Packtpub: Learning VMware vCloud Air by Yohan Wadia


Learning VMware vCloud Air by Yohan Wadia: VMware vCloud Air is a cloud offering by VMware that provides you with the flexibility and agility to create and manage your virtualized workloads with ease on a VMware-backed cloud platform. Continue reading “Packtpub: Learning VMware vCloud Air by Yohan Wadia”

Advertisements

Book Review: VMware ESXi Cookbook


Book Review: VMware ESXi Cookbook-Over 130 task-oriented recipes to install, configure, and manage various vSphere 5.1 components just speaks volume about the cookbook. This book provides all the recipes which we normally need in end to end VMware vSphere development to usage activities. Interesting approach of installation with the auto deploy is icing on the cake. Every installation is explained step by step in huge details are covered to bring the depth in the discussion. Configuration and management of Networking and Storage are my favorite parts of book. Normally security is not covered often but here it is an exception and hence I admire the vision of Author for covering essential topics with ease!

Book Review-VMware ESXi Cookbook

  • Chapter 1: Installing and Configuring ESXi
    • Introduction
    • Installing ESXi using Interactive Mode
    • Deploying ESXi hosts using scripted installation
    • Deploying ESXi hosts using Auto Deploy
    • Installing vSphere Client
    • Configuring NTP settings on the ESXi host
    • Configuring DNS and Routing
    • Licensing an ESXi host
  • Chapter 2: Installing and Using vCenter
    • Introduction
    • Installing vCenter SSO
    • Installing VMware vCenter
    • Installing vSphere Web Client
    • Installing vSphere Auto Deploy
    • Working with the vCenter inventory objects
    • Configuring the vCenter Server settings
    • Working with tags
    • Using schedule tasks
    • Managing the plug-ins in vCenter
    • Deploying the VMware vCenter Server Appliance
  • Chapter 3: Networking
    • Introduction
    • Creating and deleting VM network port groups
    • Creating VMkernel port groups
    • Modifying vSwitch properties
    • Working with vSphere Distributed Switches
    • Configuring Private VLANs (PVLAN)
    • Working with advanced networking
    • Enabling jumbo frames
    • Configuring network policies
  • Chapter 4: Storage
    • Introduction
    • Implementing the iSCSI storage
    • Implementing FC and FCoE storages
    • Configuring Raw Device Mapping
    • Managing VMFS and NFS datastores
    • Configuring the storage profiles of a virtual machine
  • Chapter 5: Resource Management and High Availability
    • Introduction
    • Preparing hosts for vMotion
    • Implementing resource pools
    • Implementing Distributed Resource Scheduler (DRS)
    • Implementing Distributed Power Management (DPM)
    • Implementing High Availability (HA)
    • Implementing Storage Dynamic Resource Scheduling (SDRS)
  • Chapter 6: Managing Virtual Machines
    • Introduction
    • Deploying virtual machines
    • Installing and customizing a guest operating system
    • Configuring the ESXi host and VM for Fault Tolerance
    • Configuring virtual machine hardware
    • Configuring virtual machine’s options
    • Creating snapshots, templates, and clones
  • Chapter 7: Securing the ESXi Server and Virtual Machines
    • Introduction
    • Configuring the ESXi firewall
    • Enabling Lockdown mode
    • Managing ESXi authentication
    • Managing ESXi certificates
    • Configuring logging for virtual machines
    • Configuring security settings for virtual machines
  • Chapter 8: Performance Monitoring and Alerts
    • Introduction
    • Running vCenter performance monitoring graphs
    • Configuring SNMP for ESXi and vCenter
    • Running performance monitoring using ESXTOP
    • Configuring vCenter alarms
    • Managing log files
  • Chapter 9: vSphere Update Manager
    • Introduction
    • Installing Update Manager
    • Configuring Update Manager
    • Creating and managing baselines
    • Scanning and remediating vSphere objects
    • Configuring UMDS

Best Practices For Combating Virtualization Security Risks


Virtualization Security Risks

Virtualization enables the enterprises to increase the server capacity, enhance the flexibility and agility along with automating the operations without incurring any large capital expenditures. Even as the companies become increasingly accustomed to harnessing the benefits of virtualization, enough attention is not being paid to the security issues associated with the progress.

There is a prominent assumption that the virtual machines are highly secure in comparison to the physical servers. However, the reality is that both, the virtual machines and physical servers are equally susceptible to malware attacks. The repercussions of a crash in a virtualized environment might be more severe as compared to the repercussions in a regular server setting. In many situations, users simply do not realize the risks or they do not have the administrative authority for implementing the required security controls.

Cloud Computing – Download Free EBooks and Whitepapers
Java – Download Free EBooks and Whitepapers
Windows – Download Free EBooks and Whitepapers

As the adoption of virtualization expands across an enterprise, the buildup of security issues might pose some serious challenges to the performance in terms of outages, increase in the costs and data loss. Therefore, in order to set up your business website, it is imperative to be aware of the basic risks along with some fundamental approaches for mitigating those risks while performing the transition to the virtualized environment.

The following are Virtualization Security Risks:

In many cases, CXOs tend to overlook the virtual machines during the security phase. The lack or inadequacy of security in the virtual machines might result in some serious risk scenarios

  • The amalgamation of sensitive or critical workloads with the workloads from different trust zones present on the same physical server. This has to be taken care of especially when the provisions for separation have not been made as this might result in some serious security challenges.
  • Hidden weaknesses in the virtualization layer might increase the vulnerability of the system. As a result of these vulnerabilities, the hackers can compromise all the hosted workloads.
  • In order to enable the virtual machines for communicating directly, virtualization platforms are often used for the software-based switches and for the virtual networks present within the physical host. As this traffic is hidden from the network-based security protection devices, it is more susceptible to hacking attacks.
  • Access to the Hypervisor / Virtual Machine Monitor (VMM) layer has to be monitored tightly as this is the most serious form of support. However, security is affected in most of the virtualization platforms with the creation of multiple administration paths into the VMM.
  • Risk is also increased to a great extent when the administrators and users are provided with data access more than their normal privilege levels when the physical server is integrated into a single machine.
  • In many situations, the complete network is compromised just because separate teams are assigned the responsibility of configuring the physical server environment and the virtual environment.

In light of the risks mentioned above, there are some fundamental best practices that help in mitigating these risks:

  • It is always better to consider the hosted virtual desktop workloads as ‘untrusted’ and to keep it separated from the rest of the physical data. By establishing a specific security policy for the virtual machines. This will prevent the increase in workloads from various trust levels into the same server.
  • It is important to configure the Hypervisor layer correctly and the security upgrades should be done regularly on it. It is also important to make sure that the virtualization layer is adequately thin during the process of configuration against the unlicensed changes so that it does not become an easy target for the hackers. Make sure that the virtualization vendors provide with Hypervisor / VMM layer measurement at the time of boot-up for avoiding any kind of compromise.
  • Go beyond host-based security for ensuring that the vulnerabilities present in the lower layers are easily tracked and corrected.
  • Monitoring plays a vital role in any security mechanism. Virtualized workloads and networks should be allotted with the same levels of monitoring that is offered to the physical servers.
  • Work with the security vendors who provide with a trustworthy policy management and enforcement framework in order to reduce the issues related to configuration and management.
  • Set up a single team for managing the network configuration and for the overall management across the physical and virtual environments for ensuring a consistent and unified approach towards server infrastructure management. Utilize the virtualization platform architectures along with replicable switch code in order to make sure that the virtual and physical configurations are covered in the same policies.

Moreover, follow these simple rules for ensuring that the virtual environments are operating at the required security levels:

  • Separate the critical operations from the virtualization plans
  • Select certified hardware and operation systems for avoiding failover
  • Operate the staging and development servers on distinct machines or Hypervisors
  • Stop failover by setting up a ‘Cold-Spare’
  • Backup all the server images
  • Apply new patches / upgrades only when the complete virtual infrastructure is up and running
  • Establish role based privilege levels and data access rights
  • Always operate VDI in the high-availability mode
  • Prevent the data I/O from the user workstation
  • Make sure that continuous monitoring is done for the virtualized servers
  • Centralize the home directory data

It is possible to combat all the risks associated with virtualization by abiding to the basic fundamental rules. But as a standard practice, it is important to focus on the security from the beginning of the virtualization process as the challenges might become more difficult down the line. It is evident that virtualization has a lot of benefits for the enterprises; however, in order to extract the maximum value from this technology, it is absolutely crucial to ensure that all the necessary security protocols are in place.

VMware vSphere 5.5 Virtual Machine


VMware vSphere 5.5 Virtual Machine
Traditional and Virtual Architecture
VMware vSphere 5.5 Virtual Machine

A virtual machine is the core of server virtualization. It is represented by package of files and hence it is easy to carry in portable storage. It provides an isolated environment for an operating system hence it enables users to use more than one operating system on the single physical hardware. Computing environment work in similar way it works in physical environment. Hypervisor or virtual machine monitor is used to create virtual environment. It virtualizes memory, interrupts, basic I/O operations etc.

VM is having all the components similar to physical machine such as CPUs, Hard disks, USB Drives, CD Drives, SCSI controller, Video card

Virtual machine configuration file extension is *.vmx while virtual disk descriptor file extension is *.vmdk.

Virtual machine configuration (VMX) file contains information about guest OS, BIOS UUID, virtual network card, virtual disk drives, CPU and memory, cores per processor, number of processors, etc.

Cloud Computing – Download Free EBooks and Whitepapers
Java – Download Free EBooks and Whitepapers
Windows – Download Free EBooks and Whitepapers

Best Practices to upgrade to vSphere 5.1 or to vSphere 5.5


Best Practices to upgrade to vSphere 5.1 or to vSphere 5.5

1. Upgrade the vCenter Server to 5.5
There are two methods of upgrading your current vCenter to vCenter 5.5:
-The in-place upgrade method: Run vCenter 5.5 installer on the machine having any one from vCenter Server 4.0, vCenter Server 4.1, vCenter Server 5.0, vCenter Server 5.1 having an OS Windows Server 2003 Service Pack 2, Windows Server 2003 R2, Windows 2008 Service Pack 1 and Service Pack 2, Windows 2008 R2, Windows 2008 R2 Service Pack 1.
-Migrating vCenter data using the vSphere Data Migration tool: migrate the current vCenter data, using the vSphere Data Migration tool If your existing vCenter is running on a 32-bit operating system, then you cannot install vCenter 5.1 on the same machine because it is a 64-bit application.
2. Upgrade the ESX/ESXi servers to 5.5
3. Upgrade VMware Tools and then the virtual machine hardware

4. Uninstall vCenter Update Manager, vCenter Converter, vCenter Guided Consolidation and re-install them

 

vCenter Server 5.5 can be used to manage ESX/ESXi 4.x and ESX 5.0, ESXi 5.1.

 

VMware Horizon View-Definition


VMware Horizon View™ securely delivers on demand desktop services from centralized location such as cloud or virtualization environment to automate IT management and control, to increase reliability and availability, and to provide end users maximum mobility and flexibility.

Cloud Computing – Download Free EBooks and Whitepapers
Java – Download Free EBooks and Whitepapers
Windows – Download Free EBooks and Whitepapers
VMware Horizon View allows to provision two different desktop types:
  1. Linked clones: They are created using a master image that is a standard vSphere virtual machine format
  2. Full clones: They are created using a master image that is a vSphere template

VMware Horizon View supports two different options for assigning users to desktops:

  1. Dedicated User Assignment: Desktop is assigned to a single user
  2. Floating User Assignment: Desktop is assigned to a user from a Desktop Pool

Benefits:

  • User-centric, flexible approach to computing
  • On-demand desktop services
  • Agility – Easy provisioning
  • Automation
  • Cost control / benefits
  • Compliance
  • Manageability and security
Cloud Computing – Download Free EBooks and Whitepapers
Java – Download Free EBooks and Whitepapers
Windows – Download Free EBooks and Whitepapers

Installation and Configuration of Bitnami Magento – VMware


Magento App Installation, Configuration and Sample Data
App Installation, Configuration and Sample Data

Download Magento VM from: http://bitnami.org/stack/magento

http://bitnami.org/files/stacks/magento/1.6.0.0-2/bitnami-magento-1.6.0.0-2-ubuntu-10.10.zip

1. Open VMX file in VMware Player

Cloud Computing – Download Free EBooks and Whitepapers
Java – Download Free EBooks and Whitepapers
Windows – Download Free EBooks and Whitepapers
Open .vmx file in VMware Player
Open .vmx file in VMware Player

2. Start Vital machine

Start Virtual Machine in VMware Player
Start Virtual Machine in VMware Player

3. http://10.2XX.XX.XX/

Click on Access My Application

Bitnami Magento
Bitnami Magento
Magento Home Page
Magento Home Page

4. Login

Magento Login Page
Magento Login Page

5. Create an Account

Magento - Create an Account
Magento – Create an Account

6. Admin (http://10.2xx.xx.xx/magento/index.php/admin)

Magento - Login to Admin Panel
Magento – Login to Admin Panel

7. Admin Panel

Magento - Admin Panel
Magento – Admin Panel

8. Catalog -> Manage Categories -> Add Root Categories

Magento - Admin Panel - Categories
Magento – Admin Panel – Categories

9. Add New Product

Catalog -> Manage Products

Bitnami Magento - Admin Panel - Add New Product
Magento – Admin Panel – Add New Product

10. Add Product

Bitnami Magento - Admin Panel - Add New Product
Magento – Admin Panel – Add New Product

12. Products

Bitnami Magento - Admin Panel - Products
Admin Panel – Products

13. All Products

Bitnami Magento - Admin Panel - All Products
Admin Panel – All Products

14. Customers

Bitnami Magento - Admin Panel - All Customers
Admin Panel – All Customers

15. Create Orders

Bitnami Magento - Admin Panel - Create Orders
Admin Panel – Create Orders

16. Orders

Bitnami Magento - Admin Panel - All Orders
Admin Panel – All Orders

17. Dashboard for User

Bitnami Magento - Admin Panel - User Dashboard
Admin Panel – User Dashboard

References:

http://www.youtube.com/watch?v=DQjRlkQQr38

SQL File of Data (Change it to .sql extension)

Magento Database_Foreign Key Checks Disabled
Related articles