All posts by Shawn Cannon

I have been in IT since 1996. I am our Executive Senior Blogger with experience in VMware, Microsoft, EMC storage, Veeam and Dell servers. I love technology and love to blog about it!

vBrainstorm will be at VMworld 2015 in San Francisco!

VMworld 2015 is right around the corner in San Francisco and vBrainstorm.com will be there as an official blogger of VMworld!  What can you expect?  All the announcements made at the keynotes will be reported and summarized here.  We will be meeting with some of the vendors to report on their products.  These reports will be blog posts as well as videos.  We will also use Periscope for some live video reports so make sure you check us out there.  It should be a great week of virtual goodness and fun so stay tuned!

Shawn Cannon – vBrainstorm Blogger

VMware vSphere 6.0 is now available

Looks like VMware has made the 6.0 version of their vSphere and related product lines available today.  Here are the links to download.  Note:  These links require a My VMware account that is licensed for these products.

VMware vCloud Suite 6.0 (You can get ESXi 6.0, vCenter Server 6.0, vSphere Replication 6.0, vSphere Data Protection 6.0, vCenter Site Recovery Manager 6.0,  vRealize Orchestrator Appliance 6.0.1 and vRealize Operations Manager 6.0.1 from this link.  Virtual SAN is included with ESXi and vCenter Server downloads)

Short and simple right?

 

This is from the VMware Site.

 

VMware Announces General Availability of vSphere 6

Today, we are excited to announce the general availability of VMware vSphere 6 along with a slew of other Software-Defined Data Center (SDDC) products including VMware Integrated OpenStack, VMware Virtual SAN 6, VMware vSphere Virtual Volumes, VMware vCloud Suite 6, and VMware vSphere with Operations Management 6.

vSphere 6 is the latest release of the industry-leading virtualization platform and serves as the foundation of the SDDC. This is the largest ever release of vSphere and is the first major release of the flagship product in over three years.  vSphere 6 is jammed pack with features and innovations that enable users to virtualize any application, including both scale-up and scale-out applications, with confidence. New capabilities include increased scale and performance, breakthrough industry-first availability, storage efficiencies for virtual machines, and simplified management  at scale. For more details on the blockbuster features please refer to the vSphere 6 announcement.

If you are interested in learning more about vSphere 6, there are several options:

 

 [/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

HyTrust KeyControl Cryptographic Module Enters Process for FIPS 140-2 Validation

For those of you in fields where regulatory requirements are important then this news from HyTrust is for you.  They have entered the process to be validated for FIPS 140-2.  A press release was released yesterday, March 11 2015.  The contents of this press release is below.

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–HyTrust Inc., the Cloud Security Automation Company, today announced that the HyTrust KeyControl®Cryptographic Module has entered the validation process for FIPS 140-2 compliance. By adding FIPS 140-2 validation, HyTrust will continue to strengthen support for critical regulatory mandates such as PCI, HIPAA, and FedRAMP, offering a significant competitive advantage in an environment where data security compliance requirements are being updated and enforced across the board.

“The HyTrust engineering team has extensive experience in building FIPS 140-2 compliant encryption systems. We have a deep understanding of the complexities involved in both the security requirements for cryptographic modules and the validation process,” said Hemma Prafullchandra, CTO and senior vice president of Products at HyTrust. “That’s why we can assure our customers that there will be a seamless upgrade path from current HyTrust DataControl deployments to the FIPS-validated version.”

FIPS 140-2 and the validation process involved represent an established standard from the National Institute of Standards and Technology (NIST). It exists specifically to validate that a cryptographic module creates and handles encryption keys in a secure manner. The validation serves to assure users that the technology has passed rigorous testing by an accredited third-party lab, in accordance with NIST’s Cryptographic Module Validation Program. Since its inception, FIPS 140-2 has been considered the defining benchmark for securely engineered encryption in a range of critical areas, from the defense sector to financial services and other sensitive vertical industries.

HyTrust KeyControl® is a hardened software appliance that can be easily deployed on physical or virtual servers. Working in tandem with the HyTrust DataControl® encryption engine, KeyControl provides automated and centrally managed control over all encryption and key management policies. The Cryptographic Module is a subset of HyTrust KeyControl, representing the core software elements that generate and manage cryptographic keys. HyTrust KeyControl uses the module to generate and protect keys, enabling the rest of the solution to confidently store and distribute those protected keys.

About HyTrust (www.hytrust.com)

Cloud Under Control.

HyTrust is the Cloud Security Automation Company. Its mission is to secure the next generation datacenter by automating data protection and continuously enforcing security policies for the people and tools that operate private, hybrid and public clouds. HyTrust software helps enterprises increase system availability, reduce the risk of compromise, and ensure compliance to industry standards. With HyTrust, organizations gain the control, visibility and security necessary for a trustworthy cloud.

The Company is backed by strategic investors VMware, Cisco, Intel, In-Q-Tel, Fortinet, and venture capital investors Granite Ventures, Trident Capital,Epic Ventures and Vanedge Capital; its technology and go-to-market partners include VMware; VCE; Symantec; CA; McAfee; Splunk; HP Arcsight;Accuvant; RSA and Intel.

HyTrust; HyTrust, Inc.; HyTrust CloudControl (HTCC); HyTrust DataControl (HTDC); HyTrust DataControl: VM Edition; HyTrust DataControl: Virtual Storage Edition; HyTrust DataControl: AWS Edition; HyTrust KeyControl (HTKC); HyTrust Appliance; HyTrust Appliance Community Edition; HyTrust Cloud Control; HighCloud; HighCloud DSM; HighCloud VMV; HighCloud Key and Policy Server; “Virtualization Under Control”; “Cloud Under Control” and “Virtualization & Cloud Under Control” are all trademarks of HyTrust, Inc. All other names and trademarks are property of their respective firms.

Source for press release:  http://www.businesswire.com/news/home/20150311005992/en/HyTrust-KeyControl-Cryptographic-Module-Enters-Process-FIPS#.VQGnsivF-KO

Move vSphere Replicated VM files from one datastore to another

Recently at my day job we had some new storage allocated at our recovery site to use for vSphere storage.  I was tasked with decommissioning the old datastores.  The problem is that my replicated VMs resided on the old storage.  Of course I could go into my vSphere replication settings on each VM and just point it to the new datastores and be done with it.  That would have taken quite some time to do since the VMs would have to fully replicate again.  I wanted to find an easy way to copy the replicated VMs from the old datastores to the new datastores.  So I did some Internet searches and found the following blog post:  Copy Files Between Datastores – PowerCLI.   Dan Hayward posted a useful PowerCLI script that he used to copy ISO files from one datastore to another.  I basically adapted this script and changed it to move a VM from an old datastore to another.  I could have scripted it and passed in the variables from a CSV file but I wanted to update the vSphere Replication settings one VM at a time.  So here is what my script looked like:

Connect-VIServer ServerName

#Set’s Old Datastore
$oldds = get-datastore “OldDatastore”

#Set’s New Datastore
$newds = get-datastore “NewDatastore”

#Set’s VM Folder Location
$VMloc = “VMName”

#Map Drives
new-psdrive -Location $oldds -Name olddrive -PSProvider VimDatastore -Root “\”
new-psdrive -Location $newds -Name newdrive -PSProvider VimDatastore -Root “\”
#Copies Files from Old to New
copy-datastoreitem -recurse -force -item olddrive:\$VMloc\$VMloc*.vmdk newdrive:\$VMloc\

Basically the script connects you to your vCenter server, sets the old and new datastore variables, sets the VM Folder name and then does the magic to map the datastores and copy the VMDK files from the old to the new.  Having the VMDK files copied over to the new datastores allowed me to use these as my replication seed for each drive when I reconfigured replication settings for the VM.  I just updated this file for each VM that I needed to copy to the new datastores.

Obviously this could have been automated even more as I had to do this for over 120 VMs but I am not a scripting expert.  I am just thankful for a great blog post from Dan Hayward to help me out!  Thanks Dan!

vExpert 2015 Announced

vExpertx3

VMware has announced the first round of vExperts for 2015 and I am please to report that myself and Roger of vBrainstorm.com have made the list once again!  This is my 3rd year in a row being selected so the picture above reflects that.  Here is the announcement from VMware as well as a link it.

First we would like to say thank you to everyone who applied for the 2015 vExpert program.

I’m pleased to announce the list 2015 vExperts. Each of these vExperts have demonstrated significant contributions to the community and a willingness to share their expertise with others. Contributing is not always blogging or Twitter as there are many public speakers, book authors, script writers, VMUG leaders, VMTN community moderators and internal champions among this group.

I want to personally thank everyone who applied and point out that a “vExpert” is not a technical certification or even a general measure of VMware expertise. The judges selected people who were particularly engaged with their community and who had developed a substantial personal platform of influence in those communities. There were a lot of very smart, very accomplished people, even VCDXs, that weren’t named as vExpert this year.

If you feel like you were not selected in error, that’s entirely possible. The judges may have overlooked or misinterpreted what you wrote in your application. Email us at [email protected] and we can discuss your situation. We looked at all of the 2014 activities to determine the voting results.

We will open the second half 2015 applications soon which will only allow for two voting periods this year rather then the three we had last year.

If you were selected as a vExpert 2015, we will be conducting the on-boarding throughout the next few weeks so hold tight and expect future communication from us soon. You must successfully be enrolled in our private vExpert community to be listed in the vExpert directory and to be alerted to opportunities like the beta programs and complimentary licenses that we offer to vExperts. We will provide instructions to gain access to the private forum and the vExpert directory in the next communication via email. We will use the email address provided in your vExpert application.

Congratulations to all the vExperts, new and returning. We’re looking forward to working with you. Command + F away and find your name if you can’t wait for the welcome email :)

Corey Romero,
and the VMware Social Media & Community Team

Link:  vExpert 2015 Announcement

VMware products and “Ghost” (CVE-2015-0235)

I wanted to share this information from the VMware Security and Compliance Blog.  The bottom line is that no VMware products at this time have been found that are vulnerable to the glibc gethostbyname* buffer overflow (CVE-2015-0235).  The quoted blog post is below as well as a link to the post itself.

This Tuesday a buffer overflow in the gethostbyname family of functions (“gethostbyname*”) in the widely used glibc library (CVE-2015-0235) was disclosed.  As soon as we became aware of this vulnerability we began investigating.  We regarded it as a significant vulnerabiliy since theoriginal advisory detailed remote code execution in the Exim mail server.

We quickly realized that exploitability of this vulnerability depends on where and how the vulnerable function is invoked.  In particular, if an attacker cannot control the arguments passed to the gethostbyname* functions, then the overflow cannot be triggered.  Suffice it to say, the applicability of this vulnerability to the Exim mail server, cannot be generalized to all software using glibc, or even to all invocations of gethostbyname*.

We have been reviewing the use of glibc and gethostbyname* in our products.  Based on our current analysis, we have not identified any VMware product that is affected by this issue. Many of our products do use a vulnerable version of the glibc library, but we have not found a way to pass untrusted input to gethostbyname*. Our KB on this issue is published here.

We take the security of customers extremely seriously.  Even though no VMware product has been found to be exploitable using this issue, we will update the glibc library in normal upcoming maintenance releases.

Link:  VMware products and “Ghost”, glibc gethostbyname* buffer overflow (CVE-2015-0235)

VMware Security Advisory VMSA-2015-0001

VMware released security advisory VMSA-2015-0001 on January 27 2015.  A link to the advisory can be found here.  An overview of the items that this advisory addresses is shown below.

  • VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability
    VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host.The vulnerability does not allow for privilege escalation from the guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating
    System. 
  • VMware Workstation, Player, and Fusion Denial of Service vulnerability
    VMware Workstation, Player, and Fusion contain an input validation issue in the Host Guest File System (HGFS). This issue may allow for a Denial of Service of the Guest Operating system.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1043 to this issue.
  • VMware ESXi, Workstation, and Player Denial of Service vulnerability
    VMware ESXi, Workstation, and Player contain an input validation issue in VMware Authorization process (vmware-authd). This issue may allow for a Denial of Service of the host. On VMware ESXi and on Workstation running on Linux the Denial of Service would be partial.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1044 to this issue.
  • Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 and 0.9.8 package
    The OpenSSL library is updated to version 1.0.1j or 0.9.8zc to resolve multiple security issues.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-3513, CVE-2014-3567, CVE-2014-3566 (“POODLE”) and CVE-2014-3568 to these issues. 
  • Update to ESXi libxml2 package
    The libxml2 library is updated to version libxml2-2.7.6-17 to resolve a security issue.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3660 to this issue.

vCenter Server 5.5 Update 2d recently released

On January 27 2015 VMware released an update for vCenter Server 5.5.  The release notes are located here.  A brief summary of the resolved issues from the release notes are below.

vCenter Single Sign-On

  • VMware Directory Service consumes excessive memory
  • Backup and restore of vCenter Single Sign-On database might not replicate the data between primary and secondary nodes correctly
  • Attempts to logout through the vCloud Automation Center UI might fail

Networking

  • Network Interface Cards of virtual machines in disconnected state might get ejected during vMotion

vCenter Server, vSphere Client, and vSphere Web Access

  • Virtual machines on ESXi hosts containing NSX Endpoint virtual machines might not power on
  • Update to SUSE Linux Enterprise Edition Server in vCenter Server Appliance to address time zone changes
  • vpxd reports massive logging
  • Accessing the Storage View tab fails with the error
  • Scheduled tasks cannot be created for a different time on the same day in vSphere Web Client
  • The VMware VirtualCenter Server service fails intermittently
  • HTML console cannot be launched with custom port
  • Datastore browser in vSphere Web Client does not overwrite existing files
  • VMware VirtualCenter Server service fails

Virtual Machine Management

  • Cloning or deploying deploying virtual machines over the network causes performance degradation
  • Alert event is not triggered when one VM has multiple vNICs with same MAC address

vMotion and Storage vMotion

  • The default behavior of DRS has been changed to make the feature less aggressive during cluster upgrade

Initial Configuration of SolarWinds Virtualization Manager v6.1.1

So now that the Virtualization Manager appliance is installed and powered on we need to configure it.  The vBrainstorm lab has DHCP enabled but we are using static IP addresses so we need to change the appliance to use a static IP.  To do this, just right-click on the appliance in vCenter and choose to Open Console.  To configure a static IP, arrow down and hit enter on Configure Network.

setup (1)

Enter the info as prompted.

setup (2)

After the IP is set just open up a browser and go to the IP via HTTPS.  The default username and password is admin.

setup (3)

Once you are logged in you have to accept the license agreement (after you review it of course).

setup (4)

Next is the configuration wizard.  Just click begin!

setup (5)

The first screen is going to ask you for your registration info.  Enter that information and click Next.

setup (6)

The next screen is used to configure your credentials to access the server(s) you are going to access.

setup (7)

 

Click on the Add button to add the proper credentials.  In our case we are connecting to a vCenter server.  Enter the credentials and click Save.  Click Next.

setup (8)

 

The next screen is the data sources screen.  This is where you add your servers.  Click the Add button.

setup (9)

Choose Virtual Center.

setup (10)

Enter your vCenter server information.  Click Save.  Click Next.

setup (16)

The next screen lets you select collection schedules.  These are used to gather the data needed to populate Virtualization Manager.  For this lab setup I enabled both of these tasks.  You do that by highlighting the task and clicking thee Enable button.  Click Next.

setup (11)

 

The next screen is where you configure your SMTP settings so that you can receive email alerts.  After the info is entered click Next.

setup (12)

 

The final wizard screen is for integration with Storage Manager.  In our lab we are not using Storage Manager at this time.  Click Finish.

setup (13)

The Configuration Summary screen will appear.  A configuration status bar will show in the middle of the screen under Active Data Collection Jobs.

setup (14)

 

That’s it! Virtualization Manager has been configured for the vCenter instance in our lab!  The next blog post will go over the different screens in the software after data has been collected for a few days.

 

 

Installing SolarWinds Virtualization Manager v6.1.1 in a vSphere 5.x environment

Today I am installing SolarWinds Virtualization Manager v6.1.1 in our lab here at vBrainstorm.  If you are not sure what Virtualization Manager is, here is a quick blurb from the Solarwinds website:

Virtualization Manager
Comprehensive Virtualization Management for VMware ® & Hyper-V ® – From VM to Storage

  • Real-time dashboards simplify identification & troubleshooting of performance, capacity & configuration problems
  • Identifies VM sprawl, helps you reclaim & optimize space, and reduces licensing costs
  • Integration with Server & Application Monitor provides complete visibility of the application stack – from app to VM to datastore
  • All the functionality & more of other leading virtualization management tools – at a fraction of the cost
  • Easy to download, deploy & use – start monitoring your VMs in less than an hour

I will be installing this in a vSphere 5.x environment.  This is installed as a virtual appliance download from the Solarwinds web site.  The virtual appliance requirements are shown below:

CPU

2 GHz quad-core

Virtual CPUs

4 vCPUs

Memory

8 GB or more

Disk Space

200 GB or more

Virtual NIC

1 Gigabit vNIC

The download file for version 6.1.1 is approx 1479 MB.  After the file is downloaded, extract the ZIP file and then open up your vSphere client and log into your Virtual Center server.

To install the virtual appliance click on File – Deploy OVF Template.

virtmgr01

Choose the OVA file from the unzipped contents.

virtmgr02

Review the template details and click Next.

virtmgr03

Give the appliance a name and choose its location in your inventory.  Click Next.

virtmgr04

Choose the storage to place the appliance on.  In our lab we are using Nexenta for the storage.  Click Next.

virtmgr05

Choose the disk format.  In our lab Thin is the only choice so this screen is greyed out. Click Next.

virtmgr06

Choose the network mapping for the appliance and click Next.

virtmgr07

Choose how the appliance will get an IP address.  In our lab we are using static IPs so I chose Fixed.  Click Next.
(UPDATE:  Choosing static gave me an error on starting up the VM.  The error basically said “Cannot initialize property ‘vami.DNS0.SolarWinds_Virtualization_Manager’.  Choose DHCP and the VM will boot up.  You can change to a static IP via the console on the VM)

virtmgr08

Since I chose fixed I need to enter a valid IP address on this screen and then click Next.

virtmgr09

Finally I am presented with a summary screen.  Review it to make sure everything is correct and then click Finish.

virtmgr10

The appliance will be deployed.

virtmgr11

Power it up and the appliance is installed!  The next post will go into how to configure the appliance and connect it to your vCenter server.