Amazon Banner

Friday, September 26, 2014

Security Alert: bash Code Injection Vulnerability

This morning got brought to attention by my colleague, Iwan regarding this bash Code breached.  I am no linux or unix guy but when comes to security this is not to be play with especially in industry where security and compliance is highly evaluated.

A security vulnerability was detected known as "Shell Shock" which is a bash shell commonly found in unix and linux platform.  You can refer to CVE-2014-6271, CVE-2014-7169.

VMware was fast to publish this discover as well and you can read the post here and also to follow up with this KB on what products will be impacted.  So check back the KB to see which product from VMware is impacted and how to mitigate.

As for other platform, you would have to look back to your respective principle to find out if it is affected and the solution to resolve.


Update 29th Sept 2014
As extracted from CSOOnline, CentOS versions 5-7, Ubuntu 10.04, 12.04, and 14.04 (all LTS versions), Debian, Mac OS X, and Red Hat Enterprise Linux 4-7, are all vulnerable.

Update 30th Sept 2014
VMware Products that are affected are mentioned in the KB above listed.  VMware customer portals  are NOT affected is documented in this KB.  Great news for those still running out of support vSphere 4.x, VMware will also provide update for ESX 4.x as an exception though it has been out of VMware lifecycle policies.

Also companies that utilizes linux for the intelligence/function in their products just to list a few e.g. Nutanix has also publish their support note with and advisory note, TrendMicro tech note for a list of their vulnerabilities, Symantec here, Palo Alto Network note, Cisco Systems Advisory, Oracle Security Alert, etc.

Tuesday, September 16, 2014

VMWare vForum 2014 Singapore Registration is now Live!

In Asia Pacific, this is what we have been waiting for the biggest event of all time at in Singapore; VMware vForum 2014!

Every year there are more than 3000 participants from customers to partners within the Asia Pacific region with our various sponsors gather at this major event bringing with the announcements from VMworld both held in San Francisco to Barcelona.

This year without fail VMware Singapore is hosting it annual biggest event in Singapore at its usual same venue Raffles City Convention Center.

If you are new to VMware or just getting started or you are already in the matured level of building your cloud, this is an event not to be missed.  Not only will you get to meet up with all the professionals on the field and get to know all the solutions available to meet your needs, you will also get to understand what on the market just for you at one single day and place!

What's different this year from other years, is it is a 2 days event.  First day with all the announcement and keynotes in an overview of all the solutions from VMware and her partners.  With the new additional of second day which cater for all the technical professional with all the technical workshops.  On both days, there will also be Hands-on Labs going on!  Check out the agenda here.  Remember to look through both the agendas for both days.  Yes clicking on Day 1 and Day 2 does show the respective day's agenda if you did not notice it!

If you can only attend one event a year, you must not miss this!  So what are you waiting for start, register for your attendance here!


Update 17th Sept 2014
Look out for special privileges for VMUG members.  If you are not yet a VMUG member, sign up here now!

Wednesday, August 27, 2014

VMware World 2014 SFO Day 2 What's New!

If you have not read about what was on Day 1 check out here.  There ain't much announcement on solutions here on the second day.  There are quite a lot of announcements on EUC space and that you can read it here.  There are also mentions of CloudVolumes which was recently acquired by VMware just last week, a few partnership with Google and nVidia on Chromebooks and Horizon DaaS which lightly further expansion from the acquisition done on Desktone.

Also VMware has joined as a Gold Partner in the Open Compute Project as reported by AMAX.

With VMware been the first partner of SAP with AirWatch and SAP Mobile Secure into the mobility space on security and experience stated here.

On vCloud Air, there is on demand which was previously mentioned and as well as vCloud Air  Object Storage offering.  Check out all the new announcement by Bill Fathers.

To sum it all, the second focus much on the EUC and mostly partnership betwee day 1 and 2.  If you are expecting some new launches e.g. vSphere, you will be disappointed as if you are part of or heard of the vSphere Beta program, you will know it is still in beta and lightly would only be ready next year.

Let's now wait for the VMworld 2014 Barcelona and see what's new to of it will be announced.

Tuesday, August 26, 2014

VMware World 2014 SFO Day 1 What's New!

With VMware World 2014 at San Francisco there are so many great news and one of them is VMware EVO:RAIL.  A hardware appliance that comes in 2U and have up to 4 nodes and expandable to 4 appliance.  Read this article.  Also in a tech preview is EVO:RACK which you can read more about it here.

You might have thought, is VMware selling hardware?  Nope you will purchase from VMware partners and not from VMware.  This is build from bottom up tuned to fit vSphere with vCenter LogInsight and Virtual SAN.

You can take a look at the interface of how VMware EVO:RAIL interface looks like here.

Next the vRealize Suite which was announced which comprises of vCloud Automation Center, vCenter Operations Management Suite and IT Business Management which available for outside the vCloud Suite customers or non VMware customers who need a comprehensive Cloud Management Platform (CMP).

This also add to vRealize Air with beta sign up.  This enables customer on to experience vRealize as a SaaS with automation and management through vRealize with service catalog, policies and governance assignments and lifecycle management.

A container adoption with Docker, Pivotal and Google for the public and private cloud and even hybrid cloud environment.  Where applications on a common platform can be scale easily.  This will run on vCloud Air as well can be deploy via vCloud Automation Center.  Read more here.

Also the announcement of Openstack open source cloud framework support.  This comprises the use of vSphere for compute, NSX for network and vSphere Storage (for now is Virtual SAN) for storage and vCloud Automation Center with vCenter Operations Management Suite for the automation and management piece together with Open IAAS APIs to build a VMware Integrated OpenStack (VIO).

With a rebranding of vCloud Hybrid Service (vCHS) to vCloud Air.  With beta offering for Virtual Private Cloud OnDemand where you can sign up here.

The new bundling of VMware Workspace Suite which includes Workspace Portal, Horizon 6 Enterprise, AirWatch Secure Content Locker Collaboration (SCL) and AirWatch Enterprise Mobility Management.  The VMware Workspace Suite contains AirWatch Yellow Enterprise Mobility Management which you can find out what is the different between the colours edition here.  Licensing for Workspace Management Suite will be by per named user licensing with up to 3 devices applicable for the AirWatch Management Suite.

With more partners with NSX integrations and more Hybrid Cloud partnering with Application services from Dockers and Pivotal, there are just more to come on Day 2...


Update 27th Aug 2014
- VMware EVO:RACK
- Container Adoption with Docker, Pivotal and Google

Update 30th Aug 2014
- Added Workspace Suite detail on AirWatch Enterprise Mobility Management
- Licensing on Workspace Suite

Friday, August 22, 2014

Virtual SAN Sizing Tool Available!

With the days getting nearer to VMworld 2014, there are so much news from VMware.  First the acquisition of CloudVolume announced on 20th August 2014, now the release of the Virtual SAN (VSAN) Sizing Tool which everyone is having a great effort trying to find one or build one.

Check out the release article on this and read about its limitation or requirement at the moment supported.

You will be able to access the tool here.

Just to note this is an initial release, so there might be one or two bugs you might encounter.  Do help by providing feedback by clicking on the feedback icon so we can have better tool by refine it further.


Bugs found on 22nd Aug
Initial test, the host count always stay at 14 irregardless of the parameters given.
Issue has been resolved on 22nd Aug.

Saturday, August 16, 2014

VMUG Singapore 27th August 2014

If you are like me grounded in Singapore and have no opportunity to attend the VMworld in San Francisco or Barcelona, no worries!  VMUG Singapore with sponsorship from PureStorage, is going to bring all the announcements made in San Francisco back to Singapore right after the second day key notes.

The details of the event can be view here.  If you are able to attend, please register so we can estimate the crowd.  Whether you can arrive on time or after its fine, just come join us!  Register yourself so you can be updated of future VMUG Singapore events too!

Also join our Facebook Group VMUG ASEAN.

Details of the event is as follows:

Date: Wednesday, August 27, 2014
Time: 6:30 p.m. – 9:30 p.m.
Location: RedWorks 71 Robinson Road #07-01 Singapore 068895

See you guys there!

Tuesday, August 12, 2014

Microsoft Lync 2013 with Horizon View 6

There are all the articles available and most of them are on Horizon View 5.2 with Lync 2013.  However these are still valid there is nothing changes.  One great article which I refer to when doing my Proof of Concept (POC) with my customer is here.  The document that the article refers to is a must read and its pretty clear.  But some confusion that came to my mind when doing so here are some of questions you might have.

On the endpoint, it has to be a physical machine running Windows which can be 32 bit or 64 bit.  The LyncVDI plugin needs to be the same bit level as the Office (where Lync is usually installed with) or the Standalone Lync that is installed in the virtual desktop.

Note: Do not install Lync Client on the end points where Lync VDI plugin is installed.  And no USB redirection should be done for the camera or audio device which will be used by Lync for video and audio.

On the end point, you will need three things:
  1. Horizon View Client
  2. MS Lync VDI 2013 Plugin
  3. Registry entry
I have provided all those for easy download as below:
Microsoft Lync VDI 2013 Plugin (32 bit)
Microsoft Lync VDI 2013 Plugin (64 bit)
Horizon View Clients

Save the below file with a .reg extension and run on all your Windows Machine that will access the virtual desktops to create the entries.  Change the Internal and External server name (Microsoft does not reocmmend using IP address) of the Lync Server that you are connecting to.

Registry file=================================
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Lync]
"ConfigurationMode"=dword:00000001
"ServerAddressInternal"=LyncServer.Local
"ServerAddressExternal"=LyncExt.Local


EndOfFile==================================

On the Virtual Desktop, install Lync Client and make sure Horizon View Agent is also installed.  Login to the Lync client making sure it does connect in the first place as a test.  If you have not configured the email setting, lightly you will need to manually enter your internal and external server name.  Note: You can have no External Server that is fine.


Next is to test out the plugin.  Once you are connected using View Client to the virtual desktop, you will login to your Lync Client.  You will encounter a second prompt to login below:
Here you will need to provide your Active Directory (AD) credential.

Note: In my customer environment, their email domain and AD domain are not the same so when entering credential make sure you enter the right credential.

Once that is login successfully you will see the bottom status bar of Lync client.
The left icon indicate the audio device connected successfully.  The right icon indicate the connection with the Lync VDI plugin.


Troubleshooting

I enter the below status although my Lync VDI plugin was connected successfully.
You can see the left icon indicate an alert.  Clicking on it will indicate any alerts e.g. audio device not available/disabled.

If you try to connect a video call with this alert still on, the Lync Client will crash immediately.  If you view a person profile picture it does the same thing.

In my scenario, the audio device was disabled on my end point, enabling the icon immediately refreshes to normal while my View session is still connected.

In summary, the Lync VDI plugin is not that difficult to setup.  The good thing is any changes related to Lync on the end point device while connected to the View session, gets updated on the Lync Client.  The bad side of this, if any issues, the Lync only response is by crashing completely leaving you no option to figure out what is wrong.

Hope this helps for those trying to setup Lync 2013 on Horizon View.

Friday, July 4, 2014

VMware vSphere Beta Program Sign Up Now!

If you are not aware, the vSphere Beta Program is not available to the public.  This is beta 2 where beta 1 was via invite or to VMware employees only.

This is the first product from VMware where beta is free for sign up.  Do not miss this if you are a interested with the next release of vSphere.

To sign up, head on here.

By participating in the beta program, as always you need to be able to install this in some environment.  This can be your home lab or an isolated environment at your work place.  It can also be nested however if any issues resulted from nested will limit the support you reeive.

So help sign up in this beta program and provide all your feedback and issues you encounter so that vSphere can remains as resilient, reliable and stable.  VMware will need any inputs possible to better this release so do not hesitate to provide.

You will find all the documents and guides from the landing page upon signing up completion.

Friday, June 27, 2014

Horizon Mirage 5.0 What to Look Out For!

On 25th Jun 2014, VMware has announced the availability of Horizon Mirage 5.0.  This marks another milestone to complete the full Horizon 6 release (shorting vC Ops 6 for View).

Key features in my opinions:

1) The interesting features other than the support of Windows 8.1, is the cross migration between 32 bits and 64 bits OS.  A summary below:
  • Windows XP 32 bits to Windows 7 32 bits & 64 bits
  • Windows Vista 32 bits to Windows 7 32 bits & 64 bits
  • Windows Vista 64 bits to Windows 7 64 bits
  • Windows 7 32 bits to Windows 8.1 32 bits & 64 bits
  • Windows 7 64 bits to Windows 8.1 64 bits
2) The next is one of the chore I find is the in place upgrade.  You no longer have to follow the old upgrade process by uninstalling the previous version followed by installing again as stated in the KB.  Just by clicking the Horizon 5.0 setup files, it will detect and upgrade accordingly and shutting down any services if required (prompts are provided to go ahead).

3) The removal of installing a Horizon Mirage Edge server using a Windows OS.  Instead a vApp is provided this time round.  No more cumbersome setup.

4) Horizon Mirage alarms - Now you can identify the problems and not having to go through a list of nodes in your inventory to filter out which are having what issues.

Web URLs
There are some changes to the web URLs for the Web Portal and the File portal.  If you refer to my previous post on Horizon Mirage 4.4 it was the first time IIS was used.  Below are the changes:
  • Web Access
    https://Explorer (URL can be changed in the Horizon Mirage Server)
    • https://localhost:6443/Explorer (for http use port:6080)
  • Admin Web Access
    https://AdminExplorer (this is something new where administrator can search for any specific user/desktop)
    • https://localhost:6443/AdminExplorer (for http use port:6080)
  • Web Manager (Dashboard used by Web Help Desk & Web Protection Manager role)
    https://HorizonMirage/
    • New> https://localhost:7443/VMwareMirage (for http use port:7080)
If you look at the Web Manager where it was first release in Mirage 4.3 in my previous post, it looks pretty neat.  In Horizon Mirage 5.0, you will find even more stuff been added.

You can see that more buttons are now available.  You will notice also the alarm icon been added in the Web manager as well as the Mirage Management Console.

If you double click a managed device, you will be able to see the details.  You can also click on the minimize to keep it open in your tab.

Here you can see we are viewing the details of the CVD over from the backup section.

Resources
Here I have consolidated Horizon Mirage 5.0 information and resources as well as the USMT download instruction (which is pretty difficult to extract in my opinion).

Horizon Mirage Product web site.
You can see the release notes here.
You can find the documents here.
Download the evaluation here.
Download the binary here for customers.
To make life simple for everyone I have compile USMT 4.0, 5.0 and 6.3 into one file here.

Where to find USMT?
For USMT 5.0 which can be downloaded here for the Windows Assessment and Deployment Kit for 80 (ADK8.0 Tools at 3.4GB).  Run the downloader, to download the setup files.  Install and select only the USMT in order to extract it.

How to get USMT 6.3 for Windows 7 to Windows 8.1 migration?  You have to download the downloader from Microsoft here (4.1GB but you only need USMT in this package).  Run it to start download of the Windows Assessment and Deployment Kit for 8.1 (ADK8.1) Tools which you can specify a location as show.  Run the setup and choose only USMT.  Remember to uninstall after you copy out the USMT.
 
For any reason you need USMT 4.0, ADK for Windows 7 is available here.  This is a release as an ISO format.  Mount it, install the ADK and extract USMT from "C:\Program Files\Windows AIK\Tools\USMT\".

Note:  Microsoft has been inconsistent on the way USMT tools is distributed.  Since first release in 4.0, it is in ISO format.  For USMT 5.0 & 6.3, you will need to install to extract the USMT.  Also the uninstall names for all three version of USMT are totally inconsistent.  See below:

USMT 4.0
 USMT 5.0
 USMT 6.3

Friday, June 20, 2014

VMware Horizon 6 Available Now!

With the announcement of Horizon 6 on 9th April 2014, and the release of the availability of download marks another milestone from VMware in the End User Computing (EUC).  You will find the landing page for Horizon 6 (with View).  At the same time, the VMWare Hands-on-Lab (HOL) have release a new lab on Horizon 6 too!


Let's first look at the available solutions that are in Horizon 6.

Horizon View (VDI)
The version is as similar to the launch Horizon View 6.0.  This is still the same Horizon View that using PCoIP to access a virtual desktop solution.  Typically used case are mostly found in office users, factory floors, retail or any place that is able to utilize a virtual desktop without the need of a powerful end point of offline access.  In this release, all the management servers can be support with the latest Windows 2012 R2 operating system.  The different in this release includes the End of Life (EOL) of Local Mode as a feature which was only available from VMware View comparing with other VDI solution running as a type two desktop on your thick end point.  Also a new Cloud Pod allowing a global entitlement via a pod federation between two View Pod is supported which I do not find this with many used cases. 

Horizon Hosted Desktop
In Horizon View 5.3, RDS desktop was possible and in this release you will be able to use both Windows 2008 R2 and Windows 2012 as your hosted Desktop.  Whatever the purpose is for, now you can use a server operating system as a desktop. If you have user who do not need stored profiles, you can simply use this desktop and skinned it as a workstation operating system and allows your user to use them and this will save you on licenses cost like example, Virtual Desktop Access (VDA).

Horizon Hosted App
This is similar to Citrix XenApp perform a App presentation to the end point without the need to install applications on the end point and allow multiple user access to the Hosted Apps either via any device that can be installed with Horizon View client.  Similarly this is hosted on a RDS server via Terminal service.  However the different here is the presentation back to the user is via the familiar PCoIP protocol which also means, you will be using the same Horizon View client to connect to your desktop to your Hosted Apps as well.  The best part of this is you can even access your virtual desktop to access the Hosted App which is PCoIP over PCoIP.  If you read this correctly, everything will be managed through your familiar Horizon View Admin Portal which give the administrators not to have to manage multiple management interface unnecessarily.  How's that?  VMware has learn the flaw of their competitors and have design this the correct way not introducing a solution to compete yet ending up in the same issues.  This also means you can use the same Horizon View Connection Server as the broker.  That really simplify the complexity!  That is a very thoughtful process for this solution. 



Virtual SAN (VSAN)
Leveraging the newly Software Defined Storage solution, VSAN used in server infrastructure, in Horizon 6, the Advanced and Enterprise Editions are bundled in.  This not only greatly lower the total cost of ownership for customer exploring the possibility of VDI solution, but increase the adoption much possible.  The cost of storage to meet performance requirements in VDI is always the result of a high cost in the capital cost for any VDI.  Way to go for this!


VMware Workspace
With this release at verison 2.0, VMware renamed Horizon Workspace to VMware Workspace and have removed the File Sharing function that was once found in Horizon Workspace 1.8 and below.  Other than consolidating all SaaS applications in one common place, what encompasses in this release includes the ability to change the logo to suit your company branding.  Together it is able to act as a single common interface from desktop to mobile devices with the same look and feel with just one login.  It also support no authentication app to be added example adding a corporate intranet link.  It adds support for Office365 as well as Google Apps and Citrix XenApp.  Yes, you heard it right.  Citrix XenApp is support as well.  With this support, many companies that are reliance on XenApps finally have a place to place all their apps into one common portal.  You will be able to access Horizon Hosted Apps as well as Hosted Desktop and Horizon View desktop from here.  Do note that only Hosted Desktop and Horizon View desktop is able to utilize Blast to access via a HTML5 browser.



vC Ops for View (V4V)
In vC Ops for View 6.0 now in short known as V4V, it allows same metrics as per the same in version 5.x, however with the new interface as release in vC Ops 6.0.  In V4V, there is also additional capacity measurement found in the original vC Ops, and this allows the use of "What-If" functionality.  It will support RDSH session as well as in guess process metrics which I find this very useful!  Now you will be able to identify the processes in a guest VM without the need to log into the desktop and identify a problematic process if any.

Horizon Mirage
Horizon Mirage was acquired from Wanova and rebrand as Horizon Mirage.  This version is known as Horizon Mirage 5.0.  It was a physical desktop management solutions.  As VDI is never a 100% solution especially in an environment where mobility required to be offline or user who require a thick window device, the image management is typically a challenge for many organization till Horizon Mirage comes along.  With Horizon Mirage, you will be able to centralize image management for thick Windows machine and full clone virtual desktops on Horizon View.  Horizon Mirage was not "enterprise" class due to exposing Horizon Mirage server to public facing if required for out of office access.  With release of Horizon 6, Horizon Mirage will encompasses Horizon Mirage Edge server to place at the DMZ zone.  This remove the requirement to place the management server and resolve the "security flaw".  Support for migrating to Windows 8.1 is supported as well. 

ThinApp
As usual the same old ThinApp has not changed but in 5.0, it support the ability to package 64-bit application.

vCenter Orchestrator + Desktop Plugin and Design & automate workflows
What is provided here is not the vCloud Automation Center (vCAC) but the workflow which will allows the integration of vCAC to work with Horizon 6.  Also the inclusion of vCO workflows for use in provisioning of desktops and entitlements of users.


Below is the editions and the list price.
Reference:
All videos are from VMware TV.

Resources:
Reviewer's Guide for View in Horizon 6