vSphere 6.5 Update 1 Security Configuration Guide Released

This has been cross posted from my own blog vGemba.net. Go check it out.

Introduction

On the 12th March 2018 VMware released the latest version of the vSphere Security Configuration Guide. This is an indispensable guide for securing your vSphere infrastructure which I highly recommend all VMware admins read.

Purpose

I have been following the guide for a few iterations now. Back in the early versions there were a lot of settings that could mean the over zealous administrator could have gone in and potentially caused problems. For example in the v5.1 version of the guide there were 172 settings listed over multiple sheets. In the latest version there are 68. A couple of reason for this are the mitigation change has been eradicated due to code changes or the guidance is no longer required because the software is secure by default.

Also included are some common sense ‘best practices’. This goal of secure by default can be seen in the graphs in the blog post from VMware. In vSphere 6.5 there were 24 settings available to harden the deployment. In 6.5 Update 1 there are now 10 due to VMware coding the guidelines into the code. So for that 68 Guidelines 10 are Hardening settings with 58 Non-Hardening (Audit only + Site Specific). Great job VMware! Continue reading

VMware vSphere: Optimize and Scale [V6] – On Demand Review

This has been cross posted from my own blog vGemba.net. Go check it out!

I recently was able to take the VMware vSphere: Optimize and Scale [V6] – On Demand course from VMware. Why On Demand and not in a Classroom format? Simple – travel time and costs. I was actually looking for the Design & Deploy Fast Track course but annoyingly it seem to be scheduled very infrequently and only in London. With family and work commitments taking a week out to attend was pretty impossible.

So I started looking at the On Demand option. I was scheduled to take the VCAP6-DCV Deploy exam so the O&S On Demand course seemed like a good fit. This was my first time trying an On Demand course instead of Instructor led in class training. The interface is based on the Hands on Labs so if you are familiar with that you will be comfortable using it. The modules covered were: Continue reading

Terraform with vSphere – Part 2

This has been cross posted from my own blog vGemba.net. Go check it out!

Introduction

In Part 1 of this series we went about installing Terraform, verifying it was working and setting up Visual Studio Code. In this part we will cover some Terraform basics.

Terraform Components

The three Terraform Constructs we are going to look at are:

  • Providers
  • Resources
  • Provisioners
Providers

Providers are the resources or infrastructure we can interact with in Terraform. These can include AWS, Azure, vSphere, DNS, etc. A full list is available on the Terraform website. As you can see it’s a very big list. In this series we will concentrate on the VMware vSphere Provider.

Resources

Resources are the things we are going to use in the provider. In the vSphere realm this can be a Virtual Machine, Networking, Storage, etc.

Provisioners

Terraform uses Provisioners to talk to the back end infrastructure or services like vSphere to create your Resources. They essentially are used to execute scripts to create or destroy resources.

Setup Terraform for vSphere

Open up Visual Studio Code and create a new file called main.tfin the folder C:\Terraform. If you have added C:\Terraform to your Path environment variable save main.tf anywhere you like, but of course the best place for all of your Terrform files is source control…

Continue reading

VCAP6-DCV – So good I thought I’d take it twice

I’d been thinking about taking the plunge on the VCAP for a while, truth be told, thinking about it was pretty much all i’d done. So at the start of August i booked my VMworld ticket and decided to add on a VCAP exam voucher. My thinking was follow the advice of so many before me, set the date and with the impending deadline that would be enough to get my ass into gear.

So i received my voucher, scheduled my exam date, then promptly quit my job….it all happened swiftly and I didn’t really see it coming. So rather than spending four weeks dedicating myself to my study i spent a frantic four weeks trying to tidy up a number of outstanding projects before beginning another chapter of my career. So as far as exam preparation goes it couldn’t have gone much worse.

I found time to watch some vBrownbag design sessions, i finished half of Foundation in the Art of Infrastructure Design, i read a number of blog articles about what to expect but only managed a fraction of the study that i’d have ideally done.

The day before the exam I spent most of the day trying some last minute cramming but truly felt by that point the damage had been done. I didn’t feel there was much more i could take in so late in the day and that night i was joking with people about how i was failing a VCAP exam the following day.

As i entered the exam i felt pretty lethargic, the prospect of 3.5 hours doing an exam that i didn’t think i had much chance of passing filled me with apathy but well i was there now with nothing better to do. First question was a drag and drop, and to be honest i felt completely at home i knew the topic and promptly rattle off an answer.

I read enough guides to know most people suggest a strategy, dependant on your strengths do all the questions first, leaving all the time for the designs etc. After question one, all my strategising went out the window, i started to answer the second Drag and Drop but it was more complicated and i thought this will take a bit more thought, so i flagged the answer and moved on.

I did this for the next 16 questions, answering any quick hitters and skim reading some of the designs. There was no rhyme and reason to my strategy i just wanted to know what i was up against. When i got to the end i went back through the questions in numerical order with a similar mindset, if it looked “easier” i’d tackle it otherwise i’d move on.

After a couple of passes i’d done 1/3 of the designs and most of the drag and drops. I was about 90 minutes into the allotted time and about two thirds of the way through the exam. Obviously i’d now picked off all the low hanging fruit and i was left with everything that looked either tough or terrifying. I worked my through the remaining Drag and Drops, some i found really ambiguous so was battling internally with the correct answers..

In fact this was probably my biggest issue with the exam as a whole, there were certain answers where i could quite clearly see two schools of argument. For some of them i really felt like i could argue the case for two correct answers, obviously the exam isn’t graded that way but that was what felt so tough. Two answers look right, which one is most right, or more importantly more right in VMware’s eyes?? A customer has enough physical 10GB interfaces for virtual interface requirements should they use physical or VLAN separation? It depends isn’t an acceptable answer

All that remained were the 3 most complicated designs. I battled through them as best i could. One design alone took me in excess of an hour, it was about a physical/vDS design, with port groups and a LAG. I found it incredibly tough, it was a complicated design and there was lots I wasn’t 100% about. Anyway it got to the point where i couldn’t look at it anymore and clicked submit. I submitted about the 3 hour mark so despite everyone’s warnings i didn’t really find time that much of a constraint. “Sorry you have not passed”.

Prior to the exam i was fully prepared to fail and was just expecting to take the experience as a learning opportunity, now despite my lack of prep, as i was about to press the submit button, i genuinely felt I’ve got a chance here.  And it turns out i had,  i was so close to passing that, rather than accepting the expected defeat i was absolutely gutted. 20 odd points, that may just have been 1-2 questions, as is typical with VMware exams all you’re left with is a pretty useless vague list of things to get better at before trying again.

I was pretty downbeat and went to the pub to meet up with some friends. This was when my luck changed, in the pub i bumped into Kyle Jenner (who has an outstanding VCAP study guide on his blog) who i’d only met for the first time the night before. He knew i was sitting the VCAP so we talked about it. Anyway it turned out a lot of my experience married his first attempt, we were able to talk through some of the designs and he helped me see where i’d made some of my mistakes.

By the end of the night i felt pretty good about it again, i took a shot with little prep and got bloody close. That meant i was on the right track, my actual real world experience had got me within touching distance of a pass. A bit more discipline, a bit more study (especially vSan as it came up a couple of times and i’ve never been hands on with it) and i’d be ready to take a second crack.

to be continued…