Plain Virtualization

Having worked in few companies and handle tons of escalations, often realize how many customers are not aware that Support from vendors does comes with some differences. Not all support entitlements are the same. I also talk about the support severity while back you can read up here . Let use VMware Software Support for comparison here . Using only basic and production support. (This is not all the types of support but for this discussion we will use these two.) Although its very clearly stated the difference between Basic and Production support mainly due to the response time and the hours of operations. There is something in common which I often realize many customer due to their internal policy required. That is Root Cause Analysis (RCA). Both support entitlement does not include.  So if you need this, how are you going to go about it if you are not entitled. Many customer would use escalation as one channel. However, this can only be used that many times and not infinite. And n...

Early this morning 11th Dec 2021, SGT, VMware has release a security advisory announcement for  VMSA-2021-0028 regarding a critical vulnerability in Apache Log4j identified by CVE-2021-44228 with a CVSSv3 full score rating of 10. Immediately, VMware has worked on several of the affected products that are affected with workaround or patches. As this is a full score rating, we likely to see VMware update workaround at least and release patches in the next few days. Do check back the page to see more updates. Do note that this is not a vulnerability specific to VMware. This is an Apache vulnerability. It is affecting all solutions that uses Apache. So do check out your environment and ensure all solutions used in your environment that do contain Apache Log4j is worked on. A FAQ site is also release for those with questions regarding this. If you are not aware do subscribe to VMware Security Advisory.

The vExpert 2022 application going to start on 6th Dec 2021. This is the first round of the application cycle for vExpert 2022. Before you head over to apply, you might want to read my experience when I first applied to have the application complete. If you need some help, reach out to your nearest vExpert Pro . They will be more willing to assist and advise you accordingly. Now let's go into how been a vExpert makes a difference. I have been a vExpert over the last 10 years. It was not easy and doesn't just come by just because I am a VMware employee. So don't get the wrong idea, VMware employee needs to also apply and meet the requirements. There are people who have applied and rejected as they do not meet the requirements. There is no such benefit as a VMware employee. This program treats everyone all equal. I applied for vExpert the year I joined VMware. However, the work I have done was the years before I joined VMware. I started jotting my technical experience as a r...

You may encounter this screen when trying to install Official Release Windows 11 on VMware workstation or VMware Fusion. This message:  "The PC doesn't meet the minimum system requirements to install this version of Windows." If you head over to the system requirements for Windows 11, you will notice on significant item that caught my eye. It needs TPM. Lucky for VMware Workstation and Fusion, both has the ability to add a virtual TPM. But before you can add that you need to turn on Encryption and set a password for that. After that, Add Device... and choose Trusted Platform Module . Once that is done your can just power up and install away.

A great day 1 for VMworld 2021. If you have not manage to listen and attend to all the sessions, there were several project been announced. Here are a summary for those who missed it. A quick summary of some of the topics can be found here . Project Cascade (Tech Preview) A unified kubernetes interface across VMware Cloud for IaaS (infra) and CaaS (container). This in turn provide open CLI, API and GUI. This address the problem that developers have to learn a different interface for every cloud running kubenetes. With Project Cascade, developer only need to know one and run in any Cloud. With initial milestone for VM service on VMware Cloud. The good thing is this is build on open foundation. Read more about it here . Project Arctic (Tech Preview) This allows vSphere to have cloud connectivity giving it Cloud-aware. This is extremely useful for customer who are still running on prem workloads and leveraging the cloud for use case such as DR. This allows customers to consume VMware Clou...

A critical vulnerability has been announced by VMware in regards to vCenter Server found in version 6.5, 6.7 and 7.0. The security advisory can be found here . This is bearing a rating of CVSSv3 of 9.8. A list of FAQ is also release for any questions pertaining to this vulnerability. You can also join in the community discussion regarding to this vulnerability here . It is highly recommended to stay up to date by subscribing to the security advisories alerts. Note that this vulnerability consist of several parts. And each either affects all the version of vCenter Server or partial versions of it. It is highly critical and recommended to patch this immediately. As a user of VMware Cloud on AWS (VMC), great to receive notice that the vCenter Server has been addressed in regards to this vulnerability.

Critical Security Vulnerability Workspace One Access and vRealize Automation VMware has release a security notice VMSA-2021-0016 in regards to Workspace One Access (WOA) i.e VMware Identity Manager (vIDM) with a CVSSv3 base score of 8.6 . It is encourage to apply the patch or workaround as soon as possible. This also applies to vRealize Automation that has embedded vIDM aka WOA. Server Side Request Forgery in vRealize Operations Manager API ( CVE-2021-21975 ) This is impacting vRealize Operations Manager which can be a standalone product, in VMware Cloud Foundation or vCloud Suite and deployed by vRealize Suite Lifecycle Manager. It has a CVSSv3 base score of 8.6 which is highly critical. This allows authenticated user via API to vROps the permission to write files directly locally to the underlying OS, Photon.  VMware vExpert 2021 Second Half Congrats to all new vExpert 2021 from Second Half announcement . It is not easy to have such a big community with everyone contributing wit...

Recently recent questions on the impact with license expiry. Especially important when most licensing are going into subscription model. But regardless of the license type, the effect are the same. Let just dive right in. During vSphere 5, I did an article regarding this issue where license expires on vCenter Server. The KB that was describing it has also been removed. The functions are partially working as stated. In fact, in vSphere 5.5, this has been documented . Today with vSphere 7, vCenter Server expiry of license is now shown in the doc . As well for the ESXi Server is documented . It is a now a clear cut that all ESXi hosts will be disconnected which also means no vSphere HA or vSphere DRS will work since this requires the hosts to be managed by vCenter Server. For other solutions, please check the respective documentation of the products to have a better understanding.

For those who ain't aware that in the release of vSphere 7.0, support for Integrated Windows Authentication (IWA) will be deprecated. This has been published in this KB . The existing method of AD over LDAP, OpenLDAP will still works or the new feature in 7.0, AD Federated Identity (AD FS). Check out this article . To be honest, I would recommend to use AD FS if you are using a windows environment since this will prevent vSphere from talking directly to AD. Which in a way much safer and its a session based on the token method via OAUTH2 and OIDC protocol than to have user name and password been exposed. You can refer to the documentation on how to setup AD FS for vCenter Server here and also check out this TAM LAB video . With the support of AD FS, this will allow MFA to be implemented. However, this is still limited as due to the number of support on AD FS.

 After changing my role as previously mentioned, it has taken some time off my blogging time. Still I want to pen down some important things that one should be looking at. vExpert Application If you are looking to renew vExpert and missed the dateline earlier the year, or is not already a vExpert, the second half application is now open, check out my post and hope it helps. Sign up now till 9th July where it closes. VMworld 2021 Yes the registration for VMWorld 2021 has now open. Do sign up now to avoid disappointment. vCenter Vulnerability https://www.vmware.com/security/advisories/VMSA-2021-0010.html If you have not been getting notified, you should be worried whether or not your vCenter Server is internet facing. This is a very critical vulnerability as it has a CVSS score of 9.8/10. Make sure you get it patched. This is an issue affecting the way vSAN plugin validation and authentication with vCenter Server via vSphere Client (HTML5). vCenter Server version 6.5 and above are ...

The vExpert 2021 second half application is starting in June. If have missed out the first half at the beginning of the year, this is your last chance. To top it off this year, VMware vExpert program has create two groups, one is LinkedIn and one is Facebook for people who seek help in their application or looking for mentors to help achieve the vExpert accreditation. Alternatively you can approach your nearest vExpert Pro for advise as well. These are the people who will be assessing all the applications. If you are one of those, look no further and join those groups above. To find out more of on vExpert program, check out vExpert site and register an account to be ready to apply when application opens. Do check out my past article on my experience , and some of the tips on whether you have met the requirement and the track to choose for vExpert program. All the best and hope to see more vExperts.

Recently, I got into a discussion with my colleague regarding vCenter Server High Availability (VCHA) and a good discussion on the area where VCHA could be of use. Before we start, I like to summarize the few questions that always got asked during my course of work and as well when I teach vSphere Install, Configure and Manage course. What is VCHA use for? It is really meant for local site availability. Where a lost of vCenter Server can create an outage to other management components where vSphere HA RTO is not sufficient or vSphere HA is not possible to bring up the vCenter Server. Can VCHA be used in a stretched cluster setup and how should we plan to place the nodes? Yes. You will definitely have two sites in a stretched setup. And if you like to have VCHA implement in such a setup, you will need to have a 3rd site or minimal a separate cluster at the passive node site. Typically you will have active node at site 1, and passive node with witness node at site 2 where witness node is...

I started this blog when I was doing technical implementation and design back in IBM days. The term always use is Post Sales engineer/consultant. It was held up and I never get to start anything until I left and joined BT Frontline which is the now British Telecom. I started this blog in Apr 2011 with one main purpose, paying forward for what I have benefited from the community. I remembered clearly, during my early years when I was building a VMware View in my home lab, someone from LinkedIn VCP group was so willingly helping over message and a call from oversea to help me troubleshoot and guide me to configure a vyatta virtual router. Since then, I decided to share what I have learned if not I would not have gain as much as I have. That very year, I got an opportunity at VMware and join the company as a System Engineer which industry term it as Presales engineer. It was my dream company and I never looked back since. I carry on to share what I learned without any plan in my career. J...

If you are not aware when vSphere 7.0 Update 1 was release, there is one improvement made to Cross vCenter Migration. For those who didn't follow, in the past, Cross vCenter Migration can only be done between vCenter Servers within the same SSO domain. This created a limitation especially when one company merge or acquire another, they are unable to move the workloads but have to resort to the traditional methods either from backup and restore, etc. With vSphere 7.0 Update 1, vCenter Server 7.0 Update 1 improve this function. There is no longer a requirement of having both the vCenter Servers to be part of the same SSO domain. This resolve lots of use cases out there in the field. This feature came as a Fling and eventually made it to be part of the official product. However, there are some things need to be clear on the requirements. You need to make sure the vSphere edition needs to be at least Enterprise Plus. For Standard and the old Enterprise edition (if you didn't upgra...

There are so many blogs and articles been posted by many. You can refer to some of the official ones below. What's New in vSAN 7 U2 Duncan's What's New in vSAN 7 U2 Here I am going to list some of the great feature found in vSAN 7 U2 which will help in everyday operations or use cases. vSphere Lifecycle Manager Once feature which was covered in vSphere 7 U2 post, was the ability to upgrade or patch the ESXi with Suspend of memory with Quick Boot. In vSAN, this reduces resynchronization efforts We also mentioned that more vendors hardware support for updates is now available. With the new vLCM, you can now dictate a desired state with an image and a prescribe outcome as a desired result. vSAN Data Persistence Platform (DPp) In vSAN 7 U1, support for a new framework for integrating stateful aps working with Kubernetes Operators such as MINO, DATASTAX, etc. was introduced providing the vSAN Data Persistence platform. In vSAN 7 U2, not j ust providing a easy deployment when the...

There are multiple What's update and overview when vSphere 7.0 Update 2 was released on 9th Jan 2021. I am not here to list down those however, you can check it out below. VMware vSphere 7.0 Update 2 VMware vCenter Server 7.0 Update 2 Release Notes vSphere 7 Update 2 Part 2  (updated 18 Mar) What I like to pinpoint out here is what I find will be useful for an architect choosing the right solution for the right use case and be aware of what is useful to help customers in running it after deployed. I will break this down into three portions in the area of vSphere with Tanzu, AI/ML Platform and vSphere improvement. vSphere with Tanzu As you know vSphere with Tanzu or TKG-s has been introduce when vSphere 7.0 was released. With update 2, it now able to leverage on NSX Advanced Load Balancer (previously known as AVI), an enterprise grade Load Balancer for Supervisor Cluster, Guest cluster (TKG) and Kubernetes Services of Type LoadBalancer deployed in TKG clusters. Check out this articl...

Many might have been raised alert on the recent vCenter Server vulnerability which was raised as a 9.8/10 scale rating. One of it can be found here  reported on Feb 23rd. If you have subscribe to VMware Security advisory, you would have received this information VMSA–2021–0002 . I would strongly encourage anyone who is using VMware solution to subscribe to VMware Securities Advisories so as to be kept informed of any security information. If you have refer to VMSA-2021-002, vCenter Server version 7.0 U1c was updated in Dec 17th, 6.7 U3I Nov 19th and lastly 6.5 U3N Feb 23rd one day after the report. If you have been up to date, you would have been protected way before the report was announced. The only version was 6.5 which was release a day after, but based on the report, it was a one day turn around which is still impressive. Also this is very critical for vCenter Server that are connected to the internet. However, this case would be minimal as most customer would not have place t...

 Recently, I was in a Facebook group, VMware vExpert and one member actually posted this. He was running a VDI environment and notice his VMware Tools got uninstalled and was not able to install successful after several attempt. This is a VMware issue, but let's looks more into it. With further check, the user did a update to their ESXi host, and vSphere auto update the VMware Tools to every virtual machine that got rebooted. During the installation, whether auto or manual triggered by user, it fails. With an investigation by the member, it seems his anti-virus has blocked the installation. But wait right here, how did vSphere did auto update of VMware Tools? Isn't that trigger normally by using the vCenter Update Manager (prior to vSphere 7.0) or vCenter Lifecycle Manager (vSphere 7.0 onwards)? A good thing the member found this article by one of our VCDX. It seems that there is an auto update of VMware Tools to patch ESXi host if you check that on as show by vMiss.net. vSph...