There are two ways to solve the issues with dvSwitches I spoke about before. The first is to place vCenter onto an administrative per host vSwitch. The second is to create new dvSwitch portgroups but first ensure the portgroup is marked as ephemeral. But if you already have portgroups, how would you migrate from one portgroup to these ephemeral portgroups. In theory, ephemeral ports do not require vCenter to be active in order for a port assignment to take place. So how do you migrate from Static dvSwitch portgroups to Ephemeral dvSwitch portgroups?
Search results for: vnetwork
Papers, Publications, and Presentations
Presentations 2018: InfoSec World (Impact of Scale on Security), Tech Field Day Austin, Dallas VMUG, VMworld vBrownbag Tech Talks (Security 201, Data Flow Through the Hypervisor and Beyond) 2017: DELL EMC World vBrownbag Sessions, VMworld Opening Acts, VMworld SER1361BU, VMworld vBrownbag Tech Talks (Hacking Public Speaking) December 4, 2016, LISA16, Hybrid Cloud Reference Architectures Workshop …
Distributed Virtual Switch Failures: Failing-Safe
In my virtual environment recently, I experienced two major failures. The first was with VMware vNetwork Distributed Switch and the second was related to the use of a VMware vShield. Both led to catastrophic failures, that could have easily been avoided if these two subsystems failed-safe instead of failing-closed. VMware vSphere is all about availability, but when critical systems fail like these, not even VMware HA can assist in recovery. You have to fix the problems yourself and usually by hand. Now after, the problem has been solved, and should not recur again, I began to wonder how I missed this and this led me to the total lack of information on how these subsystems actually work. So without further todo, here is how they work and what I consider to be the definition for fail-safe.
Blade Physical-Virtual Networking and Virtualization Security
I have been thinking about blades and virtualization security for some time spurred on by a conversation with Brad Hedlund six months ago. Nearly all my customers use Blades and virtualization security is a big concern to them. In my Rethinking vNetwork Security article, I touched on some of the issues in response to Brad’s comments a while back. I would like to now expand that discussion to blades.
There are three sets of blade enclosures I would like to discuss, those that use pass thru networking, those that use standard switching fabric within the enclosures, and those that use flexible interconnects such as HP Flex-10 and Cisco Palo adapters. The last is the so called physical-virtual network device.
vSphere 4.1 Released – More Dynamic Resource Load Balancing
With the release of vSphere 4.1, VMware has added to their Dynamic Resource Load Balancing (DRLB) suite of tools that I hinted at in my post on Dynamic Resource Load Balancing that I wrote last week as well as providing new memory over commit and other functionality. In essence, vSphere 4.1 is more than a point release, this update includes many features that aid in security, reliability, and is a direct response to customer requests.
vSecurity gets a boost from TPM/TXT
During the Virtualization Security Podcast on 6/22, Steve Orrin of Intel and Dennis Morreau of RSA joined us to discuss the impact of Intel Westmere chips built-in Trusted Platform Module (TPM) and Trusted Execution Technology (TXT) on Cloud and Virtualization Security. TPM is not all that new, but TXT’s usage in virtualization security is new. Both together can form a hardware root of trust for the virtual environment.
At the moment however, these technologies are limited to just providing a secure launch of a well known hypervisor within the hardware. As such they have not been extended to the virtual machine. TXT however solves a very important issue that at the time the book VMware vSphere and Virtual Infrastructure Security was written had theoretical solutions, I speak of Blue Pill style attacks. There were rumors of Hyperguard or Guard Hype tools becoming available, but they are only research projects. TXT on the other hand, offers protection from Blue Pill style attacks.