VMworld 2018 vSphere Security Sessions

It’s that time of year again! The time when we all pack our comfortable shoes and head to Las Vegas for VMworld! As we are all dealing with the seemingly ever-increasing IT security issues that plague our industry, VMware is there to help you make sense of it and deal with it in as easy a way as possible. This blog article focuses on the vSphere side of the VMware house. Let me share with you the sessions I’m part of and one or two that I think you should all attend.

CPU Vulnerabilities Sessions (Spectre, L1TF a.k.a. Foreshadow)

Mitigating CPU Security Vulnerabilities – A look at vSphere Mitigations [SAI3770BU]

L1TF (a.k.a. Foreshadow) is the latest in a round of CPU based attack vectors the industry as a whole is dealing with. To address that for VMworld I’m happy to say that our CTO of Server Platform Technologies, Rich Brunner, will be giving this session. (Little known fact, both Rich and I worked in the OpenVMS development team many years ago!) If you want one of the deepest dives into CPU-based security challenges such as Spectre and L1TF then this is the session you MUST attend. It’s on Monday, Aug 27, 4:00 p.m. – 5:00 p.m.

CPU Security Vulnerabilities Q&A Panel [SAI4777PU]

I’ll be moderating this panel session. We’ll have the following folks on the panel:
  • Manish Gaur, Director, vSECR (Product Security)
  • Richard Brunner, CTO, Server Platform Technologies
  • Edward Hawkins, Security Response (PSIRT)
  • David Dunn, Principal Engineer
We’ll be taking questions on the latest security vulnerabilities, introducing you to how VMware responds to vulnerabilities and probably breaking some myths while we’re at it. Wednesday, Aug 29, 3:30 p.m. – 4:30 p.m If security vulnerabilities are your thing then you should sign up for these two right away.

vSphere Security

With vSphere 6.7 having come out this year and introduced a bunch of new security features, it stands to reason that I’ll be showcasing those features at VMworld. I’ve brought along a few friends to help me out with some of these sessions.

vSphere Platform Security Update [VIN1305BU]

This is a session I give every year. If your schedule is jam packed and you just need the Readers Digest version of the other stuff I will be talking about then this is the session to take. In this session I’ll give an overview of all of the vSphere 6.7 security features and will briefly touch on the L1TF. Thursday, Aug 30, 12:00 p.m. – 1:00 p.m.

Deep Dive: Supporting Microsoft Virtualization-Based Security with vSphere [VIN1304BU]

I, along with my co-speaker, David Dunn, a Principle Engineer working on vSphere security architecture, will be diving into vSphere 6.7’s support for Microsoft Virtualization Based Security. Your security teams probably refer to this as “Credential Guard” but it’s much more. In the session I will level set everyone with what VBS does and cover the features in 6.7 to enable it. David will dive under the covers and show you how we actually implemented it. Seeing as a VM running VBS is a “nested” VM, this introduced a lot of challenges that we had to tackle! (Spoiler: We succeeded!)

vSphere Security Deep Dive: Supporting TPM and Virtual TPM 2.0 [VIN1303BU]

Everyone asks for a TPM, but do you know what it really does? I ask only because I have had to dispel a lot of assumptions. In this session my co-speaker Sam (Samyuktha) Subramanian will cover what a TPM actually does do (and not do!). She was one of the engineers who brought TPM 2.0 to ESXi, so she knows her stuff! Together we’ll cover how ESXi uses a TPM and how a virtual TPM works. If your security folks are on your case about vTPM or TPM on ESXi then this is the session for that!

ESXi Security – A Step Ahead [VIN2762BU]

You’ve seen all the work we’ve done with vSphere and Security over the past few releases. Do you want to gain a better understanding of how some of that work was developed? And maybe learn more about where hypervisor security could go? Join me and my co-speaker, Kevin Christopher, a Sr. Staff Engineer here at VMware, for an engaging discussion that will be light on PowerPoint and deep on where we see things in the future of hypervisors and security.


Meet the vSphere Experts Panel [VIN3032PU]

Finally, the session lots of folks enjoy. It’s not unlike the game of “Stump the Chumps”! The vSphere Experts Panel includes a number of us from the vSphere Tech Marketing team. Names you’re familiar with such as Emad Younis, Adam Eckerle, Kyle Ruddy and yours truly. Leading this band of merry men on the panel is Dilpreet Bindra, our Sr. Director of vCenter Development. If it goes in to vCenter then it’s been approved by Dilpreet!

Wrap Up

This marks my 5th VMworld as a VMware employee and my 9th VMworld in the US. It’s interesting to watch the changes in vSphere security over the years. I think it’s finally reached critical mass! (Or maybe I have?) If you are new to VMworld (and I see a lot of new faces at VMworld lately!) then take the time to enjoy the scene and become part of a huge community of like-minded individuals. If you see me moving quickly through the halls of Mandalay Bay and I don’t see you it’s probably because A. I don’t have my distance glasses on and B. I’m late to my next session or customer meeting! If we have the time to chat, then please hit me up. I’m at VMworld to work and to help you be successful when it comes to vSphere Security! Enjoy VMworld! mike