Category Archives: VMware

Quick Post – vCloud Director 9.5.0.3 Released as Critical Update

Late last week, on the same day as vCloud Director 9.7 was released to GA, an update was also released for vCloud Director 9.5.x which has been marked are critical. Specifically it relates to a vulnerability in previous vCloud Director 9.5.x with identifier CVE-2019-5523. Ironically this threat targets the new Tenant and Provider Portals.

VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.

Obviously given that vCloud Director 9.7 has just been release it’s unlikely that most Service Providers will upgrade right away, therefore the majority will be running vCloud Director 9.5.x for some time yet.

vCloud Director 9.0.x and 9.1.x are not affected.

References:

https://docs.vmware.com/en/vCloud-Director/9.5/rn/vCloud-Director-9503-for-Service-Providers-Release-Notes.html

https://www.vmware.com/security/advisories/VMSA-2019-0004.html

Quick Post – vCloud Director 9.5.0.2 Released

While we wait for the upcoming release of vCloud Director 9.7 next month (after the covers where torn off the next release in a blog post last week by the vCloud Team), VMware have released a new build (9.5.0.2 Build 12810511) of vCloud Director 9.5 that contains a number of resolved issues and is a recommended patch update.

Looking through the resolved issues it seems like the majority of fixes are around networking and to do with NSX Edge Gateway deployments as well as a few fixes around OVF template importing and API interactions.

While looking through the new layout of the VMware Docs page for vCloud Director I noticed that a few new builds for 9.1, 9.0 and 8.20 had shipped out over the past few months or so. I updated the vCloud Director Release History to reflect all the latest builds across all versions.

References:

https://docs.vmware.com/en/vCloud-Director/9.5/rn/vCloud-Director-9502-for-Service-Providers-Release-Notes.html

https://blogs.vmware.com/vcloud/2019/03/the-hybrid-cloud-gets-better-meet-vcloud-director-9-7.html

 

First Look – Runecast Adding Support for VMware HCL

Two years ago at the 2017 Sydney and Melbourne UserCons, I spent time with a couple of the founders of Runecast, Stanimir Markov and Ched Smokovic and got to know a little more about their real time analytics platform for VMware based infrastructure. Fast forward to today and Runecast have continued to build on the their initial release and have continued to add features and enhancements. The most recent of those, which is the ability to report on a ESXi Hosts VMware Hardware Compatibility List (HCL) is currently in beta and will be released shortly.

Currently, Runecast checks hardware versions, drivers and firmware against existing VMware KB articles and provides proactive findings for known issues that could impact your servers. With this addition Runecast will now show the compliance status of hardware against the VMware HCL.

This feature alone literally replaces hours of work to extract the needed data and match each server from your environment against the HCL. Critically, it can inform you if, where, and why your vSphere environment is not supported by VMware because of Hardware Compatibility issues.

In terms of what it looks like, as from the screen shot above you can see the new menu item that give you the Compatibly Overview. Your hosts are listed in the main window pane and are shows as green or red depending on their status against the HCL.

Clicking on the details you are shows the details of the host against the HCL data. If the host is out of whack with the HCL you will get an explanation similar to what is seen below. (note in the BETA I have installed this was not

With this feature you can identify which component is incompatible and unsupported. From there it will also indicate what the supportability options are for you.

Runecast keep adding great features to their platform… and most of their features are ones which any vSphere admin would find very helpful. That is the essence of what they are trying achieve.

For more information and to apply for the beta head here:

References:

https://www.runecast.com/blog/announcements/runecast-analyzer-support-for-vmware-hcl-beta

 

VMUG UserCon – Sydney and Melbourne Events!

A few years ago I claimed that the Melbourne VMUG Usercon was the “Best Virtualisation Event Outside of VMworld!” …that was a big statement if ever there was one however, over the past couple of years I still feel like that statement holds court even though there are much bigger UserCons around the world. In fairness, both Sydney and Melbourne UserCons are solid events and even with VMUG numbers generally struggling world wide, the events are still well attended and a must for anyone working around the VMware ecosystem.

Both events happen a couple of days apart from each other on the 19th and 21st of March and both are filled with quality content, quality presenters and a great community feel.

This will be my sixth straight Melbourne UserCon and my fourth Sydney UserCon…The last couple of years I have attended with Veeam and presented a couple of times. This year Veeam has UserCon Global Sponsorship which is exciting as the Global Product Strategy team will be presenting a lot of the UserCons around the world. Both the Sydney and Melbourne Agenda’s are jam packed with virtualisation and automation goodness and it’s actually hard to attend everything of interest with schedule conflicts happening throughout the day.

…the agenda’s are listed on the sites.

As mentioned, Veeam is sponsoring both events a the Global Elite level and I’ll be presenting a session on Automation and Orchestration of Veeam and VMware featuring VMware Cloud on AWS which is an updated followup to the VMworld Session I presented last year. The Veeam SDDC Deployment Toolkit has been evolving since then and i’ll talk about what it means to leverage APIs and PowerShell to achieve automation goodness with a live demo!

Other notable sessions include:

If you are in Sydney or Melbourne next week try and get down to Sydney ICC and The Crown Casino respectively to participate, learn and contribute and hopefully we can catch up for a drink.

NSX Bytes – What’s New in NSX-T 2.4

A little over two years ago in Feburary of 2017 VMware released NSX-T 2.0 and with it came a variety of updates that looked to continue to push NSX-T beyond that of NSX-v while catching up in some areas where the NSX-v was ahead. The NSBU has had big plans for NSX beyond vSphere for as long as I can remember, and during the NSX vExpert session we saw how this is becoming more of a reality with NSX-T 2.4. NSX-T is targeted at more cloud native workloads which also leads to a more devops focused marketing effort on VMware’s end.

NSX-T’s main drivers relate to new data centre and cloud architectures with more hetrogeneality driving a different set of requirements to that of vSphere that focuses around multi-domain environments leading to a multi-hypervisor NSX platform. NSX-T is highly extensible and will address more endpoint heterogeneity in future releases including containers, public clouds and other hypervisors.

What’s new in NSX-T 2.4:

[Update] – The Offical Release Notes for NSX-T 2.4 have been releases and can be found here. As mentioned by Anthony Burke

I only touch on the main features below…This is a huge release and I don’t think i’ve seen a larger set of release notes from VMware. There are also a lot of Resolved Issues in the release which are worth a look for those who have already deployed NSX-T in anger. [/Update]

While there are a heap of new features in NSX-T 2.4, for me one of the standout enhancements is the migration options that now exist to take NSX-v platforms and migrate them to NSX-T. While there will be ongoing support for both platforms, and in my opinion NSX-v still hold court in more traditional scenarios, there is clear direction on the migration options.

In terms of the full list of what’s new:

  • Policy Management
    • Simplified UI with rich visualisations
    • Declarative Policy API to configure networking, security and services
  • Advanced Network Services
    • IPv6 (L2, L3, BGP, FW)
    • ENS Support for Edge and DFW
    • VPN (L2, L3)
    • BGP Enhancements (allow-as in, multi-path-asn relax, iBGP support, Inter-SR routing)
  • Intrinsic Security
    • Identity Based FW
    • FQDN/URL whitelisting for DFW
    • L7 based application signatures for DFW
    • DFW operational enhancements
  • Cloud and Container Updates
    • NSX Containers (Scale, CentOS support, NCP 2.4 updates)
    • NSX Cloud (Shared NSX gateway placement in Transit VPC/VNET, VPN, N/S Service Insertion, Hybrid Overlay support, Horizon Cloud on Azure integration)
  • Platform Enhancements
    • Converged NSX Manager appliance with 3 node clustering support
    • Profile based installs, Reboot-less maintenance mode upgrades, in-place mode upgrades for vSphere Compute Clusters, n-VDS visualization, Traceflow support for centralized services like Edge Firewall, NAT, LB, VPN
    • v2T Migration: In-built UI wizards for “vDS to N-vDS” as well as “NSX-v to NSX-T” in-place migrations
    • Edge Platform: Proxy ARP support, Bare Metal: Multi-TEP support, In-band management, 25G Intel NIC support
Infrastructure as Code and NSX-T:

As mentioned in the introduction, VMware is targeting cloud native and devops with NSX-T and there is a big push for being able to deploy and consume networking services across multiple platforms with multiple tools via the NSX API. At it’s heart, we see here the core of what was Nicira back in the day. NSX (even NSX-v) has always been underpinned by APIs and as you can see below, the idea of consuming those APIs with IaC, no matter what the tool is central to NSX-T’s appeal.

Conclusion:

It’s time to get into NSX-T! Lots of people who work in and around the NSBU have been preaching this for the last three to four years, but it’s now apparent that this is the way of the future and that anyone working on virtualization and cloud platforms needs to get familiar with NSX-T. There has been no better time to set it up in the lab and get things rolling.

For a more in depth look at the 2.4 release, head to the official launch blog post here.

References:

vExpert NSX Briefing

https://blogs.vmware.com/networkvirtualization/2019/02/introducing-nsx-t-2-4-a-landmark-release-in-the-history-of-nsx.html/

Configuring Amazon S3 Access from VMware Cloud on AWS through an S3 Endpoint

When looking at how to configure networking for interactions between a VMware Cloud on AWS SDDC and an Amazon VPC there is a little bit to grasp in terms of what needs to be done to achieve traffic flow between the SDDC and the rest of the world.

As an example, by default if you want to connect to S3 the default configuration is to go through the Amazon ENI (Elastic Network Interface) which means that unless configured correctly, connectively to Amazon S3 will fail. Brian Gaff has a really good series of posts on Networking and Security Groups when working on VMware Cloud on AWS and are worth a read to get a deeper understanding of VMC to AWS networking.

There is a way to change this behaviour to make connectivity to Amazon S3 connect via the SDDCs Internet Gateway. This is done through the VMware Cloud Portal by going to the Networking section of the relevant SDDC.

Doing this, while easy enough means that you loose a lot of the benefits that passing traffic through the ENI provides. That is a high-bandwidth, low latency connection between the VPC and the SDDC which also provides free egress. In the case of S3 and the utilising the Veeam Cloud Tier it means more optimal connectivity between a Veeam Backup & Replication instance hosted in the SDDC and Amazon S3.

To allow communication between the SDDC and Amazon S3 over the ENI the following needs to be actioned.

Create Endpoint:

First step is to go into the AWS Console, go to the VPC thats connected to the VMC service and create a new Endpoint for S3 as shown below making sure you select the correct Route Table.

Configure Security Group:

Next is to configure the Security Group associated with your VPC to allow traffic to the logical network or networks. It’s a basic HTTPS Inbound rule where your source is the SDDN network or networks you want access from.

Create Compute Gateway Firewall Rule:

The final step is to configure a firewall rule on the SDDC Compute Gateway to allow HTTPS traffic to the Amazon VPC from the network or networks you want access to Amazon S3 from.

That’s pretty much it! After that, you should be able to access Amazon S3 over the ENI and get all the benefits that delivers.

References:

https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-B501FA3C-EAF9-4005-AC72-155C3F592281.html

Veeam for Service Providers…Ten Plus Years of Innovation!

I remember the day I first came across Veeam. It was mid 2010 and I was working for Anittel at the time. We had a large virtualisation platform that hosted a number of high profile sites including a well known e-commerce site. There had been a serious data breach on one of those site and we were required by the Australian Federal Police to restore the website logs from a couple weeks back when the breach had first taken place.

We were using a well known product at the time to backup our vSphere platform and from the outside everything seemed ok. All backup reports where green and we thought the backups where verified. To cut a long and painful story short, when we came to restore the website logs we found that the backups had not worked as expected and we couldn’t retrieve data off a secondary partition due to a huge unknown bug in the software.

That was the end for that backup application (and interestingly enough they went out of business a few years later) and that afternoon we downloaded Veeam Backup & Replication v4 and went to work pushing that out into production. We (and I have) never looked back from there. Veeam did in fact Just Work! At that stage there were enough features in the software to cover all of the requirements for a VMware based hosting platform, and over the years as v5 and v6 were released more and more features and enhancements were released that made Veeam even better service providers.

By the time I left Anittel and headed to Zettagrid, Veeam had introduced more innovative features like Instant VM Recovery, vCloud Director Support, Cloud Connect Backup, the Scale Out Backup Repository just to name a few. In fact Veeam impressed me so much with their Service Provider features that I joined the company where I now focus my time on working with Service Providers as part of the Veeam Product Strategy Team focusing on our cloud and service providers products and features.

While I could bang on about all the features that Veeam has released over the years to enable us to become a significant player in the Cloud and Service Provider space, a picture tells a thousand words…and an interactive timeline showing just how innovative and focused Veeam has been on enabling our Cloud and Service Provider partners to succeed is priceless!

No other vendor has this track record of producing specific Cloud and Service Provider features and enhancements over the years and as you can see over the last three to five years we have moved with the industry to continue innovating in the cloud space by accelerating feature development and bringing great technology to the market.

If you are a Cloud and Service Provider and not using Veeam…what are you waiting for?

https://anthonyspiteri.net/veeam-vcsp-reverse-roadmap/

vExpert 2019 – Why The vCommunity is Still Important to me.

Overnight, applications for the 2019 VMware vExperts where opened up and as per usual it’s created a flurry of activity on social media channels and well as private communications such as the vExpert Slack. There is no doubting that IT professionals still hold the vExpert award in high regard…though it’s also true that others have bemoaned (included myself at times) an apparent decline of its relevance over the past few years. That said it still generates lots of interest and the program is still going strong more than a decade since its inception in 2009.

The team running the program within VMware are no doubt looking to re-invigorate the program by emphasising the importance of being thorough in the 2019 application and to not do the bare minimum when it comes to filling out the application. The Application Blog Post clearly sets out what is required for a successful application in any of the qualification paths and there is even an example application that has been created.

Getting back to the title of the post and why the vExpert Award is still important for me…I think back over the years as to what the program has allowed me to achieve both directly and indirectly. Directly, it’s allowed me to network with a brilliant core group of like minded experts and with that allowed me to expand my own personal reach around the vCommunity. It’s also allowed me to grow as an IT Professional through the interactions with others in the program which has enabled me to expand my skills and knowledge on VMware technologies and beyond.

In additional to that, as I work in the vendor space these days and help with an advocacy program of our own…I’ve come to realise the importance that grass roots communities play in the overall health of vendors. When you take your eye off the rank and file, the coal face…whatever you want to call it…there is a danger that your brand will suffer. That is to say, never underestimate the power of the vCommunity as major influences.

And for the knockers…Those that have been in the program for a long time should try to understand that there are others that might have had failed applications, or others that are just learning about what being in a vCommunity is all about and are applying for the first time. Just because one may feel a sense of entitlement due to longevity in the program there are others that are desperate to get in and reap the rewards and for this, I still see the program as being absolutely critical to those that work in and around VMware technologies.

VMware technology is still very much relevant and therefore the communities that are built around those technologies much remain viable as places where members can interact, share, contribute and grow as IT professionals.

To that end, being a member of the vExpert program remains critical to me as I continue my career as an IT professional…have you thought about what it means to you?

References: 

https://blogs.vmware.com/vexpert/2019/01/07/vexpert-2019-applications-are-open/

Released: NSX-v 6.4.4 Edges in HTML5 and Fixes

Last week VMware released NSX-v 6.4.4 (Build 11197766) that contains a some new features and addresses a number of resolved issues from previous releases. In recent times a lot of the focus has been on NSX-T as Kubernetes and Containers start to become more commonly discussed at the networking level and the fact that VMware Cloud on AWS is rolling out NSX-T under the surface across all regions…however it’s important to continue to highlight releases for NSX-v as this is still the NSX platform of choice out in the wild and for service providers.

This is more of a bug fix release however there are a few incremental enhancements to the NSX User Interface with additional components added to the HTML5 vSphere Client. These revolve around some Edge management being ported across to the vSphere Client…which is fine…but I do find it a little interesting that this isn’t done all in one bang so as to not frustrate administrators who still need to go back and forward depending on what they want to configure.

Though the list of unsupported functionality is shrinking with every release.

Other New Enhancements and Resolved Issues:

The only other noted enhancement also related to Edges and the amount of static routes that can be added…this increases from 2048 to 10,240 static routes for Quad Large and X-Large ESGs. Apart from that there is a smaller than usual list of Resolved issues however the majority again lie with fixes to the NSX Edges, so for those service providers that offer vCloud Director with NSX Edges, it’s worth a read.

In terms of interoperability with vCenter, ESXi and vCloud Director, there appears to be no issues with NSX-v 6.4.4 being used with the latest platform versions.

Those with the correct entitlements can download NSX-v 6.4.4 here.

References:

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/rn/releasenotes_nsx_vsphere_644.html

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/rn/nsx-vsphere-client-65-functionality-support.html#unsupportedFunct

AWS Outposts and VMware…Hybridity Defined!

Now that AWS re:Invent 2018 has well and truly passed…the biggest industry shift to come out of the event from my point of view was the fact that AWS are going full guns blazing into the on-premises world. With the announcement of AWS Outposts the long held belief that the public cloud is the panacea of all things became blurred. No one company has pushed such a hard cloud only message as AWS…no one company had the power to change the definition of what it is to run cloud services…AWS did that last week at re:Invent.

Yes, Microsoft have had the Azure Stack concept for a number of years now, however they have not executed on the promise of that yet. Azure Stack is seen by many as a white elephant even though it’s now in the wild and (depending on who you talk to) doing relatively well in certain verticals. The point though is that even Microsoft did not have the power to make people truely believe that a combination of a public cloud and on premises platform was the path to hybridity.

AWS is a Juggernaut and it’s my belief that they now have reached an inflection point in mindshare and can now dictate trends in our industry. They had enough power for VMware to partner with them so VMware could keep vSphere relevant in the cloud world. This resulted in VMware Cloud on AWS. It seems like AWS have realised that with this partnership in place, they can muscle their way into the on-premises/enterprise world that VMware have and still dominate…at this stage.

Outposts as a Product Name is no Accident

Like many, I like the product name Outposts. It’s catchy and straight away you can make sense of what it is…however, I decided to look up the offical meaning of the word…and it makes for some interesting reading:

  • An isolated or remote branch
  • A remote part of a country or empire
  • A small military camp or position at some distance from the main army, used especially as a guard against surprise attack

The first definition as per the Oxford Dictionary fits the overall idea of AWS Outposts. Putting a compute platform in an isolated or remote branch office that is seperate to AWS regions while also offering the ability to consume that compute platform like it was an AWS region. This represents a legitimate use case for Outposts and can be seen as AWS fulling a gap in the market that is being craved for by shifting IT sentiment.

The second definition is an interesting one when taken in the context of AWS and Amazon as a whole. They are big enough to be their own country and have certainly built up an empire over the last decade. All empires eventually crumble, however AWS is not going anywhere fast. This move does however indicate a shift in tactics and means that AWS can penetrate the on-premises market quicker to extend their empire.

The third definition is also pertinent in context to what AWS are looking to achieve with Outposts. They are setting up camp and positioning themselves a long way from their traditional stronghold. However my feeling is that they are not guarding against an attack…they are the attack!

Where does VMware fit in all this?

Given my thoughts above…where does VMware fit into all this? At first when the announcement was made on stage I was confused. With Pat Gelsinger on stage next to Andy Jessy my first impression was that VMware had given in. Here was AWS announcing a direct competitive platform to on-premises vSphere installations. Not only that, but VMware had announced Project Dimension at VMworld a few months earlier which looked to be their own on-premises managed service offering…though the wording around that was for edge rather than on-premises.

With the initial dust settled and after reading this blog post from William Lam, I came to understand the VMware play here.

VMware and Amazon are expanding their partnership to deliver a new, as-a-service, on-premises offering that will include the full VMware SDDC stack (vSphere, NSX, vSAN) running on AWS Outposts, a fully managed and configurable server and network installation built with AWS-designed hardware. VMware Cloud in AWS Outposts is VMware’s new As-a-Service offering in partnership with AWS to run on AWS Outposts – it will leverage the innovations we’ve developed with Project Dimension and apply them on top of AWS Outposts. VMware Cloud on AWS Outposts will be a subscription-based service and will support existing VMware payment options.

The reality is that on-premises environments are not going away any time soon but customers like the operating model of the cloud. More and more they don’t care about where infrastructure lives as long as a services outcome is achieved. Customers are after simplicity and cost efficiency. Outposts delivers all this by enabling convenience and choice…the choice to run VMware for traditional workloads using the familiar VMware SDDC stack all while having access to native AWS services.

A Managed Service Offering means a Mind shift

The big shift here from VMware that began with VMware Cloud on AWS is a shift towards managed services. A fundamental change in the mindset of the customer in the way in which they consume their infrastructure. Without needing to worry about the underlying platform, IT can focus on the applications and the availability of those applications. For VMware this means from the VM up…for AWS, this means from the platform up.

VMware Cloud on AWS is a great example of this new managed services world, with VMware managing most of the traditional stack. VMware can now extend VMware Cloud on AWS to Outposts to boomerang the management of on-premises as well. Overall Outposts is a win win for both AWS and VMware…however proof will be in the execution and uptake. We won’t know how it all pans out until the product becomes available…apparently in the later half of 2019.

IT admins have some contemplating to do as well…what does a shift to managed platforms mean for them? This is going to be an interesting ride as it pans out over the next twelve months!

References:

VMware Cloud on AWS Outposts: Cloud Managed SDDC for your Data Center

« Older Entries