This is a book I always recommend that my delegates read when they attend my VMware courses.
VMware vSphere 6.7 Clustering Deep Dive
Don’t miss the latest release from renowned virtualisation authors Frank Denneman, Duncan Epping, and Niels Hagoort. A must-read for every administrator, architect, consultant, and aspiring VCDX, Clustering Deep Dive takes you into the trenches of how to create a winning cloud infrastructure with vSphere Technologies, including how to implement:
• HA admission control policies
• DRS resource pools
• Datastore Clusters
• Network resource pools
• Resource allocation settings
All I can therefore say, is thanks to Rubrik, VMUG, Duncan, Frank, and Niels for making this available for download.
Today, we've been talking about vTPM and TPM in VMware vSphere 6.7, so I thought I'd put some information up to share with my delegates.
Trusted
Platform Module (TPM) chips are found in most of today's computers, from
laptops, to desktops, to servers.
The
TPM chip usually is part of the system board and therefore the user may not be
able to change it after purchase.
It
is important to select the correct TPM hardware at the time of purchase.
VMware
vSphere ESXi 6.7 can use Trusted Platform Module (TPM) chips to enhance host
security.
TPM
protects from software-based attacks that attempt to steal sensitive
information by corrupting system and BIOS code, or by modifying the platform’s
configuration.
TPM
is an industry-wide standard for secure crypto-processors. The Trusted
Computing Group (TCG) is responsible for TPM technical specifications.
The
dedicated microprocessor is designed to secure hardware by integrating
cryptographic keys into devices.
VMware
vSphere 6.7 introduces support for TPM 2.0. TPM 1.2 and TPM 2.0 are two vastly
different implementations: • Servers are shipped with either the TPM 1.2 or the
TPM 2.0 chip.
VMware
vSphere 6.7 introduces support for the Virtual Trusted Platform Module (vTPM)
device, which lets you add a TPM 2.0 virtual crypto-processor to a VM.
A
vTPM device is a software emulation of the TPM functionality. It enables the
guest operating system to create and store private keys in such a way that they
are never exposed to this guest operating system.
It
enables the guest operating system to use the private key for encryption or
signing.
With
a vTPM device, a third party can remotely attest to (validate) the identity of
the firmware and the guest operating system. vTPM has the following use cases:
·An
operating system can verify that the firmware loaded was not compromised since
the last run.
·An
application can verify that the operating system did not load any malicious
components
vTPM
depends on VM encryption to secure virtual TPM data.
When
you configure vTPM, VM encryption automatically encrypts the VM’s home
directory (which contains nvram, *.vmx, *.vmsn, snapshots, core files, and so
on) but not the disks. You can choose to add encryption explicitly for the VM
and its disks. You can back up a VM enabled with a vTPM: • The backup must
include all VM data, including the nvram file.
·If
your backup does not include the nvram file, then you cannot restore a VM with
a vTPM.
·Since
the VM home files are encrypted, ensure that the encryption keys are available
at the time of a restore.
You
can remove a vTPM from a VM. However, removing vTPM causes all encrypted
information on a VM to become unrecoverable.
Before
removing vTPM from a VM, disable any applications in the guest operating system
that use vTPM
Component
requirements
·ESXi
6.7
·vCenter
Server 6.7
·KMS
configured in vCenter Server to encrypt a VM
Virtual machine
requirements:
·EFI
firmware
·Virtual
machine hardware version 14 or later
·Windows
10 (64-bit) or Windows Server 2016 (64-bit) guest operating system
vTPM
does not require a physical TPM 2.0 chip to be present on the ESXi host.
However, if you want to perform host attestation, an external entity, such as a
TPM 2.0 physical chip, is required.
For an excellent quick visual overview, watch Mike from VMware's presentation.
"Welcome to Modern PC Management For Dummies, your guide to effectively managing desktop, mobile, and rugged devices in the heterogeneous world of today’s business IT. First of all, what do we mean by “modern PC management”? In the context of this book, PC management refers to an IT department’s ability to effectively commission, support, and decommission computing devices assigned to individual users. The old methods that IT departments of the past have employed just aren’t cutting it anymore; modern solutions are needed to address today’s management issues.
Modern management brings the efficiency of mobile device management (MDM) with the full breath of capabilities of PC lifecycle management (PCLM) to enable UEM via a digital workspace platform. The digital workspace collapses the silos between mobile and desktop management and even line‐of‐business application management to enable all devices."
The book comprises of 5 chapters over 58 pages and is authored by Kevin Strohmeyer, Aditya Kunduri, and Justin Grimsley
Today I've been talking about vSAN in relation to the vSAN 6.6 Deploy and Manage Course.
I was lucky enough to be at the March Newcastle upon Tyne North East VMUG meeting, and Duncan Epping was one of the key note speakers, I recalled that he gave us a session on VMware vSAN 6.7 and what was to come.
The presentation is available on YouTube and if you've got an hour spare, it's worth a watch.
Join Duncan Epping, Chief Technologist VMware EMEA to learn about the new features and functionality of vSAN 6, how this release delivers a more intuitive operating experience, a more consistent application experience, whilst offering a more holistic support experience for our customers.
