vBlogWare @virtuallyBlogging

vBlogWare @virtuallyBlogging

A VMware blog created to spread news, opinions, ideas and experiences

admin

Easy Deploy for NSX Advanced Load Balancer

Easy Deploy for NSX Advanced Load Balancer (formerly Avi Networks) Fling is a virtual appliance that helps you deploy Avi in a handful of clicks! This will enable you to leverage the power of multi-cloud application services platform that includes load balancing, web application firewall, container ingress, and application analytics across any cloud. No extensive knowledge required as it’s meant to make demo, training and proof-of-concept (POC) easy.

Features:

  • A familiar VMware Clarity User Interface;
  • Automatically deploy an Avi Controller and Avi Service Engines;
  • Seamless integration with your VMware Cloud on AWS environment and on-prem vSphere environments;
  • Option to deploy sample app that leverages Avi load balancing.

NSX-T 3.2 New Features

NSX-T Data Center 3.2.0 is a major release offering many new features in all the verticals of NSX-T: networking, security, services and onboarding. Here are some of the major enhancements.Switch agnostic distributed security: Ability to extend micro-segmentation to workloads deployed on vSphere networks.

Gateway Security: Enhanced L7 App IDs, Malware Detection and Sandboxing, URL filtering, User-ID firewall, TLS inspection (Tech Preview) and Intrusion Detection and Prevention Service (IDS/IPS).

Enhanced Distributed Security: Malware detection and Prevention, Behavioral IDS/IPS, enhanced application identities for L7 firewall.

Improved integration with NSX Advanced Load Balancer (formerly Avi): Install and configure NSX ALB (Avi) from NSX-T UI; Migrate NSX for vSphere LB to NSX ALB (Avi).

NSX for vSphere to NSX-T Migration: Major enhancements to the Migration Coordinator to extend coverage of supported NSX for vSphere topologies and provide flexibility on the target NSX-T topologies.

Improved protection against Log4j vulnerability: Updated Apache Log4j to version 2.16 to resolve CVE-2021-44228 and CVE-2021-45046. For more information on these vulnerabilities and their impact on VMware products, please see VMSA-2021-0028.

In addition to these features, many other capabilities are added in every area of the product.

For more details about this new features, please take a look at https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/rn/vmware-nsxt-data-center-32-release-notes/index.html.

Log4J Vulnerability

VMware released VMSA-2021-0028 to track the impact of an Apache Software Foundation security advisory for their extremely popular Log4j Java logging component on VMware products and services. These advisories outline critical remote code execution vulnerabilities in the Log4j component, scoring 10 of 10 on the Common Vulnerability Scoring System (CVSS) for all affected VMware products.

This update needs your immediate attention because the log4j component is used by many vendors and software packages, not just in VMware products, but also for all other software in your environment. The updated advisory means that all systems should be reevaluated. Threat intelligence experts across the industry are observing active attacks based on these vulnerabilities, especially against workloads accessible from the Internet.

What is Log4J?

Log4J is an open-source logging framework that developers use to record actions and activities within their applications. It is used by platforms such as: Minecraft, VMware, Elasticsearch, Apple, Cloudflare, Amazon Web Services, and Tesla, along with various Apache platforms such as Struts, Druid, ActiveMQ, Flume, Hadoop and Kafka, among many others.

Take a look at the following website to check if patches are already released. Remember, all VMware products are affected and this vulnerability has a rating of 10 in 10.

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

An Exciting new NSX-T release is almost there

NSX-T 3.2 should be GA anytime soon and it is one of the largest NSX releases so far. NSX-T 3.2 includes key innovations across multi-cloud security, scale-out networking for containers, VMs, and physical workloads. It also delivers simplified operations that help enterprises achieve a one-click, public cloud experience wherever their workloads are deployed. 

Please check the following links.

https://blogs.vmware.com/networkvirtualization/2021/12/whats-new-in-security-with-vmware-nsx-3-2.html/

https://blogs.vmware.com/networkvirtualization/2021/12/nsx-t-3-2-innovations.html/

vSphere Software Asset Management Tool

I have seen recently this fling and the output that it produces is very interesting and useful. The vSphere Software Asset Management (vSAM) is a tool that collects and summarizes vSphere product deployment information. It calls on vSphere APIs for deployment data and produces a PDF report that the customer can consult as a part of their infrastructure review and planning process. This lightweight Java application runs on Windows, Linux or Mac OS.

Features:

  • Support both vCenter Server cluster and Standalone ESXi host with a version of vSphere 5.5, 6.X or newer
  • Generate comprehensive report from various aspects:
    • High-level product deployment summary
    • Product deployment report by targets (standalone ESXi or VC cluster)
    • High level license key usage report
    • License key usage by targets
  • Provide Software Asset Management suggestions on:
    • Evaluation license warning
    • License term
      • Pre-expiration 90 days warning
      • Expiration alert
    • License capacity
      • Potential capacity waste warning based on customized threshold
      • Potential capacity shortage warning based on customized threshold
      • Capacity over-use alert
    • Product support
      • End of General Support info
      • General Support pre-expiration 90 days warning
      • Unsupported product alert
    • Protect customer sensitive information by:
      • Collecting minimal set of information relative with Software Asset Management
      • Masking sensitive info in the report
      • Supporting encryption of raw data file
  • Support merging multi reports into one report
  • Support English and Chinese report
  • Support customization of report

Cloud Director Availability 4.3 Released

VMware Cloud Director Availability 4.3 is Generally Available now. Together with the newly branded logo, it brings a significant amount of new features and improvements for our VMware Cloud Providers to deliver even better DR and migration services to their tenants and offer an answer to combat Ransomware.

New features available:

  • Advanced Retention Rules – Now providers can set more than one rule for retention of the instances. Up to five different retention rules can store instances with a granularity that is changing over time. 
  • DR and Migration Plans – Orchestrate and schedule the recovery and the migration operations across multiple virtual machines and vApps by using plans with sequences of delayable and pausable steps, containing execution settings and existing virtual machines and vApps replications references.
  • 1-Minute Target Recovery Point Objective (RPO) – Now you can set the shortest RPO as 1 minute, by using the slider for RPO in Configure replication, in SLA profiles, or in replication policies. To meet shorter RPO, verify that you follow the recommendations for lowering the RPO violations occurrence and see https://docs.vmware.com/en/VMware-Cloud-Director-Availability/index.html. An I/O intensive workload protected with shorter RPO can cause RPO violations.
  • Multisite Cloud to Cloud authentication – When multiple Availability cloud sites use a single VMware Cloud Director instance now you can use multisite authentication for performing regular replication operations when prompted to extend the session from Availability site A to Availability site B.
  • On-Premises Authentication by Using a Token – With vCenter Server 7.0 or later, a new authentication mechanism for the on-premises tenants allows performing disaster recovery operations in the vSphere Client Plug-In that require authentication to the cloud site. When the organization uses an external identity provider, for example, SAML, the on-premises tenants can now use that method for authentication.
  • Add Virtual Machines in Existing vApp Groups – Now, you can group one or several new virtual machines to an already existing vApp replication from on-premises to the cloud.
  • Placement Policies – Now the system providers and their tenants can select a placement organization VDC compute policy for a specific cluster or host for the recovered virtual machine.
  • Optimized Reverse – When performing a reverse task, now skips performing a full synchronization back to the original source workload by transferring only the deltas when there are no blocks changed in the original source and the original source disks are not modified in any way.
  • Backup and Restore – Now you can perform an in-place restore on existing appliances. Also, now you can perform a restore on a single cloud appliance.
  • Select Endpoint Address for Each Network Adapter – Now in a Cloud Replicator Appliance or in a Cloud Tunnel Appliance with multiple network interfaces, you can specify which of the network adapters to use for local site communication.
  • Replacing the Cloud Service Certificate Without Impacting Paired On-Premises – Now the paired on-premises appliances verify the entire SSL certificate chain of the Cloud Service. As a result, when replacing the certificate with a valid CA-signed certificate, the paired on-premises appliances do not need re-pairing with the cloud site.
  • Tunnel Connectivity – The following new sections now are available for verifying the statuses of the connections from the local Tunnel Service to the following destinations: Local components connectivity to all the remaining services on the cloud appliances in the local cloud site; Remote cloud sites connectivity to the remote Tunnel Service instances in all paired remote cloud sites with the local cloud site; On-Prem Incoming connectivity to all paired on-premises appliances with the local cloud site.
  • Improved Replicating Workloads – Now on start virtual machine replication when VMware Cloud Director Availability encounters a virtual machine that is already configured for replication, possibly by another replication solution, the stale replication is automatically unconfigured first and then it is configured for replication.

VMware SASE

The VMware SASE Platform is the secure access service edge (SASE) platform that converges industry-leading cloud networking and cloud security to deliver flexibility, agility, security, and scale for enterprise of all sizes. The VMware SASE Platform is offered as-a-service, helping offload IT staff from deploying and maintaining WAN/security and saving enterprises operational costs.

Components

  • SD-WAN
  • Zero Trust Network Access
  • Cloud Web Security
  • AIOPs

VMware Products

  • VMware SASE Platform
  • VMware SD-WAN
  • VMware Secure Access
  • VMware Edge Network Intelligence
  • Workspace One

Benefits

SASE secures the newly distributed workforce and network edge so people, apps and devices can communicate from anywhere. The VMware SASE advantage is a unified edge and cloud service model with a single place to manage business policy, configuration, and monitoring.

  • Cloud-First – Simplifies and provides cost-effective connectivity to SaaS-based applications
  • Intrinsic Security – Unifies network and application security policies for branch and remote workers
  • Application Quality Assurance – Ensures availability and performance of mission critical applications
  • Operational Simplicity – Lowers operational expenses