Notice that the interoperability matrix shows support based on the ESX/ESXi version that is providing the tools. This is different from how the virtual machines report their VMware Tools versions. The virtual machines lists their tools version as a four-digit number which has no correlation with the corresponding ESX/ESXi host version:
I’m happy to report that the vSphere 5.5 Hardening Guide has been released for General Availability. My thanks to all that contributed their feedback to make this happen. The guide has been given a full makeover with regard to documentation references. I’m in Renate’s debt for those stellar contributions. Additionally, some guidelines have been removed and some new ones added.
Along with the guide, similar to the 5.1 release, I’m releasing a change log worksheet.
One thing to note, the “Profiles” column has been renamed “Risk Profiles”. This was done to bring to light the function of the column. I am frequently quizzed by IT administrators that have been told to “Implement the Hardening Guide”. As written, the Hardening Guide is a list of guidelines, not mandates. Please note that some guidelines in the Risk Profile 1 category can break functionality!
As with any security measures, they should not be applied in a blanket fashion. I would encourage IT administrations and security folks to work together and assess each guideline for applicability, risk management and impact to the business and operations. The Risk Profiles help to categorize the guidelines that could be applicable to your environment.
I’m working with the VMware web team to have the guide and the change log officially moved over to the Hardening Guide page on VMware.com. I will update the discussion in the Communities and post a reply to this blog article when that has been completed.
As always, your input is very valuable to me and VMware as a whole. If you have questions that can’t be asked in a public forum, reach out to me via email, mfoley-at-vmware.com. For more frequent updates to vSphere security news and facts, follow me on Twitter at @vSphereSecurity
Now that VMworld 2013 is over (both America & Europe), I noticed that a bunch of the break out sessions are now up on YouTube. Kyle Gleed (@VMwareESXi) and I delivered a 1 hour presentation on “what’s new in vSphere 5.5″, including ESXi, vCenter and Storage. You can watch the whole thing here.
If you didn’t get to VMworld, we hope you like this. If you did get to VMworld, but would like a refresh on all the new vSphere 5.5 features, you might like to watch this again. Of course, the best bit starts at about 26 minutes in, but don’t tell Kyle that
Get notification of these blogs postings and more VMware Storage information by following me on Twitter: @VMwareStorage
I’m happy to announce the availability of the vSphere 5.5 Hardening Guide Release Candidate. A SIGNIFICANT amount of documentation updates have been incorporated into the guide to really round it out. There have been some new additions and some deletions to the guide. All changes are documented in the changelog spreadsheet.
You can download the guide and the changelog here. All changes are color-coded in the changelog and within the RC release spreadsheet. The colors will be removed from the final GA document but will remain in the changelog.
I would encourage you to review the document and provide feedback ASAP. The goal is to release this for General Availability in the next week unless significant changes come in. You can reply to the discussion with your updates or contact me directly at mfoley @ vmware.com.
When the guide is released for GA, it will up uploaded to the normal location
More recent versions of Microsoft operating systems contain the ability to detect if they are running virtualized or not. This is accomplished through the checking of a CPUID hypervisor-present bit presented by the VMware virtual hardware. Since virtual hardware 7, VMware has implemented this interface, which is required by the Microsoft SVVP program.
However, as Microsoft continues to change and update its specifications, lets look at a specific behavior in which virtual machine performance can be impacted by the operating system accessing a time source inefficiently. Continue reading →
Updated based on feedback. Thanks for the comments!
I’d like to revisit the question “are ESXi patches cumulative”? This time I hope to hammer home the point with an example.
In short, the answer is yes, the ESXi patch bundles are cumulative. However, when applying patches from the command line using the ESXCLI command you do need to be careful to ensure you update the complete image profile and not just select VIBs.
There are two ways to update VIBs using the ESCLI command. You can use either the “esxcli software vib update …“ command or the “esxcli software profile update …” command. The “vib” namespace is typically used with the optional “-n <vib name>” parameter in order to update individual VIBs, where the “profile” namespace is typically used to update the host’s image profile, which may include multiple VIB updates. The key is when applying patches use the “profile” namespace to update the complete image profile opposed to using the “vib” namespace to update selected VIBs.
There is a lot of outdated information regarding the use of a vSphere feature that changes the presentation of logical processors for a virtual machine, into a specific socket and core configuration. This advanced setting is commonly known as corespersocket.
It was originally intended to address licensing issues where some operating systems had limitations on the number of sockets that could be used, but did not limit core count.
It’s often been said that this change of processor presentation does not affect performance, but it may impact performance by influencing the sizing and presentation of virtual NUMA to the guest operating system. Continue reading →
On August 26th at VMworld 2013 VMware announced vSphere 5.5, the latest release of VMware’s industry-leading virtualization platform. This latest release includes a lot of improvements and many new features and capabilities. In an effort to try and get my head around all this exciting new “stuff” I decided to go through the what’s new paper and compile a brief summary (well, relatively brief anyway).
Here’s the list I came up with. I’m sure I missed some things, but this list should help you get started with learning about what’s new in vSphere 5.5.
Last week at VMworld 2013 VMware introduced a new product strategy and direction for vCloud Director (vCD). This announcement was made during the breakout session update for the vSphere 5.5 product release.
vCD has been widely adopted by service providers and enterprises. It has also proven to be a foundational component of service providers offering including the VMware hybrid cloud service know as vCHS. Moving forward, vCD will be even more oriented towards service provider requirements. VMware’s enterprise customers, on the other hand, have expressed a strong requirement for a more simplified cloud stack. As a result, VMware will move forward with a plan to converge vCD functionality into the vSphere and vCloud Automation Center (vCAC) product lines. vCAC, in particular, has proven to be particularly well suited at meeting customer’s needs for governance and policy combined with self-service and ease of use. This combination of products will provide a simpler solution to enterprises.
This is a directional statement. Over the course of the next several release cycles for vCAC and vSphere product lines VMware expects all the use cases of vCD in the enterprise to be fully accommodated. vCD 5.5 will also ship with the vCloud Suite release in 2013 as part of this strategy.
Overall VMware believes there are significant customer benefits as a result of this new direction. This new direction will deliver simplicity, choice, and ultimately more robust functionality when it comes to running applications in the cloud.