Win 1 van de 4 vrijkaartjes voor Experts Live

Win een vrijkaartje ter waarde van € 35,00 voor Experts Live!

Experts Live 2014 biedt een zeer gevarieerd programma met meer dan 40 technisch sessies gedurende de hele dag! Om ervoor te zorgen dat alle bezoekers profiteren van inhoudelijk interessante sessies is het programma onderverdeeld in 7 parallelle tracks met 7 verschillende thema’s; Windows, System Center, Hyper-V, Azure, PowerShell, SQL server en Office365. Inschrijven per sessie is niet nodig, bezoekers kunnen zelf beslissen welke sessie wanneer te volgen – met uitzondering van de keynote.

Experts Live vindt plaats op 18 november te Ede.

Vul hieronder je naam en email adres in. Uit de inzendingen verloot ik 4 kaartjes.

De uitslag wordt bekend gemaakt op 1 november .

Naam

e-mail adres

Bedrijfsnaam

Functie

 

 

 

 

VMware wil disable Transparant Page Sharing by default in future ESXi releases

VMware ESXi has an interesting feature called Transparent Page Sharing (TPS). TPS allows a deduplication of host memory. Typically virtual machine guest operating systems share a lot of common code. TPS basically scans on duplicate code in the host memory, make sure only 1 instance of code is loaded while pointers in memory of guests point to that instance.

The effect is savings on host memory and a better density. The result is lower costs per virtual machine.

VMware announced however it will disable TPS by default in future ESXi release because of security concerns.

VMware has released a knowledgebase article saying:

This article acknowledges the recent academic research that leverages Transparent Page Sharing (TPS) to gain unauthorized access to data under certain highly controlled conditions and documents VMware’s precautionary measure of no longer enabling TPS in upcoming ESXi releases. At this time, VMware believes that the published information disclosure due to TPS between virtual machines is impractical in a real world deployment.
Published academic papers have demonstrated that by forcing a flush and reload of cache memory, it is possible to measure memory timings to try and determine an AES encryption key in use on another virtual machine running on the same physical processor of the host server if Transparent Page Sharing is enabled. This technique works only in a highly controlled system configured in a non-standard way that VMware believes would not be recreated in a production environment.
Even though VMware believes information being disclosed in real world conditions is unrealistic, out of an abundance of caution upcoming ESXi Update releases will no longer enable TPS between Virtual Machines by default.

 

Andrea Mauro published a very well written blog about TPS and explaining some other caveats.

This paper in detail explains the security concerns when using TPS. The abstract of the paper reads:

 

TPS

VMworld 2014 Europe announcements

This is a summary of the announcements made at VMworld Europe Barcelona during the keynote on Tuesday October 14 .

The recording of the keynote can be seen here.

The announcements made at VMworld 2014 US can be read in this post.

Tuesday October 14 announcements

  • HP and Hitachi will deliver EVO:RAIL systems as well soon. HP product is called  HP ConvergedSystem 200-HC
  • VMware vCloud Air will be available in a Germany based datacenter
  • vRealize CodeStream announced
  • vRealize Air Compliance anouncement. A new SaaS based tool to quickly report on the configuration compliance of  avSphere Infrastructure and take proactive action
  • introduction of the vRealize Suite 
  • announcement of Horizon Flex . Enables to run virtualized desktop on offline clients. Kit Colbert of VMware has written a blog. 
  • EVO:RAIL comes with vCloud Air – Disaster Recovery service
  • CloudVolumes is now VMware App Volumes . It will be available this quarter and free of charge with VMware Horizon Enterprise. Sign up for the Early Access Program here.
  • A partnership between VMware and Palo Alto Network. Annoucement of  Palo Alto Networks VM-1000-HV designed specifically for VMware NSX interoperability. It is expected to be available in vCloud Air in the first half of 2015.

VMware ThinApp 5.1 released

VMware released at September 9 ThinApp 5.1

VMware ThinApp 5.1 is the latest version of ThinApp. This release has the following enhancements.

Release notes are here 

ThinApp is part of the VMware Horizon Suite. Download here

ThinApp Package Management

In earlier versions of ThinApp, to change some specific Package.ini parameters, you had to first make those changes in the configuration file, save the file, and rebuild the package. Using the new ThinApp package management feature, you can dynamically reconfigure the attributes of deployed ThinApp packages at runtime. ThinApp Package management helps IT administrators manage ThinApp packages and define group policy for each package. Each package to be managed must have an associated group policy defined using its inventory name.

When you install ThinApp 5.1, a new folder named Policy is created in the installation directory. This folder contains tools and templates for managing ThinApp packages and contains the following files:

  • AppPolicy.exe
  • README.TXT
  • ThinAppBase.adml
  • ThinAppBase.admx
  • ThinAppGeneric.adml
  • ThinAppGeneric.admx

ThinApp selects the policy precedence when you rebuild a package and deploy it. If a package is managed by a group policy, ThinApp gives precedence to the policy over its Package.ini configuration.

Group Policy Administrative Templates

ThinApp 5.1, introduces the group policy administrative template (ADMX/ADML) files. With these template files you can reconfigure group policy settings for applications that were packaged by ThinApp. The GPO files work on domain controllers that run in the following environments:

  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012

Administrative Template files contain markup language that is used to describe a registry-based Group Policy. The administrative files are divided into language-neutral (.admx files) and language-specific resources (.adml files), available to all Group Policy administrators. These factors allow Group Policy tools to adjust the user interface according to the administrator’s configured language.

Reconfiguring Attributes of Deployed ThinApp Packages

In addition to ThinDirect, with ThinApp 5.1 you can now reconfigure or manage the following attributes of a deployed package:

  • AppSync
  • AppLink
  • Entry-Point Shortcuts

Note: To know how to reconfigure these package attributes, see the ThinApp 5.1 User’s Guide.

ThinDirect

In ThinApp 5.1, the following enhancements have been made to the ThinDirect plug-in:

    • Support for the update of ThinDirect settings at specified time intervals

In ThinApp 5.1, the ThinDirect functionality has been enhanced to periodically poll for the ThinDirect setting changes. Since, the ThinDirect settings are now detected dynamically, the user need not restart the browser to view the updated changes.

    • Support for dynamic changes to Thindirect via ADM

In ThinApp 5.1, you can use ThinDirect.ADM file to manage the thindirect enabled firefox.

    • Support for Overriding the Thindirect settings through GPO

In ThinApp installation directory, locate the Thindirect.admx andThinDirect.adml files. Use these files to manage the settings for ThinDirect feature by defining a group policy object. If the Thindirect feature is defined through the GPO, these settings would override the text file (thindirect.txt) based redirection.

    • Support for Redirection between two virtual browsers

ThinApp 5.1 supports redirection between two virtual browsers.

    • Support for Thindirect in Mozilla Firefox

In ThinApp 5.1, ThinDirect has been enhanced to work with Mozilla Firefox version 22 and later. In earlier versions of ThinApp, ThinDirect was limited to Internet Explorer.

New Package.ini Parameter Introduced

ThinApp 5.1 introduces the SandboxWindowClassName parameter. When you set theSandboxWindowClassName=1 you can sandbox or isolate the application defined window class names created and used within the ThinApp package.

Extracting an existing ThinApp project to a system

ThinApp 5.1 allows you to extract an existing ThinApp project to a capture and build operating system by using snapshot.exe and snapshot64.exe commands.

Pre-requisites
Before you extract an existing ThinApp project to a capture and build operating system, ensure that the following conditions are met:

  • Verify that the architecture and type of the captured operating system is the same as that of deployed operating system.
  • Perform the extraction of an existing ThinApp project on a clean capture and build machine.
  • Ensure that the user profile in the existing virtual project is the same as that of the capture and build machine.

ThinApp 5.1 has the following command line options to extract existing projects to capture and build operating systems.

  • snapshot.exe: Is used to extract an existing ThinApp project to a capture and build 32-bit operating system
  • snapshot64.exe: Is used to extract an existing ThinApp project to a capture and build 64-bit operating system

Note: To know more about the process for extracting existing ThinApp packages, see the ThinApp 5.1 User’s Guide.

MAPI Support

ThinApp 5.1 supports the Messaging Application Programming Interface (MAPI) on the following Microsoft Windows platforms:

  • Windows 7
  • Windows 8 32-bit
  • Windows 8 64-bit
  • Windows 8.1 32-bit
  • Windows 8.1 64-bit

ThinApp 5.1 provides the DefaultEmailProgram option in Package.ini to register a virtual email client as the host’s default email program. You have to enable this option to register the default email program. The Messaging Application Programming Interface (MAPI) is not supported on Windows XP x86 operating system. For more information, see KB artilce2087898.

Support for Internet Explorer 10 and Internet Explorer 11

ThinApp 5.1 supports Internet Explorer 10 and Internet Explorer 11 only on the Windows 7 operating system.

Support for Windows 8.1

ThinApp 5.1 works on the Windows 8.1 August update (Update 2).

For additional information about ThinApp 5.1, visit the following Web site:

VMware Virtual SAN & EVO:RAIL do support Tier 1 applications

VMware recently announced EVO:RAIL. A combination of server hardware, VMware software and vendor support bundled as an appliance. The use cases communicated by VMware are general purpose workloads, VDI, ROBO and Virtual Private Clouds.

The software of EVO:RAIL consists of  vSphere 5.5 Enterprise Plus Edition, VSAN , vCenter Server Appliance and Log Insight. Combined with a nice HTML interface for initial configuration and daily management.

The image below shows the use cases for EVO:RAIL as communicated by VMware.

evorail-usecases

You might think: what about Tier 1 applications like Exchange Server, SQL Server and Oracle. Can I run those on EVO:RAIL?

So far VMware marketing & technical communication do not mention  Tier 1 as a use case for EVO:RAIL. However on September 7 a Tweet by a VMware managed Twitter account mentioned running a  Tier 1 app (Exchange) on EVO:RAIL.

evorail-exchange

I was surprised by that Tqeet as I had not heard ‘EVO:RAIL and Exchange ‘ mentioned in a single line.

The next day  Duncan Epping of VMware who works on EVO:RAIL provided some insight on running Tier 1 apps  EVO:RAIL in this post.

Basically Duncan says:

“Running Tier-1 applications on top of VSAN (or EVO:RAIL) is fully supported as it stands today however … your application requirements and your service level agreement will determine if EVO:RAIL or VSAN is a good fit.”

VMware targets potential customers for EVO:RAIL (and VSAN 1.0) initially for the use cases shown in the image above. As with any new technology customers will have to get faith into the solution. Only a few customers dared to run their business critical applications on VMware GSX Server when it was released in 2001. Even today there are people who have fear of running their Tier 1 apps on a hypervisor.

Another  reason for VMware initially not having a priority marketing focus on running Tier 1 on EVO:RAIL is the lack of synchronous replication support by for instance Site Recovery Manager.  Business critical applications typically require site resiliency.

Mind many such applications are not dependant on storage replication or other infrastructure based replication solutions to provide site resiliency. Exchange Server can use Stretched Database Availability Groups when running on vSphere. Actually a stretched DAG is the recommended way of protecting Exchange for site failures.

Conclusion
EVO:RAIL fully supports (in a technical context) any application including Tier 1 when supported by the vendor to run on VMware vSphere. If it is wise to run a Tier 1 application on EVO:RAIL mainly depends on application requirements and if additional tooling and features  meet those requirements.