below. Back to todays attempt, no more than 45 minutes after walking out of the local testing center here in Perth I had the Score Report email in my inbox with a Pass score.

As mentioned above this was my second attempt at the exam as I failed my first try falling just short of the 300 pass mark. I’ll be honest and say that the fail was mostly on me and as I walked out of that first attempt I knew that I had screwed things up and that a pass wasn’t likely.

As people know with the VCAP/VCIX lab based exams, some questions are linked and you need to be careful to not screw up or incorrectly complete a question as it may impact you further down the track. This happened early on in my first attempt and I knew that I would scramble to make the pass mark however I did have some legit issues with a couple of the questions which has become almost par for the course for people taking this exam. The issues where related to the Web Client and a service account which impacted my ability to attempt a couple of questions. I raised a ticket with VMware Education and managed to get a resit voucher which was pleasing as I wanted to tackle it again as soon as possible and the price of the exam had risen from $485AUD to $618AUD in the space of 3 months between bookings.

With that behind me I went into today’s attempt a little more confident but that confidence quickly evaporated as I ran into an issue with a core piece of NSX infrastructure about 20 minutes into the exam. I knew what I needed to do to fix the issue but I had lost time and remembered a conversation in the vExpert Slack VCIX Channel around the fact that you can ask for a time extension from VUE if you run into unexpected technical issues…which I did and after a bit of going around in circles with the local DDLS team I was granted some extra time to complete the exam. I was able to power on from that point and exited the exam room after about 4.5 hours after I had initially started…as someone mentioned in a previous post…this exam is like being in a time vortex.

Exam Thoughts and Tips:

I won’t sugar coat this exam…it’s tough! I have been working with NSX day and and day our for almost two years but found that the actual exam questions where not aligned to my day to day work on the NSX platform. The fact that it’s based on NSX-v 6.0.2 also poses a challenge for those of us lucky enough to have worked through 6.1.x and now 6.2.x NSX-v updates…all I can say is the Web Client experience should be much better for the new VCIX-NV exam thats coming in June.

My tip for those who are yet to take this test or future lab based VCAPs/VCIXs is to try and not use the Web Client if you can help it. I spent a lot of time in the VI client which meant less browser redraw times leading to quicker task completion. I would also suggest using ssh over the VM console as the redraw of the SUSE linux background is also a pain. Obviously for NSX you need the Web Client so to save time have multiple browser tabs open for quicker transition and load times.

A quick word on the latency…it wasn’t too bad even though I am located on the West Coast of Australia with an approximate 600-700ms RTT back to the Pacific coast US.

I’m not going to go through the exam preparation resources as many guys have blogged about what to use to help you pass the exam in addition to knowing the Blue Print off by heart…but the one thing I will say is the the VMware HOL are like gold…specially if you don’t have the resources or entitlement to run up NSX in a home or office lab. A final word of advice is that you do need to get up to speed on networking basics to pass this exam…just knowing how to administer NSX in a vSphere environment won’t be enough.

All in all I’m pretty happy to have this notch on my belt as I felt it was a long time coming, thanks to all that helped in my preparation and good luck to all those taking the VCIX in the future. To be sure it was a tough, brute of an exam…I still had fun getting through it.

#RUNNSX

 

It’s A Good Book! – vSphere Design Pocketbook 3.0

Last week Frank Denneman blogged about the release of the third installment of the vSphere Design Pocketbook. This is a great initiative from PernixData and Frank which gives bloggers the chance to have certain posts published in the form of an book of which gets distributed at industry events around the world, including EMC World and VMworld.

Having read through this years edition I can tell you that it’s well worth getting your hand on either in PDF format, or in book format if attending events with PernixData is sponsoring. The Social Media Edition is split into 7 Chapters going through specific areas of vSphere including Host Configuration, Cluster Design, Storage, Networking and Security, VM Configuration, Management and general Words of Wisdom and if I was to highlight a section I would make sue you check out Understanding Block Sizes in a Virtualized Environment by Pete Koehler which is becoming a lot more important in this day and age…it’s something that FVP Architect has made easier to discover and understand.

The contributors to the book include respected community and industry leaders like Chris Wahl, William Lam and Frank himself. The remaining contributors (myself included) all run excellent tech blogs and are active on Twitter so make sure you view the list on the download page and follow them on the social networks.

Again, thanks to Frank and the team at PernixData for taking the time to get this project together. Download the Book from the link below and look out for the Hard Copy at an event near you!

http://www.pernixdata.com/resource/vsphere-design-pocketbook-30-social-media-edition

Veeam 9 – Important Cloud Connect Hotfix for VCSPs

Overnight Veeam released Hotfix Rollup 1 for Veeam Backup & Replication v9 targeting Veeam Cloud Connect VCSP partners. This is to fix a couple of small performance issues in large Veeam Cloud Connect deployments and a couple of other issue that have been discovered since the release of Update 1.

If you are a VCSP and running Veeam Backup & Replication v9 Builds 9.0.0.902 or 9.0.0.1491 then check your emails for the Hotfix link or contact Veeam Partner Support to grab a copy of the patch. Note that you need to be on 9.0.0.1491 before applying the Hotfix. Once installed you will not see a change of build number or be required to update Veeam Cloud Connect components.

As it mentions on the Veeam communication if you want to keep up to date with all VCSP technical advisories make sure you join this forum…for which you must be registered.

Important – vCNS and NSX End of Availability and Support Notifications

For a while now we have known that vCloud Networking and Security’s days where numbered…with the release of NSX as a replacement+ product it had been communicated to current vCNS customers that an upgrade to NSX-v would be on the cards to ensure continued support and functionality. The date has now been set for the EOA of vCNS and in somewhat of a surprise to me VMware also last week announced the EOA for NSX-v 6.1.x will reach end of availability later in the year.

VMware has announced the End of Availability (“EOA”) of the VMware vCloud Networking and Security 5.5.x which will commence on September 19, 2016

VMware has announced the End of Availability (“EOA”) of the VMware NSX for vSphere 6.1.x and will commence on October 15, 2016

In both cases the VMwareKBs state that the products will continue to function. However, support will no longer be available, nor update releases or patches…so end of the day use at your own risk and don’t expect any help is the proverbial hits the fan.

The EOA and Support of NSX-v, while a surprise can be dealt with fairly easily by existing NSX-v customers. To get the most out of NSX-v in terms of the enhanced capabilities and features you should be running a version of 6.2.x and there is a new major release just around the corner (to be announced later in the year possibly). The only current caveat is upgrades from 6.1.5 to 6.2.0 are not supported…you must upgrade from 6.1.5 to NSX 6.2.1 or later to avoid a regression in functionality.

With regard to existing vCNS customers who are not Service Providers or have not gotten their hands on…let alone wrapped their heads around NSX-v this isn’t fantastic news. This Reddit post sums up some of the feeling out there in regards to the upgrade path for vCNS to NSX-v. To sum up the general feeling that I have come across…NSX-v is a lot more expensive than what vCNS was (in most cases it was part of the general vSphere/vCloud editions and bundles) and existing users of vCNS are finding it hard to justify that cost when considering the fact that some of the best NSX-v features are surplus to their requirements.

End of the day here there aren’t too many options for vCNS customers, but there is talk about VMware releasing an NSX-Lite version to satisfy the gap that exists between current customer requirements of vCNS features vs the all in nature of the NSX-v feature set…the clock is now ticking!

vCloud Director and vCNS:

Tom Fojta blogged earlier in the week that VMware have released an additional whitepaper for for vCAT SP that goes through a vCNS upgrade to NSX in vCloud Director Environments. I’ve also covered that in my vCloud Director NSX Retrofit series here.

References:

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2144733

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2144769