Home > Blogs > VMware Go Blog > Tag Archives: vSphere

Tag Archives: vSphere

Weekly Links – November 19, 2012

Happy Thanksgiving week! We imagine those of you in the U.S. are all looking forward to stuffing yourselves with turkey and stuffing at Aunt Millie’s this coming Thursday—just remember to save room for the pumpkin cheesecake this time!

Here’s to a shortened work week; hopefully the holiday season has your usually unforgiving colleagues in a more thankful mood these days (yeah, we didn’t think so, either…).

Enough gobbling on our part, though – on to this week’s links:

IT at the crossroads: Lead or fade away (InfoWorld)

The Top 12 Scams of Christmas 2012: New Threats Hitting Mobile, Email and the Web (IT Business Edge)

Petraeus Mission Impossible: Cloaking Email, Online Identities (InformationWeek)

Game consoles to hit new pricing lows on Black Friday (Ars Technica)

It’s Official: You’ll Have More Technology to Manage in 2013 (Spiceworks blog)

This week’s apropos of nothing is particularly apropos of nothing – instead of keeping with the aforementioned Thanksgiving theme, here’s a picture of a baby bear climbing a tree… AWWW!

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Want to learn more about VMware Go Pro? Click here.

Better yet, you can try it for yourself here – and it’s free!

This Week in Patching – 11/16/2012

By: Jason Miller, Manager, Research and Development

This week in patching was highlighted by Microsoft’s Patch Tuesday.  Microsoft released six new security bulletins addressing 13 vulnerabilities.  I have a full write up on Patch Tuesday here.

On the non-Microsoft front, I did not see any security updates released.  However, there were a few non-security updates released that you may want to get installed to fix various issues.

On Monday, two vendors released updates for their programs to fix crashing issues.  Notepad++ 6.2.1  and Filezilla 3.6.0 are non-security updates fixing crash issues.

On Tuesday, an update for AT&T Global Network Client was released with version 9.1.0.  The release notes have not been updated yet.  Without a published update, I am under the assumption at this point that the release is a non-security update.

VMware also released updates for MozyHome and MozyPro with version 2.18.0.227.  These updates are non-security updates fixing numerous issues and introducing new features.

On Thursday, Microsoft released a new version of Skype with version 6.0.0.126.  The highlight of this non-security update is a fix that addresses issues when upgrading to the latest version of Skype.

Due to the holiday week next week, I will not have a weekly write up for the week in patching next Friday.  I will provide an update in patching for the holiday week the following Monday.

Happy Patching!

– Jason

P.S. Want to learn more about VMware Go Pro? Click here. Also, check out  a 30-day free trial of VMware Go Pro!

VMware Go Pro – Now with Migration Features!

Heads up – VMware Go Pro has a cool new feature as of today!

What’s new?

VMware Go Pro now has a migration feature. What does that mean for you, you may ask? You can now easily and seamlessly move virtual machines from one hypervisor or server to another, and shift it back again as needed.

All IT admins have had to deal with a faulty server at one point or another—and they likely know what a painful process migration can be. VMware Go Pro’s new migration feature takes the pain out of this process and allows you to smoothly manage the migration process.

And one more thing…

As if migration functionality wasn’t enough, VMware Go Pro now supports Windows 8 and Windows 2012 as well! This means that, among other things, you can now access VMware Go Pro and manage your IT assets from Internet Explorer 10 (assuming you’re not a Chrome of Firefox user, that is…) and better manage patching updates for Microsoft assets.

VMware Go Pro helps you better manage your IT assets and patching updates (including third-party apps) from a simple web-based interface—what’s not to love?

Want to learn more about VMware Go Pro? Click here.

Ready to try it out for yourself? Register here for a free trial!

Weekly Links – November 12, 2012

Happy Veterans Day – hope that at least some of you out there have the day off! More importantly, though, we want to take a moment to thank all of the veterans out there. We appreciate all of the hard work and sacrifice you’ve put in for your country.

Now, on to this week’s links:

85th level Orc Rogue wins election (ZDNet)

The advantages of IT on a shoestring budget (InfoWorld)

IT’s Future: Less Building, More Bundling (InformationWeek)

Twitter Issues Apology After Password Debacle (eWEEK)

CIA Director’s affair caught by FBI e-mail monitoring (Ars Technica)

For this week’s apropos of nothing image, we present you with a pearl of wisdom from one of the great scholars of our time:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Want to learn more about VMware Go Pro? Click here.

Better yet, you can try it for yourself here – and it’s free!

vSphere Essentials + VMware Go Pro = Worry-Free IT Management for SMBs

In its early days, virtualization was seen as a luxury for IT departments. Sure, it would save you considerable money on hardware and utility costs and improve overall performance for your IT infrastructure—but there was also a significant upfront cost and technical training required to get it up and running. At that point, it was essentially limited to the IT 1%-ers (come on, it’s election season – grant us that one terrible analogy…).

After a while, virtualization evolved from a nice-to-have to a need-to-have; nearly every single Fortune 500 company, for example, had virtualized most or all of their infrastructure by the early 2010s. At this point, virtualization has emerged as a best practice in IT and nearly every single medium-to-large organization has gotten on board with it.

It’s just now, though, that many smaller and mid-sized organizations are beginning to embrace virtualization. As the market has evolved, the barrier to entry has dropped and cost-conscious SMBs are beginning to realize the potential of virtualization.

With that said, we realize that every dollar counts—and getting started with virtualization wasn’t always the easiest option in the past. With that in mind, we’ve made it even easier for SMBs to get started with virtualization: from now until December 15, VMware Go Pro will be bundled with vSphere Essentials and vSphere Essentials Plus.

That means that you can get use VMware Go Pro to greatly simplify and streamline your vSphere installation.  And Go Pro provides industry-leading patch management at no additional charge when you purchase vSphere. So what are you waiting for, sign up today!

Not convinced yet? Try a 30-day free trial of VMware Go Pro for free – no questions asked!

Weekly Links – October 12, 2012

Good afternoon to our favorite IT admins! Any fun plans in store for this weekend? Personally, we want to go see that Seven Psychopaths movie—how can you go wrong with Tom Waits, Christopher Walken and Sam Rockwell in the same movie?

Now for your weekly links:

Top 10 cloud jobs (InfoWorld)

Seven Reasons Why Companies Need to Automate Disaster Recovery (IT Business Edge)

BYOD: The New IT Management Headache (Network Computing)

10 technologies shaping the future of IT (IT World)

The IT Crowd (required viewing if you haven’t seen it yet) (Netflix)

This was too good to pass up – this week’s apropos of nothing image:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Better yet, you can try it for yourself here – and it’s free!

 

VMware Go Pro Presenting at VMworld Barcelona!

Exciting news for VMworld Barcelona attendees: VMware Go Pro will be presenting not once, but twice, at VMworld this week! Our own Manoj Jayadevan and Arun Lal will be delivering two separate presentations on the advantages of VMware Go Pro.

Check out the abstracts for each presentation below. Definitely worth checking out if you’re at the show today:

Creating a Highly Profitable Virtualization Practice with VMware Go Pro

Tuesday, October 9 at 2:00 PM CET – Hall 8, lower level | Room E3

In this session, we will provide an overview of the business opportunities, and profitability models that will help you grow a sustainable virtualization business with VMware Go Pro. VMware Go Pro is a software-as-a-service (SaaS) offering hosted by VMware designed for partners and IT admins of companies with less than 1000 employees that makes it easy to adopt and manage a virtualized environment, protect and secure IT assets and increase reliability of SMB IT infrastructures. In this session, attendees will learn how to provide a wide array of virtualization and IT management services leveraging VMware Go Pro cloud service and in the process tap new cloud-based recurring revenue opportunities.

VMware Go: The Zen for Small and Midsized Business IT Management

Tuesday, October 9 at 3:30 PM CET – Hall 8, lower level | Room B1

Cloud computing is transforming the way small and midsized business IT infrastructure is being managed. In this session, we’ll take a deep-dive exploration into the cloud-based VMware Go physical and virtual IT infrastructure management solution from a business value perspective. We will explore all the virtualization and security features, how to manage updates, along with how to create policies, and how to upload and deploy software, all from a single, Web-based management console.

Not in Barcelona this week? No worries! You can visit go.vmware.com for more information on how we can help you meet the specific needs of your IT environment.

Better yet, you can try it for yourself here – and it’s free!

VMware Go Pro Will Set You Free

By: Matt Sarrel, CISSP, Founder and Executive Director of Sarrel Group

For a free 30 day trial of VMware Go Pro, click here.

The life of a small business IT person is not an easy one.  While big businesses have entire IT shops staffed by people with titles such as “network administrator,” “support tech level 1,” and “SQL developer,” small businesses typically have one to three IT people with titles such as “IT jack-of-all-trades,” “computer guy” and, my all-time favorite, “Hey you, fix this!”  Days are filled with development of detailed plans that may or may not ever be implemented because you’re too busy putting out fires.  The boss won’t hire additional staff, yet expects that her question about how to bold something in Word be given greater priority than securing the company’s web site.  It’s enough to make you pull your hair out (if you still have it).

And it doesn’t stop at the end of the day.  Many small business IT administrators use evenings and weekends to work on long-term projects without interruption.  But what happens when something goes wrong and you’re not there?  If you’ve had the foresight to build remote administration services (and the luck to have them funded), then you just might be able to save yourself a trip to the office.   I remember back to the days of my first network: when a certain device would go down on the weekends my pager would go off and I’d have to drive to work just to cycle power on that device.  My boss knew the device was essential, but wouldn’t allocate funds for a new one or for an acceptable remote administration solution.

If this scenario sounds familiar to you, then VMware Go Pro is definitely something you need to check out.  The combination of proactive and reactive measures available via a web interface eases the burden of installing and configuring not only virtual machines but also physical ones.  Imagine how much time you’d save if you could automate patch scanning, application, and remediation.  And now imagine how much more comfortable you could be if you could do this from anywhere.

For example, this has been a hectic few weeks for me.  I’ve got test projects going on in the lab plus I’ve been flying all over the country for meetings and trade shows.  I need test systems to be up and running for my employees, but I’m not even in the same half of the country as my lab.  The whole business can’t grind to a halt because I’m not there to patch operating systems, applications, and hypervisors, but the business will grind to a halt if I stop flying around and bringing in new clients.

With VMware Go Pro I can simply log in over the web, immediately see the status of my test machines, and fix whatever software issues have arisen.  The dashboard shows me the following:

And when I click “take action,” VMware Go Pro begins to walk me through remediating any active issues.

It’s only a matter of minutes for me to walk through scanning for and deploying missing patches.  Sure, I’ll sit outside in the sun 2000 miles away from the lab and let VMware Go Pro do the work for me.

Hey, while I’m here in the VMware Go Pro interface I can schedule scanning and deployment to take place without my intervention.  Hmmm.  A self-maintaining lab sounds pretty good to me – I can import existing ESXi and vCenter Servers so they can be managed by VMware Go Pro, increasing my operating efficiency by placing all of my virtualized resources under a common management platform.  And then with all of my newly found free time I can use VMware Go Pro to deploy more hypervisors and VMs.  It’s  so easy to manage them all under  a single console that I might as well.

To learn more about VMware Go Pro, please visit go.vmware.com.

You can also access a free 30 day trial of VMware Go Pro here.

 

 

Zero-Day Vulnerabilities and What it Means to Your Organization

By: Jason Miller, Manager, Research and Development at VMware

For a free 30 day trial of VMware Go Pro, click here.

Note:  This is not an attack on Microsoft’s security process or vulnerabilities in their products.  Microsoft has one of the best information sharing policies that allows us to look deep into each security patch and software vulnerability.  In comparison, other vendors such as Apple and Oracle , typically only disclose very basic information on their process, vulnerabilities and patches.

There are many factors that go into classifying a zero-day vulnerability that will require an out-of-band patch release.  A zero-day vulnerability is described as a vulnerability that is actively being exploited by attackers where the vendor does not have a patch to fix the vulnerability. Understanding the types of vulnerabilities that may put your environment at risk will help you determine the level of protection that is needed across your environment.

Types of attacks
There are two different types of attacks that are factored into zero-day exploits.  The first classification is a targeted attack.  A targeted attack is a scenario where an attacker is targeting a specific company or group type.  These attacks are commonly dubbed with terms such as ‘limited’ and ‘targeted.’  A targeted attack does not affect the majority of users and the victim company typically works closely with the software vendor for investigation and a solution.

The second classification of an attack is a wide spread attack.  These attacks do not discriminate against specific companies or groups as the attack is aimed at the general public.  An example of this type of an attack is a malicious website preying on unpatched browsers or a worm attempting to exploit vulnerabilities on operating systems to create a bot network.

Targeted attacks usually do not prompt a software vendor to offer an out-of-band fix for the vulnerability as the vendor will work directly with the victim company to provide a workaround just for that company until the fix is made public.  Wide spread attacks usually prompt a software vendor to offer an out-of-band fix for the vulnerability as the general population is at risk for becoming attacked.

Understanding the type of zero-day vulnerability
There are two words that can distinguish the severity of a zero-day vulnerability that administrators should pay particular attention to – authenticated versus unauthenticated.  An authenticated attack requires an attacker to know information about the target to pull off an exploit of the vulnerability.  An example of this is a password to an account to gain access to the target system.  On the other hand, an unauthenticated attack requires no knowledge about a target system.  An example of this is a worm that exploits an operating system service without needed any information.

Is the vulnerability publicly disclosed?

A vulnerability has two ways of being disclosed, or known.  The first type is a privately disclosed vulnerability (also known as responsible disclosure).  A researcher that finds a vulnerability in a software program and only informs the software vendor about the vulnerability is a privately disclosed vulnerability.  This type of vulnerability is not widely known where attackers can research and implement attacks upon it.

The second type is a publicly disclosed vulnerability.  This type of disclosure can happen through two methods.  First, a security researcher can release the research done on a zero-day vulnerability to the public.  Second, an attacker can release the research of a zero-day vulnerability to a hacker community to share resources.  In the case of publicly disclosed vulnerabilities, the severity of the vulnerability is extreme.

Type of software or service
This is one of the most important factors of a zero-day vulnerability.  I like to make the analogy of typical attackers are a lot like sales people.  A sales person wants to find the widest range of an audience to sell to.  With this, a sales person is more likely to sell more than concentrating on a single prospect.  A typical attacker is similar in the fact that he or she wants to attack as many machines as possible to maximize results.  Today’s attacking method is looking for a result of gaining information for financial gain.  In the past, attackers typically could be seen as looking for notoriety.

Internet Browsers are the most commonly attacked software.  If an attacker can identify a zero-day vulnerability in any browser, Microsoft or non-Microsoft, the attacker can simply erect websites in hopes he/she can entice (social engineer) a person to visit the site with unpatched software to exploit their machine.

Attackers will also target any commonly used service on an operating system to carry out an attack.  Any service that has an unauthenticated vulnerability is a prime candidate for an attack.

Dealing with zero-day vulnerabilities

Monitor Vendors
Microsoft has a good track record in the software industry in regards to disclosing information around their patches and vulnerabilities.  With a Microsoft zero-day vulnerability, they will announce information when they are aware of publicly disclosed vulnerabilities and vulnerabilities that are being actively exploited.  Microsoft will publish a security advisory with the affected products, details on the effects of the vulnerability and any workarounds to help mitigate some of the risk with the vulnerability.

Other Resources
With a zero-day vulnerability, the information is spreading through many channels.  Using a resource such as the patchmanagement.org mailing list will help keep an eye on all of these active channels.  These channels are independent groups from the affected software vendor and typically provide information on how to implement workarounds provided by IT administrators that are researching the vulnerability, and any information antivirus vendors publicly release on the vulnerabilities.

Implement workarounds
At times, software vendors will supply workarounds to help mitigate the risk with vulnerabilities.  It is important to read all documentation thoroughly.  Typically, workarounds will reduce functionality on systems.  The decision on whether to implement a workaround is a risk decision that each administrator must decide.  For example, is the risk great enough to implement the workaround?  If this workaround will reduce functionality on my systems, in turn increasing the volume of support calls, but preventing a vulnerability from being exploited, is it worth implementing?  This decision is a delicate balance and there is no one answer that applies to each organization.

Antivirus
Antivirus programs are a reactionary security method.  This means, an antivirus program reacts to a virus on a system and subsequently prevents the malicious program from running.  The virus has already exploited the system and resides on the system.  Fully patching a system prevents an attacker from exploiting a vulnerability and running a malicious program (virus).  With the case of a zero-day vulnerability, a patch is not available from the vendor.  Therefore, it is absolutely critical to have an antivirus program that is up to date with the latest definition files.  Vendors, as in the case with Microsoft, work very closely with antivirus vendors to help combat the viruses and malware that target zero-day vulnerabilities.

Not all zero-day vulnerabilities have out-of-band patches
An out-of-band patch is quite rare when it comes to patching vulnerabilities.  Some of the vulnerabilities on a given Patch Tuesday could already have active attacks against them.  A decision on whether or not to release an out-of-band patch is completely in the hands of the software vendor. Some of the determining factors software vendors will take into account when determining to release an out-of-band patch include:
Is it close enough to our normal release cycle to wait on the patch release?
Are the attacks limited or targeting?
Are there more and more malware samples being created each day?
Will the quality of the accelerated patch break functionality?

Microsoft Vulnerability History
Since January 2010 through this September Patch Tuesday release, Microsoft has addressed 606 vulnerabilities in their products.

~15% of these vulnerabilities were publicly known
~4% of these vulnerabilities were actively exploited

As you can see below, the number of known and actively exploited has remained constant since 2010.  (Note:  2012 is an incomplete year with only partial data)

Year

Total Vulnerabilities

Publicly Known Vulnerabilities

Actively Exploited Vulnerabilities

% Known

% Exploited

2010

93

16

3

~17%

~3%

2011

212

35

7

~17%

~3%

2012

125

19

8

~15%

~6%

Today, we will see an out-of-band patch release from Microsoft.  I will be talking in detail about Microsoft’s history of out-of-band patch releases as well as the new out-of-band patch and how it could protect your network environment.

 

To learn more about VMware Go Pro, please visit go.vmware.com.

You can also access a free 30 day trial of VMware Go Pro here.

Get a Free Year of VMware Go Pro with Your Purchase of vSphere Essentials and Essentials Plus Kits!

Did you know that you can get a year’s free subscription to VMware Go Pro included in your purchase of vSphere Essentials and Essentials Plus? Now you do!

If you’re looking to break into virtualization, this is a no-brainer. Not only do you receive the industry’s leading and most reliable virtualization platform in vSphere, but you also get the perfect on-ramp to virtualization in VMware Go Pro. Using just your browser, VMware Go Pro helps ease novice users into virtualization via a series of proactive tips and wizards that help walk individuals through the entire onboarding process.

What does this all mean? You can now deploy, manage and monitor your infrastructure via a single pane, VMware Go Pro. You’ll get a free subscription for VMware Go Pro that covers up to 30 seats of patch management.

This deal is valid through December 15. You don’t want to miss out on this one –
learn more here!

Not quite ready? Try a free 30-day trial of VMware Go Pro.