Virtualization

VCF Hardening Slides from VMware Explore 2024

by
Midjourney-generated image of a man standing in water looking at a city skyline with stars above

A big thanks to absolutely all the friendly folks that were in my sessions this year at VMware Explore Las Vegas. I promised the folks in my VCF hardening session (VCFT1616LV) a copy of the slides so you’d stop taking photos. Sorry they’re a little late, to be honest I forgot, then my copy of Acrobat needed reinstalling. It’s always something! The recordings are also up on the free on-demand video library for VMware Explore, too. VCFB1201LV – Three Cornerstones to Enable a Cyber-Resilient Private Cloud(Monday morning with Belu de Arbelaiz and Bhanu Vemula) VCFB1440LV – All About vSphere 8(Tuesday morning with Dave Morera) VCFT1616LV – Hardening and Securing VCF(Monday …

Read More

Build a VM Template for RHEL 9

by
Midjourney rendering of Linux VM Templates

While anyone can create a VM template, only a few know tips and tricks for making a reliable, small, and secure VM template on VMware vSphere and VMware Cloud Foundation using Red Hat Enterprise Linux 9. Those tips & tricks are below! Prerequisites To succeed while following these instructions you will need: Create a New VM First, we need a fresh VM. Make the new VM the latest virtual hardware version you can. See “Upgrade VM Hardware Versions” for more discussion on this. Choose the right operating system. In this case, Red Hat Enterprise Linux 9 is in the list. I create all my template VMs as 2 CPU, 4 …

Read More

Thoughts on CVE-2024-37085 & VMSA-2024-0013

by
Midjourney AI rendition of what cybersecurity and ransomware is, with a silhouette of a person in the middle of a lot of colored, blocky paint smears

Many of you may recognize that I work for Broadcom and handle a lot of VMware security, compliance, and what I like to call “operational resilience” topics. However, these are my thoughts on this matter with CVE-2024-37085, done on my own time and site, and do not reflect Broadcom’s stance. In fact, Broadcom’s stance, like VMware’s before it, is always: apply the patches or the workaround in the VMSA as your organization requires. This is good advice, if a bit terse. Lack of verbosity isn’t unique to Broadcom; no vendor can have a more nuanced stance because your environment is unique, and the context of your environment matters deeply. If …

Read More

What is Zero Trust?

by
Midjourney AI rendition of what cybersecurity and ransomware is, with a silhouette of a person in the middle of a lot of colored, blocky paint smears

Zero Trust means “trust no device and trust no user.” It constantly re-evaluates access for every user and system. All devices and user identities undergo continuous multifactor verification. This approach enhances security by minimizing the attack surface and reducing the impact of potential breaches. Zero Trust acknowledges that threats can originate from both inside and outside the network perimeter. Infrastructure services often differ because they must run and connect when no other services are available. Infrastructure software like VMware vSphere uses features such as Secure Boot, Trusted Platform Modules, VIB signing and verification, and host attestation. These features build assurances that the infrastructure can be trusted in its current configuration. …

Read More

Build a VM Template for Rocky Linux 9

by
Midjourney rendering of Linux VM Templates

While anyone can create a VM template, only a few know tips and tricks for making a reliable, small, and secure VM template on VMware vSphere and VMware Cloud Foundation using Rocky Linux 9. Those tips & tricks are below! Prerequisites To succeed while following these instructions you will need: Create a New VM First, we need a fresh VM. Make the new VM the latest virtual hardware version you can. See “Upgrade VM Hardware Versions” for more discussion on this. Choose the right operating system. In this case, Rocky Linux is in the list. Alternately, you could choose Red Hat Enterprise Linux 9 for EL-family Linux distributions. I create …

Read More

Upgrade VM Hardware Versions

by

There are varying opinions within the greater VMware community about upgrading VM hardware versions. Newer virtual machine hardware versions introduce new features, new guest OS support, better compatibility and performance with CPU vulnerability mitigations, better support for modern CPU features, better security defaults, and so on. Upgrading virtual machine hardware changes the virtual hardware presented to the guest operating system, just as if you placed a boot device from a physical server into a newer physical server. These changes can vary in risk, may require more than one reboot, and may require human interaction to complete. This forms the basis for many of the opinions that recommend leaving VM hardware …

Read More

What is Virtualization?

by
Midjourney rendition of the question "What is virtualization?"

At its core, virtualization is a technology that allows you to create multiple virtual environments on a single physical machine. These virtual environments, called virtual machines (VMs), act as independent computers with their own operating systems, applications, and resources, even though they share the same underlying hardware. Imagine you have a powerful server with ample CPU, memory, and storage capacity. Instead of dedicating the entire server to a single operating system and application, you can use virtualization software, known as a hypervisor, to create multiple VMs on that server. Each VM runs its own operating system and applications, isolated from other VMs on the same physical machine. Types of Virtualization …

Read More