VIRTUALIZATION, IN COMPUTING, REFERS TO THE ACT OF CREATING A VIRTUAL VERSION OF SOMETHING, INCLUDING BUT NOT LIMITED TO A VIRTUAL COMPUTER HARDWARE PLATFORM, OPERATING SYSTEM (OS), STORAGE DEVICE, OR COMPUTER NETWORK RESOURCES.
It's that time again and I highly suggest joining in. Not only will you be a part of a great community learning new products but you'll get the chance to offer your input into the direction.
This beta program is different from the past programs in that it is not tied to a specific version or release. This is a new beta program that includes a new beta community. The beta program will continue through multiple releases of vSphere. Participants can expect to see new functionalities and capabilities added on as the program continues on. Participant are expect to:
This program enables participants to help define the direction of the most widely adopted industry-leading virtualization platform. The vSphere team will grant access to the program to selected candidates in stages. This vSphere Beta Program leverages a private Beta community to download software and share information. VMware will provide discussion forums, webinars, and service requests to enable you to share your feedback.
You can expect to download, install, and test vSphere Beta software in your environment or get invited to try new features in a VMware hosted environment. All testing is free-form and you are encouraged to use the software in ways that interest you. This will provide VMware with valuable insight into how you use vSphere in real-world conditions and with real-world test cases, enabling them to better align with your business needs.
Some of the many reasons to participate in this beta opportunity:
You can register for the Beta Program Here!
Security these days can be more of that traditional, needle in a haystack approach, than a true centric security approach to include analytics and alerting. VMware is again shifting to a new paradigm, and that was evident from all the products and messaging that came out of VMworld 2017.
Security is on the forefront of all of our minds and VMware, as the leader in data center technologies, wants to lead the conversation and be the foundation that you are laying down to protect your data, along with adding significant value to you with their partnerships in the security space, like the new partnership announced with IBM around their security products like QRadar.
With increasing attacks on our data centers, take Equifax for example, we must first look at one of our most significant portions of our security foundation, ESXi and work to secure that. We typically start with securing the physical and the edge, throw in some anti-virus and call it secure, but are we secure?
When it comes to data center security, we must start with our foundation, ensure that we have designed it to follow recommended best practices, then evaluate the gaps, and add in products to get us the rest of the way there. This also includes following best practices for end-user access of the environments and not being "lazy" admins just to skip a few steps. We have to lean on trusted partners like Sirius that have developed a security practice that can help us navigate the waters of security because the landscape of security products is immense, as you can see from the picture below.
So where do we begin? I believe that we must start with VMware. VMware is no longer just a hyper-visor running your vms, but the most integral part of your data center security strategy and if you don't get that foundation right, then the rest will crumble too. We must secure the infrastructure, build and architect the data.
After we get the infrastructure secure we move into securing the entire ecosystem like controls, automation, validations and the security solutions.
Last we must get back to the basics and as VMware's CEO, Pat Gelsinger stated, "Learn from sport teams who follow the basic regimen over and over again. Every major breach in the last five years that made headlines happened because a simple cyber hygiene wasn’t followed somewhere.” VMware is working with the government to set cyber hygiene standards for the tech industry to simplify the security solutions, as Gelsinger stated that, “The role of the governments globally in making stronger cyber policies is equally important to ward off data breaches."
VMware has shifted to becoming a security centric company. With added features in their base product VMware ESXi 6.5 which represents a move toward "secure by default" and allows for a truly secure foundation to build the rest of the house. Let's take a look at these features.
ESXi Secure Boot
Secure Boot now leverages the capabilities of the UEFI firmware to ensure that ESXi not only boots with a signed bootloader validated by the host firmware but that it also ensures that unsigned code won’t run on the hypervisor. UEFI, or Unified Extensible Firmware Interface, is a replacement for the traditional BIOS firmware that has its roots in the original IBM PC.
ESXi is comprised of a number of components. There is the boot loader, the VM Kernel, Secure Boot Verifier and VIBs, or “vSphere Installation Bundles”. Each of these components is cryptographically signed.
You can read more about UEFI on wikipedia.
Virtual Machine Secure Boot
SecureBoot for VM's is simple to enable. Your VM must be configured to use EFI firmware and then you enable Secure Boot with a checkbox. (Note that if you turn on secure boot for a virtual machine, you can load only signed drivers into that virtual machine.)
Secure Boot for Virtual Machines works with Windows or Linux.
vSphere 6.5 introduces enhanced logging. Logs have traditionally been focused on troubleshooting and not security.
Complete logs are now sent via the syslog stream for actions like "VM Reconfigure". Logs now contain more complete information, so notices of something changing you will now see what changed it changed from and what it changed to. You can then take actions against the information collected like rollback the change if it caused an issue.
You will now see logs for actions like adding more memory to a vm. The associated logs will show you what it was before and after the change. From a security perspective you can see much more information like who made the change and with integrations with VMware Log Insight you will be able to parse the data quicker bringing you to faster remediation.
VM Encryption/vMotion Encryption
VM encryption works by applying a new Storage policy to a VM. It is Policy driven. You’ll be able to encrypt the VMDK and the VM home files.
There are no modification within the guest OS. You can run different OS's like Linux, Windows, etc. and can be run from different storage like NFS, block storage, and VSAN. The encryption is happening outside of the Guest OS and the guest does not have access to the keys.
The encryption works also for vMotion but both the source and the destination hosts must support it.
After you apply an encryption policy to a VM, the VM receives a randomly generated key for each VM, and that key is encrypted with a key from the key manager.
When you power-on the VM which has the Encryption Storage policy applied to, vCenter retrieves the key from the Key Manager, sends that to the VM encryption Module and unlocks that key in the ESXi hyper-visor.
Encrypted vMotion works by having the randomly generated key added to the migration information, this is sent to each of the hosts participating in the vMotion process, the data going across the network is encrypted with the randomly generated key only for the migration process, and is one-time generated random key, which is generated by vCenter.
vSphere Security Guide for vSphere 6.5
The new security guidelines have changed to a subset of things to focus on. This is changing from the traditional "Hardening Guides," from VMware to a "Security" guide. I will not go into the entire guide in this post but you can read the post from VMware here.
Along with these new settings, government work, and a new security guide being introduced, I think its time to shift into the products that support VMware security model.
The first of these is NSX. With organizations spending more on security than ever before, see Gartner, NSX becomes the next integral step to securing your production data center. I have written several blogs now on NSX so I will just write a quick recap as to what NSX is.
VMware NSX provides a platform that allows automated provisioning and context-sharing across virtual and physical security platforms. Combined with traffic steering and policy enforcement at the virtual interface, partner services, traditionally deployed in a physical network environment, are easily provisioned and enforced in a virtual network environment, VMware NSX delivers customers a consistent model of visibility and security across applications residing on both physical or virtual workloads.
To further enhance NSX VMware introduced at VMworld 2017, AppDefense. AppDefense adds data center threat detection and response to the micro-segmentation capabilities delivered by NSX.
NSX prevents threats from moving freely throughout the network, while AppDefense detects anything that does make it to an endpoint and can automatically trigger responses through integrations with NSX and vSphere. The idea is to prevent, detect, and respond.
AppDefense uses machine learning technology, were it learns application behavior and if the application deviates from that behavior, it is quarantined. This is very different from the traditional approach with anti-virus solutions. Anti-virus solutions use definitions to secure the vm. If a new attack has been brought to the attention of your provider then they will create a new definition, once they have had time to analyze it, and then you are responsible for pushing the new definition out to all you vms. This can cause a gap in your protection.
See this video below to learn more about AppDefense.
VMware has a dedicated internal team responsible for developing and driving software security initiatives across all of VMware’s Research and Development organizations to reduce software security risks; The VMware Security Engineering, Communications & Response group (vSECR).
The vSECR group takes a full lifecycle approach to product security from product inception to product end of life. VMware, through vSECR, is committed to the ongoing security of their products and the safety of their customers data.
VMware is also active in the greater security community, and is a member of SAFECode (the Software Assurance Forum for Excellence in Code) and BSIMM (Building Security In Maturity Model). For more details about VMWare product security, please refer to the VMware Product Security White Paper.
You may also be interested in the following resources:
Lastly, remember to reach out to your VMware Partner, like Sirius, who can help you with security health checks, education, and help you gain confidence in your production data center environment(s) is configured correctly.
Sirius can help you prevent, detect, and respond to security threats and secure your data.
I have been a VMUG Leader in Rochester NY for 5 years, and recently became a leader of two other groups, Syracuse, and Capital District which collectively covers a large portion of Upstate New York. Did I mention that I love being involved in my local communities?
At its basics, VMUG leaders coordinate the activities for their local VMUG communities and being a leader is an amazing opportunity to give back, build awareness of VMware products, while building your resume and sharing your knowledge. The requirement to become a VMUG leader is that you must be a VMUG member and serve in a technical role with a VMware Customer Company. VMUG is a global organization as you will see from this blog.
Being in this role for sometime now, I decided to reach out and talk with leaders from around the globe to get an idea of what they thought it means to be a VMUG leader and gain some insights into how they run their groups. If you are a current VMUG member looking to become a leader and are wondering what is involved, I hope to answer any questions you may have within this blog.
I have a passion for technology, and for VMware technologies to be more specific. Joining VMUG as a leader has been a great opportunity for me to take my love for VMware products, and have a platform to evangelize within my communities along with the social aspect of it.
I love bringing technologists together to build a strong technical community, and I always think about the collective knowledge we have as a community, and how we can utilize that to help us through the projects we find ourselves working on.
Think about it, you attend a VMUG on a subject like VDI, because you are working on a VDI initiative at work, and now have an opportunity to gain some knowledge along with making local connections with other technologists that are working on the same project or have completed their own project. That is what's great about attending local meetings, you can learn from others or step up to assist others within your community. Of course, this is only one aspect of the benefits of joining VMUG as a member or a local leader.
One of my colleagues at Rolta Advizex runs a very successful VMUG in Cleveland, Ohio. Patrick Stasko works as a Solutions Architect and like me has a passion for technology. I decided to reach out to him to discuss being a VMUG leader.
I started out asking him about why he became a VMUG leader and his response was similar to my own. Patrick said, "I wasn’t filling fulfilled or challenged in my current role at the time. I recently moved back to Cleveland for a new opportunity and I was trying to determine which way can I make an impact. In my quest to wrap my arms around the Cleveland’s IT Community, it lead me to the Cleveland VMUG community which was going through some troubles. I’m passionate about people and technology. This is a perfect platform for both of those."
That passion for technology and community seems to be a resounding theme that I found when talking with leaders for this interview and really hit home with my own experience too. This was also true for another leader I interviewed, Valdecir Carvalho from São Paulo, Brazil.
When I asked him the same question Valdecir responded, "First of all, VMUG it's all about community and I’m a community lover. I'm from São Paulo, Brazil and when I first heard about VMUG I've rushed to vmug.com to look for a São Paulo chapter and that place was dead. Then I start to talk to some other friends and vendors to find out why, but long story short I sent a mail to VMUG HQ and applied. And I'm really glad I did!"
There are some great benefits to becoming a VMUG leader and for me, one of those benefits is exposure to the communities I lead, as a thought leader within the industry.
I also spoke with the New Jersey VMUG Leader, Ben Liebowitz and he mentioned that, "It has gotten me many more contacts in the community, all over the world!" That is so true and I have also experienced this. As stated above, VMUG is a global community and because of that you can meet other technologists from around the globe.
VMUG has many opportunities to connect with and get to know other leaders from around the globe, like through the VMUG site. Each group has its own community page where we can come together to share knowledge and discuss VMUG, along with other opportunities. VMUG also has online event meet-ups and opportunities, along with events like the annual VMworld members party, and Leaders meet-ups at VMworld. VMworld is also a great place to gain knowledge and meet our local leaders at the VMUG booths located throughout VMworld.
As mentioned there are many benefits to becoming a VMUG leader. I asked Patrick what he thought was the benefit and he said, "The biggest impact is the rapid ability to connect and network within the local community and other VMUG circles across the world. I especially enjoy and look forward to the VMUG activities at VMworld. " As mentioned already, connecting at VMworld is another great benefit not only to leaders but to all members. Some other advantages or benefits are things like, receiving a VMUG Advantage subscription.
VMUG Advantage is the best way to gain the technical skills to accelerate your success with exclusive access to VMware applications and discounts on training, certifications, VMworld registration and more! You are also given access to the EVALExperience, which gives you exclusive access to 365-day evaluation licenses for a selection of VMware solutions, for personal use in a non-production environment and includes these products:
This leads me to how we run our local groups. I have found that most leaders run their groups in very similar fashions but that we all learn from each other. When I asked the leaders how they run their local groups, Valdecir replied, "I do not run it alone. I'm happy to have other leader who is a great partner and together we are doing our best to make VMUG more and more relevant to our members. VMUG São Paulo, is a new group, we have "revamped" the group 8 months ago, so we are still learning from others Leaders, from VMUG HQ and most of the time, discovery things by ourselves by trying and error. Also, our focus is our members, so we try to hear what they want, what they need and they feedback, so we can improve our chapter more and more."
Of course talking wth Patrick, he has taken is skills as a Solution Architect and really formalized how his group is run as you can see from the layout he created below.
One of the challenges we have as a leader is how we drive attendance to the meetings and grow our groups. I use things like social media sites, like Facebook, Twitter, and LinkedIn. I can setup my groups and send out information about events along with utilizing marketing features from Facebook to bring awareness to the communities I lead.
Every leader has their own challenges which can be things like location as Valdecir mentions, "It's difficult, mostly because VMUG and other technology groups are not so well deep in our culture. First of all, we are trying to get people understand what VMUG is, what are the VMUG values and benefits. We choose to start small and delivery only the best, so when people realize what VMUG is and start to talk about it things will be easy."
Another example from Patrick was, as he mentions utilizing VMware. Patrick mentions that "The local VMware TAMs and SEs have done a terrific job relaying meeting information to their customer base which has been a game changer." I have found this to be helpful too and always make it a point to invite VMware to our events.
Choosing topics for our events is arguably the most important thing you can drive as a leader. It is imperative to listen to what is happening in the industry and to your members and as Patrick mentions, "We encourage the community to provide topic ideas. We make our best attempt to listen and provide a platform for those topics. Our leadership and ambassador weigh the agenda, location, costs, potential attendance reach and sponsor into consideration determining whether that topic idea has the ability to convert to a formalized meeting."
Standing out from other technology groups within our communities is always a challenge. Technologists only have so much time to pick which events they can attend due to time restraints and time away from work. Patrick mentions that, "Within the VMUG circles, I believe we were one of the first groups to develop our own brand & logo. Secondly, we created software (http://github.com/tkrn/pivmugc) for all VMUG communities to use upon meetings to help track check ins, attendance, reporting and printing of name tag labels." As you can see Patrick has been busy and this is driven from his love for technology and community.
The last point I want to discuss is why you as a technologist should care about VMUG. The resounding response from the interviews was that VMUG is about community and as Valdecir mentioned, "VMUG is all about people. Be part of and care about VMUG is a great opportunity to learn and get connected with other people from the industry. It's a chance to meet new people, learn, teach, hire someone, find a new job, be promoted in your current job, make new friendships for life, and the list goes on."
If you are interested in becoming a VMUG Leader or a VMUG member I have posted some resources below. I highly recommend getting involved and if there isn't a VMUG in your local community, think about starting one.
Thanks to all the VMUG leaders that participated in this blog.
vRealize Network Insight or vRNI is the newest addition to the range of products from VMware. vRealize Network Insight integrates with VMware's network virtualization platform, NSX. vRNI delivers intelligent operations for your software defined network environment. vRNI does for your virtualized network what vRealize Operations does for your virtualized environment, but only to the SDN environment. With the help of this product you can optimize network performance and availability with visibility and analytics across virtual and physical networks. Provide planning and recommendations for implementing micro-segmentation security, plus operational views to quickly and confidently manage and scale VMware NSX deployment.
Let's take a step back and discuss, briefly, what VMware NSX is and why you should, as a technologist, care about it.
NSX is an innovative approach to solving long-standing network provisioning bottlenecks within the data center, and it allows for the integration of switching, routing and upper-layer services into an integrated application and network orchestration platform. With an overlay solution that may not require hardware upgrades, NSX offers customers a potentially quicker way of taking advantage of SDN capabilities by decoupling the network from hardware into a software abstraction layer allowing the end-user to programmatically create, provision and manage networks.
Essentially, NSX is doing for your network what vSphere did for your compute environments and we have typically virtualized the compute and storage with vSAN, so adding network virtualization brings the full vision of SDDC giving you a lot of benefits like single pain of glass to manage your environments within vCenter, which a lot of us are already familiar with.
With NSX you gain visibility into your network that you may not have today while allowing for division of duties in a secure manner. NSX technology inception is on the rise and as of today, VMware has over 2,600 customers that have implemented NSX and over 50% increase in license bookings.
You can learn more on NSX from a previous blog here.
You might be familiar with vRealize Network Assessment (vNA) and be asking yourself, what is the difference between vRealize Network Insight (vRNI) and vRealize Network Assessment (vNA)? The difference is that vNA only gives you the report/preview portion of the product, which takes 30-minutes to install. It takes more time to install the full-product. vNA only needs to connect to the vCenter and can be ran with a Solutions Provider like Rotla Advizex. vRNI, in addition to the vCenter, you also need to connect it the hardware, firewalls, etc.
As mentioned above vRNI addresses the need for deeper, richer NSX operation and traffic analytics in the fast growing virtual networking market. vRNI transforms operations for NSX based on SDDC across your virtual, physical, and cloud.
Using vRNI and vNA, Rolta Advizex can help remove the guesswork from micro-segmentation deployments with a global net flow assessment, gain operational insights needed to quickly and confidentially manage and scale your NSX deployment with vRealize Network Insight.
What's New in 3.4
VMware recently updated vRealize Network Insight on June 01, 2017.
The new and enhanced features in this release are as follows:
I received some questions from VMware and thought that it would be fun to write this blog as a mock interview, but first let's begin with learning a little about VMware certification tracks.
VMware offers certifications in cloud management and automation, data center and network virtualization, and desktop and mobility. As a leader in the virtualization space, VMware certifications are a must-have for many IT professionals, especially those who work in data centers and/or support virtual environments.
VMware certifications are based on a version of the associated technology, which means VMware certifications change in response to technology changes. Be aware, though, that certification updates lag behind the release of new virtualization technology.
VMware Version certifications fall into four categories:
Associate certifications typically require passing a single exam to achieve certification. Candidates for Professional and Advanced Professional certifications must either take a training course or earn a prerequisite certification and pass an exam. To obtain a VCIX, candidates must earn two VCAP credentials.
Achieving a VCDX certification is more involved. Candidates must first obtain multiple prerequisite certs, then create a production-ready VMware solution and defend it in front of a panel.
Now that we have discussed the certification tracks let's jump into the interview about certifications from VMware and AdvizeX.
This interview is held between VMware and AdvizeX employees Chris Miller who is a Principal Architect and Brandon Seymour, a Virtualization Architect, Patrick Stasko, a Solutions Architect, and Jamie Carlson a Principal Networking Lead. You can find out more information on Chris and Brandon from a previous blog on being a vExpert that I wrote.
VMware: Why did you decide to take your first test and what was your motivation?
Chris Miller, AdvizeX Principal Architect: The first certification test(s) I took was the MCSE NT 4.0. My motivation at the time was enhancing my resume, gaining knowledge from the associated training, and giving my early career a boost by obtaining a certification that was in high demand at the time.
Brandon Seymour, AdvizeX Virtualization Architect: I wanted a career in IT and so I pursued my MCSE in NT 4.0. This also included training and certifications in Novell, and A+ through a technology school after the military. My first VMware certification was VCP-DCV5.0 and was taken to enhance my career in virtualization while working as a Enterprise Systems Administrator for a local University.
Patrick Stasko, AdvizeX Solutions Architect: Career Advancement.
Jamie Carlson, AdvizeX Principal Networking Lead: In 1998, it seemed one of the best set certifications out there was a combination of having the Novell Certified Engineer and being a Cisco Certified Network Professional. It was a great combo. It opened a lot of doors as I was leaving the Navy in 2000. My first exam was a Certified Novell Administrator.
VMware: What was your journey for the first test?
Chris Miller, AdvizeX Principal Architect: My journey for all of the test, involved a 4 week boot camp in Atlanta, GA. It was very interesting to me because I had not traveled out of state much up until that point (I was only 21 years old at the time). My employer at the time, an Internet ASP (I think we call this SaaS now :) ), offered to pay for boot camp training since we had big plans and our application was built on Microsoft technologies. Having certified folks on staff also helped lend credibility when we attempted to secure funding for future growth. We had an opportunity to receive a big discount on the training and I took it.
Brandon Seymour, AdvizeX Virtualization Architect: My journey was similar to that of Chris in that I also attended a boot camp for my MCSE and for my VMware certification I started with my employer at the time sending me to a local VAR for a week of training.
Patrick Stasko, AdvizeX Solutions Architect: A lot of book studying. Cramming. Memorizing port numbers and other facts that you would normally reference anyways.
Jamie Carlson, AdvizeX Principal Networking Lead: I had a lot of experience managing a Novell network that ran on Cabletron and later Cisco switches. It didn’t take much for me to self-study and take the Novell exam to start me as a CNA.
VMware: Were you nervous, how did you study?
Chris Miller, AdvizeX Principal Architect: I wasn't nervous but mostly because I've been a good test taker throughout high school and college. In the boot camp, the format was 3 or 4 days of 10-hour-per-day training and taking an exam the morning of the 4th/5th day. I believe there were 5 total exams and most of the evenings were spent studying further, so I didn't get to enjoy my trip very much outside a day or so on the weekend. Throughout the boot camp training class, I focused very hard on the material and payed close attention to the instructor. Outside of class there were attempts to study, but the friends I made while there the first week and I moved our study sessions outside to the hotel pool and productivity took a dive w/ the rest of us.
Brandon Seymour, AdvizeX Virtualization Architect: I put in a lot of time studying in groups with others pursing the MCSE certification. My VMware certification journey was a bit different in that I utilized a lot on online communities like vBrown Bag.
Patrick Stasko, AdvizeX Solutions Architect: Read. Highlight. Write important facts/figures I needed to memorize down on a notebook to commit to my internal.
Jamie Carlson, AdvizeX Principal Networking Lead: I was really nervous. I was doing it all on my own. A test was like $65 at the time. No one reimbursed me for their cost, and if I failed I’d have to take it again. The funny thing was that Novell at the time used exams that gave weighted questions based on previous answers. So, if you could answer a couple of hard questions, you could breeze right through. The shortest Novell test was five minutes long and it consisted of eleven questions. The Microsoft test takers would be crying as the Novell test takers would come in and leave. The joke eventually was on the Novell folks. After all, “what’s Novell?”
VMware: How did it benefit your career as well as your community?
Chris Miller, AdvizeX Principal Architect: The impact on my career wasn't immediately obvious. I returned home to the same job, spent a year working until like many other dotcoms we went bankrupt, and began looking for another job in a saturated market. The certification played zero role in finding my next job as I took a position with a bank where I knew folks in the IT department based on a past business relationship w/ the bank's IT group (the dotcom hosted some services in their data center). However my personal knowledge swelled considering my background was mostly networking until I attended the boot camp. The training helped tremendously with my daily job responsibilities, especially troubleshooting, but since I spent 7 years at the bank and didn't keep the certification current, I don't feel the certification had much of an impact on my career. The lesson here is that training and knowledge is more valuable than the cert once you get the job, and for most people it would help you find a job provided the entire technology economy didn't just crash and burn 4 months earlier.
Brandon Seymour, AdvizeX Virtualization Architect: I was hired right out of school by a internet provider and it wasn't what I had imagined. I was responsible for troubleshooting internet connections issues for dial-up customers and also built websites for customers. I will always remember this one call in which the customer kept dropping calls whenever his wife used the bathroom, which shared a wall with the computer and modem on the other side. When she would run the hair dryer the modem would lose connection. My VMware certification help change the direction of my career which at that point was just enterprise systems administration. My journey into virtualization led to me becoming an evangelical for VMware in my community. I currently serve as the local Rochester VMUG Leader and of course I blog.
Patrick Stasko, AdvizeX Solutions Architect: It solidified knowledge as internal IT worker that I was the VMware guy. In a sales role now, it’s a required check box. I believe it had more benefit to me when I was internal IT than in pre-sales.
Jamie Carlson, AdvizeX Principal Networking Lead: I would never had been able to obtain my first position at UUNet in 2000 if I had not received my CCNA and CNE. I quickly moved up and received my CCDP and CCNP in 2001. I never re-certified any of my Novell certifications going heavily into Cisco Systems networking. I later moved out to Juniper Networks, Meru Networks wireless, HP Networking, and finely Aruba Networking. It became apparent that understanding a set of vendors in a focus area was much more advantageous than being a vendor expert.
VMware: Knowing what you know today, what are some of the pain points in this certification that you can share with your audience?
Chris Miller, AdvizeX Principal Architect: The biggest pain point IMO with at least the MCSE (at the time), and my understand is this problem is greater now due to the algorithms involved with the test, is dealing with an adaptive test. It seems when you are doing well the test pulls questions from the deepest, darkest corners of the training material and can prove challenging. Also the sheer number of trick questions and questions that are worded such that multiple answers really would apply makes testing difficult. Be ready for anything and if you are testing for a technology you can obtain and practice with, do not hesitate to do so. Also never give up. Failing a certification test should be considered a $200 practice round, do not let it demotivate you. Later in my career my #1 testing strategy was to take a test without studying, see how well I do, try to remember what I struggled w/ the most, and to study in this context. It also gives you a good idea how "tricky" the creators of the exam are with respect to content.
Brandon Seymour, AdvizeX Virtualization Architect: I agree with Chris in that if you fail the first time don't be discouraged and remember that others have gone before you so reach out for support. A lot of these certification tests are progressive in that they change up depending on how well you are answering the questions so you need to know the information. Take advantage of communities like vBrown Bag because they put on study sessions to assist.
Patrick Stasko, AdvizeX Solutions Architect: You will need to memorize what I would normally consider reference-able material which is a pain in the butt.
Jamie Carlson, AdvizeX Principal Networking Lead: Know the exam and also know the job or technology. In the Cisco Systems world, and I assume there are many vendors like this, there are three answers to every test question. There is the wrong answer. There is the correct answer. But, most importantly, there is the correct Cisco Systems answer. Some vendors are worse than other. Instead of testing you on how to implement and manage the technology, they also want you to know how to increase their market share and lower others. Cisco Systems was always very good at that.
For more information on certifications with VMware please visit MyLearn.
In the world of IT there are not a lot of moments of recognition, unless something goes wrong and we have all been there. If those in IT are doing their job then things just run and for the most part no one really thinks about those supporting the infrastructure. The time and effort it takes to keep the lights on, the nights and weekends sacrificed for upgrades and patches, and the endless amounts of studying to stay on top of technology changes in the industry and the time you will never get back from on-call. IT can be a very thankless job.
VMware has built a program to honor those that go above and beyond and take their passion for virtualizing IT into the realm of evangelizing. Evangelizing about the products we work with on a daily basis through blogs, podcasts, and community involvement. The VMware vExpert program is an honorary title VMware grants to outstanding advocates of the company's products. VMware recognizes vExperts with a certificate. The certificate and title give vExperts special privileges such as access to private betas, free licenses and exclusive events.
After long hours on the job, these IT professionals engage in work on their blogs, podcasts, etc. to contribute to the virtualization IT community. They do this to demonstrate their passion for various areas of IT and expertise for the purpose of teaching and helping others grow as technologists.
In my spare time I write blogs on VMware technologies along with supporting my local community by serving as a local VMware User Group (VMUG) Leader. In my current role I am also privileged to help educate customers about VMware and related products through presentations, etc. along with architecting solutions for them. I am a vExpert because I have a passion for virtualization technology.
At Advizex, we are proud to have a number of individuals who continue to make the vExpert program and demonstrate their passion for technology, to their local communities and their customers.
Brandon Seymour - Virtualization Architect
Established track record with 12 plus years of hands-on experience in Microsoft technologies, VMware virtualization, storage design and network infrastructure. He bring an innovative and pragmatic approach to analyzing complex business needs, enabling me to conceptualize, design and implement cutting edge solutions based on the latest virtualization, storage, and cloud technologies. His community-focused involvement allows him to effectively share his passion for virtualization and cloud technologies with peers.
Nemtallah Daher - Principal Consultant
Bilingual (English and Arabic) Network Engineer offering in-depth understanding of IT infrastructure areas, particularly IT network integration. Detail-oriented self-starter with demonstrated success in initiating, tracking, reporting and closing projects. Over 20 years of experience in designing and managing data networks in large and complex environments.
Doug Watkins - Senior Virtualization Consultant
Doug has over 15 years of experience in enterprise system architecture, planning, design and administration including: VMware Server Virtualization, VMware SRM, Microsoft Hyper-V 2012 R2, Dell Rackmount & Blade Systems, Cisco Blade Systems, EMC Storage Systems, Dell Compellent & EqualLogic Storage Systems, Networking Infrastructure, Fiber Channel Switch Infrastructure.
Joe Clarke - Principal Consultant
Joe Clarke is a Principal Consultant in the AdvizeX Services Solutions Practice on the virtualization team. His primary focus is EUC with VMware based technologies and easily integrates with network and storage teams. His skills include the design, implementation, troubleshooting and ongoing administration of enterprise systems. Joe has facilitated numerous large scale implementations along with post implementation support and upgrades. Joe is a certified VCDX-DTM #138.
Chris Miller - Principal Architect
IT infrastructure consultant specializing in data center technologies including storage, server and blade technologies, Cisco data center products, and virtualization. Specialties / Certifications: VCDX-NV #163, EMCTA.
How to become a vExpert?
To become a vExpert you need to fill out an application which becomes available twice a year and there are several paths to becoming a vExpert. Once received applications are moved into voting and once voting is complete selected vExperts are notified. Applications open for each calendar year are opened in November and results are announced in early February. Applications are opened again in June with an August announcement.
The Evangelist Path includes book authors, bloggers, tool builders, public speakers, VMTN contributors, and other IT professionals who share their knowledge and passion with others with the leverage of a personal public platform to reach many people. Employees of VMware can also apply via the Evangelist path. A VMware employee reference is recommended if your activities weren’t all in public or were in a language other than English.
The Customer Path is for leaders from VMware customer organizations. They have been internal champions in their organizations, or worked with VMware to build success stories, act as customer references, given public interviews, spoken at conferences, or were VMUG leaders. A VMware employee reference is recommended if your activities weren’t all in public.
VPN (VMware Partner Network) Path
The VPN Path is for employees of our partner companies who lead with passion and by example, who are committed to continuous learning through accreditations and certifications and to making their technical knowledge and expertise available to many. This can take shape of event participation, video, IP generation, as well as public speaking engagements. A VMware employee reference is required for VPN Path candidates.
Recommend a Colleague
You can recommend a colleague that you believe should become part of the vExpert community due to their evangelizing, educating, etc. of fellow employees and local community.
You can find more information on the vExpert program from the vExpert community page here.
Back on February 2nd, VMware announced two new products, VMware NSX for vSphere 6.3 and VMware NSX-T 1.1, and the adoption rate has reached new heights for VMware, as Chief Executive Pat Gelsinger mentioned in the Q4 2016 earnings that NSX is on track to bring in $1 Billion in revenue this year. That is impressive especially if you take into account the initial slow adoption rate of NSX.
The customer focused demand for tighter security in the data center with NSX and Micro-Segmentation, Automating IT provisioning while increasing efficiency, and Application Continuity is helping to drive the success of NSX into corporate IT.
So what is NSX anyway? As I mentioned in a previous blog, NSX is an innovative approach to solving long-standing network provisioning bottlenecks within the data center, and it allows for the integration of switching, routing and upper-layer services into an integrated application and network orchestration platform. With an overlay solution that may not require hardware upgrades, NSX offers customers a potentially quicker way of taking advantage of SDN capabilities by decoupling the network from hardware into a software abstraction layer allowing the end-user to programmatically create, provision and manage networks.
Let's take a look at what's new in version 6.3. You can see the announcement from VMware here.
VMware is bringing some new capabilities to security in NSX with Application Rule Manager, available in NSX Advanced and Enterprise editions. Application Rule Manager is responsible for the creation of security groups and firewalls for applications based on network traffic flows which is a sequence of packets from a source computer to a destination, which may be another host, a multicast group, or a broadcast domain. This along with Endpoint monitoring, available in NSX Enterprise, enables you to set profiles for applications inside the guest OS. This gives you end-to-end visibility into applications while simplifying the profile creations.
It is good to note that for security certification and requirements:
Here are a few other updates in NSX 6.3:
Software Defined Networking with NSX rounds off the Software Defined Data Center vision of VMware, bringing the ability to automate the provisioning of what once was, very manual physical networks, and the security of them. VMware continues to enhance the integration of NSX Load Balancers with vRealize Automation and offer support for third-party IP Address Management (IPAM) systems. VMware has also enhanced the integration with NSX for vSphere and vCloud Director. These new enhancements will enable new multi-tenant capabilities for our vCloud Air Network partners.
Some other new features found in Automation for 6.3:
As the adoption of NSX increases VMware is seeing more and more uses cases around Active-Active data center architectures utilizing the network overlay capabilities of NSX allowing for true workload mobility while maintaining ip addresses and consistent security policies across data centers. New enhancements in security tagging while simplifying security policy management across multiple data centers will help to ensure a consistent and reliable virtual network in a multi-vCenter deployment.
In NSX 6.3 there is also a new ROBO SKU introduced which allows you to take advantage of all these features in a ROBO solution allowing you to simplify the security and management across remote branch offices.
Here are a few other features introduced in NSX 6.3:
The focus for NSX-T is around emerging application frameworks and architectures like private IaaS on OpenStack and multi-hypervisor support for development teams using dev clouds. NSX-T supports multiple KVM distributions, within the hypervisor kernel, while delivering security with the use of distribute firewalls, logical switches and distributed routers; This includes Red Hat Enterprise and Ubuntu. This means freedom of choice to technologists allowing them to choose what's best suited for their applications.
Integration with VMware Photon allows IT to deliver security and services to their developers that are building containerized and cloud native applications. NSX can automate the creation of networks and routers when a new namespace/project/organization is created and then secure it all with micro-segmentation policies for containers and pods.
As noted above you now have standard, advanced, and enterprise editions. According to CRN, NSX Enterprise is $6,995 per CPU socket; Advanced costs $4,495 per socket and Standard will cost $1,995 per socket.
See VMware NSX for more information.
If you are interested in learning more and getting some hands-on lab time with NSX, take a look at VMware's hands-on labs, here.
Today VMware announced vSphere 6.5 at VMworld Europe 2016, the latest version of its industry-leading virtualization platform.
The vCenter Server Appliance becomes the core component of the new vSphere environment. The new appliance brings easy deployment and reduces the complexities of managing a vSphere environment by combining the vSphere Update Manager and introduces file-backup and recovery natively with VCSA High Availability. As a side note vSphere HA has been renamed to vSphere Availability inside the client and instead of having one long settings page for vSphere HA, it has now been divided up into multiple sub-pages and organized by the function that the setting is for. You will now see ‘Failures and Responses’, ‘Proactive HA Failures and Responses’, ‘Admission Control’, ‘Heartbeat Datastores’, ‘Advanced Options’.
You no longer need to have a Windows VM to deploy and run the Update Manager which can save on Microsoft licenses while reducing complexities. VMware is also touting 3x in performance optimizations and upgrading to this new version will be made easier with the new vCenter Server Appliance Migration tool.
vSphere 6.5 introduces new REST-based APIs for VM Management which brings better automation of virtual machines while improving both the user and partner experience.
Yes it is finally here, the highly anticipated new HTML5-based vSphere Client which provides a more responsive and easy to use interface. This update has been made available as part of a Fling on VMware Labs. If you haven't tested it out follow the link and take it for a spin.
In a world with increasing security threats, VMware has taken further steps to ensure increased security in the new vSphere 6.5 environment. In vSphere 6.5 VMware introduces VM-level disk encryption. This gives the ability to encrypt a VM disk regardless of OS and combined with the new Encrypted vMotion capability, vSphere can safe-guard your data at-rest and data in-motion. These new features will be appealing to those looking to migrate loads between on-prem and off-prem data centers in a secure fashion. The new encryption feature is designed to protect against unauthorized access.
To further protect the environment in vSphere 6.5, VMware introduced secure boot which protects both hypervisor and guest OS. This will address security issues around images from be tampered with and denying unauthorized access and prevent the loading of unauthorized components into vSphere environments.
For those that require further security needs around auditing vSphere 6.5 brings enhanced audit-quality logging capabilities. These forensic logs can help determine who did what, when and where.
VMware is realizing, that with more competitors and with more and more software start ups in the containers arena, the importance of supporting containers, ie. their own. VMware knows that the world of traditional and next-generation apps need infrastructure that will scale, perform and allow for high availability.
In this new release VMware delivers vSphere Integrated Containers, which allows for the deployment of containers in a vSphere environment for infrastructure needs. This means you can deploy containers in your environment without the need to re-architect your infrastructure. The new containers environment contains three components - the Engine providing core container run-time, Harbor a registry for container images, and Admiral which is the portal for management. vSphere Integrated Containers provides a Docker-compatible interface to app teams and of course is completely compatible with NSX and vSAN.
The VMware vSphere Integrated Containers new feature of vSphere 6.5 will be available for vSphere Enterprise Plus Edition customers at no additional charge. Pricing for vSphere starts at $995 per CPU.
vSphere 6.5 is the foundation for the new partner announcement between VMware and AWS continuing the cloud strategy of any cloud, any application and any device. Of course this is all integrated with the new Cloud Foundation announced by VMware in Vegas at Vmworld 2016.
To learn more about this announcement read the news release.
For more information on the AWS partnership check out this article.
VMware announced VMware Cloud Foundation back in the general session of VMworld 2016. Cloud Foundation is a unified platform for private and public clouds.
Let's start with defining the term "Clouds". This term has been thrown around a lot and some take this term as "In the Cloud" off premises platforms, but some use the term more all inclusive which includes both "On-Prem" and "Off-Prem" platforms. Wikipedia defines this term as "computing that provides shared computer processing resources and data to computers and other devices on demand". For this blog I am using the definition of cloud as the latter. I think of cloud as all inclusive of both off and on-prem platforms for providing resources. I know some feel as though cloud was meant to replace the "on-prem" private cloud and yes, that will ultimately be the direction in years to come, but for now we live in a world of hybrid-cloud and that is what Cloud Foundation is here to assist us with.
Now that we have cleared that up, let's move on to Cloud Foundation from VMware. Cloud Foundation brings together, VMware's vision for SDDC where compute, storage, and networking services are decoupled from the underlying hardware and abstracted into software as pools of resources allowing for IT to become more flexible and agile while also allowing for better management, into an integrated stack for cloud. This is done by defining a platform common to both private and public clouds.
The foundational components of Cloud Foundation are VMware vSphere, Virtual SAN, and NSX and can be packaged with vRealize Suite to bring automation into the picture. If you are not familiar with the vRealize Suite from VMware let's just take a moment to discuss this.
The vRealize Suite is a software defined product suite built to enable IT to create and manage hybrid clouds. It includes products like IT Business Enterprise, which VMware just sold off, and is an IT financial management tool to manage and analyze cost associated with IT services. It also includes vCloud Automation Center, vCenter Operations Management, and LogInsight.
The management for Cloud Foundation is VMware's SDDC Manager. SDDC Manager serves as a single interface for managing the infrastructure. From this interface, the IT administrator can provision new cloud resources, monitor changes to the logical infrastructure, and manage lifecycle and other operational activities. The idea here is a single pane of glass for management along with monitoring of all your cloud environments whether it be on-prem, IBM-Cloud, AWS, etc., providing ongoing performance management, capacity optimization, real-time analytics, and cloud automation.
Cloud Foundation allows for a flexible solution allowing for on-prem and off-prem deployment options and can be deployed on-prem or off-prem as a service. You can choose on-prem options like integrated solutions from OEM providers such as VCE with hyper-converged systems and VSAN ready nodes from Dell.
Cloud Foundation will help to reduce the complexities faced with cloud strategies to date. The idea of "who cares where your data resides as long as it it secure and accessible" comes to mind. You can have applications being delivered from multiple clouds whether on or off-prem, Azure, or AWS. IT only needs a single pane of glass to monitor and manage these environments while also allowing for IT and management to track related costs. Ultimately giving IT the agility of migrating between cloud platforms when needed.
A use case for this would be a merger and acquisition of a company with a hybrid cloud environment. Cloud Foundation would help manage the complexities involved with integrating those resources into your own environment while maintaining security and the integrity of your current environment.
VMware announced alongside the Cloud Foundation announcement at VMworld 2016 the new partnership with IBM Cloud. This allows companies to have choice in deploying SDCC whether it be on-prem in their own private data center(s) or with IBM. This solution is based with Cloud Foundation and allowing VMware customers to seamlessly extend private to public.
Again, the software stack includes VMware vSphere, Virtual SAN, NSX, and VMware SDDC Manager. VMware SDDC Manager was announced back at VMworld 2015 and combined with Cloud Foundation is just the next step toward IoT with what VMware states as "Any Cloud, Any Application, Any Device". The SDDC Manager allows for a simplified management of a highly distributed architecture and resources.
Cloud foundation integrates with the entire VMware stack which includes Horizon, vRealize Suite, vRealize Automation, vRealize Business, OpenStack and products like LogInsight.
With Cloud Foundation natively integrating the software-defined data center stack and SDDC Manager, customers can flexibly upgrade individual components in the stack to higher editions allowing for flexibility in lifecycle management which consumes large amount of time in traditional IT.
With Cloud foundation you can automate the entire software stack. Once the rack is installed and powered on with networking to the rack, the SDDC Manager takes the BOM that was built with your partner like Advizex, and includes user-provided environmental information like DNS, IP addresses, etc. to build out the rack. The claim is that this can reduce the provisioning time from weeks to hours which for those of you that have done this in a non-automated fashion can attest to how painful the process can be. When complete you have a virtual infrastructure ready to start deploying and provisioning workloads.
In the complexities of traditional IT with silos, it takes extensive resources to provision a highly available private clouds, but with Cloud Foundation an administrator only needs to create and manage pools of resources decreasing the time to delivery of IT resources for consumption by the end-user whether it be a vm or a virtual desktop. This is done through a new abstraction layer called, Workload Domains.
Workload Domains are a policy-driven approach for capacity deployment. Each workload domain provides the needed capacity with specified policies for performance, availability and security. An admin can create a workload for dev/test with a balanced performance and low availability requirement while also creating one for production with high availability and high performance.
The SDDC Manager translates these policies into the underlying resources of compute which allows for the admin to concentrate on higher level tasks instead of spending time researching how to best implement.
Lifecycle management introduces a lot of complexities which are typically manual process to patch and upgrade and can lead to issues within an infrastructure due to interoperability and configuration errors. In turn the validation and testing of these patches takes a lot of time away from an IT staff. Sometimes patches get deployed before they have been vetted correctly for security and other reasons or defer patches which can slow down the roll-out of new features, etc. SDDC Manager automates these tasks for both physical and virtual infrastructures. VMware tests all the components for the Cloud Foundation before shipping new patches to the customer.
Within the lifecycle management of Cloud Foundation you can choose to apply the patches to just certain workloads or the entire infrastructure. SDDC can patch the vms, servers and switches while maintaining uptime thereby freeing resources to focus on business critical initiatives.
Scalability is built into the platform within a hyper-converged architecture. You can start with a deployment as small as 8 nodes, and scale to multiple racks. Capacity can be added linearly in increments as small as one server node at a time within each rack allowing IT to align CapEx with business needs. Cloud Foundation automatically discovers any new capacity and adds it into the larger pool of available capacity for use.
Some main use cases for Cloud Foundation are; Virtual Infrastructure allowing IT to expand and contract the underlying infrastructure to meet their changing business needs; IT Automating IT allowing IT accelerate the delivery and ongoing management of infrastructure, application and custom services, while improving overall IT efficiency; Virtual Desktop making VDI deployments faster and more secure. Administrators can focus on specifying the policies and needs of the VDI infrastructure instead of dealing with the details of deploying the VDI infrastructure.
To learn more about VMware's Cloud Foundation you can visit the product page here.
You can also get hands-on with the product from the hands-on lab provided online from VMware.
HOL-1706-SDC-5 - VMware Cloud Foundation Fundamentals
Back in July of 2016, VMware issued a Field Advisory, announcing bugs for the release of NSX for vSphere 6.2.3. VMware urged its user community, not to upgrade to this version and if you had they came out with a 6.2.3.a release to resolve the issues. The issues that VMware found were that both primary and secondary HA nodes would be placed into Active State, causing network disruption and issues related to the DFW rules causing traffic disruptions.
VMware has now released, back in August, the new version 6.2.4 for GA. This release includes some critical bug fixes previously identified which includes a critical input validation vulnerability for sites that use NSX SSL VPN. You can see the full list what's new in the release notes.
Most of the new features were already discussed by me in a previous post you can find here. In this new version the only thing listed as new is a new feature around "Firewall Status API".
VMware also has announced the End of Availability (EOA) and End of General Support (EOGS) for Cloud Networking and Security 5.5.x. The date is September 19, 2016 for both.
You can see a list of NSX trending issues here.