vToolbelt – August 2018

After a short summer hiatus, vToolbelt is back with VMware updates you will want to see!

Important News

L1 Terminal Fault (Speculative Execution) Vulnerability –  At 10am PDT Tuesday, August 14th – Intel disclosed a vulnerability in their processors calledL1 Terminal Fault (or L1TF).  By continuing this speculative execution in these cases, the affected Intel microprocessors expose a new side-channel for attack, allowing a malicious VM to infer data in the hypervisor and other VM’s running on a core.

As part of the August 14th disclosure by Intel, three vulnerabilities have been named:

  • CVE-2018-3646 (L1 Terminal Fault – VMM) – The most severe issue – affects all hypervisors running on x86 CPUs – including vSphere, Workstation, and Fusion
  • CVE-2018-3620 (L1 Terminal Fault – OS)
  • CVE-2018-3615 (L1 Terminal Fault – SGX, SMM)

VMware has been working closely with industry partners such as Intel and others to assess the issue and determine the most effective update paths.  VMware has published several Knowledge Base articles on this topic:

 

You can also sign-up on the VMware Security-Announce mailing list to receive new and updated VMware Security Advisories as they become available.

Upcoming Events

Cincinnati VMUG UserCON (9/11) – Save the date and plan to be at the Sharonville Convention Center on September 11th for the VMUG UserCon in Cincinnati.  Visit the VMUG.COM site to view the agenda and register.

VMworld 2018

  • VMworld US starts in 1 week in Las Vegas – August 26-30th 2018
  • VMworld Europe will be back in Barcelona from November 5-8 2018

Notes from the Field

vSphere

  • ESXi Compatibility Checker – This is a python script from VMware Flings that you can run on your hosts to determine their compatibility for upgrades.  It will save you time wading through websites and looking at system specs.
  • The VAMI update for the vSphere 6.7 VCSA may not list all available patches – When I logged into the vSphere Appliance Management Iinterface (VAMI) to patch my vSphere 6.7 VCSA, it didn’t show any updates.  Knowing that there were updates, I tracked down the issue – so you don’t have to…
  • Fully Features HTML5 vSphere client coming Fall 2018 – If you are new to vSphere 6.5, you will quickly learn that you can use the vastly improved HTML 5-based vSphere client for many things; but still need the old Flash-based client for a number of tasks.   Those who jumped right to vSphere 6.7 won’t need to swap back as often.  The good news is full-feature parity is coming in the next 2-3 months!
  • If you were wondering what vSphere 6.7 is all about, you can try it out for yourself in a Hands-On Lab!
  • One of the realities of running Windows-based virtual machines is that updating VMware Tools typically requires a reboot. VMware is pleased to announce that the Paravirtual SCSI storage driver for Windows 2016 is now available through Windows Update!  When your Windows 2016 servers install critical updates and drivers these files will be automatically updated and help eliminate the need for a reboot after updating VMware Tools.
  • There are a number of new Security features in vSphere 6.7.  The vBrownbag podcast has an episode that reviews the new Security Features in vSphere 6.7.
  • If you have spent any time troubleshooting VM performance on vSphere, you probably have looked into CPU Ready time.  This is a measure of time that the VM was ready for CPU; but that resource was not available.   The issue with this is that you need to often convert the numbers between summation and percentages.  VMcalc is a handy web tool to do this for you!
  • Network Troubleshooting Review – This is episode #85 of the Virtually Speaking podcast which interviews a VMware Global Support Services Escalation Engineer.  Listen in as they discuss common problems, how to find them and more importantly what you can do to avoid them!
  • vSphere 6.7 Performance Best Practices – Learn how to get the most out of your hardware!
  • vSphere Correct Answer Challenge – How well do you know vSphere?  Login and show everyone you know!

vSAN

NSX

Horizon View

I hope this edition is useful for you.  If there are topics you would like to see – let me know!

Have a good month!