Cloud-Native Security and Performance: Two…

Kubernetes in a production environment, and you need to apply a patch #Kubernetes #Security #Patching #Containers

Cloud-Native Security and Performance: Two…

You’re running Kubernetes in a production environment, and you need to apply a patch — perhaps to a commercial application, an open source component or even a container image. How long should it take to implement that patch in production? Thirty days? One day? One hour?


VMware Social Media Advocacy

Forbes: VMware Security One Of The Best Kept IT…

VMware Security- One Of The Best Kept IT Secrets & Strategy #VMware #Security #Stratergy #Roadmaps

Forbes: VMware Security One Of The Best Kept IT…

I recently got the chance to attend an analyst briefing held by VMware senior executives, where I learned a lot about the company’s overall strategy and progress. This is a big time for VMware, and the tech industry in general, with more people working remotely than ever before in order to minimize the spread of COVID-19. Unprecedented strain has been put on networks. Certain technology trends, such as the use of VDI and unified communications platforms, are accelerating. As a provider of cloud computing and virtualization software and services, I believe VMware’s portfolio and expertise puts it in a unique position to ensure enterprises’ business continuity. Paramount to this continuity is cybersecurity, as cybercriminals all over are…Read More


VMware Social Media Advocacy

VMware Carbon Black – Connect – May 13-14 2020 Virtual

VMware Carbon Black – Connect

Day 1 of the Event

First thing, the platform this event ran on was interactive and simple to follow. Simply navigate your way around as if you were at the event in person.

The agenda was packed full of interesting and useful knowledge from start to finish.

Presentations

There were three presentations that appealed to me on day 1.

  1. Main Stage “Welcome to VMware Carbon Black Connect” by Patrick Morley, Senior Vice President and General Manager at VMware
  2. Security Leadership “5 Tactics for Selling Security to Senior Leadership” by Alex Philips, CIO and CISO at a Fortune 500 oil and gas company

    Example of the 5 Tatics

  3. Security Leadership “The Rise of Destructive Malware” by Greg Foss, Senior Threat Researcher at VMware Carbon Black

    Example of one of the slides

Training and Certification Area

I also went on to the certification and training area

Training completed

  1. Become a Threat Hunter Workshop by Ryan Hendricks, Training Manager at VMware Carbon Black
    1. Demonstration and training on VMware Enterprise Carbon Black EDR product

    GUI – Example view

    1. LAB environment

Optimising and Securing VMware Environments with Runecast Analyzer

Overview of Runecast Analyzer

A brief overview of a product which helps reduce troubleshooting time, identify issues and helps with making your vSphere system compliant. The biggest issue I see in vSphere environments is maintaining security and hardware compatibility with the HCL. The features of Runecast certainly would appear to help resolve these issues. See the key features as I see in this product. (not an exhaustive list)

Key Features (from my perspective)

  • Config KB checks
  • Best Practise
  • Security reports
  • Hardware compatibility checks
  • Logs and KBs Discovered
  • Plugin Runecast for vSphere Client
  • vRealize Orchestrator – Remediation options

Requirements

  • Base appliance starts as min spec – 2vcpu 4GB RAM appliance

Runecast Dashboard (example)

Simple clear dashboard, also available using a plugin for the vSphere Client.

  • Config KB checks

The headache in my life resolved, identify config issues highlighted.

What a useful feature, it pulls the info from the VMware Knowledge base and shows resolution

  • Best Practise

Check best practise (run a scan, only takes 1 or 2 mins.)

NTP example

SSH example enabled

  • Security reports

Security and compliance

Analyse against compliance example report and recommendations

Example if PCI DCSS (target specific PCI clusters if your required)

  • Hardware compatibility checks

Hardware Compatibility check only too often get over looked when updates and upgrades happen. Then boom things go wrong and how do you start troubleshooting the unknown. So, this feature looks good to help keep you on track.

Drill down to see the issue example

  • Logs and KBs Discovered

Logs being reviewed, another nice feature

  • Plugin Runecast for vSphere Client (The plugin mentioned at the start)
  • vRealize Orchestrator – (Remediation options with Runecast example)

This is just a brief overview of a product to help save your IT resources time and effort in managing and maintaining the vSphere environment. Seems useful to me.

How to install Next Generation ESXi 7.0 version !!

How to install Next Generation ESXi 7.0 version.

How to install Next Generation ESXi 7.0 version !!

All the VMware professionals are exciting for the new generation of vSphere 7 announcement and General Availability starting from April 02. There are lots of great enhancement done on this vSphere 7 version especially the inbuilt Kubernetes availability and support functionality. This post …Read More


VMware Social Media Advocacy

Stickers Laptops and VMware vExpert Awards

VMware vExpert Award 2020 received. Many thanks VMware for the recognition, 5th year in a row. #VMware #vExpert #vExpert2020 #vSphere #ESXi #Award
#vCommunity. And now, New VMware vExpert Stickers arrived in the post. 5 years of Receiving the Award = 5 STARS. But wait that’s not all, PowerVKE stickers, from Barcelona 2018 Hackerthon when our team picked up 3rd place!! Powershell & Kubernetes. What a great end to the week!! #vExpert, thanks Christopher Lewis To Sticker or Not to Sticker, the Dell XPS13.. #ToSticker or #NotToSticker, #theCLOUDexpert #vCommunity #VMware #kubernetes #PowerVKE #VMwareCode #PowerShell

The BLANK canvas XPS13

The XPS 15 sticker design

VMware Carbon Black Cloud – Next Generation Security

VMware Carbon Black Cloud

This interesting company Carbon Black, a VMware acquisition Oct, 08, 2019 , then lead me to watch the live demo’s / presentation at VMworld 2019. This product, possibly a game changer (opinions are my own) in the security space of VMware.

With my background in VMware vSphere, Qualys, McAfee, Trend Micro, Symantec and Ethical Hacking, this product jumps out to me. I started looking in more detail at what this new integration could do.

Image from “VMWCB-VMware-Carbon-Black-Cloud-1.pdf”

Could these features, now built in to / plugin for vCenter replace many other security products?

Components

  • Next-Generation Antivirus and EDR
  • Managed Alert Monitoring
  • Real-time device assessment
  • Inbuilt and Proactive Threat intelligence

Benefits

  • One Console – Provides One Platform for your Security
  • One Agent – Reduce the endpoint security agents required
  • Reduce CPU usage

For more information or a demo, visit the Carbon Black site.

What is On-Premises, IaaS, PaaS, SaaS and IaC?

  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)
  • On-Premise
  • Infrastructure as Code (IaC)

Examples I’ve used

What are the differences?

Infrastructure as Code

So what is IaC, Infrastructure as Code? Standardise Infrastructure, Automate deployment and recreate, well-documented code. Exampled formats such as JSON & ARM templates.

DevOps teams will use IaC to recreate production like environments in dev cycles. Validate and Test deployments, prior to a production deployment. The end result being able to deliver a stable and repeatable environment.

Azure Resource Manager

The alternative to just running scripts. Manage your infrastructure resources in a group by templates. In addition, you apply security (RBAC) and tags, then associate costs to the group.