At first I was afraid… Then I was Shellshocked!

Posted on 23rd October 2014 by Alex Galbraith | Permalink Comments Off on At first I was afraid… Then I was Shellshocked!

So a few weeks back when the Shellshock issues came to light, I took early precautions and patched my personal Ubuntu web server (not my blog server, just a personal one I use for family photos and things).

Phew, I was safe!

Or so I thought…

Well apparently not! I discovered last night when noticing some odd connections being accepted and blocked on my firewall, it turns out that there have been several waves of vulnerabilities, all with associated fixes. Patching my server 3+ weeks ago was not sufficient to catch all of the updates.

I trawled through the logs and processes on my web server and found a few dodgy things, then went to https://shellshocker.net/ and manually ran all of their tests. From this I discovered that I was still vulnerable to three exploits and one had been exploited!

Fortunately it appears that the worst which had happened is that the attacker had gained access, but hadn’t actually used it for anything yet. I have recently implemented Veeam for backing up my home lab, and I retain backups for 14 days, so I was able to restore an older backup prior to the attack, then quickly patch the restored server to ensure I was no longer vulnerable.

Finally I ran the following checker against my home and blog sites:

http://shellshock.brandonpotter.com/

Phew, I was safe!

To cheesily quote this week’s episode of The Walking Dead:

No matter what anyone says, no matter what you think… You are not safe! It only takes one second, one second and it’s over. Never let your guard down. Ever.

Stay safe! 🙂

Security , , , , , ,

VMworld Europe 2014 – Day Three Roundup and Closing Thoughts

Posted on 19th October 2014 by Alex Galbraith | Permalink Comments Off on VMworld Europe 2014 – Day Three Roundup and Closing Thoughts

Well that’s it, its all over! Having never been to a VMworld prior to this week, I have to say the event does indeed live up to the hype!

Day Three
Day three started pretty subdued, not only from the point of view of the attendees, but a couple of the presenters as well; it definitely seems people had a good time at the VMworld party the night before!

Mixing in a bit of session time with a visit to the solution exchange and a bit of Hands on Labbing was the order of the day. I did have a quite amusing chat with one of the guys working on the Oracle stand. He said that the vast majority of people who had spoken to him had berated them about licensing and support in virtual environments, along with asking why they were advertising OVM at a VMware event. I think the poor guy was not far from the end of his tether!

My last role was at Oracle, so I can fully feel the pain around the license questions as it was almost always the first thing people asked me about when I told them I worked there! It doesn’t help the fact that the latest licensing hard vs soft partitioning guide is still only from 2011!

Oracle Tastiness!

Oracle Tastiness!

One thing I will be very interested to see is what becomes the defacto stance on how many hosts you must license once share-nothing VMotion between clusters, vCenters and DCs comes along in vSphere 6. It begs the question whether any Oracle auditor might have the audacity to suggest that you need to license all hosts in all DCs?

This of course assumes that the specific auditor will not accept mandatory cluster affinity as per Richard’s comments here: http://www.licenseconsulting.eu/vmworld-tv-oracle-on-licensing-vmware-virtualized-environments-updated/

Hopefully in this scenario, common sense would prevail, but that’s deep enough down that rabbit hole for now! 🙂

The sessions I managed to attend on day 3 were as follows:

STO2521 – VSAN Best Practices
Rawlinson Rivera & Kiran Madnani provided a very useful overview of a number of example use cases and how to apply different VSAN configurations. As this was covering multiple use cases there was some repetition of content, but not so far as to be distracting. Key takeaway, when it comes to disk groups, more = better!

VSAN Use Cases

VSAN Use Cases

STO2496 – Storage Best Practices for Next-Gen Storage Platforms
Being a bit of a storage geek, for me this was one of the best sessions of the entire week. Not only entertaining, but the quantity and quality of the information was intense to say the least! A couple of key areas which they covered were around benchmarking of storage (not just using the standard 4k 100% Read profiles which vendors use to produce stats for their marketing material).

Absurd Testing at the Chad & Vaughn Show

Absurd Testing at the Chad & Vaughn Show

TEX1985 – Lessons Learned from a Real Life VSAN POC at Trend Micro
It’s always interesting to see how real customers found the use of a technology. Arsenio Mateos from Trend Micro was not particularly detailed in any specific issues they experienced, as he concentrated more on the decisions behind the solution, and the benefits it broupght them.  Cormac on the other hand was very open and when into some detail as to some of the configuration issues and bugs which were common among other customer deployments. I was also the grateful recipient of a signed copy of the book Cormac co-wrote with Duncan Epping.

EUC2027 – Characterise Performance in Horizon 6
My final session rounded out the end of the day. I don’t currently use or design VMware Horizon View in my current role, when most commonly customers have managed RDS or Citrix XenApp farms. I mainly went to the session to see the VMware approach to sizing the new session host desktops on Horizon 6. Unsurprisingly it turns out that they come out with very similar ratios and guidelines as Citrix do (shocking)!  The really interesting takeaway for me from this session was the VMware View Planner tool, which looked like it could definitely have some value in load testing and gauging the requirements for customers with or without VMware View.

By this time it was 4.30, and everything had closed. If I’m honest I was a bit gutted as I had believed the HoLs were going to be open until 6. I was most of the way through my NSX lab, so I guess I’ll just have to finish it up from home!

After the event, my remaining colleagues and I wandered into town to check out the Sagrada Familia, and grab some light refreshments + tasty tapas.

Sagrada Familia

Sagrada Familia

Wrapping Up
Session Surveys – The one thing I didn’t actually get done at the show (but I plan to fill in this weekend), was the session surveys. I understand these are as valuable to the speakers as to VMware, so I have no issues spending a bit of time giving feedback. If you haven’t already, then I suggest you do, especially if you want to see the same guys & gals back next year!

If I were to be able to make any suggestions to VMware for next year they would be few and far between:

  • Keep the hang space and hands on labs and/or solution exchange open until 6pm on day 3. It’s minimal extra effort but it will allow attendees to make the absolute most of the event and facilities, especially those who don’t have an early flight back the same day.
  • Make the information on getting to the event a bit easier to find on the VMworld.com site (rather than burying it in the FAQs)
  • Free Segways or (or foot massages) for all attendees!

I enjoyed a wander or two around the solution hall, but for me the best and most useful elements of the entire week were the breakout sessions (and being there live giving me the opportunity to ask questions at the end), and networking with others both in the event and at the vendor sponsored evenings.

As a side note, I will probably be creating PDFs of all of my notes and posting these on the blog imminently for anyone who may find them useful.

So finally a big thank you to everyone who made VMworld a success; the organisers, the vendors, the speakers, the HoL team and all of the people with whom I had the such interesting and entertaining discussions!

Key Stats
Number of days attended4 (including partner day)
Blog articles published6
Blogs word count
6,516
Live breakout / HoL sessions attended14
Total session notes word count10,412
Average notes word count per session743
Hands on Labs Completed2
Number of steps walkedNo idea as I don’t have a Fitbit!
Total hours slept in 4 nights< 24
Contacts madeMany
Knowledge gainedIncalculable
VMware , , , , , , , , , , , , , , , , , , , , ,

VMworld Europe 2014 – Day One/Two Roundup

Posted on 16th October 2014 by Alex Galbraith | Permalink Comments Off on VMworld Europe 2014 – Day One/Two Roundup

It’s now quite late on Wednesday night / Thursday morning and having just returned from the VMworld party, I thought it was worth jotting down a few thoughts about the last two days.

We started with the opening keynote, which I had decided to attempt to blog “as a challenge”. Wow, is it hard work or what? For those of you who read the live blogs from guys like Scott Lowe, Barry Coombs with his Doodles etc, this has given me an even more massive appreciation for what they do. Being able to take in, process and document that level of information is just incredibly hard, never mind adding commentary and analysis on top and live publishing it as they go! I wrote most of my content live, but then took at least an hour later in the day to proof read it, correct it, etc. I honestly don’t know how they do it?!

VMworld Keynote

VMworld Keynote

After the keynote I was really keen to get stuck into some breakout sessions:

INF1349 SDDC – vCloud Suite Roadmap
This one was more focused on the new features in vSphere than anything else, a few interesting nuggets though. I will probably post some of the notes up soon, though much of it is already in the public domain anyway.

STO2554 – HP VVOLs presentation
Great start by VMware but then when HP came on and I was hoping they would do a demo, they pretty much did a marketing exercise instead (not vendor bashing at all btw, I use 3PAR stuff in my designs all the time, but I think they missed a trick there as I know some competitors showed off their tech actually working)

HBC1533 – How to Build a Hybrid Cloud (vCloud Air intro and architecture tips)
Great session by Dave Hill of vCHS (correction, vCloud Air). Including some architectural tips. Worth a watch when it is available online at vmworld.com.

The VMware Vision

The VMware Vision

I then spent a bit of time in the bloggers lounge updating some bits and pieces and catching up with some of the guys there.

My final act of the main part of the day was to hit the Solution Exchange for a bit of a wander. I mainly concentrated my short time on EVO:RAIL, where I happened to bump into none other than Paul Meehan (@paulpmeehan), with whom I have had many a twitter chat but never actually had the pleasure of a tweet up! Following that I spent some time at the Veeam stand, discussing the best practices for Veeam infrastructure design along with some of our more interesting use cases and requirements.

After the main event, myself and a colleague headed over to the service provider reception. Wow, did we turn up under dressed or what?! It was one of those awkward moments when your realise that you are one of the few people in the room who forgot to bring a suit! On the plus side there was some really great discussion around vCD, VCAC etc and much learned from the evening, so well worth it.

I then headed over to the vExpert event at Ocaña to soak up some of the atmosphere and knowledge from some of the most intelligent and influential people I know! There were of course some vRoyalty including VCDX001 (John Arrasjid), VCDX #44 Willy Lee, and many more.

After that a couple of hours were spent at the Veeam party, after which I though it best to head back to my hotel to make sure I don’t wake up tomorrow with a hangover!

Veeam Party

Veeam Party

Day Two
I started Day Two at the keynote again. Today’s one wasn’t really about announcements as much as it was about reiterating the main marketing messages and demoing some of the key VMware products such as NSX and the vRealize Suite. It did remind me just ho much stuff I need to find the time to play with in the home lab! Once again gave it a go at blogging the keynote content for later consumption…

The rest of the day was mainly focussed on breakout sessions. The mains ones I headed to were:

INF1192 – Design advice for SMEs – Ask the experts
Being focussed on the UK mid-market, my organisation spends a lot of time trying to understand the requirements of medium sized businesses. It was great to see some familiar faces in Paul McSharry and Alasdair Cooke, leading the panel discussion.

SMB Design Discussion Panel

SMB Design Discussion Panel

NET1468 – A tale of two perspectives – IT Ops with NSX
This was a funny one as it was Scott Lowe and Brad Hedlund flipping in and out of character as server and network guys respectively. Plenty of great lessons to be learned, with a focus around RBAC, Visibility, Monitoring and Troubleshooting in NSX.

Scott Lowe and Brad Hedlund "In Character"

Scott Lowe and Brad Hedlund “In Character”

NET1589 – Reference Design for SDDC with NSX & vSphere
Nimesh Desai presented one of the most amusing, and most deep dive sessions of the day (for me). Absolutely brilliant content, but afterwards I felt like I needed to hide in a dark room for an hour or two and let my brain catch up! I was lined up to head to another NSX session after this but I will catch it online next week instead.

NSX Design Options

NSX Design Options

After the NSX session I headed down to the blogger area and caught up with some of the chaps. Craig Kilborn kindly shared his VCDX experience with me, along with some of his design. The level of detail and effort you need to go to to even get the opportunity to defend a VCDX design is immense, and it really drove home to me the value of the process. I’m not sure my wife and kids are ready for me to disappear for the next 6 months in order for me to attempt it!

STO2997-SPO – The vExpert Storage Game Show EMEA
Jonathan Medd (famous for automating anything that moves!), and I headed along to the vExpert Storage Game Show, organised by John Mark Troyer and Amy Lewis (in much the same way an asylum is organised by the guards!). It was bedlam, but great fun was had by all, whilst at the same time providing an interesting and engaging atmosphere. If Pure decide to run this again next year I will definitely be attending, given half a chance!

SDDC1176 – Ask the Expert vBloggers
Rounding out the day was an excellent panel session with some of the most well known VMware bloggers / evangelists. Discussions ranged from stretched cluster deign, to book authoring, to VIO, and many topics in between. Quote of the session was from Chad Sakac… “Innovate or Die”.

Ask the Expert vBloggers

Ask the Expert vBloggers

With the sun heading for the horizon, myself and a couple of my colleagues caught the end of the Hall Crawl, followed by the awesome VMworld party. Simple Minds were excellent and the crowd really seemed to get into it. I managed to bump into a few more community people in the cavernous space which is Hall 6 at the Barcelona Fira Gran Via, and finally I grabbed a cab back to the hotel to get an early night (early meaning 1.30am it seems!).

Overall, a thoughrougly entertaining, informative and educational couple of days. Tomorrow the main plan is to hit a number of key sessions including the Chad and Vaughn annual roadshow, then in the afternoon stick around in the Hands on Labs until we get thrown out at closing time!

Until then… sleep!

VMware , , , , , , , , , , , , ,

VMworld Europe 2014 – Keynote Day Two

Posted on 15th October 2014 by Alex Galbraith | Permalink Comments Off on VMworld Europe 2014 – Keynote Day Two

Carl Eschenbach (President & COO) opens proceedings with a few minutes recapping the Liquid World and Brave New IT themes from yesterday’s keynote.

First up Carl introduces Martin Heisig from SAP for a bit of a Chinwag™. They run over 70,000 VMs with a virtualisation rate of over 85%. A key use case for SAP is the 20,000 training users who have access to an on-demand training platform, bringing up and tearing down VMs constantly. Similarly their dev environment, referred to as “The Zoo”, consists of over 30,000 VMs. SAP have reduced deployment times for new platforms from 72 hours to 30 mins, sometimes rebuilding all 30,000 machines in the space of only a month. As Dave Simpson tweeted, “that’s some big numbers right there”! Of course most customers are nowhere near this size, but it definitely gives you ideas as to the kind of things achievable on the platform.

Carl Eschenbach Opens Day Two Keynote

Carl Eschenbach Opens Day Two Keynote

SAP recently certified SAP HANA on vSphere with up to 1TB of RAM. That’s pretty decent scale! Martin mentions vCloud Air in passing. I wonder how long it will be before we get HANAaaS on vCloud Air?

Vodafone’s Tom Stockwell (Head of Hosting Product Management) represents the next customer use case, with their new Hybrid Cloud solution for Enterprises. Vodafone chose VMware in part due to the user community supporting their software. The acquisitive VMware strategy with companies like Nicira and Dynamic Ops was also a key element. Their hybrid platform is based on a number of technologies including NSX, vCD and VCAC.

Summarising the last 30 minutes, Carl states that the SDDC is the Architecture for the Hybrid Cloud.

Next on stage is Raghu Raghuram (Executive VP, SDDC). He starts by a current status on VSAN, NSX and vRealize Suite. All you need is a bunch of commodity servers now, and you “pour” the VMware management software on top.

Raghu invites “Chief Powerpoint Officer” Ben Fathi (CTO) on stage to talk about EVO:RAIL and it’s 15 minute deployment time. For more info on EVO:RAIL see my previous post with links to loads of great official and community content. He goes on to talk about EVO:RACK which includes the entire vCloud Suite, VSAN and NSX included, and has a build time from about 2 hours.

Ben Fathi, CTO

Ben Fathi, EVO:RAIL 15 Minute Deployment

Raghu now addresses the subject of vendor lock in, with VMware’s answer being the use of VIO (VMware Integrated OpenStack). Ben demos how VIO deployment is integrated into the vSphere Web Client, which lets you manage all the common operational elements for OpenStack (e.g. Nova, Glance etc). The integration with vRealize Operations Manager looks pretty cool, letting you drill down into the tenants on the OpenStack platform, among other things.

Raghu then starts to discuss some of the vSphere Beta improvements, starting with SMPFT. This allows you to protect VMs with up to 4vCPUs. This will be great for highly critical services which may not have application layer HA. The element many people would want to protect most is vCenter, but I have heard mixed messaging as to whether this is actually recommended. VMware have some announcements coming around providing HA for vCenter (potentially natively).

Ben’s is back on the Powerpoint clicker, talking about Cloud-Native Applications, typically fault tolerant applications built across containers. Docker augmented the standard Linux LXC container with a simplified interface for building, deploying and transporting these containers. VMware believe you can get the best of both worlds running containers inside VMs, so you can augment your platforms with the flexibility of the VMware ecosystem around things like isolation, ops management, SDN through NSX, etc. VMware have also been working with Google to ensure Kubernetes integration with VMware. VMware have published a blog this morning comparing containers on bare metal vs using VMware and found the typical overhead to be 3% or less.

vRealize Code Stream is designed to help with the release process from dev to prod. Ben demos vRealize Automation’s “Release Automation” feature which lets you drill into a pipeline of functional testing, system integration testing, staging and prod, and the results for each stage of the development lifecycle.

Automation as a Service (vRealize Air Automation) and Compliance as a Service (vRealize Air Compliance) are now available to provide services across multiple clouds, including AWS. These are the first two in what will be a series of SaaS offerings under the vRealize banner.

Next, Policy Management, and a demo on the vRealize Automation Center. A set of networking, security and storage policies have been associated to a demo application. Based on the attachment of the policy blueprints, the VMs under the application will be remediated to meet the applied policy. An example of this would be to apply a Silver storage policy which happens to have a certain performance profile and a number of failures to tolerate (how many copies of the data on VSAN). Once these policies are in place (which will take some work in your environment to define), you can simply then assign apps and VMs to policies, and consumers don’t need to worry about the details on how this works.

NSX Microsegmentation is covered next. This is a brilliant technology as it allows you to effectively firewall VMs within the same security zone. Working for a service provider, this opens up many more options on how we architect multitenant and public cloud solutions. It’s definitely a driver for NSX adoption, even if you ignore all of the other features!

vCloud Air RaaS

vCloud Air RaaS

Simone Brunozzi (VP and Chief Technologist, Hybrid Cloud) comes on to demo an interesting use of APIs; sending alerts to Google Glass! He then demos extending an application out into vCloud Air. This was done by extending the L2 network out to vCloud Air using VXLAN and NSX. Simone confirms that one of the most popular vCloud Air products today is DR-as-a-Service, based on vSphere Replication.

So overall, no real announcements in todays keynote, mainly just reiteration of messaging and focus on demoing the path from a standard virtual platform, to an automated, orchestrated SDDC, with vCloud Air burstability and DR! If you have time to, and want to see these demos, I would recommend watching the keynote replay and jumping to about 30 minutes-ish, when this section starts.

The VMware Vision

The VMware Vision

VMware , , , , , , , , , , , , ,