Home > Blogs > VMware Go Blog > Tag Archives: IT Advisor

Tag Archives: IT Advisor

Weekly Links – November 19, 2012

Happy Thanksgiving week! We imagine those of you in the U.S. are all looking forward to stuffing yourselves with turkey and stuffing at Aunt Millie’s this coming Thursday—just remember to save room for the pumpkin cheesecake this time!

Here’s to a shortened work week; hopefully the holiday season has your usually unforgiving colleagues in a more thankful mood these days (yeah, we didn’t think so, either…).

Enough gobbling on our part, though – on to this week’s links:

IT at the crossroads: Lead or fade away (InfoWorld)

The Top 12 Scams of Christmas 2012: New Threats Hitting Mobile, Email and the Web (IT Business Edge)

Petraeus Mission Impossible: Cloaking Email, Online Identities (InformationWeek)

Game consoles to hit new pricing lows on Black Friday (Ars Technica)

It’s Official: You’ll Have More Technology to Manage in 2013 (Spiceworks blog)

This week’s apropos of nothing is particularly apropos of nothing – instead of keeping with the aforementioned Thanksgiving theme, here’s a picture of a baby bear climbing a tree… AWWW!

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Want to learn more about VMware Go Pro? Click here.

Better yet, you can try it for yourself here – and it’s free!

This Week in Patching – 11/16/2012

By: Jason Miller, Manager, Research and Development

This week in patching was highlighted by Microsoft’s Patch Tuesday.  Microsoft released six new security bulletins addressing 13 vulnerabilities.  I have a full write up on Patch Tuesday here.

On the non-Microsoft front, I did not see any security updates released.  However, there were a few non-security updates released that you may want to get installed to fix various issues.

On Monday, two vendors released updates for their programs to fix crashing issues.  Notepad++ 6.2.1  and Filezilla 3.6.0 are non-security updates fixing crash issues.

On Tuesday, an update for AT&T Global Network Client was released with version 9.1.0.  The release notes have not been updated yet.  Without a published update, I am under the assumption at this point that the release is a non-security update.

VMware also released updates for MozyHome and MozyPro with version 2.18.0.227.  These updates are non-security updates fixing numerous issues and introducing new features.

On Thursday, Microsoft released a new version of Skype with version 6.0.0.126.  The highlight of this non-security update is a fix that addresses issues when upgrading to the latest version of Skype.

Due to the holiday week next week, I will not have a weekly write up for the week in patching next Friday.  I will provide an update in patching for the holiday week the following Monday.

Happy Patching!

– Jason

P.S. Want to learn more about VMware Go Pro? Click here. Also, check out  a 30-day free trial of VMware Go Pro!

VMware Go Pro – Now with Migration Features!

Heads up – VMware Go Pro has a cool new feature as of today!

What’s new?

VMware Go Pro now has a migration feature. What does that mean for you, you may ask? You can now easily and seamlessly move virtual machines from one hypervisor or server to another, and shift it back again as needed.

All IT admins have had to deal with a faulty server at one point or another—and they likely know what a painful process migration can be. VMware Go Pro’s new migration feature takes the pain out of this process and allows you to smoothly manage the migration process.

And one more thing…

As if migration functionality wasn’t enough, VMware Go Pro now supports Windows 8 and Windows 2012 as well! This means that, among other things, you can now access VMware Go Pro and manage your IT assets from Internet Explorer 10 (assuming you’re not a Chrome of Firefox user, that is…) and better manage patching updates for Microsoft assets.

VMware Go Pro helps you better manage your IT assets and patching updates (including third-party apps) from a simple web-based interface—what’s not to love?

Want to learn more about VMware Go Pro? Click here.

Ready to try it out for yourself? Register here for a free trial!

Weekly Links – November 12, 2012

Happy Veterans Day – hope that at least some of you out there have the day off! More importantly, though, we want to take a moment to thank all of the veterans out there. We appreciate all of the hard work and sacrifice you’ve put in for your country.

Now, on to this week’s links:

85th level Orc Rogue wins election (ZDNet)

The advantages of IT on a shoestring budget (InfoWorld)

IT’s Future: Less Building, More Bundling (InformationWeek)

Twitter Issues Apology After Password Debacle (eWEEK)

CIA Director’s affair caught by FBI e-mail monitoring (Ars Technica)

For this week’s apropos of nothing image, we present you with a pearl of wisdom from one of the great scholars of our time:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Want to learn more about VMware Go Pro? Click here.

Better yet, you can try it for yourself here – and it’s free!

Weekly Links – November 5, 2012

Happy Monday to all you IT admins out there! Here’s to hoping that everybody had a good weekend—and that things are starting to get back to normal for those of you in the Northeast United States.

Here are your weekly links:

The geek skills challenge: 10 talents worth mastering (InfoWorld)

5 Ways To Survive The Coming IT Apocalypse (InformationWeek)

The Next Big Thing in BYOD, Continued (IT Business Edge)

IT sector rebounds, gains 12,500 jobs in October (ITWorld)

PayPal, Symantec hacked as Anonymous begins November 5 hacking spree (ZDNet)

This week’s apropos of nothing is nothing more than a shameless pun – we’re suckers for shameless puns:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Better yet, you can try it for yourself here – and it’s free!

vSphere Essentials + VMware Go Pro = Worry-Free IT Management for SMBs

In its early days, virtualization was seen as a luxury for IT departments. Sure, it would save you considerable money on hardware and utility costs and improve overall performance for your IT infrastructure—but there was also a significant upfront cost and technical training required to get it up and running. At that point, it was essentially limited to the IT 1%-ers (come on, it’s election season – grant us that one terrible analogy…).

After a while, virtualization evolved from a nice-to-have to a need-to-have; nearly every single Fortune 500 company, for example, had virtualized most or all of their infrastructure by the early 2010s. At this point, virtualization has emerged as a best practice in IT and nearly every single medium-to-large organization has gotten on board with it.

It’s just now, though, that many smaller and mid-sized organizations are beginning to embrace virtualization. As the market has evolved, the barrier to entry has dropped and cost-conscious SMBs are beginning to realize the potential of virtualization.

With that said, we realize that every dollar counts—and getting started with virtualization wasn’t always the easiest option in the past. With that in mind, we’ve made it even easier for SMBs to get started with virtualization: from now until December 15, VMware Go Pro will be bundled with vSphere Essentials and vSphere Essentials Plus.

That means that you can get use VMware Go Pro to greatly simplify and streamline your vSphere installation.  And Go Pro provides industry-leading patch management at no additional charge when you purchase vSphere. So what are you waiting for, sign up today!

Not convinced yet? Try a 30-day free trial of VMware Go Pro for free – no questions asked!

Weekly Links – October 12, 2012

Good afternoon to our favorite IT admins! Any fun plans in store for this weekend? Personally, we want to go see that Seven Psychopaths movie—how can you go wrong with Tom Waits, Christopher Walken and Sam Rockwell in the same movie?

Now for your weekly links:

Top 10 cloud jobs (InfoWorld)

Seven Reasons Why Companies Need to Automate Disaster Recovery (IT Business Edge)

BYOD: The New IT Management Headache (Network Computing)

10 technologies shaping the future of IT (IT World)

The IT Crowd (required viewing if you haven’t seen it yet) (Netflix)

This was too good to pass up – this week’s apropos of nothing image:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Better yet, you can try it for yourself here – and it’s free!

 

VMware Go Pro Presenting at VMworld Barcelona!

Exciting news for VMworld Barcelona attendees: VMware Go Pro will be presenting not once, but twice, at VMworld this week! Our own Manoj Jayadevan and Arun Lal will be delivering two separate presentations on the advantages of VMware Go Pro.

Check out the abstracts for each presentation below. Definitely worth checking out if you’re at the show today:

Creating a Highly Profitable Virtualization Practice with VMware Go Pro

Tuesday, October 9 at 2:00 PM CET – Hall 8, lower level | Room E3

In this session, we will provide an overview of the business opportunities, and profitability models that will help you grow a sustainable virtualization business with VMware Go Pro. VMware Go Pro is a software-as-a-service (SaaS) offering hosted by VMware designed for partners and IT admins of companies with less than 1000 employees that makes it easy to adopt and manage a virtualized environment, protect and secure IT assets and increase reliability of SMB IT infrastructures. In this session, attendees will learn how to provide a wide array of virtualization and IT management services leveraging VMware Go Pro cloud service and in the process tap new cloud-based recurring revenue opportunities.

VMware Go: The Zen for Small and Midsized Business IT Management

Tuesday, October 9 at 3:30 PM CET – Hall 8, lower level | Room B1

Cloud computing is transforming the way small and midsized business IT infrastructure is being managed. In this session, we’ll take a deep-dive exploration into the cloud-based VMware Go physical and virtual IT infrastructure management solution from a business value perspective. We will explore all the virtualization and security features, how to manage updates, along with how to create policies, and how to upload and deploy software, all from a single, Web-based management console.

Not in Barcelona this week? No worries! You can visit go.vmware.com for more information on how we can help you meet the specific needs of your IT environment.

Better yet, you can try it for yourself here – and it’s free!

VMware Go Pro Will Set You Free

By: Matt Sarrel, CISSP, Founder and Executive Director of Sarrel Group

For a free 30 day trial of VMware Go Pro, click here.

The life of a small business IT person is not an easy one.  While big businesses have entire IT shops staffed by people with titles such as “network administrator,” “support tech level 1,” and “SQL developer,” small businesses typically have one to three IT people with titles such as “IT jack-of-all-trades,” “computer guy” and, my all-time favorite, “Hey you, fix this!”  Days are filled with development of detailed plans that may or may not ever be implemented because you’re too busy putting out fires.  The boss won’t hire additional staff, yet expects that her question about how to bold something in Word be given greater priority than securing the company’s web site.  It’s enough to make you pull your hair out (if you still have it).

And it doesn’t stop at the end of the day.  Many small business IT administrators use evenings and weekends to work on long-term projects without interruption.  But what happens when something goes wrong and you’re not there?  If you’ve had the foresight to build remote administration services (and the luck to have them funded), then you just might be able to save yourself a trip to the office.   I remember back to the days of my first network: when a certain device would go down on the weekends my pager would go off and I’d have to drive to work just to cycle power on that device.  My boss knew the device was essential, but wouldn’t allocate funds for a new one or for an acceptable remote administration solution.

If this scenario sounds familiar to you, then VMware Go Pro is definitely something you need to check out.  The combination of proactive and reactive measures available via a web interface eases the burden of installing and configuring not only virtual machines but also physical ones.  Imagine how much time you’d save if you could automate patch scanning, application, and remediation.  And now imagine how much more comfortable you could be if you could do this from anywhere.

For example, this has been a hectic few weeks for me.  I’ve got test projects going on in the lab plus I’ve been flying all over the country for meetings and trade shows.  I need test systems to be up and running for my employees, but I’m not even in the same half of the country as my lab.  The whole business can’t grind to a halt because I’m not there to patch operating systems, applications, and hypervisors, but the business will grind to a halt if I stop flying around and bringing in new clients.

With VMware Go Pro I can simply log in over the web, immediately see the status of my test machines, and fix whatever software issues have arisen.  The dashboard shows me the following:

And when I click “take action,” VMware Go Pro begins to walk me through remediating any active issues.

It’s only a matter of minutes for me to walk through scanning for and deploying missing patches.  Sure, I’ll sit outside in the sun 2000 miles away from the lab and let VMware Go Pro do the work for me.

Hey, while I’m here in the VMware Go Pro interface I can schedule scanning and deployment to take place without my intervention.  Hmmm.  A self-maintaining lab sounds pretty good to me – I can import existing ESXi and vCenter Servers so they can be managed by VMware Go Pro, increasing my operating efficiency by placing all of my virtualized resources under a common management platform.  And then with all of my newly found free time I can use VMware Go Pro to deploy more hypervisors and VMs.  It’s  so easy to manage them all under  a single console that I might as well.

To learn more about VMware Go Pro, please visit go.vmware.com.

You can also access a free 30 day trial of VMware Go Pro here.

 

 

The Meaning of Out-of-band Patches and Their Microsoft History

By: Jason Miller, Manager, Research and Development at VMware

For a free 30 day trial of VMware Go Pro, click here.

Microsoft is planning to release an out-of-band patch for a zero-day vulnerability at noon CST today.

We can set our calendars to every second Tuesday of the month (known as Patch Tuesday) for new Microsoft security bulletins.  Microsoft Patch Tuesday has become a ritual for the IT security industry.  Today is a stark reminder that you must always be vigilant and informative on the happenings in the security industry.  At any time, a vendor may release a patch out-of-band to address a zero-day vulnerability.

When is an out-of-band patch warranted?

Only a software vendor can make the decision on when a patch for a vulnerability should be released out-of-band from its normal release cycle.  Typically, a vendor will release a patch out-of-band when there are active exploits against the vulnerability, the vulnerability details have been released publicly, and the software affected could present a major attack outbreak.  With today’s release, all three of these criteria have been met.

Out-of-band patch releases are risky for the software vendor

When a patch is deemed necessary to be released out of band, the software vendor creating the patch is taking on risk.  In my previous post, I talked about the risk that IT administrators may take when implementing workarounds.  With software vendors, the risk of incorrect patch creation and testing is greatly increased.  The patch may fix the vulnerability, but there is always the possibility that a software patch will break normal functionality of a program.   For example: a patch fixes a vulnerability but the program now crashes when printing or saving.

Pay attention to all patches after applying, especially out-of-band patches

There is a chance with any patch that functionality could be broken.  With out-of-band patches, pay attention to the product patched to ensure other functionality is not broken.  If you find some functionality is broken, do not simply remove the patch.  Contact the software vendor and to determine if restoring the functionality but re-introducing the vulnerability is work the risk.

Out-of-band patch releases, not as common as we think

Since January 2010, Microsoft has released 269 security bulletins.  Only six of these bulletins (including today’s release) have been release out-of-band.  In fact, the last out-of-band patch release from Microsoft came nine months ago.

Year

Total Bulletins

Out-of-Band

% Out-of-band

2010

106

4

~4%

2011

100

1

~1%

2012

63*

1

~2%

(Note: 2012 includes today’s security bulletin release)

Security advisories do not mean out-of-band

Previously, I talked about zero-day vulnerabilities and security advisories.  Microsoft quite often will release security advisories throughout any given month.  The majority of these security advisories (pertaining to zero-day vulnerabilities) are fixed during a scheduled Patch Tuesday.  Below, you can see all of the security advisories Microsoft has released and the date they have released a patch to fix the vulnerability.  As you can see, active exploits happen quite often and do not warrant an out-of-band patch.

Advisory Release Date

Advisory #

Vulnerable MS Product

Fixed In

Fixed Date

Out-of-band

Days Between Advisory/Release

1/14/2010

979352

Internet Explorer

MS10-002

1/21/2010

Yes

7

11/13/2009

977544

OS – SMB

MS10-020

4/13/2010

No

150

1/20/2010

979682

OS – Kernel

MS10-015

2/9/2010

No

19

2/3/2010

980088

Internet Explorer

MS10-035

6/8/2010

No

125

2/9/2010

977377

OS – SChannel

MS10-049

8/10/2010

No

181

3/1/2010

981169

OS – VBscript

MS10-022

4/13/2010

No

42

3/9/2010

981374

Internet Explorer

MS10-018

3/30/2010

Yes

21

4/29/2010

983438

Sharepoint

MS10-039

6/8/2010

No

39

5/18/2010

2028859

OS – Canonical Display Driver

MS10-043

7/13/2010

No

55

6/10/2010

2219475

OS – Help

MS10-042

7/13/2010

No

33

7/16/2010

2286198

OS – Windows Shell

MS10-046

8/2/2010

Yes

16

9/17/2010

2416728

.NET Framework

MS10-070

9/27/2010

Yes

10

11/3/2010

2458511

Internet Explorer

MS10-090

12/14/2010

No

41

12/22/2010

2488013

Internet Explorer

MS11-003

2/8/2011

No

46

1/4/2011

2490606

OS – Windows Shell Graphics

MS11-006

2/8/2011

No

34

1/28/2011

2501696

OS – MHTML

MS11-026

4/12/2011

No

74

9/26/2011

2588513

OS – SSL/TLS

MS12-006

1/10/2012

No

104

11/3/2011

2639658

OS – Kernel-Mode Drivers

MS11-087

12/13/2011

No

40

12/28/2011

2659883

.NET Framework

MS11-100

12/29/2011

Yes

1

6/12/2012

2719615

MS XML Core Services

MS12-043

7/11/2012

No

29

7/24/2012

273711

Exchange Server

MS12-058

8/15/2012

No

21

9/17/2012

2757760

Internet Explorer

MS12-063

9/21/2012

Yes

4

(Note:  Not all security advisories from Microsoft have a bulletin associated.  Some security advisories have workarounds, information only or non-security patches associated.  These security advisories are not included in this list.)

Today’s scheduled security bulletin affects an Internet browser, so this should be high on your priority list for patch deployment today or this weekend.  With any out-of-band release, you should deploy the patch as soon as possible to prevent any attackers from taking advantage of the vulnerability on your network.

 

To learn more about VMware Go Pro, please visit go.vmware.com.

You can also access a free 30 day trial of VMware Go Pro here.