All posts by David

Explore The Benefits of vSphere 6.5 & 6.7 Webinar

This post was originally published on this site

VMware vSphere 6.0 End of Support


The End of General Support for vSphere 6.0 is March 12, 2020.

To maintain your full level of Support and Subscription Services, VMware recommends upgrading to vSphere 6.5 or vSphere 6.7.

VMware has extended the general support for vSphere 6.5 to a full five years from date of release, which means the general support for vSphere 6.5 will end on November 15, 2021.

The End of General support for vSphere 6.7 will also be on November 15, 2021.

At VMworld 2019 a lot of the sessions spoke about vSphere.next and hopefully we will see that soon.

In the meantime, users of vSphere 6.0 can upgrade to vSphere version 6.5 or 6.7, if you’re not aware of what vSphere 6.0 or 6.7 can offer, I will be hosting/running a free webinar on the features of those versions.

The webinar will run GMT Monday February 17th2020 via our QA On-Line Virtual Centre  

For more information and to sign up for this “FREE” webinar please visit the registration page at QA Training, and hopefully see you there (virtually)

Why Phishing Remains So Popular?, (Fri, Jan 24th)

This post was originally published on this site

… because it works!

Probably, some phishing emails get delivered into your mailbox every day and you ask yourself: “Why do they continue to spam us with so many emails? We are aware of phishing and it will not affect my organization!”

First of all, emails remain a very popular way to get in content with the victim. Then, sending massive phishing campaigns does not cost a lot of money. You can rent a bot to send millions of emails for a few bucks. Hosting the phishing kit is also very easy. They are tons of compromised websites that deliver malicious content. But phishing campaigns are still valuable from an attacker perspective when some conditions are met:

  1. The mail is properly crafted and looks like an official one (same layout, signature, no typo, correct sentences, same “style”)
  2. The mail attracts the victim’s attention (based on an event, a colleague, some “juicy” topics)
  3. Make the victim confident (pretend to use the tools and services used at work)
  4. The victim is not attentive to the content of the mail or the link (lack of concentration)

Here is a real story. Yesterday my wife explained that she felt into the trap! She was on the phone with a customer and, waiting for some feedback, she received an email from a colleague (a legit email she said – all details looked ok – signature, name, etc). That’s the condition #1 from the list above. Her colleague pretended to share a file about a project via OneNote (Conditions #2 and #3). She knows the sender and she works on projects with him and the organization has the full Microsoft products stack. So, while waiting on the phone, she clicked on the link, got the classic login page and provided her credentials… (condition #4). She said, “I know that they take security seriously so it looked normal to authenticate one more time”.

She did not see that the URL was, of course, not the right one (speaking with the customer at the same time). When her credentials were rejected several times, she realized that it was a phishing attempt and changed her credentials immediately. In the meantime, the helpdesk sent an email to all employees to report the ongoing phishing attack! Probably, she was the patient “zero”.

Conclusion: awareness is key, you might feel confident at detecting phishing attempts but just one second of distraction and it’s game over!

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

VMware vRA Latency and Bandwidth

This post was originally published on this site
vRealize Automation supports multiple site, distributed installation, but data transmission speed and volume must meet minimum prerequisites.

vRealize Automation needs an environment of 5 ms or lower network latency, and 1 GB or higher bandwidth, among the following components.
•    vRealize Automation appliance
•    IaaS Web server
•    IaaS Model Manager host
•    IaaS Manager Service host
•    IaaS SQL Server database
•    IaaS DEM Orchestrator

The following component might work at a higher latency site, but the practice is not recommended.
•    IaaS DEM Worker

You may install the following component at the site of the endpoint with which it communicates.
•    IaaS Proxy Agent

Installing Powershell Core and Running PowerCLI on Centos

This post was originally published on this site

Due to the release of Powershell Core, you can run PowerCLI commands on a Linux host. This will be a quick post to cover the steps required to get it installed. The first step is to add the Microsoft repo to your Centos machine: curl ht tps://packages.microsoft.com/config/rhel/7/prod.repo | sudo tee /etc/yum.repos.d/microsoft.repo Once done, Powershell can […]

How to disable VMware ESXi complex passwords and why you should not do it

This post was originally published on this site

VMware ESXi hypervisor has a default password complexity turned on. It is to restrict admins using week passwords which is good. The ESXi password restrictions are set by the Linux PAM module pam_passwdqc, because VMware ESXi uses that module within the hypervisor. In this post, we will recap how to disable VMware ESXi complex passwords. […]

Read the full post How to disable VMware ESXi complex passwords and why you should not do it at ESX Virtualization.

How to disable VMware ESXi complex passwords and why you should not do it

This post was originally published on this site

VMware ESXi hypervisor has a default password complexity turned on. It is to restrict admins using week passwords which is good. The ESXi password restrictions are set by the Linux PAM module pam_passwdqc, because VMware ESXi uses that module within the hypervisor. In this post, we will recap how to disable VMware ESXi complex passwords. […]

Read the full post How to disable VMware ESXi complex passwords and why you should not do it at ESX Virtualization.

Getting started with the vRealize Automation Terraform Provider

This post was originally published on this site

In my previous post, Infrastructure as Code and vRealize Automation, I talked about the principles of Infrastructure as Code and how vRealize Automation can help you put some of those ideas into action. I also mentioned Terraform as a complimentary technology to vRealize Automation. There are several VMware providers for Terraform (including vSphere, NSX-T, vCloud

The post Getting started with the vRealize Automation Terraform Provider appeared first on VMware Cloud Management.

Infrastructure as Code and vRealize Automation

This post was originally published on this site

Infrastructure as Code Infrastructure as Code is a concept that was created to solve the problems that are faced managing infrastructure in the “Cloud Age” by applying principles more often used in software development. Modern, cloud-like infrastructure is dynamic in nature and can lead to server sprawl, configuration drift and “snowflakes”. How do you ensure

The post Infrastructure as Code and vRealize Automation appeared first on VMware Cloud Management.