Hello all,
I trust that everyone had a good week? Busy if you are in IT with all the Spectre and Meltdown stuff. I did a lot of work on that myself, and I used this article to keep track of the useful info. I have updated that article a lot. It covers off a lot of vendors and software. This is something we all need to worry about and do something about. So yes, lots of patching and make sure you remember that some do not take effect until you do a shutdown and power on, or make a registry change. Also remember that defense is most effective in depth. So you need to patch your hypervisors, server firmware, and OS of the virtual machines. You likely will need to patch applications too like browsers. So by doing all of this it is better protection for you then if you only do one or two of these updates. And much of the updates are protection from known exploits. My article has gotten a bit big, and with lots of links. But the info is important.
I use my home lab for work. And I have decided I need to make changes to make it work better for me. So I am going to get rid of one R710, and two Intel 2400C servers. I am having trouble giving them away. Then I will buy two more Supermicro servers. This will give me two clusters of two powerful servers each, and one Dell R710 I can use for beta stuff. I think this will let me do more, which will help my job but also help me with this blog too! And less power used, and less heat generated.
I updated my Document your vSphere Environment article to cover off how it now checks your hosts firmware levels to see if they are updated for Spectre / Meltdown issues. It does even SuperMicro now in fact. Very cool. Thanks to Edgar for adding it in.
I updated the Linux Software Manager article due to a new release (3.0) that is packed with new stuff. Very handy tool if you want to build and maintain a repository of VMware bits.
I am heading out this weekend for the EMEA sales kickoff for Veeam and meetings with fellow product managers. I am quite excited to get back to R&D and the great PMs that I work with. I also very much like St-Petersburg (in Russia), and the nicer weather.
Have a great week,
Michael
IMPORTANT - Intel shares with VMware some of the ESXi patches with microcode may have issues
The VMware ESXi patches that included microcode, may have issues IF some app tries to use the speculative control (when done on specific processors). The patches impacted are ESXi650-201801402-BG, ESXi600-201801402-BG and ESXi550-201801401-BG. Do not apply these patches and if you have, then check this knowledge base article out for more info, and a workaround. Good grief. VMware was really trying to help us. Update: this was installed on my servers when I checked. It was out around the 8th or 9th in Non-Critical updates.
vCenter 6.5 Update 1e now GA
This release is important and helps with some of the mitigations for Sceptre. Easily update via the VAMI so good to get done fast. Here is the release notes. There is also an ESXi update related to this so check VUM and get it done - I have not seen the ESXi updates yet but I am told it will be there. Update, I do see the from around the 9th.
vCenter 5.5 Update 3g is now GA
This release is important and helps with the security mitigations for Sceptre. So important to get done. Here is the release notes. I believe there is also ESXi updates for this so after you upgrade your vC check VUM and get it done.
Meltdown / Spectre Patching - Enhanced vMotion Compatibility
An interesting article about someone doing patching that when tested did not quite work, and the why it did not work. This is related to Spectre and Meltdown so likely something that is a big push to get done.
Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems
Microsoft talks about the performance impact of fixing or mitigating the fixes and so good info to talk about.
Verify Hypervisor - Assisted Guest Mitigation (Spectre) patches using PowerCLI
William has a very nice script to help with confirmation of patching. Just what I need this weekend!
vCenter Server 6.5 Update 1d Includes third Update to HTML5 vSphere Client
Adam has an article that highlights all of the vSphere Client updates available in 6.5 U1d. I am a very big fan of the HTML 5 client so these updates are very nice indeed.
ESX IP Storage Troubleshooting Best Practices: Packet Capture and Analysis at 10G
You can learn about packet capture at very high speed in this new white paper. Good info.
Identifying ESXi boot method & boot device
You can find a nice script to identify boot method, and device really easily.
vSphere 6.5 Upgrade Considerations Part-3
Emad has a great article that can help you plan your 6.5 upgrade. I think it is nicely done with a scenario that I think helps with the understanding.
How to reset the lost or forgotten root password in vCenter Server Appliance 6.5
Have you ever forgotten a VMware VCSA root password? This article could help you if you have.
Understanding VMC Integrations with AWS Services
Brian has an interesting article about how you can connect your VMWonAWS SDDC to the AWS resources. One of the important aspects of AWS and VMware is all of the services that AWS has that you can consume on VMWonAWS. Very handy.
vRealize Operations and Log Insight in vSAN Environments
In this new article you can learn about vRealize Operations and Log Insight working in a vSAN environment. Good info and some good learning too.
Upgrading vIDM
I saw this article by Steve on updating vIDM and I had no idea that it was an manual process. So very good he shared.
New Year, New Look vCheck
Alan has updated vCheck and it looks pretty good. I will be doing that upgrade this weekend. Not really an upgrade but install I guess.
Getting Started with VMware UEM
Sean has a very nice article about VMware’s User Environment Manager and the components and things to think about. In the next article Sean will talk about deploying UEM. UEM is pretty powerful and important as it help manage the end user Windows and application preferences. You do not want to be on the help deck when a user finds his favorites is missing, or his wallpaper has changed.
VMware Horizon 7.4 & Horizon Client 4.7 Gets User Experience, Linux, and Collaboration Enhancements
You can see a review of the 7.4 release of View and get a good idea of the new features and what a third party thinks.
New Technical White Paper - App Volumes Reviewer’s Guide
You can learn more about App Volumes in this TWP. Lots of details!
Deploying vRealize Orchestrator 7.3
This article will help you get vRO working. This will get things installed and working too. Very good article actually.
VMware NSX Micro-segmentation - Horizon 7
If you would like to learn more about NSX, micro-segmentation, and View you can in this article. This is powerful functionality.
VMSA-2018-0001
This security alert is about VDP and is critical so if you have VDP make sure to deal with this.
Kubernetes 1.9: Expanded Ecosystem, Workloads API, Storage Visibility and More
I know several of you are looking at Kubernetes and this new version has some nice new features. Find out all about it here.
vSphere Integrated Containers 1.3 Makes Deployment Easier
Learn more about VIC in this article. Nice to see the HTML5 and other improvements.
PowerShell Core 6.0: Generally Available (GA) and Supported!
This was very good to see, I have been waiting for this. So now that PowerShell Core is GA that means VMware will get the PowerCLI stuff some love and soon we will be doing PowerCLI easily on our Mac’s and Linux. If you need help getting this working on a Mac check this out.
CBT Driver with Veeam Agent for Microsoft Windows 2.1
You can learn about the very useful CBT driver that is part of Veeam Agent for Windows 2.1 in this very interesting article. This can really help with your deployments and backups.
Veeam Restore VM hardware version is not supported by destination host
In this article the author has an interesting issue that I think others might hit one day and how he dealt with it. Very nice article.
Veeam Cloud Connect backup fails with error “Unable to convert host id…”
And article about an MOREF issue - this one with Veeam software, and how to understand the issue and a nice workaround. If you see the unable to convert host id error you will know what to do.
A Deeper Look at Insider Protection in 9.5 Update 3
Anthony has a nice look at a new feature in Update 3 which I think customers will really like. Service Providers can enable the ability for customer deleted backup files to be saved for some time as determined by the SP, and so it can be undone if necessary.
Veeam Replication - Advanced features and functionality
Michael has another article about some advanced tidbits on Veeam Replication. You can also find his article about PowerShell and Veeam.
What a start to the year….
Chad has an article that talks about the recent security issues but has some good info, and a good attitude too.
Performance Analysis of SAS / SATA and NVMe SSDs
An interesting article about performance and NVMe with numbers to back it up. Good stuff.
How to set up and use call relay on your Mac
This is setup automatically and by default. Meaning if you are in front of your iPad or your Mac, and your iPhone rings, you can answer it on your iPad or Mac. Works really well. But, I know someone that it does not work for but you can get it going with this article.
How to quickly disable Touch ID and Face ID when you need extra security
This short article will tell you how to disable Touch or Face ID which is a good idea going through borders or into odd countries.
Introduction to UniFi
In this video series you can learn more about UniFi from the basics and building blocks and it is pretty good.
EMC, VMware security bugs throw gasoline on cloud security fire
In this article it talks about some of the EMC and VMware security issues lately, and other security issues as well.
Mine all the data, they said. It will be worth your while, they said
An interesting article about mining all the data. Which I have been guilty of at times, in fact by implementing ArcSight once long ago.
Process, People, Ptechnology, and Politics
Edward as an article about this topic and he is quite right about this as I ran into this a lot as a professional services guy in the past.
Using Touch ID on MacBook Pro for Sudo authentication
This is quite cool, and much easier than entering a password. Just another great use of the Touch ID.
Thanks for reading or skimming this far,
Michael
=== END ===
