Plain Virtualization

Recently the most talk about security measurement against the two discovered vulnerabilities has raised a lot of talks. This all started and revealed by  Google Project Zero . I have also recently shared advice from VMware support and KBs to our Singapore VMUG users during our event yesterday. Below is a summary of questions and the approach you should be doing for patching your VMware environment. Details on Spectre and Meltdown https://www.lifehacker.com.au/2018/01/what-are-spectre-and-meltdown-and-why-should-you-care/ https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help Technical explanation:   http://frankdenneman.nl/2018/01/05/explainer-spectre-meltdown-graham-sutherland/ Side Notes ESXi is only affected by Spectre and all patches for ESXi 5.5. and above has been released. Removed due to retracting of code instructed by Intel. Check update below. ESXi is NOT affected by Meltdown as it does not have untrusted user ac...

The threat was first discovered on Workstation during Pwn2Own hacking event.  With further investigation, it is now found possible on ESXi 6.0U1 and above. Do check out the VMware Security Advisories here .  The patches are all available currently. Read about the how this was found during Pwn2Own event on the blog post here .

Many like me are not aware of that VMware only support patches release of OS or minor update release of OS e.g. Windows 7 to Windows 7 Service Pack 1, RHEL 6 to RHEL 6.1 as refer to this KB . So what does this means?  If you are doing an in place upgrade of OS from Windows 2003 to Windows 2008 which is considered a major update release, this will not be supported by VMware although OS vendor supports this.  To be specific, the whole VM is not supported right after you have did an in place upgrade. As stated in the KB, it is recommended to install major update release in a new VM.  I see this a hassle as most users would just do an in place upgrade as long their software still works in the latter version.  In such a scenario, during an in place upgrade, any issue will need to be supported by the OS vendor and not VMware.  This is something I am totally caught unaware and not agreeable. However for customers upgrading form Windows 2003, due to the large dema...

Recently did a presentation on VMware Mirage to one of my customer who have attended the vForum 2012 and like to explore.  Some questions were posted and like to share some of the ways you can compliment or work with your existing patch management which you might currently have in your environment. You can find out more on VMware Mirage here . Download a free trial here . Question 1: SCCM in place for patching endpoints.  Mirage can help in two use cases: Use Mirage to build the reference machine for base layer and deploy to all end points.  SCCM to push all other apps and patches. Use Mirage to build reference machine for base layer and deploy to all end points as standard.  Use SCCM to only patch the reference machine.  Use Mirage to create different layers for different layers required. Now which to choose?  I would recommend option 2.  Here is why.  Using SCCM to patch the reference image and using Mirage to capture helps manag...

Accordingly to KB2007108 , this causes a delay in ESXi server boot up time. This is due to the cause of each portal will try to connect to the target up to 9 times if it failed to connect, with more portal and more targets, this can result in a long delay. Update: The patch for this issue has been release and a new ESXi 5.0 image is also available.  Please note when downloading you are provided with two different ESXi 5.0 images.  My recommendation is to use the latest though I do not know the reason behind why the previous is still available.

At time where you need to install update or install drivers on ESXi/ESX servers where new devices like Network cards or HBA drivers are not embedded in the base image. In vSphere 5 you can of cause recompile your own image.  However for existing servers, we would need to learn the commands. Here I have attached the screen shots with steps to do the installation using the VMware vCLI. Requirements: VMware vSphere CLI installed on your workstation which can be found here under VMware vSphere 4.0 CLI VMware vSphere 4.1 CLI VMware vSphere 5 CLI Open VMware vSphere  CLI Command Prompt on workstation.   Check the current Maintenance Mode of the ESXi server by using: vicfg-hostops.pl –operation info –-server   –-username e.g. vicfg-hostops.pl –operation info –-server 192.168.1.1 –-username root   Enter password when prompted. Put ESXi server into maintenance mode by using: vicfg-hostops.pl –operation enter -–server [server_name_o...