Saturday, 25 August 2018

North East VMUG - Thursday 20th September 2018

The next North East VMUG is locked in and final arrangements are being made.  The event will take place on Thursday 20th September 2018 at the following address:

Royal Station Hotel
Neville Stret
Newcastle upon Tyne
NE1 5DH

You can register for the event here

The agenda is currently as follows:

08:40 - Registration & Networking
09:00 - NEVMUG Introduction
09:10 - Cormac Hogan (Blog | Twitter) - VMware Keynote

What’s happening in the world of VMware Storage

A closer look at some of the more recent announcements around VMware storage related products and features. There will be lots to talk about as this will be so soon after the US VMworld 2018 event. We will look at new enhancements to VMware, VVols, IO Filters, Core Storage and even projects that are happening around persistent storage in the container space. There should be something for everyone in this space.

10:00 - Networking
10:15 - Rubrik

Details to follow

11:00 - Networking
11:15 - Community Session – Bryan O’Connor (Blog | Twitter)

What's new in vSphere 6.7

  • Management Enhancements
  • ESXI Enhancements
  • Virtual Center Enhancements
  • VM Enhancements
  • Storage Enhancements
  • Security Enhancements
  • Network Enhancements
  • Availability Enhancements

12:00 - Lunch
12:30 - Adam Bohle - VMware on AWS (Twitter)

VMware Cloud on AWS - Whats New

VMware Cloud on AWS is a fast moving technology in the VMware portfolio, this session will consist of a short introduction to the service, as well as an update on all the new features and AWS regions that have become available this year.

13:15 - Networking
13:25 - NAKIVO - Nick Luchkov, Senior Technical Pre-Sales Manager

Protecting VMware/Hyper-V environments with NAKIVO Backup & Replication

NAKIVO develops a fast, reliable, and affordable backup and replication solution for virtual and cloud environments. Over 10,000 companies are using NAKIVO Backup & Replication to protect and recover their data more efficiently and cost-effectively. Join this session to learn:

  • How to ensure business continuity and reduce downtime of your critical virtualized data.
  • How to speed up the backup and replication data transfer, reduce backup size and shrink backup window.
  • How to turn your NAS into the backup appliance and use deduplication hardware appliances to get super-fast backup speed.

14:10 - Networking
14:20 - IGEL - Tom Illingworth

Thin client?  It’s all about the software

Hear IGEL discuss IGEL’s revolutionary endpoint management solutions, simple, smart and secure. We believe it should be as easy to remotely manage 10,000 devices as 10 and add the functionality that’s most important to enterprise, making the life of the IT department easier.

15:05 - Networking
15:15 - Community Session – Dale Handley (Twitter)

A detailed session on the new custom Forms feature in vRealize Automation 7.4vRA.

16:00 - Networking
16:10 - Darren Hirons (Twitter) & Matt Evans from VMware

 ‘To Re, or not to Re (purpose)’

The desktop market offers many desktop re-purposing solutions based on Windows, Linux and Chrome. In this session we will take a deep dive into those technologies, share our test results and present a comparison of the different vendor offerings to help you make an informed choice. Examples of our findings will cover costs, system requirements, performance, device management and limitations.

16:55 - NEVMUG Close – Q&A and prize giveaway
17:00 - vBeers – Cinema room, The Town Wall

Big thanks to all of our sponsors, without you these events would not be possible.





Monday, 12 March 2018

Getting started with VMware AppDefense - Part 3

Getting started with VMware AppDefense - Part 1
Getting started with VMware AppDefense - Part 2
Getting started with VMware AppDefense - Part 3

Now that we have successfully deployed the host and guest modules and verified that the status of both the hosts and guest VMs are active, we can now start configuring an application scope and start protecting an application.

Log into the AppDefense SaaS portal and you should initially be greeted by the dashboard page.  Instantly you can see the number of VMs that are unassigned, in discovery or protected:



In order to protect a VM with AppDefense, we need to create an application scope and then add a VM to the scope.  Imagine an application scope as a group of data centre assets that make up an application or regulatory scope.  To add a scope click on the plus icon next to Scopes and give it a suitable name and click Create:


We now need to create a service.  A service is made up of one or more VMs that perform a function within an application.  An example could be a three-tier application with three services (web, app and DB).  All VMs within a service is expected to homogeneous and have the exact same allowed behaviour and rules.  Click on the Add Service button within the scope:


Enter a Service and optional Service Type (From a predefined list) and Service Description and click Next:


Select the VMs that you want to add to the service.  It's simpler to sort via the State field to show all VMs that have the guest module installed and enabled.  Select the VM or VMs and click Next:


You now have the option to manually enter allowed behaviour by entering information about the process and any inbound/outbound connection required.  You can just leave this blank and click Finish as AppDefense will learn the behaviour:


Once you click finish the service is added to the scope and AppDefense automatically starts to learn the behaviour of the application.  You can add additional services if required based on the application.  You need to leave AppDefense in learning mode for a long enough period of time for it to capture all expected behaviour.  This will vary depending on the application role but a full month cycle should be enough.


Once you have left AppDefense for a suitable period of time you should see the behaviour that has been learnt:



You can change the view by selecting the column icon in the top right-hand corner and expand.  You may also notice that we take process reputation threat and trust scores via the Carbon Black integration:


Once you are confident that AppDefense has had enough time to sufficiently learn the application (Don't worry, you can put it back into learn mode or manually add processes if something has been missed) it's time to start enforcing known good.  Click on the Verify and Protect button at the top of the application scope:


Verify the details and click Verify and Protect:


Once protecting you will notice that we now have a new tab in the scope called rules:


by default, all options are enabled and set to Alert only.  You can enable or disable specific rules depending on what you are particularly interested in protecting and also modify the action.  To modify the action click on the three dots icon in the top right hand corner and click Edit Service:


Select the Rules tab and then you have the option to enable or disable specific rules, change the remediation action from the following options (Quarantine required integration with NSX):


You also have the option to either set the enforcement to Automatic or manual:


With the default options set alerts will be visible within the AppDefense portal with regards to any violations.  This allows you to continue monitoring the application before setting the remediation action block or quarantine.  The following alert show what happens when a violation occurs.  In this example I initiated an SSH session via putty to 192.168.1.11:


The alert is visible within AppDefense and you can drill down an view the actual behaviour:


Since we have set the remediation action to alert when can review the alert and then make a decision on what we want to do next.  In This example I select Power Off:


Confirm Power Off:


The command is then pushed to vCenter and the VM is powered off:


Hopefully, the last three getting started with AppDefense articles has left you wanting more if so I plan on blogging more in the future so keep tuned.

Monday, 5 February 2018

Getting started with VMware AppDefense - Part 2

Getting started with VMware AppDefense - Part 1
Getting started with VMware AppDefense - Part 2
Getting started with VMware AppDefense - Part 3

In part 2 we will focus on deploying the host modules to a vSphere cluster and then deploy the guest module to a test Windows 2012 Server.  You should hopefully be at the stage where you have deployed an on-premises AppDefense appliance with successful connectivity to the AppDefense SaaS website:



Click on the cog in the bottom left-hand corner and select Inventory:





You should now be able to see the entire inventory of hosts and VMs from the connected vCenter.  Use the tabs to switch between Hosts and VMs:



Identify the hosts that you wish to install the host modules on.  In my example, I'm going to use the hosts in my NCL-Prod cluster:



Locate the hosts in the Hosts inventory tab and click on the three dots icon and select Install:



Select a version of the host module you require and then click Install:


Do this for all hosts in the cluster and you should see the install has been queued and ready to be pushed to the on-premises appliance:



Within a minute or so you should see within the vSphere client recent tasks that the modules have been installed:



To verify this you can SSH to the ESXi hosts and run the following command:

esxcli software vib list | grep glx



You can also verify that the host module has started by running:

/etc/init.d/glxhostuwd status



For troubleshooting, you can view the host AppDefense log file located at:

/var/log/glx.log

Within the Hosts Inventory tab you should now see that the Host Module Status is now Active and it should show both the Product Version and Host Module Version:



We now need to install the guest module inside the Guest OS.  Currently only Windows 2012 and 2016, both x64 are supported.  If we check the VMs Inventory tab and filter on a specific VM you should see that the Guest Module Status is unreachable and the Product / Guest Module Version are both Unknown:



Let's start by downloading the guest module.  Click on the cog in the bottom left hand corner and select Downloads.  Select the Guest Module tab and then download the module for Windows into the Guest OS or a share that the guest OS has access to:



Log into the Guest OS and run the executable.  When prompted accept the license agreement and click Install:



Once the quick installation finishes click Finish and then click Yes to restart the machine:



Hit refresh back in the VMs Inventory tab and we should now see the Guest Module Status as Active the Product and Guest Module version numbers:



In the final instalment of this series, we will configure an application scope to protect a specific application.

Wednesday, 31 January 2018

Getting started with VMware AppDefense - Part 1

Getting started with VMware AppDefense - Part 1
Getting started with VMware AppDefense - Part 2
Getting started with VMware AppDefense - Part 3

Back at VMworld 2017, VMware announced a new Software as a Service product called AppDefense.  To quote the official vmware.com site:

VMware AppDefense is a data center endpoint security product that protects applications running in virtualized environments. Rather than chasing after threats, AppDefense understands an application's intended state and behaviour, then monitors for changes to that intended state that indicate a threat. When a threat is detected, AppDefense automatically responds.

I'm going to show you how to get started with AppDefense once you have access to the new SaaS offering.  You can access the portal via the following URL:

https://appdefense.vmware.com/app/sign-in-user

Once there, simply enter your username and password that was supplied when you signed up for the service:



Once you have access to the portal you can view the official documentation, download the on-premises appliance as well as the host and guest modules.  To access the downloads simply click the cog icon in the bottom left-hand side of the screen and select Downloads:



We initially need to download the on-premises appliance that will be deployed within your infrastructure and configured to connect back to the AppDefense hosted service.  Select the Appliance tab and then click the download link to download the latest version of the appliance:



Once the appliance has downloaded deploy as you would like any other .ova appliance.  Right-click on the cluster you wish to deploy the appliance into and select Deploy OVF Template:



Browse the local file system and select the downloaded .ova and click Open and then click Next:


Give the VM an appropriate name and select a datacenter or folder and click Next:



Select a suitable cluster or resource pool and click Next:



Review the details and click Next:



Review the license agreements, click Accept and then click Next:



Select a suitable datastore and click Next:



Connect the VM to a suitable network and click Next:



Enter the required information such as a complex appliance password, default gateway, IP address, subnet mask and DNS information and click Next:



Finally, review the settings and click Finish:



Once the appliance has deployed power it on and wait for it to fully boot up.  If you already have NSX deployed remember to add it to the exclusion in case we accidentally block traffic to/from the appliance:



We now need to go back to the AppDefense website where you download the appliance and provision a new application so we can generate a UUID and API Key.  Click on the cog icon and select Appliances and then click the button to Provision New Appliance:



Enter a name for the appliance and click Provision:



Copy the appliance UUID and API key and store it somewhere safe.  Once you click OK you will not be able to retrieve this information again and you will have to create a new appliance:



You should now see your newly create appliance:



Now we need to connect to the on-premises appliance and supply the UUID and API details as well as the credentials for vCenter and NSX Manager.  To do this simply connect to the appliance IP address or DNS name and specify port 5480:

https://<IPAddress>:5480

Then simply log in with the root username and the password you specified during the deployed of the appliance and click Login:


Select the Configuration tab and then enter all the required information including the UUID, API and credential for vCenter.  Optionally you can add NSX Manager and Puppet credentials if you are integration with those products.  DNS names are case sensitive so ensure you they match what's in DNS otherwise the service will fail to start.  Once finished click Save Settings:



Accept the certificate if prompted:



After a few minutes, you should see that appliance status change to Active and successful connections to both vCenter and NSX (If configured)



In part 2 we will deploy the host modules to a cluster and deploy the guest module to a Windows 2012 server.