Virtual Network Provisioning via the Hypervisor

We’ve shared other resources with you before that discuss what network virtualization is and the essential of micro-segmentation. Today, we’re taking a look at provisioning virtual networks.

According to our free whitepaper Network Virtualization Makes Your Life Easier:

Virtual networks can be provisioned using a cloud management platform (CMP) that requests virtual network and security services for corresponding workloads. The controller then distributes the necessary services to the corresponding virtual switches and logically attaches them to the appropriate workloads.

This allows different virtual networks to be associated with different workloads on the same hypervisor. It also makes it possible to create anything and everything you might need—from basic virtual networks with as few as two nodes to advanced constructs used to deliver multi-tier applications.

The integration of all networking functions into the hypervisor is a big advantage of network virtualization. It allows the network, and all associated functions, to follow virtual machines as they move from one server to another. And since the network connections are all in software, there’s no need to reconfigure them. Your network becomes far more flexible, and can go anywhere in your data center that is virtualized.

nv_provisioning

Download your copy today to learn how network virtualization:

  • Meets the demands of a dynamic business
  • Increases flexibility with hardware abstraction
  • Increases security with micro-segmentation
  • Establishes a platform for the SDDC

Ready for even more on this topic? Check out our free elearning course, VMware Network Virtualization Fundamentals to learn the benefits of and use cases for VMware NSX network virtualization, as well as its main components, features, and services.

The post Virtual Network Provisioning via the Hypervisor appeared first on VMware Education & Certification.

Certification Insights: Updating your Email and Account Information

VMWQ416-16_EDU_CertificationInsights_BlogHeader_1200x180_1-9-17_JS_003

Changing jobs is an exciting time, with lots of people to notify and documents to update. If you use your employer email address for your VMware Education & Certification (myLearn) account, you’ll want to make sure you change your account information before your last day. Here’s how:

  1. After you log into your VMware Certification account, click on the myProfile link in the sidebar

updateacct1

 

2. When your profile opens, make any changes needed to your address or phone number, then select the change email option

updateacct2

3. Enter your new email twice, then click on the authentication link when you receive it.

updateacct3

 

The post Certification Insights: Updating your Email and Account Information appeared first on VMware Education & Certification.

How to Reset Single Sign On Password in vSphere 6.x

Periodically we’ll be bringing you tech tips from our Technical Training team on topics they receive questions on from the field. Today’s post comes from Rohit Sachdeva a Technical Training Specialist. Rohit is very passionate about delivering VMware technical training. At VMware, he is responsible for the enablement of the newly hired Technical Support Engineers and he also delivers advanced vSphere training to the more experienced Global Support staff.


Since the vSphere 6.0 release, Single Sign-On (SSO) is a component of the Platform Service Controller (PSC). SSO is the main component of PSC and responsible to provide token to the users to access the solutions connected to vCenter.

It is a human tendency, we often forget the passwords and even keeping a track of the passwords is a hectic job. This is the reason we have SSO as a component for almost all the software which will act as an authentication broker and you do not have to remember password for every solution connected to the vCenter.

One password is enough to access multiple solutions (provided you have permission to access the solution).

Now the billion-dollar question is what will happen if you forgot the SSO administrator password? The simple answer is, it is not possible to manage SSO without SSO administrator. You wouldn’t even be able to promote another user as an SSO Administrator.

So, is there any way to reset the SSO password? Yes, it is possible and here are the steps to reset SSO password for VCSA 6.5.

  1. Log in to vCenter Server Appliance using SSH as the root user.
    ss1
  2. Run this command to enable access the bash shell.
    set --enabled true
  3. Type the shell and press Enter
    ss2
  4. Run
    /usr/lib/vmware-vmdir/bin/vdcadmintool

    This will show the below mentioned console.

    ss3

  5. Press 3 to enter the Reset Account Password option.
    a) It will prompt for an “Account UPN”
    b) Enter administrator@vsphere.local
    c) A new temporary password is generatedss4
  6. You can use this temporary password to login to vCenter server and change the SSO password after login to vCenter server.
    ss5
  7. After login, Click on Administration>Single Sign On > Users
    a) Right click on Administrator and select Modify
    b) Change the passwordss6

We have successfully reset the vCenter SSO password.

The post How to Reset Single Sign On Password in vSphere 6.x appeared first on VMware Education & Certification.

New Certification & Exams: VCP6.5-DCV

VMW-LGO-CERT-PRO-6.5-DATA-CTR-VIRTIntroducing a new certification: VMware Certified Professional 6.5 – Data Center Virtualization (VCP6.5-DCV)

VMware vSphere 6.5 enables companies to accelerate their digital transformation to cloud computing and introduces a number of new features and capabilities that increases business agility. With that much change, this new certification provides you an opportunity to prove your expertise in the latest version of the industry-leading virtualization platform.

For those who already have your VCP, this new VCP provides a new path and recertification opportunity.

There are three exams associated with this new certification:

  1. vSphere 6.5 Foundations (exam # 2V0-602)
  2. VCP6.5-DCV elective exam (exam # 2V0-622)
  3. VCP6.5-DCV delta exam (exam # 2V0-622D)

More details on the certification requirements, and the specific exam objectives can be found at the links above.

The post New Certification & Exams: VCP6.5-DCV appeared first on VMware Education & Certification.

New vSphere, Horizon Cloud, and Exam Prep Courses Now Available

This month the VMware Education Services team released several new VMware vSphere® 6.5 courses, a free elearning course on VMware Horizon® Cloud Service™, plus a new video series to help you prepare for the VCP6-NV exam based on NSX v6.2.

VMware vSphere: Design Workshop [V6.5]

This three-day training course equips you with the knowledge, skills, and abilities to design a VMware vSphere 6.5 virtual infrastructure. You’ll follow a proven approach to design a virtualization solution that is available, scalable, manageable, recoverable, and secure, and that uses VMware best practices. This course also discusses the benefits and risks of available design alternatives and provides information to support making sound design decisions.

VMware vSphere: Install, Configure, Manage and Optimize and Scale Fast Track [V6.5]

This extended-hours course takes you from introductory to advanced VMware vSphere® management skills. Building on the installation and configuration content from our best-selling course, you will also develop advanced skills needed to manage and maintain a highly available and scalable virtual infrastructure. Through a mix of lecture and hands-on labs, you will install, configure, and optimize vSphere 6.5. You will also explore the features that build a foundation for a truly scalable infrastructure, and discuss when and where these features have the greatest effect.

VMware vSphere: Troubleshooting Workshop

This five-day, hands-on workshop teaches you the advanced knowledge, skills, and abilities to troubleshoot the VMware vSphere® 6.x environment. This workshop increases your skill and competence in using the command-line interface, VMware vSphere® Web Client, VMware vRealize® Log lnsight™, and other tools to analyze and solve problems.

VMware vSphere: Fast Track [V6.5]

This intensive, extended hours course focuses on installing, configuring, managing, and troubleshooting VMware vSphere® 6.5, including VMware ESXi™ 6.5 and VMware vCenter Server® 6.5. Featuring plenty of hands-on training, this course prepares you to administer a vSphere infrastructure for an organization of any size. It is the foundation for most other VMware technologies in the software-defined data center.

VMware Horizon Cloud Fundamentals

This free eLearning course provides information on how VMware Horizon Cloud Service helps IT meet the expectations of today’s mobile workforce. This course explains the architecture, features, benefits, and functionality of the two service offerings of Horizon Cloud and demonstrates how to install an agent and create a desktop image.

VMware Certification Exam Prep: VMware Certified Professional 6 – Network Virtualization (VCP6-NV) Exam v6.2 (2V0-642)

This comprehensive, 110-video training course focuses on preparing you to take the VCP6-NV exam #2V0-642. It includes tips for preparing, an in-depth review of each objective, and sample questions. These videos provide a time-saving and methodical study plan designed to let you review exam topics and identify and close knowledge gaps – building both your knowledge and your confidence before taking your VMware Certification exam.

The post New vSphere, Horizon Cloud, and Exam Prep Courses Now Available appeared first on VMware Education & Certification.

No vMotion for you! – A general system error occurred: vim.faultNotFound

vMotion is pretty awesome am I right?  Ever since I first saw my first VM migrate from one host to another without losing a beat I was pretty blown away – you always remember your first   In my opinion it’s the vMotion feature that truly brought VMware to where they are today – laid

The post No vMotion for you! – A general system error occurred: vim.faultNotFound appeared first on mwpreston.net.

Why your Security Products are Inherently Insecure

You’re being sold snake oil every day in the world of IT. It is about time that we just lay this out honestly. The products that you are buying are not solutions. They are methodologies. Why does this semantic difference matter? It matters because we are blindly putting tools into place under the assumption that they are a solution to a problem. The truth is that they are merely tools in the fight to solve the problem.

Conceptual – Logical – Physical

Go back to the basics of systems architecture and infrastructure design for a moment. We view things in three stages of the design process as conceptual, logical, and physical. Conceptual design is thinking at a high level on the goal such as “the application servers will be protected from intrusion”. Moving to the logical physical version to expand on that concept would be something like “Layer 4-7 firewalls will be deployed at the ingress and egress point for the application servers”. Getting down to the physical is something like “Product X will be deployed to provide layer 4-7 firewall protection” which is the result of designing to meet the first two requirements.

The issue that we face as an industry is two-fold. First, we often start at “Product X will be deployed” without having done the due diligence on what the actual business and technical requirements are which need to be solved. The second issue is that we buy Product X, deploy Product X, and then everyone goes for a project completion dinner and celebrates that we have finished up the deployment with the bold assumption that we are inherently secure.

Many organizations are buying products or embracing some new technologies into their environments based on a promise. Promises should always bear translated to assumptions. I’ll start with one that I am seeing a lot of lately which is this:

“Containers are more secure for applications than virtual machines”

This is both true and false at the same time. The wording is important. What the phrase should say is “containers have the ability to be architected and deployed to be more secure for applications than traditional virtual machines”.

Here’s why phrasing is important.

Why is your security product inherently insecure?

You can’t buy a bow and arrow and suddenly you are an archer. The same goes for security. Just because you have bought a security product, it does not mean that you are secure. It’s actually the polar opposite. Your environment is inherently insecure. Even if you are absolutely sure that you are deployed in the most secure manner possible, you should ALWAYS ASSUME that you have been breached.

What’s the solution for this? This comes in three forms:

  1. Accept that you are insecure and build processes around that assumption
  2. Deploy and continuously test your security platforms
  3. Engage third-party testers and products to ensure continuous objective testing

Let’s dive into these three areas a little bit further.

Accept that you are insecure and build processes around that assumption

Point 1 is the key to begin with. Assume you have been breached. Now what? How are you aggregating your logs? How are you protecting the logging both locally on the application endpoints as well as in your central logging environments? If you have to assume that your ingress has been compromised, you also have to assume that your log environments have been compromised as well. You need local protection on each system plus centralized, read-only aggregation with regular snapshots of that environment to ensure its integrity too.

The build process you use will inevitably call on some external dependencies. It could be patches, software updates, or any of a wide variety of files and applications. Assume that these are inaccessible or compromised as you define your programmatic build process to use locally cached data and application dependencies as much as possible. And yes, the programmatic build process is key to ensuring consistency and security. You should include checksum and signature detection for all source files as you put them into the virtual application instances.

Deploy and continuously test your security platforms

Test-driven development is a great methodology. I have long been a user and a proponent of what is known as test-driven infrastructure and this includes the need for security as a part of the cycle. The only way that you know your detection system is working is if you test it when there is an issue. Assuming detection without truly testing the response means that you are relying on the assumption. Your CISO does not rely on assumptions, and neither do your customers.

Whichever products you embrace in your IT security portfolio, they will inevitably come with some form of baked in testing procedures and processes. Be aggressive and adamant with your vendors that this is a requirement for you. Nobody wants to be caught going back after a vulnerability to have to find out that it was detectable and preventable.

Engage third-party testers and products to ensure continuous objective testing

I hire someone to do my taxes. Yes, I can do them myself. That doesn’t mean that I’m an expert and can find every advantage within the tax code to get the best results. Why would I treat security and vulnerability testing any differently than any other discipline in my business and IT organization. Using 3rd party companies will give you the ability to lean on them for expertise, and most importantly, certification and validation of your security stance in an active environment.

Having spent years in financial services environments which have stringent requirements around auditing and security, I can tell you that no matter how secure even the IT security team thought they were, a 3rd party can come in and teach some rough lessons in a couple of hours.

Turn Assumptions into Actions

Going back to the example that containers are more secure than virtual machines gives us a great one to work from. Containers typically run thinner and provide a smaller attack surface for vulnerabilities, malware, and other attacks by bad actors. No, not Lorenzo Lamas, but anyone who is attempting to breach your environment. We will usually hear them being referred to as bad actors.

The truth is that containers as a construct, are solving deployment challenges first. Security is a secondary win that implies you have the practices in place to assure that security is greater than that of a traditional virtual machine. Containers are leveraging namespaces and other methods if isolation with the underlying server host to provide some potentially powerful protection. It does not mean that by default the container version of your application is more secure. It means that at the lowest possible layers, not including poor application code, SQL injection, XSS and many of a thousand different other attack vectors are solved by deploying in a container versus a traditional virtual machine.

The long and the short of it is that security products, or any technology products for that matter, are inherently insecure unless you deploy them with all of the practices in place around them to ensure the security.

This conversation on Twitter is a nice way to show how challenging it is to convey the message:

One Vault to Secure Them All: HashiCorp Releases Vault Enterprise 0.7

There are a few key reasons that you need to look at Vault by HashiCorp. If you’re in the business of IT on the Operations or the Development side of the aisle, you should already be looking at the entire HashiCorp ecosystem of tools. Vault is probably one that has my eye the most lately other than Terraform. Here is why I think it’s important:

  • Secret management is difficult
  • People are not good at secret management
  • Did I mention that secret management was difficult?

There are deeper technical reasons around handling secrets with automated deployments and introducing full multi-environment CI/CD, but the reality for many of the folks who read my blog and who I speak to in the community is that we are really early in our traditional application management to next-generation application management evolution. What I mean is that we are doing some things to enable better flow of applications and better management of infrastructure with some lingering bad practices.

Let’s get to the good stuff about HashiCorp Vault that we are talking about today.

Announcing HashiCorp Vault Enterprise version 0.7!

This is a very big deal as far as release go for a few reasons:

  • Secure multi-datacenter replication
  • Expanded granularity with Access Control policies
  • Enhanced UI to manage existing and new Vault capabilities

Many of the development and operations teams are struggling to find the right platform for secret management. Each public cloud provider has their own self-contained secret management tool. Many of the other platform providers such as Docker Datacenter also have their own version. The challenge with a solution that is vendor or platform specific is that you’re locked into the ecosystem.

Vault Enterprise as your All Around Secret Management

The reason that I’ve been digging into lots of the HashiCorp tools over the last few years is that they provide a really important abstraction from the underlying vendor platforms which are integrated through the open source providers. As I’ve moved up the stack from Vagrant for local builds and deployment to Terraform for IaaS and cloud provider builds, the secret management has leapt to the fore as an important next step.

Vault has both the traditional open source version and also the Vault Enterprise offering. Enterprise gives you support, and a few nifty additions that the regular Vault product don’t have. This update includes the very easy-to-use UI:

Under the replication area in the UI we can see where our replicas are enabled and the status of each of them. The replication can ben configured right in the UI by administrators which eases the process quite a bit:

Replication across environments ensures that you have the resiliency of a distributed environment, and that you can keep the secret backends close to where they are being consumed by your applications and infrastructure.  This is a big win over standalone version which required opening up VPNs, or serving over HTTPS which was the way many have been doing it in the past.  Or, worse, they were running multiple vaults in order to host one on each cloud or on-prem environment.

We have response wrapping very easily accessible in the UI:

As mentioned above, we also have the more granular policy management in Vault Enterprise 0.7 as you can see here:

If you want to get some more info on what HashiCorp is all about, I highly suggest that you have a listen to the recent podcasts I published over at the GC On-Demand site including the first with founder Mitchell Hashimoto, and the second with co-foudner Armon Dadgar. Both episodes will open up a lot of detail on what’s happening at HashiCorp, in the industry in general, and hopefully get you excited to kick the tires on some of these cool tools!

Congratulations to the HashiCorp team and community on the release of Vault Enterprise 0.7 today!  You can read up on the full press release of the Vault Enterprise update here at the HashiCorp website.