vSphere Virtual TPM (vTPM)
vSphere Virtual TPM (vTPM) enables workloads to securely use advanced security techniques while virtualized.
Holo-Tanzu-vSphere-Pods
Holo-Tanzu-vSphere-Pods
Holo-Tanzu-vSphere-Pods
Module 3 – vSphere Pods This module shows how to run vSphere Pods on a vSphere Supervisor Cluster that is part of a Cloud Foundation domain. A vSphere Pod is a special type of virtual machine with a small footprint that runs one or more Linux containers. Each vSphere Pod is sized precisely for the workload that it accommodates and has explicit resource reservations for that workload. It allocates
NFS Multi-Connections in vSphere 8.0 Update 1
NFS Multi-Connections in vSphere 8.0 Update 1
While listening to both The Unexplored Territory and VirtuallySpeaking Podcast, which recently covered the newly announced vSphere 8.0 Update 1 release, The upcoming vSphere 8.0 Update 1 release includes a lot of exciting new features, some of which you can learn about by listening to either […]
vSphere 8.0 U1 and vSAN 8.0 U1 what’s new…
vSphere 8.0 U1 and vSAN 8.0 U1 what’s new…
We (the Unexplored Territory team) have just published two brand-new episodes which discuss What’s New with vSphere 8.0 U1 and vSAN 8.0 U1. You can of course listen to them using your favorite podcast app, or you simply use the embedded players below to enjoy the content.
Mock-up Azure VMware Solution in Hub-and-Spoke…
Mock-up Azure VMware Solution in Hub-and-Spoke…
In this step, we will integrate our avs-transit-vnet within the overall h&s topology and rely on the hub-nva VM to manage all the required filtering either for: +Spoke-to-spoke; +Spoke-to-On-Premise (and vice versa); +Internet breakout […]
How to run Secure Boot Validation Script on an ESXi Host
Help for validation script:
/usr/lib/vmware/secureboot/bin/secureBoot.py -h
usage: secureBoot.py [-h] [-a | -c | -s]
optional arguments:
-h, --help show this help message and exit
-a, --acceptance-level-check
Validate acceptance levels for installed vibs
-c, --check-capability
Check if the host is ready to enable secure boot
-s, --check-status Check if UEFI secure boot is enabledCheck if the host is ready to enable secure boot
/usr/lib/vmware/secureboot/bin/secureBoot.py -c
Secure boot can be enabled: All vib signatures verified. All tardisks validated. All acceptance levels validatedCheck if UEFI secure boot is disabled
/usr/lib/vmware/secureboot/bin/secureBoot.py -s
DisabledCreate Cisco UCS Boot Policy
Check if UEFI secure boot is enabled and working
/usr/lib/vmware/secureboot/bin/secureBoot.py -s
Enabled
Deprecation of legacy BIOS support in vSphere 8.0 (84233) + Booting vSphere ESXi 8.0 may fail with “Error 10 (Out of resources)” (89682)
Personally, here are the recommendations for new ESXi 8.0 installations:
- VMware only supports UEFI boot in new installations
- For the purchase of new servers, it is suitable with TPM 2.0
- When upgrading to ESXi 8.0, verify that UEFI boot is enabled
Booting vSphere ESXi 8.0 may fail with “Error 10 (Out of resources)” (89682)
- Hardware machine is configured to boot in legacy BIOS mode.
- Booting stops early in the boot process with messages displayed in red on black with wording similar to “Error 10 (Out of resources) while loading module”, “Requested malloc size failed”, or “No free memory”.
VMware’s recommended workaround is to transition the machine to UEFI boot mode permanently, as discussed in KB article 84233 . There will not be a future ESXi change to allow legacy BIOS to work on this machine again.
Deprecation of legacy BIOS support in vSphere (84233)
VMware’s plans to deprecate support for legacy BIOS in server platforms.
If you upgrade a server that was certified and running successfully with legacy BIOS to a newer release of ESXi, it is possible the server will no longer function with that release. For example, some servers may fail to boot with an “Out of resources” message because the newer ESXi release is too large to boot in legacy BIOS mode. Generally, VMware will not provide any fix or workaround for such issues besides either switching the server to UEFI
Motivation
UEFI provides several advantages over legacy BIOS and aligns with VMware goals for being “secure by default”. UEFI
- UEFI Secure Boot, a security standard that helps ensure that the server boots using only software that is trusted by the server manufacturer.
- Automatic update of the system boot order during ESXi installation.
- Persistent memory
- TPM 2.0
- Intel SGX Registration
- Upcoming support for DPU/SmartNIC
List of vSphere 8.0 Knowledge base articles and Important Links (89756)
List of Knowledge base articles for vSphere 8.0 – [Main KB] – List of vSphere 8.0 Knowledge base articles and Important Links (89756)
- What’s New in vSphere 8.0
- SSH Daemon Sandboxing VOB in vSphere 8.0 release (87386)
- Domain enforcement change warnings observed on ESXi Host (87510)
- Fix dataSets store file corrupt or missing in a virtual machine (87517)
- vSphere ESXi 8.0 – vGPU support for 128+ vCPUs (Linux Guest) (88161)
- Name server got from DHCP might be missing in /etc/resolv.conf after reboot (88235)
- Host client doesn’t work well with NVME controller for unitNumber above 15 (88304)
- VMKAPI v2.4 removal implications for upgrade to ESXi 8.0 or install of older VIBs on ESXi 8.0. (88646)
- Some older Linux VMs created with Hardware version 20 will fail to start installation when Secure Boot is enabled (88737)
- Collecting network packets using the lightweight PacketCapture on ESXi 8.0 (89489)
- Not Mounting Heavily Corrupted VMFS Datastores (89500)
- Microsoft Windows Server Failover Clustering (WSFC) with shared disks on VMware vSphere 8.x: Guidelines for supported configurations (89327)
- Booting vSphere ESXi 8.0 may fail with “Error 10 (Out of resources)” (89682)
- Managing iSER devices created on deprecated driver for RDMA HW (89517)
- CPU cache Flush to NVDIMM Durability on Power Loss is not Supported by ESXi (87146)
- How to manually update data-encipherment certificate (87506)
- vCenter HTTP Sessions expiring sooner than configured (88668)
- Storage I/O Control Privilege Change (88843)
- vSphere Client missing global banner notifications for historical data import (89441)
- vCenter Server 8.0 Alarm actions which run scripts fail with “Command must exist/be executable” (87918)
- vCenter Server 8.0 VM compute and storage migration failure from vSAN datastore to NFS datastore (87956)
- vSphere Lifecycle Manager (vLCM) Hardware Compatibility checks flags the VMD controller as “Non-Compliant” (89559)
- VM deployment failed due to VM class not found error on namespace. (89704)
- vCenter Servers Security Token Service (STS) refresh in version 8.0 can cause vSphere Lifecycle Manager (vLCM) upgrade failure (89698)
Securing Cloud Applications
Securing Cloud Applications
Securing Cloud Applications demystifies complex security protocols, algorithms, and patterns, and demonstrates how to put them into practice in everyday development.
NSX-T 3.2: Overlay Lab Build – Part 7
NSX-T 3.2: Overlay Lab Build – Part 7
In this post we will deploy our Tier-1 site specific gateways and create some network segments for our VMs.