Gespeicherte Credentials für RDP verbieten

Die Zugangsdaten einer Remote-Desktop Verbindung zu speichern, ist eine willkommene Erleichterung der täglichen Arbeit. Erlaubt sie doch schnellen Wechsel zwischen Serversystemen, ohne jedesmal das Passwort erneut einzugeben.

Genau hierin besteht jedoch das Problem. Erhält ein Angreifer Zugriff auf ein Endgerät mit gespeicherten Verbindungsdaten, so hat er damit auch Zugriff auf die dort hinterlegten RDP Verbindungen.

Dazu braucht er nicht unbedingt Zugang zum Firmengelände. Das Büro ist heute überall. Jeder kann sein Notebook, sein Tablet, oder sein Smartphone mit nach Hause nehmen. Endgeräte können entweder durch einen Exploit übernommen, oder physisch gestohlen werden.

Wie so oft stehen Sicherheit und Komfort an diametral verschiedenen Enden des Spektrums. „Gespeicherte Credentials für RDP verbieten“ weiterlesen

VMworld 2017 – day 2 part 1

It’s another beautiful day in Barcelona. VMworld day two is about to start. Let the games begin!

  • Q&A Session with Pat Gelsinger to answer questions sent in by partners the day before.
  • Largest part of the general session was about a fictional company named „Elasticsky Pizza“ (not related in any way with this website). 😉 This company urgently needs help to perform the digital transformation, to deliver apps to their customers and to monitor any kind of problem and track down the cause of it. A collection if short and funny clips showed the problem of the company and the presenters showed how to solve them with VMware Cloud products like Pivotal Container Service, AppDefence, NSX, IoT Pulse. To round up the whole story a pizza delivery truck drove into the audience hall and delivered a box of pizza to the presenter. Very entertaining. 🙂

VMworld2017 – Day 1

General session

This is a short abstract directly from the first row of seats.

9:00 general session is about to begin

More than 11.000 attendees take part in VMworld 2017 EU.

Tot som Barcelona

In reference to the tragic attacks recently happened in Barcelona the opening sentence was „We’re all Barcelona „.

  • Pat Gelsinger talking about digital transformation.
  • IBM and Dell announcing joint venture to accelerate cloud adoption.
  • announcement of HCX Technology – Cloud service for cloud migration, app mobility and infrastructure hybridity.
  • Alan Renouf showing Pat Gelsinger a VR frontend for vSphere Management. Funny to see him using VR glasses to drop a VM into the virtual trashcan or to vMotion another one by throwing the object.
  • Introducing Appdefence security solution

 

VMworld 2017 – Warm up part 2

Monday is day one before the official start of VMworld. Ideal to get organized and to do some practice in the Hands-on-Labs (HOL).

Lab environment

Labs are well organized and the staff is very helpful. A staff member welcomes you at the entrance and leads you to your desk. They’ll assist you until you’ve successfully logged into your session. On Monday morning there is no rush yet and everything is calm. „VMworld 2017 – Warm up part 2“ weiterlesen

vSAN Shutdown

Bei aller Hochverfügbarkeit gibt es immer wieder Situationen, in denen ein vSAN-Cluster komplett abgeschaltet werden muss. Dies ist eine Kurzanleitung, wie man den Cluster kontrolliert komplett abschaltet und zu gegebenem Zeitpunkt wieder anfährt.

Shutdowm

  • alle VMs herunterfahren, außer der vCenter Appliance
  • prüfen dass keine vSAN resync Aktionen anstehen

 

  • VC auf Knoten1 verschieben (optional)
  • shutdown VCSA
  • SSH auf Hostclient aktivieren (alle Hosts)
  • SSH Konsole auf jeden Host öffnen und per esxcli in den Wartungsmodus fahren
esxcli system maintenanceMode set -e true -m noAction

Kaltstart

  • Alle Knoten starten
  • Wartungsmodus im Hostclient beenden
  • VCSA starten, boot abwarten
  • H5 Client / Webclient auf VCSA starten
  • VMs starten

Rebalance your Resource Pools

VMware vSphere offers the ability to divide cluster resources into pools. There have been a lot of outstanding articles about resources. I want to emphasize especially the books written by Duncan Epping, Niels Hagoort and Frank Denneman.

Resource pools are a constant source of misconfiguration. Almost every cluster I see in the wild has some no-go’s configured. The most common reason is that RP are misunderstood as folders to organize VMs.

Do not use Resource Pools as folders

People keep thinking that if they leave all pools at „Normal“ it wouldn’t be a problem. In fact it is a problem. Especially if the customer tried to organize his VMs into  hierarchical structures, resource pools can become very complicated to track and might do nasty things in times of contention. „Rebalance your Resource Pools“ weiterlesen

Why you should replicate your vCenter Appliance

In the old days of virtualization a vCenter used to be a nice-to-have commodity. But these times are long gone (at least from an IT point of view). In today’s datacenter many services and applications rely heavily on vCenter. Some of the most common use-cases are VDI-environments, cluster balancing mechanisms like DRS or Storage-DRS and even backup software needs vCenter.

The last one is a crucial point. It’s good to have your vCenter Server Appliance (VCSA) backed up regularly and most of you and your customers will likely do so. But think of what would happen if you’d loose your vCenter for like 10 minutes or even an hour.

It’s not just important to have a backup of it – you also need to return to operation fast and minimize your Recovery-Time-Objective (RTO). „Why you should replicate your vCenter Appliance“ weiterlesen