vToolbelt – August 2018
After a short summer hiatus, vToolbelt is back with VMware updates you will want to see!
L1 Terminal Fault (Speculative Execution) Vulnerability – At 10am PDT Tuesday, August 14th – Intel disclosed a vulnerability in their processors calledL1 Terminal Fault (or L1TF). By continuing this speculative execution in these cases, the affected Intel microprocessors expose a new side-channel for attack, allowing a malicious VM to infer data in the hypervisor and other VM’s running on a core.
As part of the August 14th disclosure by Intel, three vulnerabilities have been named:
- CVE-2018-3646 (L1 Terminal Fault – VMM) – The most severe issue – affects all hypervisors running on x86 CPUs – including vSphere, Workstation, and Fusion
- CVE-2018-3620 (L1 Terminal Fault – OS)
- CVE-2018-3615 (L1 Terminal Fault – SGX, SMM)
VMware has been working closely with industry partners such as Intel and others to assess the issue and determine the most effective update paths. VMware has published several Knowledge Base articles on this topic:
- Overview of this issue and impact on VMware products – https://kb.vmware.com/s/article/55636
- Remediation steps:
- vSphere – https://kb.vmware.com/s/article/55806 – Please read carefully. There are multiple steps to this process, and non-trivial performance impact is possible. Testing in your environment is highly recommended.
- Workstation and Fusion – https://kb.vmware.com/s/article/57138
- Guest OS – Third-party operating systems may also have remediation steps. Check with the appropriate vendor for remediation of CVE-2018-3620.
You can also sign-up on the VMware Security-Announce mailing list to receive new and updated VMware Security Advisories as they become available.
Cincinnati VMUG UserCON (9/11) – Save the date and plan to be at the Sharonville Convention Center on September 11th for the VMUG UserCon in Cincinnati. Visit the VMUG.COM site to view the agenda and register.
- VMworld US starts in 1 week in Las Vegas – August 26-30th 2018
- VMworld Europe will be back in Barcelona from November 5-8 2018
Notes from the Field
- ESXi Compatibility Checker – This is a python script from VMware Flings that you can run on your hosts to determine their compatibility for upgrades. It will save you time wading through websites and looking at system specs.
- The VAMI update for the vSphere 6.7 VCSA may not list all available patches – When I logged into the vSphere Appliance Management Iinterface (VAMI) to patch my vSphere 6.7 VCSA, it didn’t show any updates. Knowing that there were updates, I tracked down the issue – so you don’t have to…
- Fully Features HTML5 vSphere client coming Fall 2018 – If you are new to vSphere 6.5, you will quickly learn that you can use the vastly improved HTML 5-based vSphere client for many things; but still need the old Flash-based client for a number of tasks. Those who jumped right to vSphere 6.7 won’t need to swap back as often. The good news is full-feature parity is coming in the next 2-3 months!
- If you were wondering what vSphere 6.7 is all about, you can try it out for yourself in a Hands-On Lab!
- One of the realities of running Windows-based virtual machines is that updating VMware Tools typically requires a reboot. VMware is pleased to announce that the Paravirtual SCSI storage driver for Windows 2016 is now available through Windows Update! When your Windows 2016 servers install critical updates and drivers these files will be automatically updated and help eliminate the need for a reboot after updating VMware Tools.
- There are a number of new Security features in vSphere 6.7. The vBrownbag podcast has an episode that reviews the new Security Features in vSphere 6.7.
- If you have spent any time troubleshooting VM performance on vSphere, you probably have looked into CPU Ready time. This is a measure of time that the VM was ready for CPU; but that resource was not available. The issue with this is that you need to often convert the numbers between summation and percentages. VMcalc is a handy web tool to do this for you!
- Network Troubleshooting Review – This is episode #85 of the Virtually Speaking podcast which interviews a VMware Global Support Services Escalation Engineer. Listen in as they discuss common problems, how to find them and more importantly what you can do to avoid them!
- vSphere 6.7 Performance Best Practices – Learn how to get the most out of your hardware!
- vSphere Correct Answer Challenge – How well do you know vSphere? Login and show everyone you know!
- vSAN Support Insight – This tool helps make getting support with vSAN a little easier – Take a look at the vSAN Support Insight video demo
- Does your infrastructure team use Slack? If you do, you can use Log Insight and a little scripting magic to integrate vSAN Alerts into Slack!
- The More you Know! – vSAN Edition
- Take a deep dive into Erasure Coding in vSAN
- Understand the role of the Witness in a vSAN cluster
- Using Jumbo Frames with NSX
- How VMware applied micro-segmentation across internal applications – Learn how VMware applied Micro-Segmentation internally using NSX
- NSX – Zero to Hero – Whether you are just starting out with NSX, or want to become certified. This post is a great place to start!
- VMware on VMware – redefining the Agile Enterprise via App Virtualiziton with Non-Persistent Desktops – Learn how VMware deployed Horizon View, App Volumes, and User Envionment Manager internally to reduce support burdens and deploy application updates faster
- What’s new in Horizon 7.5 – This video provides an overview of the new features in this latest version
- What’s new in User Environment Manager 9.4 – Learn what is new in this latest release – including a demo of the new argument-based Privilege Elevation Feature.
- Horizon Helpdesk Utility – this tool can help your helpdesk take care of problems faster
- Profiling Applications with User Environment Manager – The Application Profiler can help you identify where applications are stored on a a system (Registry or File systems). Learn how to get this done faster! If you haven’t used User Environment Manager before – take a look at Getting Started with VMware UEM.
- If you do need to add an application to User Environment Manager – it might be easier to start off with a template
- Windows 10 Guest OS Support FAQ for Horizon 6.x and 7.x
I hope this edition is useful for you. If there are topics you would like to see – let me know!
Have a good month!