A new year…a new vulnerability

There is nothing like starting the new year off with a small bout of panic.

As of this morning I’ve had a number of my partners calling up asking for an update on VMware’s position against the recently publicized CPU vulnerabilities, Meltdown and Spectre.

If you don’t know what I’m talking about, have a look at the following article from the Project Zero team at Google. These guys do a really good job of explaining what all the noise is about.

On the VMware side, the good news is that we have already released a number of updates that contain fixes to address the vulnerabilities in question. On an even more positive note, given that these patches were released last year, there is a good chance that many environments out there are already patched.

The 3 identified CVE’s in question are:

The patches that have been made available by VMware address CVE-2017-5753 and CVE-2017-5715

 CVE-2017-5754 (or Meltdown) does not affect ESXi because it does not run untrusted user mode code. For VMware Workstation and VMware Fusion, they rely on the underlying OS that should probably be patched for the vulnerability.

VMware have just released security advisory VMSA-2018-0002 which details VMware ESXi, Workstation and Fusion updates addressing side-channel analysis due to speculative execution. (CVE-2017-5753 and CVE-2017-5715.)

The remediation as documented in VMSA-2018-0002, has been present in VMware Cloud on AWS since early December 2017.

In closing, current tests performed so far have revealed no measurable impact on performance with virtual machines running on ESXi. Guest operating systems that are patched within the virtual machines themselves may however experience a performance impact depending on the patch provided by the OS vendor.


Posted in Security | Leave a comment

Network Virtualization – NSX-T 2.1

NSX-T is VMware’s Network Virtualization solution for multi-cloud and multi-hypervisor environments enabling advanced networking and security across emerging application architectures (containers), just as it does for traditional 3-tier apps.

Earlier this month VMware announced the release of NSX-T 2.1 which now includes support for Pivotal Cloud Foundry. NSX-T 2.1 will also serve as the networking and security platform for the recently announced VMware Pivotal Container Service (PKS), a Kubernetes solution jointly developed by VMware, Pivotal and Google.


Posted in NSX, SDDC | Leave a comment

VMware Hybrid Cloud Extension

Included in the recent update to VMware Cloud on AWS was the announcement of the tech preview of HCX or Hybrid Cloud Manager. HCX can be thought of as the virtual express way between your on premise VMware Cloud and your public iteration of vSphere running in an AWS data center. The purpose of HCX is to facilitate large-scale virtual machine migrations in both directions between these two separate pools of infrastructure.

For more information and a deeper dive into HCX, check out Getting started with Hybrid Cloud Extension on VMware Cloud on AWS by William Lam.


Posted in Cloud, SDDC, VMC on AWS | Leave a comment