Wednesday, 17 October 2018

vTPM in vSphere 6.7

Today, we've been talking about vTPM and TPM in VMware vSphere 6.7, so I thought I'd put some information up to share with my delegates.

Trusted Platform Module (TPM) chips are found in most of today's computers, from laptops, to desktops, to servers.
The TPM chip usually is part of the system board and therefore the user may not be able to change it after purchase.
It is important to select the correct TPM hardware at the time of purchase.
VMware vSphere ESXi 6.7 can use Trusted Platform Module (TPM) chips to enhance host security.
TPM protects from software-based attacks that attempt to steal sensitive information by corrupting system and BIOS code, or by modifying the platform’s configuration.
TPM is an industry-wide standard for secure crypto-processors. The Trusted Computing Group (TCG) is responsible for TPM technical specifications.
The dedicated microprocessor is designed to secure hardware by integrating cryptographic keys into devices.
VMware vSphere 6.7 introduces support for TPM 2.0. TPM 1.2 and TPM 2.0 are two vastly different implementations: • Servers are shipped with either the TPM 1.2 or the TPM 2.0 chip.
VMware vSphere 6.7 introduces support for the Virtual Trusted Platform Module (vTPM) device, which lets you add a TPM 2.0 virtual crypto-processor to a VM.
A vTPM device is a software emulation of the TPM functionality. It enables the guest operating system to create and store private keys in such a way that they are never exposed to this guest operating system.
It enables the guest operating system to use the private key for encryption or signing.
With a vTPM device, a third party can remotely attest to (validate) the identity of the firmware and the guest operating system. vTPM has the following use cases:
·         An operating system can verify that the firmware loaded was not compromised since the last run.
·         An application can verify that the operating system did not load any malicious components
vTPM depends on VM encryption to secure virtual TPM data.
When you configure vTPM, VM encryption automatically encrypts the VM’s home directory (which contains nvram, *.vmx, *.vmsn, snapshots, core files, and so on) but not the disks. You can choose to add encryption explicitly for the VM and its disks. You can back up a VM enabled with a vTPM: • The backup must include all VM data, including the nvram file.
·         If your backup does not include the nvram file, then you cannot restore a VM with a vTPM.
·         Since the VM home files are encrypted, ensure that the encryption keys are available at the time of a restore.
You can remove a vTPM from a VM. However, removing vTPM causes all encrypted information on a VM to become unrecoverable.
Before removing vTPM from a VM, disable any applications in the guest operating system that use vTPM
Component requirements
·         ESXi 6.7
·         vCenter Server 6.7
·         KMS configured in vCenter Server to encrypt a VM
Virtual machine requirements:
·         EFI firmware
·         Virtual machine hardware version 14 or later
·         Windows 10 (64-bit) or Windows Server 2016 (64-bit) guest operating system
vTPM does not require a physical TPM 2.0 chip to be present on the ESXi host. However, if you want to perform host attestation, an external entity, such as a TPM 2.0 physical chip, is required.
For an excellent quick visual overview, watch Mike from VMware's presentation.

Monday, 15 October 2018

Free eBook from VMware - Modern PC Management

VMware have very kindly made available another free ebook entitled:

Modern PC Management for Dummies

The book covers the following:

This is straight from the Intro page.

"Welcome to Modern PC Management For Dummies, your guide to effectively managing desktop, mobile, and rugged devices in the heterogeneous world of today’s  business IT.
First of all, what do we mean by “modern PC management”? In the context of this book, PC management refers to an IT department’s ability to effectively commission, support, and decommission computing devices assigned to individual users. The old methods that IT departments of the past have employed just aren’t cutting it anymore; modern solutions are needed to address today’s management issues.

Modern management brings the efficiency of mobile device management (MDM) with the full breath of capabilities of PC lifecycle management (PCLM) to enable UEM via a digital workspace platform. The digital workspace collapses the silos between mobile and desktop management and even line‐of‐business application management to enable all devices."

The book comprises of 5 chapters over 58 pages and is authored by Kevin Strohmeyer, Aditya Kunduri, and Justin Grimsley

Definitely worth a read.

Wednesday, 3 October 2018

vSAN 6.7 and what's to come

Today I've been talking about vSAN in relation to the vSAN 6.6 Deploy and Manage Course.

I was lucky enough to be at the March Newcastle upon Tyne North East VMUG meeting, and Duncan Epping was one of the key note speakers, I recalled that he gave us a session on VMware vSAN 6.7 and what was to come.

The presentation is available on YouTube and if you've got an hour spare, it's worth a watch.


Join Duncan Epping, Chief Technologist VMware EMEA to learn about the new features and functionality of vSAN 6, how this release delivers a more intuitive operating experience, a more consistent application experience, whilst offering a more holistic support experience for our customers.

Saturday, 29 September 2018

Free eBook from VMware - Data Center Modernisation for Dummies

Here's another free eBook from VMware, this one is is all about Data Center Modernisation and is called.

Data Center Modernisation for Dummies

The book covers the following, with this introduction coming straight from the book.

"So, why do you need to modernise your data center? It all
begins with the digital transformation that is sweeping the
planet — and disrupting businesses at a fundamental level. In
every industry, companies are under pressure to interact with
their customers in new ways, through new channels, and to
delight them with new personalised experiences."

The book is written by Theresa Villatore-Silva and consists of 48 pages.


Friday, 28 September 2018

VMware Security Hardening Guides

Today we've been talking about security in VMware vSphere, and as part of the class one of the things I've started looking at is the:

VMware Security Hardening Guides

Security Hardening Guides provide prescriptive guidance for customers on how to deploy and operate VMware products in a secure manner.

Guides for vSphere are provided in an easy to consume spreadsheet format, with rich metadata to allow for guideline classification and risk assessment.

They also include script examples for enabling security automation. Comparison documents are provided that list changes in guidance in successive versions of the guide.

There's various guides on the site, but today we were only concerned about vSphere 6.5.

Worth having a look to see how much of the guides you follow?

VMware vSAN 6.7 Hands on Labs

As a VMware Certified Instructor, I spend time talking about VMware products, on a couple of the courses we talk about vSAN and what it gives up from a policy based software defined storage architecture.

I'm now finding that with products such as Dell VX Rail and other HCI solutions, delegates are asking more questions, and showing more interest in these lessons.

I always recommend playing with the product, and again, thanks to those at VMware, we have two really useful Hands on Labs to look at.

The first lab is the vSAN 6.7 Getting Started, in the lab:

"vSAN delivers flash-optimized, secure shared storage with the simplicity of VMware vSphere for all of your critical virtualized workloads."

The second lab is the vSAN 6.7 Advanced, in the lab:

"In this lab, you will be challenged to scale-out a vSAN cluster and to recover from misconfiguration issues."

Both labs can be accessed via the VMware Evaluation site

Thursday, 27 September 2018

VMware vForum Online Fall 2018

Are you Free October 9th 2018? If the answer is yes, why not sign up for the VMware vForum Online Fall 2018?

vForum Online is a must-attend event for IT professionals who are driving their digital transformation and building a hyper-converged IT infrastructure that:

  • Modernises Data Centers
  • Integrates Public Clouds
  • Transforms Networks and Security
  • Secures Digital Workspaces

vForum Online provides expert insight that can help drive innovation for your organisation. Our information-packed agenda includes virtual exhibits, a keynote presentation, multiple breakout sessions, live chat with experts and hands-on labs. And with no travel required, there’s no reason not to attend!

The full agenda can be accessed as a PDF

With over 40 sessions available and Hands On Labs, I'm sure there'll be something that will spark your interest.

To register visit the registration page.

Enjoy, see you there.