The L1 Terminal Fault (aka Foreshadow) bug is another speculative execution side channel attack that affects Intel Core processors and Intel Xeon processors only.
For VMware vSphere there are some patches available as described in this document: VMSA-2018-0020. All patches have been released on August, 14th 2018.
Two years ago, VMware has started new vExpert (sub)programs on different technologies. One of those sub-programs was the vExpert NSX and I was honored to part of the first list.
After the renewal of last year (VMware vExpert NSX 2017), I found that I’ve been renewed also for this year!
VMware has just announced the list of vExperts NSX 2018.
Dell EMC OpenManage Server Administrator (OMSA) is a complementary tool that provides a comprehensive, one-to-one systems management solution in two ways: from an integrated, web browser-based graphical user interface (GUI) and from a command line interface (CLI) through the operating system.
Usually, you should add it to each bare metal system, unless you are using other management tools.
But also if you are using Open Manage Essential (OME) or similar, OMSA provide some unique and powerful features, like the access to the BIOS settings.
This is the year of the security threats originated by hardware level bugs. The year has begun with the Spectre and Metldown bug with several months of possible solutions, new BIOS, new patches… and new variants of those bugs (like Spectre V4 and V5).
But we are far from the solution because other bugs came out. And more will come out… All the software used at the microprocessor level and all the optimizations will probably be a good vector for new attack patterns. As already written, we are still far from the solution.
In the last Veeam Community Forums Digest newsletter there is an interesting note about possible performance issues in VMware vSphere backup based on hot-add transport mode.
VMware has confirmed that the increased Hot Add times experienced by some Veeam customers who have installed Veeam Backup & Replication Update 3a and the reason is the latest Virtual Disk Development Kit (VDDK) 6.5 version used in U3a to support also vSphere 6.5 Update 2.
Finally, the v2.2 of Veeam Agent for Microsoft Windows is available also from the client update.
Release on July 3, 2018 (see the release notes), the new agent versions (not only the v2.2 for Windows, but also the 2.0.1 for Linux) have been available from the Veeam Backup or other limited sources, but now are available to all.
Not much news or improvements, mainly the official support for Windows 10 v1803 and some minor bug fixes.
One common way to backup the VMware vCenter Server Appliance (VCSA) is to manage as a common VM and use a backup solution to backup (and restore) the entire VM.
But it’s approach does not always work, for example in the case of a database corruption the VM restore could be not working.
Starting with vSphere 6.5 and the new VCSA 6.5 was possible to use also a native backup solution integrated with the vCenter Server Appliance Management Interface (VAMI). But it was a manual operation (some scripts are available to automate and schedule it).
Some months ago I’ve written a post (Is the HTML5-based vSphere Client ready to replace the vSphere Web Client?) on the limitation of the new vSphere Client, but this was before the vSphere 6.7 and vSphere 6.5U2 releases.
VMware vSphere, during its history and the different versions, has got several types of Graphical User Interface (GUI) client.
One of the most used (not the first, but the standard one since Virtual Infrastructure 3.0) was the vSphere Client for Windows. But on May 2016 VMware has announced that the Legacy C# Client (aka thick client, desktop client, or vSphere Client) will no longer be available with the vSphere 6.5 release, replaced by web-based clients.
This is an article realized for StarWind blog and focused on the possible security threats in a virtual environment. See also the original post.
Security is typically a hot-topic due also to several regulations and compliant rules and laws. But more important, a security breach can have huge collateral effects, also if no data has been stoled, or compromised. But, for example, a “simple” DoS attack that makes a service not available can have a bad effect on the reputation of a B2C company.
This post will try to give an idea of some possible security threads in a virtual environment based on VMware vSphere (but several concepts are quite general also for other virtualization platforms) and some possible approaches to minimize the effect or prevent the attacks.
VM Explorer is another backup (and replication) tool with native support for virtualized platforms (vSphere and Hyper-V) with a good success in the SMB segment.
Initially was build by a Swiss company (Trilead), acquired later by HP(E) and recently acquired by Microfocus. Lot of changes in the name, but not in the substance and with a good development and release cycles.
Now Microfocus has released a new VM Explorer release (v7.1) compatible with the latest version of VMware vSphere 6.7.
VMware vSphere provides a different way to copy the VM data during a backup operation: those modes are called transport modes. There are at least three major transport mode: network mode (or NBD), hot-add mode (or VM proxy mode), SAN mode (of storage offload mode).
Most of the backup products can use those different transport modes depending on the configured infrastructure and the requirements.
If you are using Veeam Backup & Replication with a VMware vSAN datastore you are probably following the Veeam KB 2273 (Configuration for VMware VSAN). But this guide is only limit to recommend the hot-add transport mode.
So you are going to create several Veeam proxies because Veeam Backup & Replication chooses the most appropriate backup proxy to reduce the backup traffic on the VSAN cluster network. Maybe also one per host.
| Hosted by Assyrus
