Tuesday, August 28, 2018

VMware vForum 2018 Singapore: vWarrior Championship!

The yearly VMware vForum 2018 Singapore is announced to be on 4th Oct and can be registered here just as when VMworld 2018 is running. You will be expecting some content from VMworld for sure.

What's New?
One new program that is coming out from vForum this year in Singapore, will be vWarrior Championship. This is going to be one of it's kind.

This is going to be a Hands-on Lab competition and teams will be competing in completing tasks in the correct manner. Of course, there will an introduction session beforehand for those who ain't familiar. We don't expect everyone to know everything that is for sure to be fair.

Here are the details:

Grand Prize: Go Pro Hero 6 Black per member
Runner Up Prize: Amazon Echo Dot 2nd Gen per member

Short description: Showcase your technical capabilities in our Hands-on Lab environment across the VMware portfolio of solutions in Software-Defined Data Center (SDDC) and End-User Computing (EUC). 

Compete through a group stage and knockout rounds to be crowned the grand prize winner!

  • Each round will cover a different solution
  • Form a team of 1 – 3 members and register via this link
  • Briefing and training will be held on 13th and 20th September, each session covers a different set of solutions related to the competition < Recommended to attend
  • Registration ends 3rd September

What are you waiting for?
What are you waiting for? Quickly sign up. Did I mention, each participant will be given away a vWarrior Varsity Jacket?

Tuesday, August 14, 2018

Validated and Compliance Versus Certified and Approved

As a technical professional, it is always very ignoring to see honesty been bridge using marketing words. How many times have you seen creative words been used to justify for something which is not true? Or when they claim they are and they are not?

That comes to the topic in my subject. Have you come across products stating that they are validated and compliance instead of Certified and Approved? And you have to explain the meaning behind this.

There is a lot of confusion created due to the use of words and to clarify this, we will use an example with sources you can testify what is really Certified and Approved instead of following Validated guidelines or Compliance to follow certain requirements.

Let's use VMware products as a discussion. You can find out that VMware vSphere, NSX and vSAN is an Approved DISA STIG solution. If you head over to STIG Viewer, you can see the guidelines given to all the approved solution. You find VMware vCenter, NSX, and ESXi as an approved list. VMware vSAN is part of VMware ESXi, in such, it is also updated and stated in the STIG which you can read more from the public post which links to the STIG guideline.

To be part of a solution used in DoD, it has to have DISA STIG approval. However by just following a guideline from DISA STIG only get a solution compliance and not approved. An approved solution needs to be done only by the governance body.

So Compliance is NOT equal to Approved.

Do not get this confused. Anyone can be in compliance by following a guideline but it does not equal to be approved.

Next, let's talk about Compliance. Let's take FIPS140-2 which is govern by NIST. To know if a solution vendor is certified by NIST for FIPS on their Crypto Module, you can head over to here and search the vendor is listed. When a solution or product claims it is compliance/validated on FIPS, this does not equate to be certified as many thought. The word "Validated" is been misused many a time. To find out the truth, use the search in NIST and key in the Vendor name to be sure.

If you enter VMware, you will see that VMware Cryptography Module is listed this is because vSphere is FIPS certified and uses this module. You can also try other solution such as Redhat, Oracle, Citrix, Nutanix, Microsoft and you will find different results.

Note that FIPS140-2 has also two levels. Where level 1 is applicable only for software and level 2 is applicable only for hardware.

Validated is NOT Certified.

Be very careful when you need a FIPS solution and its claimed to be Validated and not really Validated or even Certified. What do you need as a compliance in your environment stated by your security policy, Is it Validated enough or Certified? Make sure you are certain of it.

VMworld 2019 US Two Days Summary

If you have been following what VMware has been up to by acquiring several companies and mainly related to Cloud Native Applications solutio...