Home > Blogs > VMware vSphere Blog

Recommended vSphere-focused Security Sessions at VMworld 2015

Hi everyone,

Here’s a quick blog post for you as you’re going through the VMworld Schedule Builder for VMworld 2015. Below is a list of security sessions that are primarily focused on vSphere Security. The NSX guys have a whole other laundry list of awesome sessions but for now, we’re going to focus on vSphere. Let’s get started!

I’m going to group these by their presenters.

Mike Foley

INF4758 – vSphere 6 Security Update Tuesday at 12:30pm
Get updated on what’s new in vSphere from a security perspective. You’ll get an overview of things like the new Lockdown Mode, an introduction to the big changes in vSphere security certificate management and the big changes that were made to the vSphere Hardening Guide.

INF5177 – vSphere Security: Fact .vs. Fiction (A 2014 repeat, back by popular demand!) Wednesday at 4pm
Is your security guy on your case about vSphere Security and thinks “VM Escape” is the primary threat? Learn the facts vs the fiction about security threats and come away feeling empowered to have “that” discussion with your security guy. Better yet, bring him along!

INF5539 – Infrastructure Security Panel Discussion Wednesday at 10am
Industry IT and Security experts get together and talk about the challenges, concerns and goings-on in virtualization and cloud security. The panel consists of folks from Financial and Heathcare, Federal government, Enterprise security and auditing and yours truly. Come prepared to ask questions!

INF6396-GD Platform Security with Mike Foley Wednesday at 11am
This is a group discussion where YOU are the content! No death by PowerPoint, just me facilitating a rountable discussion of you and your peers. We’ll talk about vSphere security and share tips and tricks.

EXPERTSMFO – Meet the Experts with Mike Foley Tuesday at 3pm
Here’s your chance for some one on one time! In my opinion this is one of the most under-utilized opportunities at VMworld. Take advantage of it! Book some time and let’s talk! If you’re looking for a discussion on network security and NSX however, please book time with those folks. Book this and other Meet The Experts sessions when you get to VMworld. It’s usually at the top of the first escalator in Moscone West.

Yuecel Karabulut

INF5339 – Protect your VM data with VM Encryption for vSphere and vCloud Air
I can’t say anymore than “Get up early and get to this session”. Seriously, I can’t say anymore!

Ryan Johnson and Adam Eckerle

INF4529 – VMware Certificate Management for Mere Mortals
Take two talented IT guys with TONS of real-world customer experience and toss them together with the new vSphere 6 certificate story and you get a great discussion on certs for the everyday IT guy.

Johnny Ferguson

INF4946 – vSphere 6 Security Deep Dive: Certificates and Identity
You asked for it and you’re getting it. This is the session for deep diving into vSphere certificate management and identities. Johnny is the Product Manager for Identity Management, SSO and certificate managament.

Bob Wehrfritz

SDDC6404-QT – The future of Trust and Security
VMware customers range from small to HUGE. All of them (I would hope!) have concerns about security. Some of these concerns can be addressed in some of the sessions listed here. When you need to go even further and dive into the nitty-gritty and bits and bytes, VMware’s Security Group is now there with a new program just for you. Check out what Bob has to share and visit the VMTA folks in the VMware booth!

Hands On Labs!

Check out both HOL-SDC-1610 and HOL-SDC-1620 to check out some security features as part of the vSphere HOL and get hands on with different security features of vSphere. For more information, visit the VMworld 2015 Hands On Labs site.

There you have it.. It’s GREAT to see how much security on the vSphere platform itself has grown and continues to grow. As you’re building out your personal catalog of sessions and want to learn the soup to nuts on certificates, start with my session INF4758, then check out Ryan and Adam’s session INF4529 and wrap it up with Johnny’s mind-blowing session INF4946.

Enjoy and see YOU at VMworld 2015!

What’s New in VMware vSphere 6 Performance

Not too be outdone by all the new and amazing vSphere 6 features, there are a number of scale and performance enhancements within the vSphere 6 platform that should be highlighted.
Continue reading

VMworld 2015: Extreme Performance Series

Who loves virtual Performance? Who wants to learn more about it?

Everybody of course!

I’m very excited about this year’s Extreme Performance Series mini-track being hosted at VMworld San Francisco and Barcelona. These sessions are created and presented by VMware’s best and most distinguished performance engineers, architects and gurus. I’ve tried to provide my personal thoughts on each session but these few words will never do them justice. Hope too see you all there!

Continue reading

Oracle on vSphere book – Tech Target Interview of Authors

Tech Target has completed and published an interview of the authors (Don Sullivan and Kannan Mani) of the Oracle on vSphere VMware press book.  The published interview is linked  below:

The official VMware press book and the definitive authority on the subject of Oracle on vSphere: http://www.amazon.com/Virtualizing-Oracle-Databases-vSphere-Technology/dp/0133570185 “Serious Databases Require Serious Virtualization”

— Putting Oracle databases on a virtualized infrastructure – http://searchvmware.techtarget.com/feature/Putting-Oracle-databases-on-a-virtualized-infrastructure — The perks to virtualizing Oracle on vSphere 6 – http://searchvmware.techtarget.com/feature/The-perks-to-virtualizing-Oracle-on-vSphere-6

Use VSAN Assessment to validate Virtual SAN’s benefits for your organization

Are you experiencing challenges with your current vSphere storage environment (i.e., performance, capacity constraint, complexity, expensive renewals) or just not sure if VMware Virtual SAN (VSAN) would be a good fit?

Now VMware partners, SEs, or reps can help you with a free VSAN Assessment.

Continue reading

SIOC: I/O Distribution with Reservations & Limits – Basic Concepts

The mClock scheduler was introduced with vSphere 5.5 Storage I/O Control (SIOC) and laid the foundation for new capabilities for scheduling storage resources.  vSphere 6.0 expands upon these capabilities and adds the ability to reserve IOPS, providing even more flexibility and control when delivering storage services to virtual machines.  However, this new capability introduces new questions about how resources are managed and allocated during periods of storage contention.

Continue reading

vSphere Replication and Virtual Raw Device Mappings

Some vSphere administrators utilize a storage feature called “raw device mapping” or RDM. There are two types of RDM – virtual RDM and physical RDM. For more information on RDM, please see the vSphere 6.0 Documentation Center. In general, I recommend using VMDK files or Virtual Volumes, but there are certain benefits of RDM.

“Does vSphere Replication support the replication of RDMs?”

The answer is yes, but only virtual RDMs. vSphere Replication does not support physical RDMs. The next question I get is “How is the virtual RDM restored when recovered by vSphere Replication?” The answer is actually quite simple: It is recovered as a VMDK file at the target location. If you would like to see more details, keep reading…

Continue reading

Case Study: Big Data/Hadoop on vSphere and Other Blogs

A new customer technical case study on Skyscape’s use of vSphere as their platform for deploying Hadoop in the cloud was published recently. Skyscape, based in the UK,  deploys Hadoop clusters on demand for their UK Government customers from the company’s public cloud infrastructure. Citizen services data and analysis tools are provided by these government departments that leverage Hadoop for data gathering and analysis.

TitlePageSkyscape

The newly provisioned Hadoop clusters are based on the Hortonworks HDP platform today, but plans are in the works for providing other Hadoop distributions also in the future. The Skyscape engineers really innovated in an impressive way on the Big Data Extensions (BDE) platform. The system not only provides the end user with a Hadoop cluster capability but also with an Ambari Server of their own to manage and monitor their Hadoop cluster. This is all done on X86 hardware servers with direct-attached storage. Skyscape also made use of the BDE REST APIs to achieve their goal. They had five separate end-user customer groups signed up for use shortly after releasing the Hadoop service to their community.

Two other very interesting and useful blogs on virtualization of big data appeared recently: one on Using Big Data Extensions 2.2 written by Julie Roman, a Technical Account Manager at VMware who has worked on big data projects and another (from LinkedIn) on Big Data as a Service by George Trujillo, who is a VP at a Financial Services company. Both of these are very useful reads on their respective areas!

Custom certificate on the outside, VMware CA (VMCA) on the inside – Replacing vCenter 6.0’s SSL Certificate

A customer recently asked me “How do I replace the “external” SSL certificate of vCenter but still use VMCA in default mode?” Ever curious, I asked “Why?”. His security team required that any “externally” facing management web pages needed to have a custom certificate that chained up to the corporate PKI. But behind that, they were totally cool with using VMCA in default mode (with the self-generated root certificate) for things like ESXi servers and solution users.

Continue reading

Apps-as-a-Service sub-section of the BCA homepage

A new section to the public facing Business Critical Applications Homepage was introduced last week.  It is called the “Applications-as-a-Service”. The section will aggregate collateral from all applications that are considered to be mission critical but do not necessarily fit within the more established and well-known application and database categories such as Oracle, SAP and Microsoft.   We chose the title “apps-as-a-service” because so many of these applications that reside on the periphery of the mission critical space depend heavily on instant provisioning and subsequent reclaiming of resources.  The infrastructure flexibility that is required for High Performance Computing, Critical Big Data and Database-as-a-Service architectures is addressed perfectly by the platform of virtualized hardware known as vSphere.  Please stop by and read about how we are extending the classic definition and realm of BCA to include these modern applications that are so well suited for virtualized infrastructure.  http://www.vmware.com/business-critical-apps/applications-as-a-service/index.html