Newsletter: October 21, 2017

Hello all,

A busy week in this lab, and home too.  I have been working on a new product and I am looking forward to being able to talk more about it. I did an article about how to format an APFS disk as something other then APFS - which was a little harder then it seemed.

I mentioned on Twitter or Slack that I had installed Fusion recently and that had meant when in vSphere Web Client that when I tried to open a console in VMRC I was prompted to open it in Fusion.  I was in a hurry and did not want to dick around in Fusion trying to deal with a console.  I installed VMRC again and when I opened it the first time it asked me if I wanted to have it open up links and of course I said yes.  Now I get VMRC consoles instead of Fusion Consoles. Here is the link for VMRC for Windows, Mac, and Linux.

I updated my small lab View infrastructure to 7.3.1 and it was smooth.  CS, SS, and followed by agents.  Just like always and it worked just dandy like always - except of course for 7.3 as it was some sort of a disaster upgrade - glad I missed it.  Release Notes. Article about what is new. I have had people make odd and almost rude comments about how I use View to access my lab.  I have done demos in three different jobs all over the world.  Recently in Singapore at a bar using my iPad (I was there for dinner and reading on my iPad and someone asked about my Veeam shirt.  Soon a demo occurred).  It works and works good.  Why would I stop that and use just RDP?  Would it really work as good and look as polished and professional?  I think not.

I also updated my article on using the vDocumentation tool to document your environment.  It does a great job BTW, and it reminded me I need to do some firmware updates - which I don’t have time for.

In two weeks, I will be at the VMware Palo Alto campus for some training and I hope to visit with many of you I used to work with!

Did you watch Stranger Things on Netflix? My wife and I did and it was very enjoyable.  Turns out the next session starts soon - October 27.  Not sure if the whole season will come down at once or what.  All I know is I will have to wait for my wife to return (from PTO) before we can watch it.

And yes, I have a lot to share this week, including some important and interesting stuff we all need to know more about and understand, so lets get started!

Michael

Warning  - WPA security issue - known as KRAK, is everywhere WiFi is
BTW, KRAK is Key Reinstallation Attacks, which is what this is all about. This vulnerability is in the area of handshake of the WPA2 protocol that is very common. This could enable packet sniffing, connection hijacking, malware injection and even decryption of the protocol, so it is safe to say it is bad. It is worth working on this issue and not avoiding it.  If you do your work via VPN, or via HTTPS you are likely better off, but it is still worth getting this fixed.  The fix is already in iOS, tvOS, MacOS and watchOS betas (more info) so the next release of any of those will fix the issue.  My WiFi supplier is erro, and they patched my gear yesterday (more info) - they were very good to talk about this issue with too.  Windows had the info and has a patch already out and available. Both Ring, and Piper gave me non-answers - “We use SSL and AES 256 to take care of security” but they would not say anything on this issue which is worrisome. I hope they do HTTPS or VPN back to their servers but at least on my WiFi they are good. Some very good, and more technical info, is in this article. Some very easy to read info - so good for less technical people - in this article. This is an important issue, and it is worth your time dealing with it. Update - here is Bruce Schneier on this issue.

Warning - current flash breaks your vSphere Web Client
I would suspect you all know about this - right? The vSphere Web Client in Chrome and Firefox crashes and is unusable.  The workaround is to downgrade but I did not do the downgrade as I thought I would try and use the HTML5 client and in fact that worked for everything but one thing. I think that Bob has the right idea here, but I also hope the fix is out quick! It appears that it may be in the November patch release.  I should hope it is in early November! BTW, here is the Security Bulletin from Adobe.

Warning - This app claims to detect intimate photos using AI and lock them away safely
In this article you can learn about a pretty cool piece of software - if finds and encrypts your nude pictures.  However, do not use it.  Depending on your phone model and OS version you may have your email and pictures sent off the device.  Not good. Here is an article from someone who looked into this new software and he is not the only one who did!  Use complex passwords on your iCloud and Apple accounts, and make sure you protect your phone too - don’t lose it, is pretty good protection for those interesting pictures.

Serious - About Microsoft Advisory ADV170012
More on the TPM Madness stuff and if you use TPM to protect fingerprint logins, or passwords, or boot process I think you need to check things out and this article will help. You may not be protected as well as you think. If you don’t use Windows and TPM skip this little blurb.

Comparing VVols to VMDKs and RDMS
This article is most interesting.  It really brings home the value of VVols, and it is full of good info.  Good article to share with people who are not interested in VVols. I hope everyone follows Cody as this article is not the only great article he has done!

Increase boot delay edit BIOS of a VM
We needed to know this in the early days of virtualization when we installed a lot of stuff via ISO in VMs.  As the hosts improved, their boot speed did too, and it was hard to install stuff as a result. I still use this info now when I build new templates to remove ports from the BIOS for example.  So if you need to know how to delay the BIOS or boot to Setup this article will help.  We used to edit the VMX file for this, and when it was put into the UI I was quite happy!

VMware Transparent Page Sharing Explained
This is a most impressive feature - and I like it a lot.  That is why I always enable it in my lab and suggest for most customers to enable it too.  The security issues that were the root of it being disabled are mostly academic and not something for the average customer to worry about.  But find out the whole story in this article, including how to enable it again.  I should mention, I did a test once to help some people learn, with NT, Windows 2000, and XP and the amount of common memory in use was enormous so that means some great TPS savings.  Don’t remember the numbers mind you but we can all agree that often memory is in short supply in home labs, and TPS can help.

vCenter Server Appliance Migration and Troubleshooting video series
Here is a playlist for a video series about the VCSA migration that includes troubleshooting.  I know several people that have watched it and really liked it.

Virtual Machine vCPU and vNUMA Rightsizing - Rules of Thumb
Mark has updated his amazing article on this topic to consider memory.  Very detailed learning in his article!  Anyone working on big systems needs to know this article!

DEMO - Extended Oracle RAC across sites with VMware NSX
An interesting article that also demo’s this functionality. Oracle RAC is very ‘fussy’ in this context and it is most impressive that by using NSX you can make everything work!

vCenter Cluster Performance Tool
A reminder of an interesting tool that allows you to do some  powerful cluster performance testing. Use the PowerShell script from the article and create a CSV file to do your analysis in.

vSphere HTML5 Web Client fling is now at 3.25
There is lots of new stuff and improved stuff - as well as fixes too.  Nice job. See the change log. I look forward to being able to do all I need in the vSphere Client that is part of the GA vSphere.

Tip from Engineering - Use UEFI firmware for Win10 and Win2K16
William has an article that will easily help you convert Win10 or Win2K16 to UEFI and that is handy.  That means - once done - you can enable Secure Boot for them.  This used to be destructive but it is not destructive now.  I tested it out - as I was skeptical, but it worked great.  I even used the HTML5 vSphere Client to make the BIOS to UEFI change - still don’t have the vSphere Web Client working in my lab.  Most excellent William, as I was thinking about this recently while talking with a customer about using Secure Boot. I did see a tweet that Microsoft has a tool to do this also but could not find it.

vTestPlans - Free vSphere Test Plans
I saw this article and took a quick look at their test plans and I quite like them. I used to do this sort of thing when I was professional services and working with customers.  I still do an informal version when I work in the lab.  These are a very good way to help you be successful in technology implementations, and the customers will not only appreciate that, but be impressed how you do things.  Which means they will be more likely to ask you back for the next project.

How Much VMware Cloud on AWS will I need?
Dave has a nice blog here that talks about how you can see how much your on-prem infrastructure will cost in AWS, or the cost of a subset of it.  A good way to have an idea of how much things will cost! I mention though that this will not show the cost of communicating or using other assets in AWS and that is something to know too.  I am not sure if this will be the most common use case - replicating your on-prem in AWS.  I think it will be more common to see DR, or test / dev, or maybe even a project running up there.

VMware Cloud Services - VMware Cloud on AWS
This long and in-depth article on VMWonAWS (yes, we are not supposed to use VMC any longer) is pretty darn good.  Really good info.

Permit Project Management access only in vROps
An article that can help you limit access for a group.  Not sure what makes it Project Management but it does show how to limit things to a group.

vROps dashboard - Host Network Connectivity Insight
A very nice article that shows you a very useful dashboard, and how to make it.  Plus, he has the two objects for it already made and you can download.  I like it! I know several customers that I used to work with that would love this dashboard.

Part 1 - Install and Configure vRealize Operations Federation Management Pack
I mentioned last week there was a new Management pack for vROps that would federate multiple vROps instances into one pane of glass. So cool, and now I get to share a how-to article on making work.

VMware Identity Manager 2.8 - Office 365 User Provisioning and Federation
Another interesting story on how you can use the VMware Identity Manager for different things.  I do want to get it into my lab one day to handle View and Log Insight authentication duties. Just need to get it done. Wait.  vRealize Automation is on its way into my lab and it supports it too.

Leveraging VMware UEM to reduce Microsoft GPO usage
This is a very cool tool that I think is way more powerful then people realize. Check out the interesting example of its power in UEM that Nigel shows.

Desktop Watermark
I can see this new fling being quite useful for certain kinds of VDI based support shops where screen scraping may occur.

Automating VMware Horizon 7 with VMware PowerCLI 6.5
An interesting blog on PowerCLI and View, which recently was enhanced.

Troubleshooting vRealize Automation and MS DTC
I found this article quite interesting - not useful yet but when I start my next TWP on vRA and VBR I bet it may turn out handy! The MS DTC is quite important and can foul things up good.

vCloud Director 9.0: Digging into the new Standalone VM Feature
Anthony has an interesting article about a new feature - or capability in vCD 9.0 - the standalone VM, which is pretty cool since I was asking for that many years ago!  As always Anthony has good info to share on this subject.  It is good he looked into it as it turns out to not quite be what I thought.

Vulnerability scanning with VMware Harbor 1.2 and Clair - Part 1: Building Harbor
This is the start of an interesting series about working with Containers.  VMware has done some nice contributions in this area and it was interesting to read about them. This use case is connected with vRA too.

Announcing VMware VR Datacenter Experience
Alan has an article where he shares that the amazing VR demo we saw at VMworld is now open source.  That is amazing actually. I believe that demo was a hint of the future.  One day I think a lot of admin will be via VR.  Think about the virtual work-space, you can have documentations, and even samples, and maybe a vendor could join you.  Very powerful - eventually.

Veeam SQL Transaction Log Backups
This article is a great introduction to do SQL backups right.  But, it is also sort of a sales tool that you can hand to an SQL DBA and get them onside with you for using Veeam to do the backups of SQL.  Sometimes it is the DBA that complicates backup deals and this article can help avoid that.

What is Veeam Proxy?
A nice breakdown on what a Veeam Proxy is and how it fits into your Veeam infrastructure.

Want to learn more about about Ransomware from Veeam?
You can learn more about the exploits, how it funds cybercrime (and normal crime too) and about its history.  Once you know a little more, you can learn how to avoid it in this article I wrote.

Replacing the Veeam Enterprise Manager REST API self signed certificate
Certificates, and the work among them, is tough.  It is truly not for mere mortals, so it is quite cool that Mike has tacked this for his Veeam Enterprise Manger API and has documented it.  Nice!  Thanks Mike.

Veeam vSphere Interactions with PowerShell
A very cool article that shows you how easy it is to get additional functionality into your PowerShell environment which is some cool new Veeam-related functions. I really like the Get-VeeamProtection function.  I played with this stuff,  and I use the Get-VeeamProtection to confirm the protection of my VMs!  Very handy stuff Markus!  But when this is not work in progress you need to get it into the Gallery to make it easier to get going.

Sophos UTM Endpoint protection
I was talking on Slack recently with James who has been using UTM for a long time.  Here is an article that he did about protecting endpoints.  I think with what is going on in the world of malware, that it might be good to have some additional protection for the Web and email activity in my home and lab.  My current nice firewall does that but at quite a cost.  It is included with UTM.  And UTM sounds pretty interesting.

Private Cloud Storage and the Tintri Platform with Kieran Harty
In this article you can connect with an interesting podcast where you can learn about Tintri on a variety of subjects.

Cisco CCNA Lab Guide
Here is a link to what I am told is a very good CCNA lab guide.  It will help you achieve the CCNA accreditation and from what I hear, there is a lot of very good exercises and good info in this guide that will help you beyond the CCNA.

How to Enable Full-Disk Encryption on Windows 10
I was suggesting to some co-workers about encrypting laptops and I was looking at Internet articles to see how good or how hard it might be. I found this article on the how that is quite interesting. I had no idea that BitLocker had come this far, and how it might upload your encryption cert to Microsoft or your employer. Here is another article on this subject by Bruce Schneier that is good.

How to use Wireshark to diagnose network problems
Wireshark is a very useful tool that more people should be able to use.  So this article will get you started.  It is not just for network people, as I have seen web developers use it, security auditors, email admins, and me too.  So most IT people, particularly in admin should know the basics.

TAP: Outlook mobile support for Exchange on-premises with Microsoft Enterprise Mobility + Security
This looks interesting, and I think it sounds good.  But I do not know the MS technology well to say for sure, but the ability to provide the additional functionality - like privacy, and compliance is very good for iOS and Android users of Outlook.

Use postman for API Testing or Validation [Tooling]
Interesting article about getting started using Postman to explore API’s.  I may use this article to explore an API I need to explore.

VMDeployer 1.9 Released: More stable and user friendly
Another version of this tool is now GA and I suggest that anyone who wants to deploy OVA / OVF should check it out.

Financial Services: The Blockchain Revolution is just beginning
Here is an article about what VMware thinks is going to happen with Blockchain and financial services and I think they have a good point.  Glad in fact, they are looking at it.  Make sure to check out the two minute video they suggest as it is a very good introduction to Blockchain.

Top Secret? Microsoft Opens Door to Government Blockchain Use
In this article it talks about how MS is supporting the use of Blockchain in MS datacenters for the government of the US.  Pretty darn interesting.  I think this will play big in the future.

Trends shaping Machine Learning in 2017
Interesting points in this article.  And I agree, and in fact will be getting an Apple version in December - yes, will need to pick it up in the US, but also, I heard recently I should be getting my Jibo in some indeterminate short while. I have been waiting quite some time for it.  I think I can learn a lot from it, and also entertain myself. Maybe even surprise other people!

Some thoughts on the Docker-Kubernetes Announcement
Scott has some good info on a recent announcement from DockerCon EU that I thought quite interesting.

Router configuration - easy security and improvements
A nice article if you are not familiar with updating firmware in your router (and quite frankly some good info even if you are) - which has just become quite important thanks to KRACK.

New Lightroom CC and Lightroom Classic CC
I do know a few that use these tools, and I heard people exclaiming WTF is going on, so I thought I would share this collection of comments that seem strangely reassuring.

The impossible dream of USB-C
In this article the author lists all the reasons why USB-C should not work for you.  And a lot of it is accurate but the thing to remember is that it works great for me.  And I cannot wait until my iPad and iPhone are using it too. I know others that are happy with it and like it too.  Mind you, we are careful - mostly - at buying dongles and cables.  I think my 2017 MacBook Pro with USB-C and Touch ID is the best computer I have bought and I love it, and recommend it. Maybe the article has all of the bad stuff that may occur.  But not all of it to one person?

Changes in Password Best Practices
I saw this article and I immediately agreed.  I have been pushing some of it before myself.  Stop the annoying complexity rules for passwords, stop with password expiration, and make sure password managers are supported.  If you encourage - like I do - people to use 1Password, and highly complex password phrases that are different at each service, there is better security.  So maybe, have some complexity that says 24 or 30 characters that is a serious mix of upper, lower, numbers, and special characters.  That will also push for password managers, and after that why force them to change it?

Thanks for reading or skimming this far,

Michael

=== END ===