Aug 312010

Wow this is a major update for vShield.  The new version 4.1 can be downloaded here.  You may also try a 60-day eval version here.  Nice new feature set from the what’s new section of the release notes for each of the 3 sub-components:

vShield 4.1 adds new components and usability enhancements.

  • New License-Based Components
    • vShield Edge: vShield Edge provides network edge security and gateway services to isolate the virtual machines in a port group, vDS port group, or Cisco Nexus 1000V. The vShield Edge connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, and Load Balancing. The key features of vShield Edge are as follows:
      • Stateful Inspection Firewall
        Inbound and outbound connection control with rules based on source and destination IP address and port
      • Network Address Translation
        • IP address translation to/from the virtualized environment
        • Masquerading of virtual datacenter IP addresses to untrusted locations
      • Dynamic Host Configuration Protocol
        • Automatic IP address provisioning to virtual machines in vSphere environments
        • Administrator-defined parameters: address pools, lease times, dedicated IP addresses, etc.
      • Site-to-Site VPN
        • Secure communication between virtual datacenters (or edge security virtual machines)
        • IPsec VPN based on the Internet Key Exchange (IKE) protocol
      • Web Load Balancing
        • Inbound load balancing for all HTTP traffic
        • Round-robin algorithm
        • Support for sticky sessions
      • Port Group Isolation
        • Enforced at hypervisor layer to restrict traffic within a virtual datacenter to specified port groups
        • Same effect as VLANs in virtual or physical switch environments
      • Flow Statistics
        • Virtual datacenter resource utilization metered and attributed back to tenant
        • Statistics accessible through REST APIs and leveraged in service provider chargeback applications
      • Policy Management
        Support for integration with enterprise IT security management tools
    • vShield App: vShield App is an interior, vNIC-level firewall that allows you to create access control policies regardless of network topology. A vShield App monitors all traffic in and out of an ESX host, including between virtual machines in the same port group. vShield App includes traffic analysis and container-based policy creation. The key features of vShield App are as follows:
      • Hypervisor-Level Firewall
        • Inbound/outbound connection control enforced at the virtual NIC level through hypervisor inspection, supporting multihomed virtual machines
        • Ability to enforce based on network, application port, protocol type (TCP, UDP), application type
        • Dynamic protection as virtual machines migrate
        • IP-based stateful firewall and application layer gateway for a broad range of protocols including Oracle, Sun Remote Procedure Call (RPC), Microsoft RPC, LDAP and SMTP
      • Flow Monitoring
        Ability to observe network activity between virtual machines to help define and refine firewall policies, identify botnets and secure business processes through detailed reporting of application traffic (application, sessions, bytes)
      • Security Groups
        Administrator-defined, business-relevant groupings of any virtual machines by their virtual NICs
      • Policy Management
        • Policy enforcement on security groups, vCenter containers, and TCP 5 tuple (source IP, destination IP, source port, destination port, protocol)
        • Programmable interface for management and policy enforcement using REST APIs
        • Support for integration with enterprise security management tools
    • vShield Endpoint: vShield Endpoint delivers an introspection-based antivirus solution. vShield Endpoint uses the hypervisor to scan guest virtual machines from the outside without a bulky agent. vShield Endpoint is efficient in avoiding resource bottlenecks while optimizing memory use. The key features of vShield Endpoint are as follows:
      • Antivirus and Anti-Malware Offloading
        • File scanning and other tasks are offloaded from virtual machines to a security virtual machine.
        • VMware Endpoint ESX Module manages communication between virtual machines and the security virtual machine, using introspection at the hypervisor layer.
      • Antivirus and Anti-Malware Service Across Virtual Machines
        Antivirus engine and signature files are only updated within the security virtual machine, but policies can be applied across all virtual machines on a vSphere host.
      • Enforce Remediation
        • Pre-defined policies dictate whether a malicious file should be deleted, quarantined or otherwise handled.
        • vShield Endpoint driver manages file remediation activity within the virtual machine.
      • Partner Integrations
        Integration of vShield Endpoint with security virtual machine solutions from VMware partners is facilitated through VMware EPSEC, which provides a library and API for introspection into file activity at the hypervisor layer.
      • Policy and Configuration Management
        • vShield Manager provides full-featured configuration of vShield Endpoint policies.
        • vCenter activates vShield capabilities on vSphere.
        • REST APIs allow customized integration of vShield Endpoint capabilities into solutions.
  • Usability Enhancements
    • Broader vSphere Client Integration: After registering the vShield Manager as a vSphere Client plug-in, you can use the vSphere Client to install and configure vShield components and features.
    • System Management via REST API: You can install and manage vShield components via REST API. For more information, see the vShield API Programming Guide.
Aug 312010

Next up in the new releases: VMWare Chargeback 1.5.  You can download the updated release here.  A 60-day eval version can be found here.  Possibly the biggest feature update of a product at VMworld so far.  Here’s the giant what’s new section from the release notes:

vCenter Chargeback 1.5 provides the following new features:

  • Hierarchy management tools, filters, and views
    This release of vCenter Chargeback allows you to backdate the chargeback hierarchy, view hierarchies in more than one inventory view (Host & Clusters, VM & Templates) per vCenter Server, and highlight vCenter Server entities that have not yet been added to a selected chargeback hierarchy.
  • Support for resource allocation on chargeback hierarchical entity
    This release of vCenter Chargeback lets you specify allocation units for each computing resource on the entity in a chargeback hierarchy. If a report is generated on the hierarchy using a cost model that has an allocation-based billing policy, vCenter Chargeback accounts for the allocation details set on the entity.
  • Auto-Costing for VMware High Availability, VMware Fault Tolerance, and guest operating systems
    vCenter Chargeback lets you charge for additional virtual machine configuration parameters. You can now define a set of fixed costs and have vCenter Chargeback automatically assign the appropriate cost based on the guest operating system or level of availability protection (VMware High Availability, VMware Fault Tolerance) configured for the virtual machine.
  • Configuring cost at the host and cluster levels
    You can now configure costs for the resources at the host and cluster levels. The cost configuration data is then applied to each virtual machine created on the host or cluster.
  • Enhanced cost model support
    This release adds support for defining one-time costs and overage fees. In addition to hourly rates, you now have the option to define base rates per day, month, and year.
  • Support for custom billing policies
    This release of vCenter Chargeback lets you create custom billing policies and specify conditions, such as charging based on the power state of virtual machine or billing linked clones.
  • New cost analysis dashboard
    vCenter Chargeback provides a dashboard that displays cost and usage breakdowns by resource type and business group. The dashboard also lets you identify the N most or least expensive virtual machines and access a list of recent reports.
  • Customizable reporting interface
    vCenter Chargeback now lets you modify the report view after the report is generated. You can remove rows and columns, and can also rearrange the columns in the generated report.
  • Support for generating reports in multiple currencies
    This release supports the ability to generate cost summary reports in multiple currency types within a single vCenter Chargeback instance.
  • Support for multiple LDAP servers
    With this release, you can configure more than one LDAP server in vCenter Chargeback. When logging in to vCenter Chargeback, LDAP users must enter the LDAP code that was provided when configuring the LDAP server.
  • Resource-based authorization
    Starting with this release, vCenter Chargeback uses resource-based authorization. vCenter Chargeback defines various resource types and authorizes access to a resource based on the role assigned to a user for the resource. A user must have a role assigned to him on the application and for the resources defined in it to enable him to perform any action in the application.
  • Full support for vCenter Chargeback APIs
    vCenter Chargeback APIs provide an interface to programmatically use the various features of vCenter Chargeback. As an application developer, you can use these APIs to build chargeback applications or integrate vCenter Chargeback with your internal billing systems and compliance policies. This release of vCenter Chargeback adds full support for these APIs.
  • Support for VMware Cloud Director
    vCenter Chargeback enables the delivery of an integrated pay-as-you-go solution for resource tracking and billing in the cloud. This release of vCenter Chargeback provides two new data collectors: VMware Cloud Director Data Collector and vShield Manager Data Collector. These data collectors integrate vCenter Chargeback with VMware Cloud Director and vShield Manager. This release includes support for the following features:

    • Support for VMware Cloud Director resource abstractions and resource management models: Reservation Pool, Allocation Pool, and Pay-As-You-Go.
    • Automated creation of chargeback hierarchies mapping to organizations, virtual datacenters, and vApps defined within VMware Cloud Director.
    • Metering and charging for allocation and usage of VMware Cloud Director resources, including virtual datacenters, vApps, templates and media file storage.
    • Metering and charging for external network bandwidth, network count, and network services, such as DHCP, NAT, and firewall.
    • Delivery of targeted multi-tenant chargeback reports.

Aug 312010

Second on the release list is an update to the standalone Converter (the better one IMO).  You can download the updated release here.  Some nice new features listed in the what’s new section of the release notes:

The VMware vCenter Converter Standalone 4.3 includes the following new functionality:

  • Support for VMware vSphere 4.1 as source and destination targets
  • Support for importing powered-off Microsoft Hyper-V R1 and Hyper-V R2 virtual machines
  • Public API and sample code for submitting and monitoring Converter jobs
  • Support for importing Windows 7 and Windows 2008 R2 sources
  • Ability to throttle the data transfer from source to destination based on network bandwidth or CPU
  • IPv6 support

Discontinued Support

  • Support of the following operating systems is discontinued:
    • Windows 2000
    • Windows NT
  • Support for OVF format is discontinued
  • Support for VCB image sources is discontinued
  • Linux installation support is discontinued
Aug 312010

The first of the release out of VMWorld 2010.  VMWare has released the vCloud Director for a better interface to public and private clouds.  The vCloud Director allows customers to better manage multi-tenant environments and give users a self-service portal in creating the services that they need.  The vCloud Director can be downloaded here.  You can try it out with a 60-day eval version that can be downloaded here.  Since the product is brand new, here’s the feature highlights section from the release notes:

VMware vCloud Director provides the interface, automation, and management required by enterprises and service providers to build private and public clouds. vCloud Director:

  • Supports multi tenancy/organizational isolation
  • Allows for the creation of central application catalogs and personalization of templates
  • Enables creation and deployment of vApps from catalogs/templates
  • Controls user resource usage through roles/rights, quotas and leases
  • Enables programmatic control through the RESTful vCloud API
  • Provides an additional level of abstraction from underlying hardware

Definitely worth evaluating in your environment.  A 60-day eval is available here.

Aug 092010

Coming to a city near you!  A week ago I was fortunate enough to catch the VMware Tour bus at it’s stop at the Tampa VMUG meeting this month.  If you get the chance to see it, it is quite a cool piece of hardware. Side ViewPainted red with the VMware logos stamped all over it, this truck was custom built for vmware.  The cab is a Peterbuilt with some modified hardware.  The cab is extended and contains a satellite TV for the drivers (when they are not driving the rig – obviously).  The trailer housing the mobile datacenter, is an extended version (like the moving companies use) but the driver told me that it was not a conversion, it was built in Kentucky specifically for VMware by Kentucky Trailers.  The side of the trailer opens up and has a retractable awning.  There are two flat screen TVs mounted inside the two openings on the trailer.  This is so the engineers can give presentations and show slides from the side of the truck.  The truck carries round tables and seating for over 50 people if need be.  Directly behind the cab is a 10,000 watt generator that can fully power the truck for demos(seen below). Continue reading »