EMC and VMware Deliver Service Assurance for Virtual Data Centers
Register Now<https://emcinformation.com/72105/REG/.ashx?reg_src=WEB>
Date:
Jul 24, 12
Time:
11:00 AM - 12:00 PM EDT (Set Time Zone)
Event Type:
EMC Live Webcast
Category:
Virtualization
Location:
Online
Details:
Join us for this informative live webcast to understand how EMC and VMware Operations Management Suite for Virtual Data Center environments can help you deliver new services quickly and reliably, identify and resolve problems before service impact, and improve operational efficiency.
Register to learn how Operations Management Suite for Virtual Data Center can help you:
* Resolve problems 80% faster
* Ensure maximum service uptime, and
* Achieve a 2 times improvement in operational efficiency
________________________________
Original Page: http://www.emc.com/events/2012/q3/07-24-12-emc-and-vmware-deliver-service-assurance-for-vdcs.htm?CMP=RSS-events
Thursday 28 June 2012
Performance Study of Oracle RAC on VMware vSphere 5.0 - Eric Sloof
IT organizations that have implemented Oracle Real Application Clusters (RAC) often use RAC to support critical functions of their business. Performance of these database clusters is key to enabling IT organizations to meet the requirements of their businesses, customers, and shareholders.
VMware vSphere provides a high performance virtualization platform that is capable of hosting the most critical portions of infrastructure, including Oracle RAC databases. vSphere 5 has increased these capabilities, including support for virtual machines with up to 32 vCPUs and 1TB of RAM. This support for larger virtual machines (VMs) combined with vSphere's high performance capabilities makes vSphere a great platform for running large Oracle RAC database clusters.
EMC IT has implemented vSphere throughout many parts of their infrastructure and is now in the process of moving the largest and most critical applications to vSphere. EMC and VMware worked together to evaluate the performance of one of EMC's largest Oracle RAC databases on vSphere 5. A copy of this database was used to conduct a series of tests to compare physical performance versus virtual performance.
This testing, which was done with an Oracle RAC cluster made up of six 32-CPU-based nodes, four of them virtual and two of them physical, found that virtual performed within 12% of native and was acceptable to be used for the production instance. EMC IT plans to adopt this virtual configuration in its next refresh cycle.
http://www.vmware.com/files/pdf/techpaper/OracleRAC-perf-vSphere5.pdf
feedproxy.google.com [cid:/images/orig-link.png] <http://feedproxy.google.com/~r/Ntpronl/~3/ZhZzOGu7CPo/2076-Performance-Study-of-Oracle-RAC-on-VMware-vSphere-5.0.html>
VMware vSphere provides a high performance virtualization platform that is capable of hosting the most critical portions of infrastructure, including Oracle RAC databases. vSphere 5 has increased these capabilities, including support for virtual machines with up to 32 vCPUs and 1TB of RAM. This support for larger virtual machines (VMs) combined with vSphere's high performance capabilities makes vSphere a great platform for running large Oracle RAC database clusters.
EMC IT has implemented vSphere throughout many parts of their infrastructure and is now in the process of moving the largest and most critical applications to vSphere. EMC and VMware worked together to evaluate the performance of one of EMC's largest Oracle RAC databases on vSphere 5. A copy of this database was used to conduct a series of tests to compare physical performance versus virtual performance.
This testing, which was done with an Oracle RAC cluster made up of six 32-CPU-based nodes, four of them virtual and two of them physical, found that virtual performed within 12% of native and was acceptable to be used for the production instance. EMC IT plans to adopt this virtual configuration in its next refresh cycle.
http://www.vmware.com/files/pdf/techpaper/OracleRAC-perf-vSphere5.pdf
feedproxy.google.com [cid:/images/orig-link.png] <http://feedproxy.google.com/~r/Ntpronl/~3/ZhZzOGu7CPo/2076-Performance-Study-of-Oracle-RAC-on-VMware-vSphere-5.0.html>
Monday 25 June 2012
VMware: VMware vSphere Blog: How to use Port-Mirroring feature of VDS for monitoring virtual machine traffic?
I would like to clarify few things in this blog entry about the Port-mirroring feature that is available on vSphere Distributed Switch (VDS). This feature is similar to the port mirroring capability available on the physical switches. Network administrators can use this feature to troubleshoot any network related issues in the virtual infrastructure and monitor virtual machine to virtual machine traffic that is flowing on the same ESXi host. Network administrators use network analyzer tool, which captures traffic, along with the port mirror feature to perform monitoring and troubleshooting activities. In the physical network, depending on where the analyzer or debug tool is placed in the network, network administrators choose different port mirroring options. The following are some of the standard port mirroring options available on physical switches:
- Switch Port Analyzer (SPAN)
- Remote Switch Port Analyzer (RSPAN)
- Encapsulated Remote Switch Port Analyzer (ERSPAN)
SPAN feature is local to the switch and requires the monitored ports and the destination port are on the same switch. With the release of vSphere 5.0, VMware provides support for only SPAN feature on VDS. The following blog entry<http://blogs.vmware.com/networking/2011/08/vsphere-5-new-networking-features-port-mirroring.html> discusses the feature in little more detail. During the setup of a SPAN session customers have to select a virtual port that needs monitoring and then choose a destination virtual port where all the traffic will be mirrored. Here are some of the common monitoring and troubleshooting use cases based on where the analyzer tool is running.
1) Mirroring to an analyzer tool running in a virtual machine on the same host.
As shown in the figure below, you can have a virtual machine run analyzer tool. In such scenario you have to configure the pot mirror session with source as virtual port of the monitored virtual machine and destination as the virtual port of the virtual machine running analyzer tool.
[http://blogs.vmware.com/.a/6a00d8341c328153ef017742b7115c970d-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017742b7115c970d-pi>
2) Mirroring to an external physical analyzer connected directly to the uplink port of the host.
In this case the analyzer tool is running on an external physical device, which is directly connected to the host through a NIC. As shown in the figure below, the source virtual port of the port mirror session remains same but the destination is changed to the uplink port connected to vmnic1. The mirror packets are sent through the vmnic1 to the analyzer device for monitoring.
[http://blogs.vmware.com/.a/6a00d8341c328153ef017742b71202970d-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017742b71202970d-pi>
3) Mirroring to an external physical analyzer connected to a physical switch where the host is also connected.
This setup is possible provided you configure a SPAN session on the VDS and physical switch as well. Let's dig a little more here. As mentioned earlier, SPAN feature is local to a switch and requires both monitored and destination ports on the same switch. If you look at the diagram below, the analyzer is not directly connected to the VDS. It is connected through a physical switch. So this is not a straightforward use case 2.
Let's take a look at the mirror packet flow. The port mirror session is configured on the VDS with the virtual port of the monitored virtual machine as the source and uplink connected to vmnic 1 as the destination. All packets flowing through the monitored virtual machine are now copied through the vmnic1 to the physical switch port. On the same physical switch the analyzer is connected to a different port. The analyzer connected to a port on the same switch is not going to see the traffic mirrored by VDS. For this use case to work, it is not enough to configure the port mirror session on VDS. You have to configure SPAN session on the physical switch with the switch port where the host's vmnic 1 is connected is the monitored port and the destination port is where the analyzer is connected.
[http://blogs.vmware.com/.a/6a00d8341c328153ef017615d155a1970c-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017615d155a1970c-pi>
VDS currently doesn't support RSPAN capability, which allows network administrators to monitor the traffic remotely multiple hops away from the source. Customers have to create a dedicated VLAN to carry the RSPAN traffic and the switches supporting RSPAN feature have to encapsulate all the monitored traffic in this special VLAN.
There is also some confusion because of the GUI screen options provided during the port mirroring setup on VDS.
If you take a look at the configuration screen shown below, there is an encapsulation option shown in the red box. This encapsulation option gives the feeling that RSPAN is supported. However, it is not and you shouldn't configure this parameter.
[http://blogs.vmware.com/.a/6a00d8341c328153ef016767dc0cc3970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef016767dc0cc3970b-pi>
________________________________
Original Page: http://blogs.vmware.com/vsphere/2012/06/how-to-use-port-mirroring-feature-of-vds-for-monitoring-virtual-machine-traffic.html
- Switch Port Analyzer (SPAN)
- Remote Switch Port Analyzer (RSPAN)
- Encapsulated Remote Switch Port Analyzer (ERSPAN)
SPAN feature is local to the switch and requires the monitored ports and the destination port are on the same switch. With the release of vSphere 5.0, VMware provides support for only SPAN feature on VDS. The following blog entry<http://blogs.vmware.com/networking/2011/08/vsphere-5-new-networking-features-port-mirroring.html> discusses the feature in little more detail. During the setup of a SPAN session customers have to select a virtual port that needs monitoring and then choose a destination virtual port where all the traffic will be mirrored. Here are some of the common monitoring and troubleshooting use cases based on where the analyzer tool is running.
1) Mirroring to an analyzer tool running in a virtual machine on the same host.
As shown in the figure below, you can have a virtual machine run analyzer tool. In such scenario you have to configure the pot mirror session with source as virtual port of the monitored virtual machine and destination as the virtual port of the virtual machine running analyzer tool.
[http://blogs.vmware.com/.a/6a00d8341c328153ef017742b7115c970d-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017742b7115c970d-pi>
2) Mirroring to an external physical analyzer connected directly to the uplink port of the host.
In this case the analyzer tool is running on an external physical device, which is directly connected to the host through a NIC. As shown in the figure below, the source virtual port of the port mirror session remains same but the destination is changed to the uplink port connected to vmnic1. The mirror packets are sent through the vmnic1 to the analyzer device for monitoring.
[http://blogs.vmware.com/.a/6a00d8341c328153ef017742b71202970d-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017742b71202970d-pi>
3) Mirroring to an external physical analyzer connected to a physical switch where the host is also connected.
This setup is possible provided you configure a SPAN session on the VDS and physical switch as well. Let's dig a little more here. As mentioned earlier, SPAN feature is local to a switch and requires both monitored and destination ports on the same switch. If you look at the diagram below, the analyzer is not directly connected to the VDS. It is connected through a physical switch. So this is not a straightforward use case 2.
Let's take a look at the mirror packet flow. The port mirror session is configured on the VDS with the virtual port of the monitored virtual machine as the source and uplink connected to vmnic 1 as the destination. All packets flowing through the monitored virtual machine are now copied through the vmnic1 to the physical switch port. On the same physical switch the analyzer is connected to a different port. The analyzer connected to a port on the same switch is not going to see the traffic mirrored by VDS. For this use case to work, it is not enough to configure the port mirror session on VDS. You have to configure SPAN session on the physical switch with the switch port where the host's vmnic 1 is connected is the monitored port and the destination port is where the analyzer is connected.
[http://blogs.vmware.com/.a/6a00d8341c328153ef017615d155a1970c-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017615d155a1970c-pi>
VDS currently doesn't support RSPAN capability, which allows network administrators to monitor the traffic remotely multiple hops away from the source. Customers have to create a dedicated VLAN to carry the RSPAN traffic and the switches supporting RSPAN feature have to encapsulate all the monitored traffic in this special VLAN.
There is also some confusion because of the GUI screen options provided during the port mirroring setup on VDS.
If you take a look at the configuration screen shown below, there is an encapsulation option shown in the red box. This encapsulation option gives the feeling that RSPAN is supported. However, it is not and you shouldn't configure this parameter.
[http://blogs.vmware.com/.a/6a00d8341c328153ef016767dc0cc3970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef016767dc0cc3970b-pi>
________________________________
Original Page: http://blogs.vmware.com/vsphere/2012/06/how-to-use-port-mirroring-feature-of-vds-for-monitoring-virtual-machine-traffic.html
VMware: VMware vSphere Blog: Multi-disk replication into common directory with vSphere Replication
When replicating VMs with vSphere Replication you have control over the target location for your VMDKs that are being replicated. For example, you may have a VM with two disks and choose to place them in different directories and locations than they were in the primary site from which they are being copied.
That's great, but something that never came up with array replication is what happens when we want to put all the disks in the *same* directory at the recovery site?
If we have a machine ("VM1") that has 2 VMDKs each on different datastores, for example, they might both be named the same. We might have two "VM1.vmdk" files. In fact, this happens by default - the first disk in a directory is named for the parent VM without consideration for the fact that there may be other VMs elsewhere on different disks.
Disk one:
[http://blogs.vmware.com/.a/6a00d8341c328153ef016767dbd1fb970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef016767dbd1fb970b-pi>
Looks a lot like disk 2:
[http://blogs.vmware.com/.a/6a00d8341c328153ef017742b6d8ae970d-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017742b6d8ae970d-pi>
Obviously attempting to replicate these VMs into a single directory on the same datastore will cause difficulty on the recovery site. We can't have more than one VMDK of a particular name in a directory.
vSphere Replication is smart - it will detect that an existing disk is in that directory, but it is not so smart that it understands what it is. It assumes very smartly that this is a seed disk you have copied in via sneakernet. If you've got this far with a multi-disk VM, don't choose this option, or you'll use the 'first' disk as a seed and it will do a full synch of the second disk against it, overwriting it!
[http://blogs.vmware.com/.a/6a00d8341c328153ef017615d1212c970c-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017615d1212c970c-pi>
What are the options? Well first, you can get to the CLI and use vmkfstools to detach, rename, and re-attach the disk then replicate to your heart's content.
Another idea is to create folders for these disks and populate them into unique folders. I.e. "VM1" is the main folder and within it there will be the VMX and all other items and sundry for a VM. In your other directories (such as "OS Disk" and "Data Disk") you can replicate the individual VMDKs. Each directory will then contain a unique but homonymous named "vm1.vmdk".
[http://blogs.vmware.com/.a/6a00d8341c328153ef017742b6daa3970d-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017742b6daa3970d-pi>
Set your VR target per-disk, and choose the appropriate directory at the recovery site by selecting to "specify datastore folder". This keeps your data separate, retains easy management and the ability to identify a VMDK by function easily, as well as giving you the freedom to use separate data stores at the source and single data stores at the recovery site.
Original Post by Ken Werneburg
Original Page: http://blogs.vmware.com/vsphere/2012/06/multidisk-replication.html
That's great, but something that never came up with array replication is what happens when we want to put all the disks in the *same* directory at the recovery site?
If we have a machine ("VM1") that has 2 VMDKs each on different datastores, for example, they might both be named the same. We might have two "VM1.vmdk" files. In fact, this happens by default - the first disk in a directory is named for the parent VM without consideration for the fact that there may be other VMs elsewhere on different disks.
Disk one:
[http://blogs.vmware.com/.a/6a00d8341c328153ef016767dbd1fb970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef016767dbd1fb970b-pi>
Looks a lot like disk 2:
[http://blogs.vmware.com/.a/6a00d8341c328153ef017742b6d8ae970d-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017742b6d8ae970d-pi>
Obviously attempting to replicate these VMs into a single directory on the same datastore will cause difficulty on the recovery site. We can't have more than one VMDK of a particular name in a directory.
vSphere Replication is smart - it will detect that an existing disk is in that directory, but it is not so smart that it understands what it is. It assumes very smartly that this is a seed disk you have copied in via sneakernet. If you've got this far with a multi-disk VM, don't choose this option, or you'll use the 'first' disk as a seed and it will do a full synch of the second disk against it, overwriting it!
[http://blogs.vmware.com/.a/6a00d8341c328153ef017615d1212c970c-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017615d1212c970c-pi>
What are the options? Well first, you can get to the CLI and use vmkfstools to detach, rename, and re-attach the disk then replicate to your heart's content.
Another idea is to create folders for these disks and populate them into unique folders. I.e. "VM1" is the main folder and within it there will be the VMX and all other items and sundry for a VM. In your other directories (such as "OS Disk" and "Data Disk") you can replicate the individual VMDKs. Each directory will then contain a unique but homonymous named "vm1.vmdk".
[http://blogs.vmware.com/.a/6a00d8341c328153ef017742b6daa3970d-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017742b6daa3970d-pi>
Set your VR target per-disk, and choose the appropriate directory at the recovery site by selecting to "specify datastore folder". This keeps your data separate, retains easy management and the ability to identify a VMDK by function easily, as well as giving you the freedom to use separate data stores at the source and single data stores at the recovery site.
Original Post by Ken Werneburg
Original Page: http://blogs.vmware.com/vsphere/2012/06/multidisk-replication.html
Wednesday 20 June 2012
Tuesday 19 June 2012
Performance of vCenter 5.0 in ROBO environments white paper released
by Duncan Epping
I just finished reading the "Performance of VMware vCenter 5.0 in remote offices and branch offices (ROBO)" white paper. I thought it was an excellent read and recommend it to anyone who has a ROBO environment. Also it is interesting to know what kind of traffic hosts / VMs drive in general to vCenter. Especially the details around the statistics level are worth reading for those deploying larger environments as it also gives a sense of the amount of data that vCenter is processing.
Nice work Fei Chen! You can find the paper here:
Performance of VMware vCenter 5.0 in Remote Offices and Branch Offices (ROBO)
<http://www.vmware.com/resources/techresources/10165>This document details the performance of typical vCenter 5.0 operations in a use case where vCenter manages ESXi hosts over a network with limited bandwidth and high latency, which is also known as a remote office, branch office (ROBO) environment.
(Although the date stamp on this entry says 2010 it is a June / 2012 paper, I will try to get this fixed!
________________________________
Original Page: http://feedproxy.google.com/~r/YellowBricks/~3/jw6HFBeViHo/
I just finished reading the "Performance of VMware vCenter 5.0 in remote offices and branch offices (ROBO)" white paper. I thought it was an excellent read and recommend it to anyone who has a ROBO environment. Also it is interesting to know what kind of traffic hosts / VMs drive in general to vCenter. Especially the details around the statistics level are worth reading for those deploying larger environments as it also gives a sense of the amount of data that vCenter is processing.
Nice work Fei Chen! You can find the paper here:
Performance of VMware vCenter 5.0 in Remote Offices and Branch Offices (ROBO)
<http://www.vmware.com/resources/techresources/10165>This document details the performance of typical vCenter 5.0 operations in a use case where vCenter manages ESXi hosts over a network with limited bandwidth and high latency, which is also known as a remote office, branch office (ROBO) environment.
(Although the date stamp on this entry says 2010 it is a June / 2012 paper, I will try to get this fixed!
________________________________
Original Page: http://feedproxy.google.com/~r/YellowBricks/~3/jw6HFBeViHo/
Friday 15 June 2012
VMware Labs presents its latest fling - ThinApp Factory - Eric Sloof
The ThinApp Factory is a virtual appliance that brings centralized administration and automation to the process of creating virtualized Windows applications with VMware ThinApp technology. ThinApp Factory utilizes vSphere API's to spawn workloads which automatically convert fileshares of application installers into ThinApp application containers. These workloads can be run in parellel to maximize throughput and increase ROI for virtualization projects. Packagers and administrators can now utilize 'Recipes' during this packaging process. Recipes are simply small json files which contain a redistributable blueprint of the customizations and optimizations necessary for packaging complex applications. These recipes can be created and now exchanged freely with other customers via the ThinApp community site<http://labs.vmware.com/flings/ThinApp%20Community%20Site%20above%20to%20http://communities.vmware.com/thinap.jspa>.
Key Features
* Automates packaging of application installers into virtualized Windows applications.
* Leverages vSphere, vCenter for automation of workloads to efficiently package 1000's of applications.
* Provides and utilizes 'Recipes' as redistributable blueprints for application packaging.
* Provides a lightweight web UI with a dashboard for administrators to use for the entire workflow of packaging to distribution.
* Enables administrators to import and edit existing ThinApp projects and modify package.ini, registry, and file settings through the web UI.
* Integration with Horizon Application Manager application catalog for automated population of application metadata and deployment with the Horizon ThinApp Agent.
________________________________
Original Page: http://feedproxy.google.com/~r/Ntpronl/~3/Y_8QDnLUAEs/2071-VMware-Labs-presents-its-latest-fling-ThinApp-Factory.html
Key Features
* Automates packaging of application installers into virtualized Windows applications.
* Leverages vSphere, vCenter for automation of workloads to efficiently package 1000's of applications.
* Provides and utilizes 'Recipes' as redistributable blueprints for application packaging.
* Provides a lightweight web UI with a dashboard for administrators to use for the entire workflow of packaging to distribution.
* Enables administrators to import and edit existing ThinApp projects and modify package.ini, registry, and file settings through the web UI.
* Integration with Horizon Application Manager application catalog for automated population of application metadata and deployment with the Horizon ThinApp Agent.
________________________________
Original Page: http://feedproxy.google.com/~r/Ntpronl/~3/Y_8QDnLUAEs/2071-VMware-Labs-presents-its-latest-fling-ThinApp-Factory.html
Tuesday 12 June 2012
White Paper - Mythbusting Goes Virtual
The information being presented in this paper comes courtesy of the great minds of Eric Sloof, a VMware Certified Instructor, vExpert, consultant and active VMware community member; and Mattias Sundling, also a vExpert, a Quest Software employee and an evangelist focused on the virtualization space. The information presented here was discussed in depth during an April 2, 2012 webcast with Mattias Sundling and Eric Sloof.
[http://www.ntpro.nl/blog/uploads/mythwp.png]Regardless of the underlying technology solution, as anything becomes increasingly popular and widespread in use, certain pieces of sometimes inaccurate information about that product become permanent fact, often taking on legend-like status. Moreover, as a product matures, it changes; it evolves by taking on new features, shedding old ones and improving the functionality everywhere else. However, no matter how much a product matures and no matter how much it evolves, many products carry with them myths that follow through the ages. Myths that may or may not have once been true, but are used as truisms nonetheless even as the version count rises ever higher. In this white paper, we will expose four such myths.
* Myth #1: RDMs have better performance than VMFS
* Myth #2: Changed Block Tracking causes significant overhead on your virtual machines
* Myth #3: Resource pools should always be used to categorize and allocate resources to virtual machines
* Myth #4: LSI Logic SCSI is always better than paravirtualized SCSI
http://www.vkernel.com/resources/whitepapers/mythbusting-goes-virtual
[http://www.ntpro.nl/blog/uploads/mythwp.png]Regardless of the underlying technology solution, as anything becomes increasingly popular and widespread in use, certain pieces of sometimes inaccurate information about that product become permanent fact, often taking on legend-like status. Moreover, as a product matures, it changes; it evolves by taking on new features, shedding old ones and improving the functionality everywhere else. However, no matter how much a product matures and no matter how much it evolves, many products carry with them myths that follow through the ages. Myths that may or may not have once been true, but are used as truisms nonetheless even as the version count rises ever higher. In this white paper, we will expose four such myths.
![http://www.ntpro.nl/blog/uploads/mythwp.png]Regardless](http://www.ntpro.nl/blog/uploads/mythwp.png]Regardless){kind=link}
* Myth #1: RDMs have better performance than VMFS
* Myth #2: Changed Block Tracking causes significant overhead on your virtual machines
* Myth #3: Resource pools should always be used to categorize and allocate resources to virtual machines
* Myth #4: LSI Logic SCSI is always better than paravirtualized SCSI
http://www.vkernel.com/resources/whitepapers/mythbusting-goes-virtual
VMware: VMware SMB Blog: Socialcast Private Social Network Now Free for 50-Users or Below
[http://blogs.vmware.com/.a/6a00d8341c328153ef0167675ef282970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef0167675ef282970b-pi>
Since VMware acquired Socialcast in 2011, we've had many exciting conversations with our customers about helping them implement private social networks within their organizations. Many of our customers are new to Enterprise Social Networks<http://www.socialcast.com/> while others have had varying degrees of [non]success with restricted, free trials or feature-constrained free offerings in the market – having 300,000 customers makes it easy to get lots of feedback quickly. We've heard from enough customers to recognize that the market need a great, free, Enterprise Social Network offering so companies can get started on the right foot with their social journey. We believe VMware is in the best position to deliver this experience.
Last week we announced that all the capabilities of the Socialcast enterprise version are free for all Socialcast communities of up to 50 users. We want all VMware customers to create a free Socialcast community and we want to hear about your journey. With complete access to all the features<http://www.socialcast.com/product> that make social in the enterprise revolutionary, small businesses and departments of larger companies can get started with an enterprise social network with the confidence that they are starting with a company that they want to end up with for the long term. Also, time and time again we've heard from our closest friends - systems administrators, application owners, IT and Security Managers - that have to pull the plug on a less-than-reliable social network because the they need access to essential administration and security functionality. Nobody wins when this happens. There's a way to blend the necessities of protecting company IP with a great user experience, but that doesn't start by circumventing the IT policies that keep company data and employees safe.
Enterprise social networks are on their way to becoming an essential part of the workplace experience – unless you think the 850M users of Facebook is a fad. According to Forrester 49% of companies will have investments in social networking solutions in 2012<http://blogs.forrester.com/rob_koplowitz/12-04-03-delivering_the_social_business_imperative>. For small businesses enterprise social networks are particularly interesting. As opposed to large companies looking to "shrink" the size of the organization, small companies often have fewer tools in place to address the issues around collaboration and integrating their workforce and systems. We've seen immediate changes in the way Socialcast's small business customers collaborate as well as a long-term shift in how they use other tools like email and file sharing. Additionally, small companies are often part of an ecosystem of vendors, customers and an extended workforce – Socialcast allows small businesses to connect this ecosystem in a private, secure way that makes everyone's work more efficient.
Starting with a free Socialcast community provides access to the rich set of features that will unite the people, applications and information in your company. If you've heard about enterprise social but haven't started your journey, or you want to bring an incredible new collaboration tool into you organization, now is the time to get started. Any organization can sign up for a free Socialcast community at http://www.socialcast.com/
~Matt Stodolnic, Sr. Director, VMware Applications Marketing
________________________________
Original Page: http://blogs.vmware.com/smb/2012/06/socialcastfreefor50users.html
Since VMware acquired Socialcast in 2011, we've had many exciting conversations with our customers about helping them implement private social networks within their organizations. Many of our customers are new to Enterprise Social Networks<http://www.socialcast.com/> while others have had varying degrees of [non]success with restricted, free trials or feature-constrained free offerings in the market – having 300,000 customers makes it easy to get lots of feedback quickly. We've heard from enough customers to recognize that the market need a great, free, Enterprise Social Network offering so companies can get started on the right foot with their social journey. We believe VMware is in the best position to deliver this experience.
Last week we announced that all the capabilities of the Socialcast enterprise version are free for all Socialcast communities of up to 50 users. We want all VMware customers to create a free Socialcast community and we want to hear about your journey. With complete access to all the features<http://www.socialcast.com/product> that make social in the enterprise revolutionary, small businesses and departments of larger companies can get started with an enterprise social network with the confidence that they are starting with a company that they want to end up with for the long term. Also, time and time again we've heard from our closest friends - systems administrators, application owners, IT and Security Managers - that have to pull the plug on a less-than-reliable social network because the they need access to essential administration and security functionality. Nobody wins when this happens. There's a way to blend the necessities of protecting company IP with a great user experience, but that doesn't start by circumventing the IT policies that keep company data and employees safe.
Enterprise social networks are on their way to becoming an essential part of the workplace experience – unless you think the 850M users of Facebook is a fad. According to Forrester 49% of companies will have investments in social networking solutions in 2012<http://blogs.forrester.com/rob_koplowitz/12-04-03-delivering_the_social_business_imperative>. For small businesses enterprise social networks are particularly interesting. As opposed to large companies looking to "shrink" the size of the organization, small companies often have fewer tools in place to address the issues around collaboration and integrating their workforce and systems. We've seen immediate changes in the way Socialcast's small business customers collaborate as well as a long-term shift in how they use other tools like email and file sharing. Additionally, small companies are often part of an ecosystem of vendors, customers and an extended workforce – Socialcast allows small businesses to connect this ecosystem in a private, secure way that makes everyone's work more efficient.
Starting with a free Socialcast community provides access to the rich set of features that will unite the people, applications and information in your company. If you've heard about enterprise social but haven't started your journey, or you want to bring an incredible new collaboration tool into you organization, now is the time to get started. Any organization can sign up for a free Socialcast community at http://www.socialcast.com/
~Matt Stodolnic, Sr. Director, VMware Applications Marketing
________________________________
Original Page: http://blogs.vmware.com/smb/2012/06/socialcastfreefor50users.html
Saturday 9 June 2012
Video - VMware View 5 Persona Management - Eric Sloof - NTPRO.NL
Great video from Pete Long<https://twitter.com/#!/petenetlive> about VMware View 5 Persona Management. You should also check-out his website at petenetlive.com<http://www.petenetlive.com/>.
With VMware View 5, VMware introduces View Persona Managemen<http://www.vmware.com/files/pdf/view/VMware-View-Persona-Management-Deployment-Guide.pdf>t. View Persona Management preserves user profiles and dynamically synchronizes them with a remote profile repository. View Persona Management does not require the configuration of Windows roaming profiles, and you can bypass Windows Active Directory in the management of View user profiles. If you already use roaming profiles, Persona Management enhances their functionality.
Persona Management downloads only the files that Windows requires at login, such as user registry files. When the user or application opens other files from the desktop profile folder, these files are copied from the stored user persona to the View desktop. This algorithm provides performance beyond that achieved with Windows roaming profiles.
In addition, View copies recent user profile changes to the desktop profile up to the remote repository every few minutes. The default is every ten minutes, and this time period is configurable.
Original Post:
http://www.ntpro.nl/blog/archives/2066-Video-VMware-View-5-Persona-Management.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Ntpronl+%28Eric+Sloof+%7C+http%3A%2F%2Fwww.ntpro.nl%29
Mike Yallits, VTSP
Client Account Manager
ESTI Consulting Services
Cell: 204 294-7773
mike.yallits@esti.ca<mailto:mike.yallits@esti.ca>
With VMware View 5, VMware introduces View Persona Managemen<http://www.vmware.com/files/pdf/view/VMware-View-Persona-Management-Deployment-Guide.pdf>t. View Persona Management preserves user profiles and dynamically synchronizes them with a remote profile repository. View Persona Management does not require the configuration of Windows roaming profiles, and you can bypass Windows Active Directory in the management of View user profiles. If you already use roaming profiles, Persona Management enhances their functionality.
Persona Management downloads only the files that Windows requires at login, such as user registry files. When the user or application opens other files from the desktop profile folder, these files are copied from the stored user persona to the View desktop. This algorithm provides performance beyond that achieved with Windows roaming profiles.
In addition, View copies recent user profile changes to the desktop profile up to the remote repository every few minutes. The default is every ten minutes, and this time period is configurable.
Original Post:
http://www.ntpro.nl/blog/archives/2066-Video-VMware-View-5-Persona-Management.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Ntpronl+%28Eric+Sloof+%7C+http%3A%2F%2Fwww.ntpro.nl%29
Mike Yallits, VTSP
Client Account Manager
ESTI Consulting Services
Cell: 204 294-7773
mike.yallits@esti.ca<mailto:mike.yallits@esti.ca>
Thursday 7 June 2012
Automate the Hardening of Your Virtual Machine VMX Configurations
By William Lam, Sr. Technical Marketing Engineer
As you probably have heard, VMware has just released the official vSphere 5.0 Security Hardening Guide<http://blogs.vmware.com/security/2012/06/vsphere-50-security-hardening-guide-released.html>. In addition to providing the latest guidelines for the vSphere 5.0 platform, the new hardening guide also includes several enhancements, one of which are the CLI (ESXi Shell, vCLI or PowerCLI) commands for assessment and/or remediation for a given guideline. One particular section of the hardening guide that has been quite popular over the years is securing the Virtual Machine's VMX configuration file. You might ask, how would you go about automating these change across all your virtual machines?
I had written an article called Accessing Virtual Machine Settings<http://blogs.vmware.com/vsphere/2012/03/acessing-virtual-machine-advanced-settings.html> not too long ago which shows shows you how to modify/add a single advanced setting to a virtual machine. You can easily modify those scripts to operate on more than one advanced setting. In this article, we will demonstrate these modified scripts which allows you to specify multiple advanced settings to be applied for a given virtual machine to help harden their configurations.
Disclaimer: These script are provided for informational/educational purposes only. It should be thoroughly tested before attempting to use in a production environment.
Below are examples of both a PowerCLI and vSphere SDK for Perl script which both accepts a file that contains a list of key/value pair advanced settings (separated by a comma) that you wish to add/modify for a virtual machine.
Here is an example of a file containing a few of the vSphere 5 Security Hardening advanced settings I wish to add to a virtual machine:
isolation.bios.bbs.disable,TRUE
isolation.device.connectable.disable,TRUE
isolation.monitor.control.disable,TRUE
isolation.tools.diskShrink.disable,TRUE
isolation.tools.diskWiper.disable,TRUE
log.keepOld,10
log.rotateSize,10000
RemoteDisplay.maxConnections,2
tools.guestlib.enableHostInfo,FALSE
tools.setInfo.sizeLimit,1048576
vmci0.unrestricted,FALSE
Note: You can apply the advanced settings while the virtual machine is running, but the changes will NOT go into effect until the virtual machine has been completely powered off and then powered back on. A guestOS reboot will not be sufficient as the VMX configurations are only read during the initial power on.
PowerCLI
Download script: http://communities.vmware.com/docs/DOC-18653
<http://communities.vmware.com/docs/DOC-19253>
Usage: To run this script you will need the latest version of PowerCLI installed and PowerShell v2, paste the script into your editor or Powercli window once connected to the vCenter server using the Connect-VIServer cmdlet.
Here is an example of updating a virtual machine with the list of advanced settings:
[http://blogs.vmware.com/.a/6a00d8341c328153ef0163063a1f15970d-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef0163063a1f15970d-pi>
Here is an example where we update all VMs in a particular cluster:
[http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dab02970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dab02970b-pi>
Here is an example of listing the advanced settings for the virtual machine:
[http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dab83970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dab83970b-pi>
vSphere SDK for Perl
Download script: http://communities.vmware.com/docs/DOC-18654
Usage: To run the script you will need to have VMware vCLI<http://www.vmware.com/support/developer/vcli/> installed on either a Windows/Linux system or you can use the VMware vMA<http://www.vmware.com/support/developer/vima/> appliance.
The script now includes a new option called --optionlist which accepts the file containing the list of advanced settings.
Here is an example of updating a virtual machine with the list of advanced settings:
[http://blogs.vmware.com/.a/6a00d8341c328153ef017615235c43970c-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017615235c43970c-pi>
Here is an example of listing the advanced settings for the virtual machine:
[http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dada3970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dada3970b-pi>
As you can see with these two scripts, administrators can easily and quickly secure all their virtual machines based on the latest recommendations from the vSphere 5.0 Security Hardening Guide<http://blogs.vmware.com/security/2012/06/vsphere-50-security-hardening-guide-released.html> as well as from previous hardening guides.
Additional Resources:
If you are looking for additional automation of the vSphere 5 Security Hardening Guide, be sure to check out this script<http://www.virtuallyghetto.com/2012/04/vsphere-security-hardening-report.html> which generates a report based on the vSphere Security Hardening Guide which supports the new vSphere 5 guide as well as the 4.1 and 4.0 guide.
Original Post:
http://blogs.vmware.com/vsphere/2012/06/automate-the-hardening-of-your-virtual-machine-vmx-configurations.html
As you probably have heard, VMware has just released the official vSphere 5.0 Security Hardening Guide<http://blogs.vmware.com/security/2012/06/vsphere-50-security-hardening-guide-released.html>. In addition to providing the latest guidelines for the vSphere 5.0 platform, the new hardening guide also includes several enhancements, one of which are the CLI (ESXi Shell, vCLI or PowerCLI) commands for assessment and/or remediation for a given guideline. One particular section of the hardening guide that has been quite popular over the years is securing the Virtual Machine's VMX configuration file. You might ask, how would you go about automating these change across all your virtual machines?
I had written an article called Accessing Virtual Machine Settings<http://blogs.vmware.com/vsphere/2012/03/acessing-virtual-machine-advanced-settings.html> not too long ago which shows shows you how to modify/add a single advanced setting to a virtual machine. You can easily modify those scripts to operate on more than one advanced setting. In this article, we will demonstrate these modified scripts which allows you to specify multiple advanced settings to be applied for a given virtual machine to help harden their configurations.
Disclaimer: These script are provided for informational/educational purposes only. It should be thoroughly tested before attempting to use in a production environment.
Below are examples of both a PowerCLI and vSphere SDK for Perl script which both accepts a file that contains a list of key/value pair advanced settings (separated by a comma) that you wish to add/modify for a virtual machine.
Here is an example of a file containing a few of the vSphere 5 Security Hardening advanced settings I wish to add to a virtual machine:
isolation.bios.bbs.disable,TRUE
isolation.device.connectable.disable,TRUE
isolation.monitor.control.disable,TRUE
isolation.tools.diskShrink.disable,TRUE
isolation.tools.diskWiper.disable,TRUE
log.keepOld,10
log.rotateSize,10000
RemoteDisplay.maxConnections,2
tools.guestlib.enableHostInfo,FALSE
tools.setInfo.sizeLimit,1048576
vmci0.unrestricted,FALSE
Note: You can apply the advanced settings while the virtual machine is running, but the changes will NOT go into effect until the virtual machine has been completely powered off and then powered back on. A guestOS reboot will not be sufficient as the VMX configurations are only read during the initial power on.
PowerCLI
Download script: http://communities.vmware.com/docs/DOC-18653
<http://communities.vmware.com/docs/DOC-19253>
Usage: To run this script you will need the latest version of PowerCLI installed and PowerShell v2, paste the script into your editor or Powercli window once connected to the vCenter server using the Connect-VIServer cmdlet.
Here is an example of updating a virtual machine with the list of advanced settings:
[http://blogs.vmware.com/.a/6a00d8341c328153ef0163063a1f15970d-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef0163063a1f15970d-pi>
Here is an example where we update all VMs in a particular cluster:
[http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dab02970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dab02970b-pi>
Here is an example of listing the advanced settings for the virtual machine:
[http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dab83970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dab83970b-pi>
vSphere SDK for Perl
Download script: http://communities.vmware.com/docs/DOC-18654
Usage: To run the script you will need to have VMware vCLI<http://www.vmware.com/support/developer/vcli/> installed on either a Windows/Linux system or you can use the VMware vMA<http://www.vmware.com/support/developer/vima/> appliance.
The script now includes a new option called --optionlist which accepts the file containing the list of advanced settings.
Here is an example of updating a virtual machine with the list of advanced settings:
[http://blogs.vmware.com/.a/6a00d8341c328153ef017615235c43970c-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef017615235c43970c-pi>
Here is an example of listing the advanced settings for the virtual machine:
[http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dada3970b-500wi]<http://blogs.vmware.com/.a/6a00d8341c328153ef0167672dada3970b-pi>
As you can see with these two scripts, administrators can easily and quickly secure all their virtual machines based on the latest recommendations from the vSphere 5.0 Security Hardening Guide<http://blogs.vmware.com/security/2012/06/vsphere-50-security-hardening-guide-released.html> as well as from previous hardening guides.
Additional Resources:
If you are looking for additional automation of the vSphere 5 Security Hardening Guide, be sure to check out this script<http://www.virtuallyghetto.com/2012/04/vsphere-security-hardening-report.html> which generates a report based on the vSphere Security Hardening Guide which supports the new vSphere 5 guide as well as the 4.1 and 4.0 guide.
Original Post:
http://blogs.vmware.com/vsphere/2012/06/automate-the-hardening-of-your-virtual-machine-vmx-configurations.html
Tuesday 5 June 2012
Cool Tool - VM Aware Database Performance - Completely FREE
[http://www.ntpro.nl/blog/uploads/ignitefreevm-vmware-multi-layer-summary-full.serendipityThumb.png]<http://www.ntpro.nl/blog/uploads/ignitefreevm-vmware-multi-layer-summary-full.png>CONFIO SOFTWARE has just released a new version of their IgniteVM software<http://www.ignitefree.com/vmware> that is completely free.
IgniteFreeVM takes the core feature, multi-layer visibility of databases running on VMware, from application through the storage layer, and makes it available in a free-of-charge tool for unlimited use. It differs from the paid version in a few respects – it does not have the advanced enterprise features such as reporting and alerting, and it is limited to a two hour rolling window, rather than seeing months of history.
IgniteFreeVM will be of interest to Oracle and SQL Server DBAs who have databases running on VMware. It will also be useful for VMware administrators who need to ensure success of databases on their platform and want low impact, easily understood views of how the database is using VMware resources.
http://www.ignitefree.com/
http://feedproxy.google.com/~r/Ntpronl/~3/J-saaeTpk6Y/2062-Cool-Tool-VM-Aware-Database-Performance-Completely-FREE.html
Sent with MobileRSS for iPhone<http://itunes.apple.com/app/mobilerss-pro-google-rss-news/id325594202?mt=8>
Mike Yallits, VTSP
Client Account Manager
ESTI Consulting Services
Cell: 204 294-7773
mike.yallits@esti.ca<mailto:mike.yallits@esti.ca>
IgniteFreeVM takes the core feature, multi-layer visibility of databases running on VMware, from application through the storage layer, and makes it available in a free-of-charge tool for unlimited use. It differs from the paid version in a few respects – it does not have the advanced enterprise features such as reporting and alerting, and it is limited to a two hour rolling window, rather than seeing months of history.
IgniteFreeVM will be of interest to Oracle and SQL Server DBAs who have databases running on VMware. It will also be useful for VMware administrators who need to ensure success of databases on their platform and want low impact, easily understood views of how the database is using VMware resources.
http://www.ignitefree.com/
http://feedproxy.google.com/~r/Ntpronl/~3/J-saaeTpk6Y/2062-Cool-Tool-VM-Aware-Database-Performance-Completely-FREE.html
Sent with MobileRSS for iPhone<http://itunes.apple.com/app/mobilerss-pro-google-rss-news/id325594202?mt=8>
Mike Yallits, VTSP
Client Account Manager
ESTI Consulting Services
Cell: 204 294-7773
mike.yallits@esti.ca<mailto:mike.yallits@esti.ca>
vSphere PowerCLI 5.0 reference app for iPhone and iPad
This tool<http://itunes.apple.com/us/app/vpowercli5-reference/id489731144?mt=8&ls=1> is to be used for referencing the VMware vSphere 5 PowerCLI cmdlets. VMware vSphere PowerCLI<http://www.vmware.com/go/PowerCLI> is a powerful command line tool that lets you automate all aspects of vSphere management, including network, storage, VM, guest OS and more. PowerCLI is distributed as a Windows PowerShell snapin, and includes more than 300 PowerShell cmdlets, along with documentation and samples.
<http://itunes.apple.com/us/app/vpowercli5-reference/id489731144?mt=8&ls=1>[http://www.ntpro.nl/blog/uploads/powercliref.jpg][http://www.ntpro.nl/blog/uploads/powercliref1.jpg]
Original Post:
http://feedproxy.google.com/~r/Ntpronl/~3/OSBGL8ym71c/2063-vSphere-PowerCLI-5.0-reference-app-for-iPhone-and-iPad.html
<http://itunes.apple.com/us/app/vpowercli5-reference/id489731144?mt=8&ls=1>[http://www.ntpro.nl/blog/uploads/powercliref.jpg][http://www.ntpro.nl/blog/uploads/powercliref1.jpg]
![http://www.ntpro.nl/blog/uploads/powercliref.jpg][http://www.ntpro.nl/blog/uploads/powercliref1.jpg](http://www.ntpro.nl/blog/uploads/powercliref.jpg][http://www.ntpro.nl/blog/uploads/powercliref1.jpg){kind=link}
Original Post:
http://feedproxy.google.com/~r/Ntpronl/~3/OSBGL8ym71c/2063-vSphere-PowerCLI-5.0-reference-app-for-iPhone-and-iPad.html
Protecting Exchange 2010 with vShield 5.0
Enhancing Exchange 2010's Security Profile
In this post we will discuss using vShield to bolster the protection profile of Exchange 2010. We will start off with a brief discussion on vShield, and then move on to discussing the Exchange 2010 architecture, and then finally how we implemented vShield around Exchange 2010.
vShield 5.0 Overview
The VMware vShield product family is the foundation for trusted cloud infrastructures. vShield enables adaptive and cost-effective security services within a single management framework. vShield is a suite of products comprised of vShield Edge, vShield App, vShield Data Security, and vShield Endpoint. For purposes of this post, we will focus on two of the four products, vShield Edge and vShield App.
vShield Edge provides network edge security and gateway services to isolate VMs in a port group, vDS port group, or Cisco Nexus 1000v. vShield Edge is a stateful inspection firewall that can provide NAT, DHCP, IPsec Site to Site VPN VPN, and Web load balancing services for the virtual data center.
vShield App is a layer 2 / layer 3 virtualization aware, hypervisor based firewall that protects applications in the virtual datacenter from network based attacks. A major benefit to vShield App is configuring access control polices are based on logical and physical constructs versus purely physical constructs that a traditional firewall leverages. An example of this would be the ability to create rules based on a vApp (logical) versus IP Address (physical).
Exchange 2010 Architecture Overview
We built Exchange 2010 within the construct of a vApp. A vApp allows you to group VMs together and perform management functions against those VMs, such as power on, power off operations. vApp provide the ability to create 'nested' vApps. We leveraged this ability to create a multi-tier vApp for Exchange.
We created a root vApp labeled Exchange and then nested three different containers, based on Exchange 2010 roles (CAS, HUB, Mailbox). We then explicitly configured boot order within the CAS, HUB, and Mailbox vApps and at the Exchange Level.
We separated out the individual Exchange 2010 roles into individual VMs for the CAS, HUB, and mailbox roles. We used Exchange 2010 SP1 installed on Windows Server 2008 R2 Standard / Enterprise. We also configured the SAMESUBNETDELAY setting to 2000ms since we are using HA, DRS, and vMotion with DAG. More information on running DAG on the vSphere platform, see the whitepaper Using VMware HA, DRS, and vMotion with Exchange 2010 DAGs. The VMware software used in this configuration was vSphere 5.0 and vShield 5.0.
For networking we used the vSphere Distributed Switch with one Port Group for production traffic and a second Port Group dedicated to DAG replication traffic. In addition, we limited the number of ports in the DAG replication network to 2 so we would not have to worry about addition VMs being plugged into this Port Group. In the screen shot below, you can see the HUB01 and MBX01 VMs both using the Production dvPortGroup and the second vNIC on MBX01 using the ExchangeDAG dvPortgroup.
Once we got Exchange up and running we installed vShield. vShield installs default open so we were able to leverage the traffic flow reports inside vShield to assist us in creating the rules around Exchange 2010.
Building the Rules
As stated earlier, vShield installs default open which allows us to leverage the traffic flows within vApp to better understand communication activity amongst systems. We decided to gradually lock down Exchange 2010 by first configuring VM to VM rules, and then implementing port based rules based on the TechNet post detailing ports used by Exchange 2010: http://technet.microsoft.com/en-us/library/bb331973.aspx.
We built our rule sets using logical constructs within vCenter Server. For example, we built a rule stating the Mailbox vApp is allowed to communicate with the HUB vApp. By creating the rule against these logical constructs, any VMs placed into these containers will inherit the rules of that container.
As we built the rules we monitored traffic flows between Exchange 2010 systems, which was key in validating we correctly configured the rule sets and also identified other key traffic activities that were not documented in the aforementioned Ports Used by Exchange 2010 article. An example of this was UDP 139 from the Exchange vApp to our Domain Controller vApp.
Closing Remarks
Configure an external syslog server for vShield. As you build your rules, enable logging of the rule in order to validate enforcement of the rule. Start with general rules, like VM to VM rules and if necessary move down to port specific rules. Both of these will provide better protection, be sure to implement the appropiate level for your enviornment. Be aware that as the rules become more granular you must be more diligent to ensure all ports required by the application and OS are available. When you have validated your configuration is correct, change the default allow rule to deny.
Original Post: by Jeff Szastak
http://blogs.vmware.com/apps/2012/04/protecting-exchange-2010-with-vshield.html
VMware vSphere v5.0 Earns Common Criteria EAL4+ Certification
This new certification has generated a lot of interest around the industry. Below is a blog entry from my colleague at VMware (link #1 below) and our press release as well (link #2 below). Let us know what you think.
http://blogs.vmware.com/security/2012/05/vmware-vsphere-v50-earns-common-criteria-eal4-certification.html
http://www.vmware.com/company/news/releases/vmw-common-criteria-cert-05-30-12.html
http://blogs.vmware.com/security/2012/05/vmware-vsphere-v50-earns-common-criteria-eal4-certification.html
http://www.vmware.com/company/news/releases/vmw-common-criteria-cert-05-30-12.html
Sunday 3 June 2012
VMware vCenter Infrastructure Navigator v1.1 Demo Overview
Ben Scheerer, Sr. Product Manager at VMware, provides a demo, use cases and functionality of VMware vCenter Infrastructure Navigator (VIN) v1.1<http://www.vmware.com/products/datacenter-virtualization/vcenter-infrastructure-navigator>.
Original Post:
http://feedproxy.google.com/~r/Ntpronl/~3/V59QXrQ34E4/2061-VMware-vCenter-Infrastructure-Navigator-v1.1-Demo-Overview.html
Original Post:
http://feedproxy.google.com/~r/Ntpronl/~3/V59QXrQ34E4/2061-VMware-vCenter-Infrastructure-Navigator-v1.1-Demo-Overview.html
Saturday 2 June 2012
vSphere 5.0 Hardening Guide - Official Release
This is the official release of the vSphere 5.0 Security Hardening Guide, v1.0. The format of this guide has changed from previous versions. The guide is being released as a Excel spreadsheet only. The guideline metadata from earlier guides has been greatly expanded and standardized. CLI commands for assessment and remediation of the guidelines is included for the vCLI, ESXi Shell, and PowerCLI.
[http://www.ntpro.nl/blog/uploads/gguide.png]
http://communities.vmware.com/docs/DOC-19605
[http://www.ntpro.nl/blog/uploads/gguide.png]
http://communities.vmware.com/docs/DOC-19605
Subscribe to:
Posts (Atom)