vExpert subprograms announced!

After been chosen for the third year in the VMware vExpert program, the sub programs were announced yesterday.

I am very happy to have been chosen in 2 #vexpert subprograms this year: cloud management (for the second year) and Security ! Thank you to all involved and congrats to all vExperts!

If you have questions about the program or any of the products we cover, please reach out to me. My public profile is here.

vExpert badges.

Compliance and security with vRealize Operations.

VMware has been working hard to add new features to vRealize Operations (vROps), the management tool is unrecognisable from it’s origins as vCops… One of the most overlooked areas for me is compliance. It is very powerful and easy to setup.

Since I talked about vCOps … let’s get back some years to around 2012 when VMware was still actively selling a product called Configuration manager (vCM). It was a product they inherited from EMC with a heavy Windows background… It WAS a Windows program, but extremely powerful. You could make your own rule sets for testing, use the built-in ones (vSphere hardening guidelines) or buy additional ones (SoX, HIPAA, PCI,…). So it was not limited to vSPhere environments. You could for example make a rule to check anti-virus was installed on all your desktops. Or check your MS AD. or…. But it was very complex to setup… I demoed it a lot, especially in the financial world.

The last GA version of vCM is 5.8.5 which is supported until 1/2021 (sse KB), but VMware stopped bundling it with vRops Advanced and Enterprise with version 6.7. They started developing a SaaS version called vRealize Air Compliance, but with the sales of vRealize Air to OVH in 2017 the product stopped. At least I cannot find it anymore.

The good news is that Vmware started adding compliance testing to vROps 6.7 and with each version the possibilities keep improving!

Compliance dashboard in vROps 8.01

Compliance is based on alert symptoms. In previous releases you had to edit the default policy to enable them… But now Compliance finally has a full-blown dashboard where you can edit the benchmarks and activate them in the policy of your choice. By default vROps includes the vSphere, NSX and vSAN hardening guidelines as benchmarks. Can you imagine ? You can enable them with one click and check your whole SDDC for security weaknesses! I cannot emphasise enough how important this is, can you keep an eye on all settings of hundreds of virtual machines with pen and paper ? Of course not. Use vROps ! On top of that you can create up to 5 of your own benchmarks (or parts of the others) to check. This is the custom benchmark pane in the middle. I will sit back down now…

Of course my homelab reflects the real world .. with a lot of compliance issues! if you click a benchmark you get to the details with triggered symptoms. From their you can decide action. What I still miss here is a ‘remedy’ or ‘action’ button like we had in vCM. Now you have to go through a lot of messages and decide on corrective action. But knowing the team this is probably coming !

Benchmark details screen.

And for the ‘piece de résistance’ VMware now includes all the important industry benchmarks like PCI or HIPAA for free ! You just need to download them from the dashboard and enable them. You see in my example that I enabled ISO on my SDDC.

ISO benchmark details dashboard.

These used to be expensive extras in Configuration Manager and now you just need to download… I hope with the new services discovery and Telegraf agents that more benchmarks are coming, operating systems for example. Maybe partners will provide the too on the Exchange.

And if all of this is not enough, you can unleash these benchmarks on your VMware Managed Cloud (VMC SDDC) environment as well of course. All from the same interface.

I hope this blog post has inspired you to test this out for yourself. Let me know how it goes and I am available for consulting if you need help. You can contact me through my website.

TGI Kubernetes 104: Kyverno

TGI Kubernetes 104: Kyverno

TGI Kubernetes 104: Kyverno

Come hang out with Duffie Cooley as he does a bit of hands on hacking of Kubernetes and related topics. Some of this will be Duffie talking about the things he knows. Some of this will be Duffie exploring something new with the audience. Come join the fun, ask questions, comment, and participate in the live chat! This week we will be looking at Kyverno a Kubernetes Native Policy Management tool.


VMware Social Media Advocacy

Deep dive into VMware Cloud Foundation – Part 1…

Deep dive into VMware Cloud Foundation – Part 1…

If you’re like me, you like to dive deep into technology to learn how things work in the safety of a lab environment. I enjoy experimenting with a live lab. I’ll use the lab to look behind the curtain and see what’s going on behind the scenes. The safety of the lab allows me to The post Deep dive into VMware Cloud Foundation – Part 1 Building a Nested Lab appeared first on Cloud Foundation.


VMware Social Media Advocacy