VMware has announced that it will turn off TPS in upcoming version of it’s hypervisor ESXi and vCloud Air hybrid cloud service. This is due to a security bug, considered a very rare possibility and only exploitable in very controlled and largely misconfigured environments. TPS also known as Transparent Page Sharing is a memory management technique that allows multiple VM’s to share a read only copy of the same memory page. When a VM needs to update or write to a page a new copy is created. The idea is that if there are many VM’s with similar memory pages on the same physical host server it will de-duplicate the pages and only store one copy. The result is that you can run more VM’s per physical server while still achieving very good performance.
TPS has for a long time been used as a competitive advantage by VMware over all of the other hypervisors. But realistically it hasn’t been in wide use by most customers for some time (since ESX 3.5) as the amount of RAM per host has increased, because of the use of large memory pages (2MB instead of 4KB) in Nehalem and above processors, and because most customers don’t want to run their systems at 100% utilization so that they can handle bursts of activity. When using large pages TPS only kicked in when systems were over 96% memory utilization, at which point large pages would be broken down into small pages that could be shared. However this has been a popular technique with service providers and with virtual desktop environments, and in some test and development environments, where over commitment of memory may have been acceptable.
If you thought Ebola was deadly to humans wait till you get a load of the latest security issue impacting the world wide web and most everything connected to it including potentially your phone, lights, servers and the list goes on (excluding Windows systems). If Heart Bleed wasn’t bad enough at the start of the year the new Shell Shock bug certainly is. It is what I would term the Mother of All Bugs (MOAB). It impacts almost all Unix, Linux and Mac systems and allows a remote attacker to execute arbitrary code and potentially steal your data, credit cards and other information. So how serious is this? Well the NIST CVE Alert Rating on this is a 10 for severity, and a low for complexity to exploit (read my 7yr old could exploit this bug). So basically the worst possible kind. Oh, but wait, there’s more…
Another year has flown by, and what a year it was, and now we’re in a new year and I’m a year older and hopefully a little wiser, we never learn less. The great thing about being in the IT industry and especially being involved with Virtualization, Cloud and Software Defined Datacenters, there is always so a lot to learn and things are changing at an ever faster pace. All the time the economics and customers benefits are rapidly increasing all the time. I mean we don’t just do things because they are cool and technically interesting, there has to be an ROI for our customers, partners and customers organizations. It was great for me to personally be involved in revolutionizing many customers economics of delivering IT infrastructure and applications services throughout 2013, especially with the many Unix to VMware migration projects I was involved with. So this article will reflect on some of the highlights of 2013.
If you’re upgrading from vSphere 5.1 to vSphere 5.5 and you ARE NOT using Custom CA SSL Certificates then you might run into an error. The error will be encountered during the upgrade of SSO, and specifically the Lookup Service, and only occurs in specific conditions, such as when using the default VMware Self-Signed Certificates. If you run into this problem your upgrade process will roll back, but leave behind some upgrade files that need to be cleaned up. This article will briefly touch on the recommended solution to this problem.
VSS Labs will be showcasing its latest offerings at the New Innovator Pavilion at Booth 2035 at VMworld USA 2013. The two offerings include it’s globally successful and VMware exclusive Cloud Migration Portal and it’s new SSL Certificate lifecycle management product vCert Manager. Lets have a look at what these two products are all about to give you a glimpse of what you might find out at their booth at VMworld USA.
This week I’m brining you this article from my hotel in Shanghai, I’m in China to present Unix to VMware Migration workshops. Last week I made the treck to Las Vegas like around another 12,000 people for the annual HP Discover US Event (June 11th – 13th). This was my first time to HP Discover and I was very grateful to HP and Ivy Worldwide for making this opportunity possible. HP Discover is not like any other IT event that I’ve been to and HP certainly know how to put on a magnificent show. Almost all of the Sands Expo Center at the Venetian was taken up by the exhibition stands of different HP divisions with the remainder for Sponsors. In terms of number of attendees it’s around half the size of VMworld, but lacks nothing in terms of spectacle. The big themes of the event were aimed around creating a better enterprise and HP’s slogan for the event was “Build a Better Enterprise Together”. So the big themes in the order of my interest were Big Data, Software Defined Networking, Software Defined Storage, Converged Infrastructure and Moonshot. I will briefly cover what I consider the highlights in this article.
One of the most important documents for any vSphere administrator or architect has been released. The vSphere 5.1 Hardening Guide is now available. The guide was announced on the vSphere Blog by Mike Foley – vSphere 5.1 Hardening Guide – Official Release. I’d like to thank Mike and the rest of the VMware Security Team that was involved in putting this invaluable resource together. It has been reformatted from the previous version to make it easier to use. I think you’ll all like the new improvements.
I’ve been getting feedback and questions from a number of different places of people wanting to disable Single Sign-on in vSphere 5.1 for various reasons (with vCenter). This is mainly due to difficulties around implementation of SSO in combination with other VMware solutions, such as VMware View, vCloud Director. My response to the questions is very simple. DON’T DO IT! At least not with vCenter itself. vSphere 5.1 and vCenter was not designed to run without SSO and this is definitely not supported and will likely result in a broken environment. This brief article will give you some tips on how you can be successful with SSO.
I was upgrading my VMware View environment recently from 5.0 to 5.1 and wrote about some initial problems in my article Trouble Recomposing View 5.x Desktops After Upgrade to vSphere 5.0 U2. After I had resolved those initial problems I needed to load my internal Root CA certificate onto all my company’s iPhone’s and iPad’s. This is because one of the big changes or improvements in View 5.1 is with security and you now need trusted certificates in order to connect to any of the desktops. Fortunately there is no need to purchase expensive public certificates if you have an internal corporate PKI / CA’s already configured, unless you want to. This article will show you how you can easily get your iPhones or iPad’s to trust your corporate CA certificates for use with VMware View.