Plain Virtualization

With Broadcom acquisition of VMware completing in 22nd Nov, there have been lots of assumption made by many sources what will become of the business direction. Here are some of the updates that are publicly announced if you have not catch up on the news. To start with, VMware is now known as VMware by Broadcom and all originally VMware software will remain to be branded under VMware. The first announcement 27th November, Carbon Black is  now  an autonomous unit within Broadcom. In my opinion this is good news. I have seen not much integration on Carbon Black ever since acquired by VMware so with that move, it allows Carbon Black to innovate and do what they do best in Cyber security landscape. Next from the acquisition completion, there are many speculation on after the acquisition what will end up of End User Computing? With the  announcement  on 8th December, The End User Computing (EUC) division will be a diverse business. With that understanding, EUC division will operate on their

Hot from the oven, VMware by Broadcom has just release their first announcement regarding the go to market since acquisition here . This definitely is much welcome. In the past, it take someone to study the licenses to really make sense and advise customer the right way to purchase them. That complicate things. However, with this new introduction, its makes it much easier for customer to consume. Many might be very surprise, what many have assumed how Broadcom will do to their customer by increasing x amount in pricing ends up reducing it and easier to consume. Basically from all the products and their editions, all have been collapse to just two product: VMware Cloud Foundation and VMware vSphere Foundation. Clearly the above are targetted to two different segment of customers. Also to note that both are only available in subscription offering and works either in connected or disconnect mode. As per FAQ, for customer who are on perpetual licenses, will no longer be able to purchase ne

I believe many would have wonder if the vExpert Program will continue since VMware has been acquired by Broadcom recently. I am glad to announce that Corey Romero the program manager for VMware vExpert is continuing the support for the program and this is also Broadcom is supportive of it community recognition. Just for information, VMware User Group is here to stay! For those who are not aware, the VMware vExpert 2024 application is now open. You can follow the post here . There are calls and multiple resources to help you out with your applications and explanation to the different path. Do take note you can fill in the form and save it and submit before 15 Dec 2023 closing date. So take your time to collect your thoughts on your contribution to the VMware community. There is no rush to fill it up at one go. If you need any advice or help, and need to talk to someone, go to the vExpert Pro directory and find someone near you. I am honoured to be part of this directory. Personally I

Another high rating of CVSSv3 of 9.8 was released here on VMware Cloud Director appliance. For those not aware, the virtual appliance is a prepackaged virtual machine with added configuration bedded in for easy deployment. This time it is due to authentication bypass vulnerability which allows a user to bypass authenticating on port 22 (ssh) or port 5480 after upgraded to version 10.5 from a previously older version. To resolve this, the updated kb has been released and it provide a script for the workaround to fix this. Do note that this affect only VMware Cloud Director version 10.5 which was upgraded from older version. Not on new deployment or other versions.

A security advisory VMSA-2023-0024 has been release regarding VMware Tools. This compromises of two CVEs namely: CVE-2023-34057, CVE-2023-34058 which carries a CVSSv3 of 7.8 and 7.5 respectively. This mainly affect the host that is running on MacOS or Windows OS with specific VMware Tools version. Both of which are related to bypassing and gaining privilege access.  The one of MacOS might be least impacted since most customer only run MacOS in Fusion or Workstation. Do note and have them updated as the fixed version has been released.

VMware has release a security advisory regarding vCenter Server. You can refer  here . This advisory is to address CVE-2023-34048 and CVE-2023-34056 which has a score on CVSSv3 of 9.8 and 4.3. This applies to vCenter Server version 7.x and 8.x which also affect VCF 3.x and 4.x which uses these vCenter Server version. The resolution is to apply the fixed version released. Do read carefully if there are any caveats for any particular build when you are updating. All of the above has been summarize in this  article  which was released on 24th October. Do take some time to read it and understand the risk and impact.

I haven't been actively looking at VMware certification upgrade or into exam writing over more than a year. My certification has been at least 2 version back last was due to developing the initial vSphere 7.0 back in 2021. VMware has since remove the so call "expiration" of certification. Since due to Broadcom acquisition, was looking at my own certification making sure it is updated and all was dated 2021 version. Which means I would need to pass one exam which is current as documented  here . If your exam is just a year before, the requirement is just to attend a recommended course instead of an exam. So if you have not updated to the current year and is just one year before, a course would make the most sense. In my case, I would not have to take an exam if I have attend a course last year and to renew this year, would be another course. The good news is, if you own both VCP or VCAP of the same track and year, you only need to take the higher (in my case, VCAP) and do

Back in vSphere 7 there was mention of deprecation of USB and SD Card due to reliability issue of such storage disk used for ESXi installation. Often than not, even in my home lab, I always encounter these USB sticks failure causing my host to not boot up after shutting down or doing a restart. VMware has now official state the deprecation of such support starting from vSphere 8. Which means, vSphere 8.0 will be the last version to support such storage devices as ESXi installation disk. I believe most customer would have moved off USB and SD Card since vSphere mentioned previously. More servers nowadays also support SATADOM SSD which is ideally better than a normal server HDD which might be too huge and wasted for use. Do refer to this  KB  on information regarding this and I hope everyone should not be considering using any more USB or SD card.

Two years ago, VMware manage to have VMware Boxer mail mobile client getting certificate for NIAP. It was the first mobile email client that has gotten this type of certification. Till date it is still the only mobile email client. This shows the security standard that Boxer has adhere to definitely isn't little. Having companied customer down to VMware Headquarters in Palo Alto in August and manage to know that VMware Horizon 8 has also achieved the same standard for NIAP in July 2023. This mark VMware Horizon as the first VDI solution to have met such standard and till date the only VDI solution in the market as well. Since VDI is often use as a main use case as a security solution to safe guard against IP thief and other use cases related, that a user requires full desktop access yet controls across the desktop are implemented, achieving this standard of certification is definitely proof VMware Horizon security standard. Please check out NAIP website  here  for the list of VMwar

If you are using Aria Operations for Networks, you might want to take note of this vulnerabilities and get it patch up as soon as possible. This carries a CVSSv3 rating up to 9.8 which is a very critical rating. It allows an attacker to be able to access and gain access to information from Aria Operations for Networks. Do check out the securities advisories for the fixed version and act accordingly.

The term "lock in" has been there for many reasons. Recently was in a discussion with some customers and this term came about again. Let's first define "lock in". In the context of IT, "lock in" prevent customers from moving away from an adopted technology, or you call in trapped. Using example of mainframe. Once an application runs mainframe, there is no alternative replacement. The only way to move out is to look for a replacement doing a complete refactor and hoping that data can still be utilised. That also explains, in the early days when mainframe was introduced till date, most are still on it. Also of course not mentioning the reliability and downtime that mainframe provide. At that point in time, there were only less than a handful of mainframe system e.g. IBM, Compaq Tandem, etc. and the technology offered were far beyond any others. At today's context, technology choices of a similar domain are massive. Even though mainframe might be an l

If you have not heard of Dell VxRaill appliance, you might just want to check it out. Just giving a short summary, this is a purposeful engineered appliance between Dell and VMware. Optimized to run vSphere, and vSAN which is VMware hypervisor and HCI solution. It comes with its own lifecycle management deeply integrated with VMware vCenter Server for lifecycle management as well. Such a beast of all appliance definitely comes with some design and best practices which will help you get the most out of it. So the right guy who have it al written down would be, Victor Wu . Victor is no stranger to Dell and VMware. He has been a great advocate on the two and more. This is not his first and won't be his last book I suppose.  I was fortunate to have received a copy from him. Definitely worth a read if you are trying to get updated and understand more why some of the design and best practice. Some of it could also be used on other systems.  Do check it out  Dell VxRail System Design and

You might not be aware as most customer do not have a datastore go beyond 2PB. Today we discover that if a datastore on vVOLs or vSAN which is more than 2PB, it will not be able to be use to create any workload. This is due to the PlaceVm API which limits it. You can refer to this kb . Though this will not affect many customers, VMware is committed to have this worked on perhaps to remove this limit. While that is at work, it is good to know and be aware when architecting.

 If you have not been following, VMware has quietly release update 1 for both vSphere and vSAN close to 3 months after the major release of version 8 for both. Catch announcement of vSphere 8 Update 1 and vSAN 8 update 1 . Here I will consolidate some of the read up to do a fast catch up. vSphere 8 Update 1 What's New Major feature summary Ability to attached a cluster Configuration Profile. Similar like how Host Profile works, but this is at cluster level. You will need to remove Host Profile from existing host in order to use Configuration Profile. vSphere Lifecycle Manager no longer just support cluster level. Now it can also be used for single standalone host as long it is managed by vCenter Server. Mixed GPU profile support in a single cluster. Prior to vSphere 8 Update 1, each cluster must use the same GPU profile for host leveraging on GPU. This version allows a mixed setup of GPU profile type. Support for Supervisor services when using virtual distributed switch. You will

We heard much of Sovereign Cloud. This term is very new to many and many are also new to the term at the same time like myself. The word, "Sovereign" can means many things from different people just like when the term, "Hybrid Cloud" was introduced. Let take a look what Sovereign Cloud really meant and what it is meant to address and understand some of the things to look out for. Sovereignty come with many variable. It can be from hosting location, to the operational of things and also the owning of assets. One of the key sovereignty, is about data.  To start with, VMware release an article on data sovereignty. Do check it out to understand more.  In summary, data sovereignty dictates where the data will reside. Whether is it been transported to other places such as replication, and so forth. Should it stays within the land of a countries, if so, replication will be within data centers (AZs) within the counties instead of out. Though one may be able to achieve data

VMware has release a security advisory on a vulnerability on VMware Carbon Black App Control. This comes with a CVSSv3 Range of 9.1. This allow an attacker to gain priviledge access of the operation system that Carbon Black App Control is running on. The fixed has been prompt and it readily available for download.  It is recommended to patch this up if you are using this product. Refer to  https://www.vmware.com/security/advisories/VMSA-2023-0004.html  for more information.

With the introduction to vSphere + licensing, there are some beneficial in term of licensing which many might not notice. Announcement Reference Video White Paper In a nutshell, software companies are all moving to SaaS and subscription licensing basis. So VMware have also introduce vSphere+ to cater to the needs of customer and adapting to changes in the industry. As an architect, you will have to take consideration on what is needed often with the Bill of Material so a need to understand the licensing differences from perpetual license is often required. In the traditional perpetual licensing, it was licensed in per CPU/socket basis and each CPU only alllows up to 32 cores. ie. if you have a CPU that has e.g. 48 cores, that CPU will require two CPU licensing. In top of that, you will also have to license an instance of the number of vCenter Server needed in your environment with active Subscription and Support (SnS) to be eligible for upgrade and support call. With the new vSphere+ l

A happy new year to everyone. Hopefully this year will be a great year for everyone. To start off my first blog article of the year, was to bring attention to vRealize Log Insight which need to be updated to fixed the latest vulnerability. Particularly two of which has a CVSSv3 rating of 9.8. Though there is no report of any security related incident due to this vulnerability, it is still highly recommend to patch up the tool before any happens. It is also great to see VMware been active on identifying and releasing the patch before any report of such incident actually happens. Do check out VMSA-2023-0001 to read more about it the two which has the 9.8 rating score.