Spectre Vulnerability and VMware virtual machines

I had an interesting question posed to me last week regarding the Spectre Vulnerability and virtual machines. “If I patch the hypervisor, does that mean I do not need to patch the guest operating systems”?

The answer to that is no. According the VMware Security & Compliance Blog “For these patches to be fully functional in a guest OS additional ESXi and vCenter Server updates will be required”. This would include all guest OS on the host.

Here is a link to a good post on how to create a baseline in VUM to do the patch.

If you need to do an individual install of the patch, you can run a search for it on the product patch site. https://my.vmware.com/group/vmware/patch#search The patch itself is around 500MB.

ESXi 6.5 – ESXi650-201712101-SG
ESXi 6.0 – ESXi600-201711101-SG
ESXi 5.5 – ESXi550-201709101-SG

https://kb.vmware.com/s/article/2151132 Has all the info about the patch and instruction on how to run it locally.

To understand what performance impacts you may have: https://access.redhat.com/articles/3307751

 

End of General Support for vSphere 5.5 is September 19, 2018

The end will come sooner than you think. Don’t forget to plan ahead and upgrade to the latest version.

The End of General Support for vSphere 5.5 is September 19, 2018. To maintain your full level of support and subscription, VMware recommends upgrading to vSphere 6.5, or newer. VMware has extended the general support for vSphere 6.5 to a full five years from date of release, which means the general support for vSphere 6.5 will end November 15, 2021. For more information on the benefits of upgrading and how to upgrade, visit the VMware vSphere Upgrade Center.

If you would like assistance in moving to a newer version of vSphere, VMware’s vSphere Upgrade Service is available. This service delivers a comprehensive guide to upgrading your virtual infrastructure. It includes recommendations for planning and testing the upgrade, the actual upgrade itself, validation guidance and rollback procedures. For more information contact your Technical Account Manager or visit VMware Professional Services.

In the event you are unable to upgrade before the End of General Support (EOGS) and are active on Support and Subscription, you have the option to purchase extended support in one year increments for up to two years beyond the EOGS date. The price of Extended Support is $300,000 per product per year. Visit VMware Extended Support for more information.     

Technical Guidance for vSphere 5.5 is available until September 19, 2020 primarily through the self-help portal. During the Technical Guidance phase, VMware does not offer new hardware support, server/client/guest OS updates, new security patches or bug fixes unless otherwise noted. For more information, visit VMware Lifecycle Support Phases.

https://kb.vmware.com/s/article/51491

Quest 2017 webinars

Here is the schedule of upcoming webinars that will be hosted by Quest product experts. Join Quest for each session to learn more about each product and how they can benefit you. Quest subject matter experts have put together some great content for you!

 

 

Date

Time (PST) Session Topic Presenter Registration Link
 10/26 9:00 AM PT ViPR Storage Resource Management, Visualize, Analyze and Optimize your Datacenter Rich Colarusso and Roy Laverty Click Here
 10/26 11:00 AM PT Dell EMC Data Center Modernization and Migration Services Deliver 81% ROI Jon Erickson, Forrester Research,
Ted Streck, Dell EMC,
Click Here
 10/31 9:00 AM PT Oracle Database Protection Direct Diana Yang Click Here
11/2 9:00 AM PT Transform Enterprise File Services with Dell EMC Elastic Cloud Storage & CTERA Jim Crook, Ctera; Brian Giracca, Dell EMC; Doreen Eatough, Dell EMC Click Here
 11/9 9:00 AM PT Databases are ready for containers – Learn how and why to do it with a demo Bala Chandrasekaran Click Here

VMworld session calendar export

The option to download a calendar with your sessions is now available on the VMworld 2017 sessions page. I have been checking for this option for weeks. The site had instructions for downloading these, but was never visible. It looks like they finally got around to reorganizing some of the pages. Now if we can just get the app on our phones.

You also have the option to print a CSV. Thanks VMworld.

If I were in charge of VMware certifications

I have done the VCP level exams since the 3.x days. I remember when they were around in the 2.x days. Over the past 5 years we have seen an evolution of the VMware exams from VCP to over 20 certifications ranging from datacenter, networking, cloud and mobility. I applaud VMware for providing certifications in these areas and the levels of certifications for each area. But, has the certification wing of VMware turned in to a profit center or has content creation really grown to such an expense? It is tough to tell from the outside.

For me, I’ve had a love hate relationship with the certification exams. I love to pass, but I hate the tricky worded questions you would not normally see in any real world circumstance. For example, you see questions like this:

An administrator created a VM named “GoodVM” on a VSAN cluster with AMD processors on the hosts and four 10GB ports for the VM porgroup. What is the best method to reboot the virtual machine?
A. From the desktop client, choose Ctrl + R.
B. From the desktop client, choose “power, reset”.
C. From the host, invoke the command “esxcli restart -W VM -GoodVM”
D. Chewbacca lives on Endor, you must acquit.
E. Administrators do not have permissions to create virtual machines.

In the real world you would not get 80 confusing questions to solve in a couple of hours. It feels as though the VCP level exams have almost turned VCAP with the level of knowledge you need. Knowing exact error codes and memorizing minimums / maximums between versions (and even patch levels) does not seem realistic.

I believe there should be a training track solution like there is today. Maybe not so much of a hard requirement for the exam prerequisite. I’d say there should be an option to pass some online VMware exam before taking the VCP level exams. Maybe a set of 10 different exams within a months time frame.

For those taking the VCP delta exam there should be an option to take the exam at home. This was an option for the VCP5 delta, but not version 6.

We should get rid of the version numbers for VCAP and VCP if there is going to be a 2 year life cycle on the exams.

I look forward to the certification web cast hosted by the VMware education wing on 5/11/2017 for news on upcoming exams.

These are just my opinions and are in no way negative towards the great job the certification team has been doing over the years providing great exams.

Apache Struts 2 vulnerability and vCenter

News came out last week about the Apache Struts 2 vulnerability. There are numerous products affected by this vulnerability, but on the VMware side you have Horizon DaaS, vCenter, VROps and Hyperic. This is listed as a Critical severity.

On the vCenter side, this is for the virtual appliance and the Windows version of vCenter for 6.0.x and 6.5.

The question came up, is it a specific build of vCenter 6.0.x? If you look at KB 2149434 it lists 6.0.x. There is no 6.1 version of vCenter. VMware vCenter only has updates 1 through 3. VMware went directly from 6.0.x to 6.5. VMware only has a work around for now until they come out with a patch.

Storage adapter best practices and Tintri

I recently had a coworker come to me with a stack of articles on configuring adapters for storage arrays. He is new to Tintri and didn’t know about the best practice feature added in to the web plugin.

Did you know, that in the web plugin there is a feature to set the best practices for each host connected to Tintri storage? Once your storage is mounted to a host, you can apply the best practices to the host. This is not a new feature, it has been around for  while and works with all models of Tintri storage. It is just not common to see vendors offer such a feature. Most often when you get one of the big storage vendors, it require consulting hours to fine tune the array and hosts connected.

Page 12 of the admin guide explains how it works. In later 2.x versions the function may move around in the web client.