{"id":910,"date":"2012-01-31T23:30:01","date_gmt":"2012-01-31T23:30:01","guid":{"rendered":"https:\/\/kristau.net\/?p=910"},"modified":"2012-01-31T23:30:01","modified_gmt":"2012-01-31T23:30:01","slug":"20120119-vmware-users-group-vmug-meeting","status":"publish","type":"post","link":"https:\/\/kristau.net\/blog\/910\/","title":{"rendered":"20120119 VMware Users Group (VMUG) Meeting"},"content":{"rendered":"<p>Agenda:<\/p>\n<ul>\n<li>3PM: Check-in, Welcome, Facilities<\/li>\n<li>3:05: VMUG Video<\/li>\n<li>3:15: Fusion-io preso<\/li>\n<li>3:50: Break<\/li>\n<li>3:55 VMware vShield Security preso &#8211; Karl Fultz, VMware SE<\/li>\n<li>4:40: Open Discussion<\/li>\n<li>4:55: Drawings<\/li>\n<li>5:00: Break<\/li>\n<li>5:15: Social networking at Buffalo Wild Wings<\/li>\n<\/ul>\n<p>My Notes:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.youtube.com\/watch?v=eNBcFjT4Fdk\">VMUG Video<\/a><\/li>\n<ul>\n<li>VMware Paul Strong, CTO, Global Customer and Field Initiatives, VMware<\/li>\n<li>vCloud Community, 8 Certified providers<\/li>\n<\/ul>\n<li>Fusion IO: Gus Siefker (sales) and Victor Backman (tech)<\/li>\n<ul>\n<li>4 years in business, 80,000 cards<\/li>\n<li>Move a lot of data, fast<\/li>\n<li>Hardware and software combo that does a minimum of 100k IOPS<\/li>\n<li>Good for DBs, VDI density<\/li>\n<li>VDI Design: abstracting the layers (HW, OS, App, User Data) helps prep for putting Fusion-IO in the mix.<\/li>\n<li>Boot images and high-IOPS data go to FIO, User Data and low IOPS go to SAN storage, lower tiers.<\/li>\n<li>Basically a block level device. Presents to host as local storage.<\/li>\n<li>Storage is persistent, can be (if needed) moved to different servers. Gave example of one client that ships them off site rather than file transfer over Internet\/WAN.<\/li>\n<li>Nutanix Complete Block: 4 Fusion-io ioDrives = 1.3 TB fo storage.<\/li>\n<li>Card draws about 25 W of power, but replaces lots of HD spindles.<\/li>\n<li>Uses NAND Flash memory like an SSD, but removes the controller from the mix.<\/li>\n<li>15 micro second latency.<\/li>\n<li>ioTurbine: recently acquired by Fusion-io. Allows vMotion of local storage on a Fusion-io card which normally couldn\u2019t be vMotioned.<\/li>\n<li>There is an ioTurbine guest driver installed on the VMs. Acts as a read cache. Writes still go to SAN.<\/li>\n<li>Keeping up to 80% of IO local to ESXi host, and reduces read load on back end storage.<\/li>\n<li>Lab test with F-io card and NetApp back end storage using IOmeter as the load with 8 VMs. F-io solution averaged around 12,000 IOPS once the cache \u201cwarmed\u201d up. NetApp read ops just about nothing, so its write ops performance increased.<\/li>\n<li>When a VM is rebooted, its cache is flushed and it needs time to re-warm.<\/li>\n<li>Guests supported are Windows only for now. Need a driver in the guest. Linux support is \u201ccoming soon.\u201d<\/li>\n<li>There is also a host driver.<\/li>\n<\/ul>\n<li>Refreshment Break<\/li>\n<li>vShield Security Overview: Karl Fultz, VMware SE<\/li>\n<ul>\n<li>Enterprise Security today is not virtualized, not cloud ready.<\/li>\n<li>Most people are still using physical security devices.<\/li>\n<li>Moving workloads is challenging when the security doesn\u2019t move with it.<\/li>\n<li>vShield moves the firewall\/security into virtual appliances on the host.<\/li>\n<li>Perimiter, Internal, and End Point security.<\/li>\n<li>vShield Zones\/vShield App are basically the same. vShield Zones included with 4.1 Enterprise Plus. Segmentation and data scanning. vShield App new stand-alone product.<\/li>\n<ul>\n<li>Provides 5-tuple ruleset firewall<\/li>\n<li>Hypervisor-level fw. Inbound, outbound connection control at vNIC level<\/li>\n<li>Groups that can stretch as VMs migrate to other hosts.<\/li>\n<li>Flow monitoring, policy management, logging and auditing.<\/li>\n<\/ul>\n<li>vShield Edge is perimiter security.<\/li>\n<ul>\n<li>Provides NAT, DHCP, VPN, some load balancing.<\/li>\n<li>VLAN \/Port Group isolation. PG isolation requires vDS.<\/li>\n<li>Detailed network flow stats.<\/li>\n<li>Policy management and logging\/auditing.<\/li>\n<\/ul>\n<li>vShield Endpoint is AV offload.<\/li>\n<ul>\n<li>Offloading scanning to the Security VM. No AV agents in the guest VMs.<\/li>\n<li>Central management.<\/li>\n<li>Enforce remediation within the VM with the driver.<\/li>\n<li>Trend Micro (now), McAffee (in beta now), Sophos (coming soon), Symantec (coming soon) provide endpoint appliances.<\/li>\n<li>Windows only for guests.<\/li>\n<\/ul>\n<li>vShiled Manager is the management plugin in vCenter.<\/li>\n<li>vShield App with Data Security had pre-defined templates to scan environment for data loss. (DLP, agentless if you don\u2019t count VM Tools as an \u201cagent\u201d). Can configure trust zones.<\/li>\n<li>Security policies follow VMs. Allows for mixed trust zones.<\/li>\n<li>vShield Zones is not supported in vShield Manager 5.0, must use older verson of vShield Manager to support Zones. Will need multiple managers if mixing in 5.0 vShield App\/Endpoint\/Edge products.<\/li>\n<\/ul>\n<li>Q\/A Time<\/li>\n<ul>\n<li>I asked for clarification about vShield Zones\/App:<\/li>\n<ul>\n<li>Enterprise Plus 5.0 still includes Zones. App is a separate add-on product, but they are almost identical. App adds a little more granularity.<\/li>\n<li>Zones rules are stored in vCenter db, so backup of vCenter includes backup of the rules.<\/li>\n<li>Upgrade path from Zones to App? First time anyone has asked him. Since the rules are in vCenter db it SHOULD just work.<\/li>\n<\/ul>\n<\/ul>\n<li>Drawing for prizes<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Agenda: 3PM: Check-in, Welcome, Facilities 3:05: VMUG Video 3:15: Fusion-io preso 3:50: Break 3:55 VMware vShield Security preso &#8211; Karl Fultz, VMware SE 4:40: Open Discussion 4:55: Drawings 5:00: Break 5:15: Social networking at Buffalo Wild Wings My Notes: VMUG Video VMware Paul Strong, CTO, Global Customer and Field Initiatives, VMware vCloud Community, 8 Certified [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,9],"tags":[17,102,208],"class_list":["post-910","post","type-post","status-publish","format-standard","hentry","category-technology","category-virualization","tag-17","tag-iowa","tag-vmug"],"_links":{"self":[{"href":"https:\/\/kristau.net\/blog\/wp-json\/wp\/v2\/posts\/910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kristau.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kristau.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kristau.net\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kristau.net\/blog\/wp-json\/wp\/v2\/comments?post=910"}],"version-history":[{"count":0,"href":"https:\/\/kristau.net\/blog\/wp-json\/wp\/v2\/posts\/910\/revisions"}],"wp:attachment":[{"href":"https:\/\/kristau.net\/blog\/wp-json\/wp\/v2\/media?parent=910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kristau.net\/blog\/wp-json\/wp\/v2\/categories?post=910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kristau.net\/blog\/wp-json\/wp\/v2\/tags?post=910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}