Learning VMware vCloud Air by Yohan Wadia: VMware vCloud Air is a cloud offering by VMware that provides you with the flexibility and agility to create and manage your virtualized workloads with ease on a VMware-backed cloud platform. Continue reading “Packtpub: Learning VMware vCloud Air by Yohan Wadia”
Book Review: VMware ESXi Cookbook-Over 130 task-oriented recipes to install, configure, and manage various vSphere 5.1 components just speaks volume about the cookbook. This book provides all the recipes which we normally need in end to end VMware vSphere development to usage activities. Interesting approach of installation with the auto deploy is icing on the cake. Every installation is explained step by step in huge details are covered to bring the depth in the discussion. Configuration and management of Networking and Storage are my favorite parts of book. Normally security is not covered often but here it is an exception and hence I admire the vision of Author for covering essential topics with ease!
- Chapter 1: Installing and Configuring ESXi
- Installing ESXi using Interactive Mode
- Deploying ESXi hosts using scripted installation
- Deploying ESXi hosts using Auto Deploy
- Installing vSphere Client
- Configuring NTP settings on the ESXi host
- Configuring DNS and Routing
- Licensing an ESXi host
- Chapter 2: Installing and Using vCenter
- Installing vCenter SSO
- Installing VMware vCenter
- Installing vSphere Web Client
- Installing vSphere Auto Deploy
- Working with the vCenter inventory objects
- Configuring the vCenter Server settings
- Working with tags
- Using schedule tasks
- Managing the plug-ins in vCenter
- Deploying the VMware vCenter Server Appliance
- Chapter 3: Networking
- Creating and deleting VM network port groups
- Creating VMkernel port groups
- Modifying vSwitch properties
- Working with vSphere Distributed Switches
- Configuring Private VLANs (PVLAN)
- Working with advanced networking
- Enabling jumbo frames
- Configuring network policies
- Chapter 4: Storage
- Implementing the iSCSI storage
- Implementing FC and FCoE storages
- Configuring Raw Device Mapping
- Managing VMFS and NFS datastores
- Configuring the storage profiles of a virtual machine
- Chapter 5: Resource Management and High Availability
- Preparing hosts for vMotion
- Implementing resource pools
- Implementing Distributed Resource Scheduler (DRS)
- Implementing Distributed Power Management (DPM)
- Implementing High Availability (HA)
- Implementing Storage Dynamic Resource Scheduling (SDRS)
- Chapter 6: Managing Virtual Machines
- Deploying virtual machines
- Installing and customizing a guest operating system
- Configuring the ESXi host and VM for Fault Tolerance
- Configuring virtual machine hardware
- Configuring virtual machine’s options
- Creating snapshots, templates, and clones
- Chapter 7: Securing the ESXi Server and Virtual Machines
- Configuring the ESXi firewall
- Enabling Lockdown mode
- Managing ESXi authentication
- Managing ESXi certificates
- Configuring logging for virtual machines
- Configuring security settings for virtual machines
- Chapter 8: Performance Monitoring and Alerts
- Running vCenter performance monitoring graphs
- Configuring SNMP for ESXi and vCenter
- Running performance monitoring using ESXTOP
- Configuring vCenter alarms
- Managing log files
Virtualization Security Risks
Virtualization enables the enterprises to increase the server capacity, enhance the flexibility and agility along with automating the operations without incurring any large capital expenditures. Even as the companies become increasingly accustomed to harnessing the benefits of virtualization, enough attention is not being paid to the security issues associated with the progress.
There is a prominent assumption that the virtual machines are highly secure in comparison to the physical servers. However, the reality is that both, the virtual machines and physical servers are equally susceptible to malware attacks. The repercussions of a crash in a virtualized environment might be more severe as compared to the repercussions in a regular server setting. In many situations, users simply do not realize the risks or they do not have the administrative authority for implementing the required security controls.
As the adoption of virtualization expands across an enterprise, the buildup of security issues might pose some serious challenges to the performance in terms of outages, increase in the costs and data loss. Therefore, in order to set up your business website, it is imperative to be aware of the basic risks along with some fundamental approaches for mitigating those risks while performing the transition to the virtualized environment.
The following are Virtualization Security Risks:
In many cases, CXOs tend to overlook the virtual machines during the security phase. The lack or inadequacy of security in the virtual machines might result in some serious risk scenarios
- The amalgamation of sensitive or critical workloads with the workloads from different trust zones present on the same physical server. This has to be taken care of especially when the provisions for separation have not been made as this might result in some serious security challenges.
- Hidden weaknesses in the virtualization layer might increase the vulnerability of the system. As a result of these vulnerabilities, the hackers can compromise all the hosted workloads.
- In order to enable the virtual machines for communicating directly, virtualization platforms are often used for the software-based switches and for the virtual networks present within the physical host. As this traffic is hidden from the network-based security protection devices, it is more susceptible to hacking attacks.
- Access to the Hypervisor / Virtual Machine Monitor (VMM) layer has to be monitored tightly as this is the most serious form of support. However, security is affected in most of the virtualization platforms with the creation of multiple administration paths into the VMM.
- Risk is also increased to a great extent when the administrators and users are provided with data access more than their normal privilege levels when the physical server is integrated into a single machine.
- In many situations, the complete network is compromised just because separate teams are assigned the responsibility of configuring the physical server environment and the virtual environment.
In light of the risks mentioned above, there are some fundamental best practices that help in mitigating these risks:
- It is always better to consider the hosted virtual desktop workloads as ‘untrusted’ and to keep it separated from the rest of the physical data. By establishing a specific security policy for the virtual machines. This will prevent the increase in workloads from various trust levels into the same server.
- It is important to configure the Hypervisor layer correctly and the security upgrades should be done regularly on it. It is also important to make sure that the virtualization layer is adequately thin during the process of configuration against the unlicensed changes so that it does not become an easy target for the hackers. Make sure that the virtualization vendors provide with Hypervisor / VMM layer measurement at the time of boot-up for avoiding any kind of compromise.
- Go beyond host-based security for ensuring that the vulnerabilities present in the lower layers are easily tracked and corrected.
- Monitoring plays a vital role in any security mechanism. Virtualized workloads and networks should be allotted with the same levels of monitoring that is offered to the physical servers.
- Work with the security vendors who provide with a trustworthy policy management and enforcement framework in order to reduce the issues related to configuration and management.
- Set up a single team for managing the network configuration and for the overall management across the physical and virtual environments for ensuring a consistent and unified approach towards server infrastructure management. Utilize the virtualization platform architectures along with replicable switch code in order to make sure that the virtual and physical configurations are covered in the same policies.
Moreover, follow these simple rules for ensuring that the virtual environments are operating at the required security levels:
- Separate the critical operations from the virtualization plans
- Select certified hardware and operation systems for avoiding failover
- Operate the staging and development servers on distinct machines or Hypervisors
- Stop failover by setting up a ‘Cold-Spare’
- Backup all the server images
- Apply new patches / upgrades only when the complete virtual infrastructure is up and running
- Establish role based privilege levels and data access rights
- Always operate VDI in the high-availability mode
- Prevent the data I/O from the user workstation
- Make sure that continuous monitoring is done for the virtualized servers
- Centralize the home directory data
It is possible to combat all the risks associated with virtualization by abiding to the basic fundamental rules. But as a standard practice, it is important to focus on the security from the beginning of the virtualization process as the challenges might become more difficult down the line. It is evident that virtualization has a lot of benefits for the enterprises; however, in order to extract the maximum value from this technology, it is absolutely crucial to ensure that all the necessary security protocols are in place.
VMware vSphere 5.5 Virtual Machine
A virtual machine is the core of server virtualization. It is represented by package of files and hence it is easy to carry in portable storage. It provides an isolated environment for an operating system hence it enables users to use more than one operating system on the single physical hardware. Computing environment work in similar way it works in physical environment. Hypervisor or virtual machine monitor is used to create virtual environment. It virtualizes memory, interrupts, basic I/O operations etc.
VM is having all the components similar to physical machine such as CPUs, Hard disks, USB Drives, CD Drives, SCSI controller, Video card
Virtual machine configuration file extension is *.vmx while virtual disk descriptor file extension is *.vmdk.
Virtual machine configuration (VMX) file contains information about guest OS, BIOS UUID, virtual network card, virtual disk drives, CPU and memory, cores per processor, number of processors, etc.
Best Practices to upgrade to vSphere 5.1 or to vSphere 5.5
1. Upgrade the vCenter Server to 5.5
There are two methods of upgrading your current vCenter to vCenter 5.5:
-The in-place upgrade method: Run vCenter 5.5 installer on the machine having any one from vCenter Server 4.0, vCenter Server 4.1, vCenter Server 5.0, vCenter Server 5.1 having an OS Windows Server 2003 Service Pack 2, Windows Server 2003 R2, Windows 2008 Service Pack 1 and Service Pack 2, Windows 2008 R2, Windows 2008 R2 Service Pack 1.
-Migrating vCenter data using the vSphere Data Migration tool: migrate the current vCenter data, using the vSphere Data Migration tool If your existing vCenter is running on a 32-bit operating system, then you cannot install vCenter 5.1 on the same machine because it is a 64-bit application.
2. Upgrade the ESX/ESXi servers to 5.5
3. Upgrade VMware Tools and then the virtual machine hardware
4. Uninstall vCenter Update Manager, vCenter Converter, vCenter Guided Consolidation and re-install them
vCenter Server 5.5 can be used to manage ESX/ESXi 4.x and ESX 5.0, ESXi 5.1.
VMware Horizon View™ securely delivers on demand desktop services from centralized location such as cloud or virtualization environment to automate IT management and control, to increase reliability and availability, and to provide end users maximum mobility and flexibility.
VMware Horizon View allows to provision two different desktop types:
- Linked clones: They are created using a master image that is a standard vSphere virtual machine format
- Full clones: They are created using a master image that is a vSphere template
VMware Horizon View supports two different options for assigning users to desktops:
- Dedicated User Assignment: Desktop is assigned to a single user
- Floating User Assignment: Desktop is assigned to a user from a Desktop Pool
- User-centric, flexible approach to computing
- On-demand desktop services
- Agility – Easy provisioning
- Cost control / benefits
- Manageability and security
Download Magento VM from: http://bitnami.org/stack/magento
1. Open VMX file in VMware Player
2. Start Vital machine
Click on Access My Application
5. Create an Account
6. Admin (http://10.2xx.xx.xx/magento/index.php/admin)
7. Admin Panel
8. Catalog -> Manage Categories -> Add Root Categories
9. Add New Product
Catalog -> Manage Products
10. Add Product
13. All Products
15. Create Orders
17. Dashboard for User
SQL File of Data (Change it to .sql extension)
Magento Database_Foreign Key Checks Disabled
- E-Commerce made easy: Magento (xemion.com)