Mrz 022015
 

Heute beginnt der Mobile World Congress 2015, eines der größten Mobile Tech Events weltweit. Klar, dass auch wir vor Ort sind, um zu zeigen, wie wir Unternehmen im Bereich Business Mobility unterstützen.

Sie finden VMware am Stand 3D10, in Halle 3. Neben Workshops und Gesprächen, die wir anbieten, wird außerdem unser CEO Pat Gelsinger eine Keynote zum Thema „The New Mobile Identity“ halten und erklären, welche Auswirkungen die Schnittmenge aus IT und Mobilität auf Unternehmen hat. Wann? 4. März, 9.15 Uhr. Zudem wird Pat darüber sprechen, wie VMware Kunden dabei unterstützt, Unternehmensprozesse und –Abläufe zu erneuern. Denn vor allem durch den Einbezug von Mobilität und Cloudcomputing lassen sich Arbeitsabläufe straffen und neue Wege für die Interaktion mit Kunden finden. Im Mittelpunkt steht dabei die Bereitstellung jedweder Applikation auf jedem Gerät und von jedem Ort – und zwar sicher, mit einer einfachen und einzigartigen Verwaltung.

Unser SVP of Strategy & Corporate Development, Shekar Ayyar, wird ebenfalls eine Präsentation halten. Seien Sie am 3. März um 16 Uhr dabei, wenn er das Thema Fusionen und Übernahmen zum Zweck des Branchenwachstums präsentiert.

Wenn Sie nächste Woche auf dem Event sind, kommen Sie einfach bei Airwatch Connect vorbei. Dort halten wir für die Teilnehmer ein dicht gefülltes Programm von Thought Leadership, über Produkte und Partner Sessions bis hin zu Zertifizierungsworkshops bereit. Sie möchten an diesen Sessions teilnehmen? Dann registrieren Sie sich hier.

Wir freuen uns auf Ihren Besuch bei uns auf dem Mobile World Congress! Auf unserem Twitter-Channel @VMware_DE und @AirWatch sowie unter dem Hashtag #MWC15 halten wir Sie live vom 2. Bis zum 5. März auf dem Laufenden!

Mrz 022015
 

Heute beginnt der Mobile World Congress 2015, eines der größten Mobile Tech Events weltweit. Klar, dass auch wir vor Ort sind, um zu zeigen, wie wir Unternehmen im Bereich Business Mobility unterstützen.

Sie finden VMware am Stand 3D10, in Halle 3. Neben Workshops und Gesprächen, die wir anbieten, wird außerdem unser CEO Pat Gelsinger eine Keynote zum Thema „The New Mobile Identity“ halten und erklären, welche Auswirkungen die Schnittmenge aus IT und Mobilität auf Unternehmen hat. Wann? 4. März, 9.15 Uhr. Zudem wird Pat darüber sprechen, wie VMware Kunden dabei unterstützt, Unternehmensprozesse und –Abläufe zu erneuern. Denn vor allem durch den Einbezug von Mobilität und Cloudcomputing lassen sich Arbeitsabläufe straffen und neue Wege für die Interaktion mit Kunden finden. Im Mittelpunkt steht dabei die Bereitstellung jedweder Applikation auf jedem Gerät und von jedem Ort – und zwar sicher, mit einer einfachen und einzigartigen Verwaltung.

Unser SVP of Strategy & Corporate Development, Shekar Ayyar, wird ebenfalls eine Präsentation halten. Seien Sie am 3. März um 16 Uhr dabei, wenn er das Thema Fusionen und Übernahmen zum Zweck des Branchenwachstums präsentiert.

Wenn Sie nächste Woche auf dem Event sind, kommen Sie einfach bei Airwatch Connect vorbei. Dort halten wir für die Teilnehmer ein dicht gefülltes Programm von Thought Leadership, über Produkte und Partner Sessions bis hin zu Zertifizierungsworkshops bereit. Sie möchten an diesen Sessions teilnehmen? Dann registrieren Sie sich hier.

Wir freuen uns auf Ihren Besuch bei uns auf dem Mobile World Congress! Auf unserem Twitter-Channel @VMware_DE und @AirWatch sowie unter dem Hashtag #MWC15 halten wir Sie live vom 2. Bis zum 5. März auf dem Laufenden!

Mrz 022015
 

Heute beginnt der Mobile World Congress 2015, eines der größten Mobile Tech Events weltweit. Klar, dass auch wir vor Ort sind, um zu zeigen, wie wir Unternehmen im Bereich Business Mobility unterstützen.

Sie finden VMware am Stand 3D10, in Halle 3. Neben Workshops und Gesprächen, die wir anbieten, wird außerdem unser CEO Pat Gelsinger eine Keynote zum Thema „The New Mobile Identity“ halten und erklären, welche Auswirkungen die Schnittmenge aus IT und Mobilität auf Unternehmen hat. Wann? 4. März, 9.15 Uhr. Zudem wird Pat darüber sprechen, wie VMware Kunden dabei unterstützt, Unternehmensprozesse und –Abläufe zu erneuern. Denn vor allem durch den Einbezug von Mobilität und Cloudcomputing lassen sich Arbeitsabläufe straffen und neue Wege für die Interaktion mit Kunden finden. Im Mittelpunkt steht dabei die Bereitstellung jedweder Applikation auf jedem Gerät und von jedem Ort – und zwar sicher, mit einer einfachen und einzigartigen Verwaltung.

Unser SVP of Strategy & Corporate Development, Shekar Ayyar, wird ebenfalls eine Präsentation halten. Seien Sie am 3. März um 16 Uhr dabei, wenn er das Thema Fusionen und Übernahmen zum Zweck des Branchenwachstums präsentiert.

Wenn Sie nächste Woche auf dem Event sind, kommen Sie einfach bei Airwatch Connect vorbei. Dort halten wir für die Teilnehmer ein dicht gefülltes Programm von Thought Leadership, über Produkte und Partner Sessions bis hin zu Zertifizierungsworkshops bereit. Sie möchten an diesen Sessions teilnehmen? Dann registrieren Sie sich hier.

Wir freuen uns auf Ihren Besuch bei uns auf dem Mobile World Congress! Auf unserem Twitter-Channel @VMware_DE und @AirWatch sowie unter dem Hashtag #MWC15 halten wir Sie live vom 2. Bis zum 5. März auf dem Laufenden!

Mrz 022015
 

Heute beginnt der Mobile World Congress 2015, eines der größten Mobile Tech Events weltweit. Klar, dass auch wir vor Ort sind, um zu zeigen, wie wir Unternehmen im Bereich Business Mobility unterstützen.

Sie finden VMware am Stand 3D10, in Halle 3. Neben Workshops und Gesprächen, die wir anbieten, wird außerdem unser CEO Pat Gelsinger eine Keynote zum Thema „The New Mobile Identity“ halten und erklären, welche Auswirkungen die Schnittmenge aus IT und Mobilität auf Unternehmen hat. Wann? 4. März, 9.15 Uhr. Zudem wird Pat darüber sprechen, wie VMware Kunden dabei unterstützt, Unternehmensprozesse und –Abläufe zu erneuern. Denn vor allem durch den Einbezug von Mobilität und Cloudcomputing lassen sich Arbeitsabläufe straffen und neue Wege für die Interaktion mit Kunden finden. Im Mittelpunkt steht dabei die Bereitstellung jedweder Applikation auf jedem Gerät und von jedem Ort – und zwar sicher, mit einer einfachen und einzigartigen Verwaltung.

Unser SVP of Strategy & Corporate Development, Shekar Ayyar, wird ebenfalls eine Präsentation halten. Seien Sie am 3. März um 16 Uhr dabei, wenn er das Thema Fusionen und Übernahmen zum Zweck des Branchenwachstums präsentiert.

Wenn Sie nächste Woche auf dem Event sind, kommen Sie einfach bei Airwatch Connect vorbei. Dort halten wir für die Teilnehmer ein dicht gefülltes Programm von Thought Leadership, über Produkte und Partner Sessions bis hin zu Zertifizierungsworkshops bereit. Sie möchten an diesen Sessions teilnehmen? Dann registrieren Sie sich hier.

Wir freuen uns auf Ihren Besuch bei uns auf dem Mobile World Congress! Auf unserem Twitter-Channel @VMware_DE und @AirWatch sowie unter dem Hashtag #MWC15 halten wir Sie live vom 2. Bis zum 5. März auf dem Laufenden!

Mrz 022015
 

It’s time for Mobile World Congress 2015, one of the world’s biggest mobile tech events. Given that enabling business mobility is at the heart of our strategy, you won’t be surprised to hear we’ll have a major presence at the show, starting today.

As well as the VMware booth (Hall 3, 3D10), workshops and talks, there will also be a keynote from our CEO Pat Gelsinger, who will be discussing “The New Mobile Identity” at 9.15 on March 4th, and how the convergence of mobile and IT is impacting businesses. Pat will be talking about how VMware empowers customers to innovate business processes and operations that embrace mobile and cloud, in order to streamline work and create new ways to engage with customers. At the core of this is delivering any application to any device, anywhere with security and management that’s simple and unified.

Our SVP of Strategy & Corporate Development, Shekar Ayyar, will also be presenting, so join him at 16:00 on March 3rd to hear about enabling mergers and acquisitions for industry growth.

If you’ll be at next week’s event, make sure you check out AirWatch Connect, where we’ll be providing attendees witha packed agenda of thought leadership, product and partner sessions, and certification workshops. If you’d like to join us for these sessions, just sign up here.

Hopefully we’ll see you there, keep any eye on @VMware_BEas well as @AirWatch and #MWC15 March 2-5 for updates on all the live action!

 

Mrz 022015
 

It’s time for Mobile World Congress 2015, one of the world’s biggest mobile tech events. Given that enabling business mobility is at the heart of our strategy, you won’t be surprised to hear we’ll have a major presence at the show, starting today.

As well as the VMware booth (Hall 3, 3D10), workshops and talks, there will also be a keynote from our CEO Pat Gelsinger, who will be discussing “The New Mobile Identity” at 9.15 on March 4th, and how the convergence of mobile and IT is impacting businesses. Pat will be talking about how VMware empowers customers to innovate business processes and operations that embrace mobile and cloud, in order to streamline work and create new ways to engage with customers. At the core of this is delivering any application to any device, anywhere with security and management that’s simple and unified.

Our SVP of Strategy & Corporate Development, Shekar Ayyar, will also be presenting, so join him at 16:00 on March 3rd to hear about enabling mergers and acquisitions for industry growth.

If you’ll be at next week’s event, make sure you check out AirWatch Connect, where we’ll be providing attendees witha packed agenda of thought leadership, product and partner sessions, and certification workshops. If you’d like to join us for these sessions, just sign up here.

Hopefully we’ll see you there, keep any eye on @VMware_BEas well as @AirWatch and #MWC15 March 2-5 for updates on all the live action!

 

Mrz 022015
 
Not since the first dot-com boom has the pace of data center innovation so rapidly transformed and disrupted old ways of doing business, engendering entirely new ways of consuming content, products and services. There are few mediums where this is more apparent than our mobile devices, but while the Googles and Amazons of the world […]]> http://blogs.vmware.com/tribalknowledge/2015/03/vmware-news-mobile-world-congress.html/feed 0 Celebrating Engineers Week 2015 | #eweek2015 http://blogs.vmware.com/tribalknowledge/2015/02/celebrating-engineers-week-2015-eweek2015.html?utm_source=rss&utm_medium=rss&utm_campaign=celebrating-engineers-week-2015-eweek2015 http://blogs.vmware.com/tribalknowledge/2015/02/celebrating-engineers-week-2015-eweek2015.html#comments Fri, 27 Feb 2015 20:00:20 +0000
Mrz 022015
 

Les tablettes font leur apparition dans les écoles. Plus d’interactivité, une facilité d’utilisation, un accès à plus de ressources… les avantages sont nombreux, à condition d’avoir les bons outils pour garder l’attention des élèves et assurer la sécurité des informations. Dans ce webinaire d’une heure,Morgan Abaziou, ingénieur avant-vente chez AirWatch nous verrons comment AirWatch peut vous aider à transformer l’enseignement à travers sa plateforme éducative. Venez découvrir notamment AirWatch Teacher Tools, une suite applicative simple et intuitive qui permet aux enseignants d’animer une classe de façon interactive.

  • Jeudi 26 mars 2015 à 11 heures (heure de Paris) inscrivez-vous
Mrz 022015
 

Les tablettes font leur apparition dans les écoles. Plus d’interactivité, une facilité d’utilisation, un accès à plus de ressources… les avantages sont nombreux, à condition d’avoir les bons outils pour garder l’attention des élèves et assurer la sécurité des informations. Dans ce webinaire d’une heure,Morgan Abaziou, ingénieur avant-vente chez AirWatch nous verrons comment AirWatch peut vous aider à transformer l’enseignement à travers sa plateforme éducative. Venez découvrir notamment AirWatch Teacher Tools, une suite applicative simple et intuitive qui permet aux enseignants d’animer une classe de façon interactive.

  • Jeudi 26 mars 2015 à 11 heures (heure de Paris) inscrivez-vous
Mrz 022015
 

It’s nearly time for Mobile World Congress 2015, one of the world’s biggest mobile tech events. Given that enabling business mobility is at the heart of our strategy, you won’t be surprised to hear we’ll have a major presence at the show.

As well as the VMware booth (Hall 3, 3D10), workshops and talks, there will also be a keynote from our CEO Pat Gelsinger, who will be discussing “The New Mobile Identity” at 9.15 on March 4th, and how the convergence of mobile and IT is impacting businesses. Pat will be talking about how VMware empowers customers to innovate business processes and operations that embrace mobile and cloud, in order to streamline work and create new ways to engage with customers. At the core of this is delivering any application to any device, anywhere with security and management that’s simple and unified.

Our SVP of Strategy & Corporate Development, Shekar Ayyar, will also be presenting, so join him at 16:00 on March 3rd to hear about enabling mergers and acquisitions for industry growth.

If you’ll be at the event, make sure you check out AirWatch Connect, where we’ll be providing attendees witha packed agenda of thought leadership, product and partner sessions, and certification workshops. If you’d like to join us for these sessions, just sign up here.

Hopefully we’ll see you there, keep any eye on @vmware_sa as well as @AirWatch and #MWC15 March 2-5 for updates on all the live action!

 

Mrz 022015
 

It’s nearly time for Mobile World Congress 2015, one of the world’s biggest mobile tech events. Given that enabling business mobility is at the heart of our strategy, you won’t be surprised to hear we’ll have a major presence at the show.

As well as the VMware booth (Hall 3, 3D10), workshops and talks, there will also be a keynote from our CEO Pat Gelsinger, who will be discussing “The New Mobile Identity” at 9.15 on March 4th, and how the convergence of mobile and IT is impacting businesses. Pat will be talking about how VMware empowers customers to innovate business processes and operations that embrace mobile and cloud, in order to streamline work and create new ways to engage with customers. At the core of this is delivering any application to any device, anywhere with security and management that’s simple and unified.

Our SVP of Strategy & Corporate Development, Shekar Ayyar, will also be presenting, so join him at 16:00 on March 3rd to hear about enabling mergers and acquisitions for industry growth.

If you’ll be at the event, make sure you check out AirWatch Connect, where we’ll be providing attendees witha packed agenda of thought leadership, product and partner sessions, and certification workshops. If you’d like to join us for these sessions, just sign up here.

Hopefully we’ll see you there, keep any eye on @vmware_sa as well as @AirWatch and #MWC15 March 2-5 for updates on all the live action!

 

Mrz 012015
 
  With vSphere 6.0 the vCenter Virtual Server Appliance (VCSA) ships with its own certificate authority called VMware Certificate Authority (VMCA). In this blog post we’ll quickly go over some of the modes of VMCA operation and how to download and install the VMCA root certificate into your browser. VMCA overview VMCA issues certificates for […]]>  

With vSphere 6.0 the vCenter Virtual Server Appliance (VCSA) ships with its own certificate authority called VMware Certificate Authority (VMCA). In this blog post we’ll quickly go over some of the modes of VMCA operation and how to download and install the VMCA root certificate into your browser.

VMCA overview

VMCA issues certificates for VMware solution users, machine certificates for machines on which services are running, and ESXi host certificates. Host provisioning happens when the ESXi host is added to vCenter Server explicitly or as part of the ESXi host installation.

VMware Endpoint Certificate Store (VECS) serves as a local (client-side) repository for certificates, private keys, and other certificate information that can be stored in a keystore. You can decide not to use VMCA as your certificate authority and certificate signer, but you must use VECS to store all vCenter certificates, keys, and so on. ESXi certificates are stored locally on each host and not in VECS. VECS runs on every embedded deployment, Platform Services Controller node, and management node and holds the keystores that contain the certificates and keys.

With VMCA you can deal with certificates in three different ways. For the purposes of discussion we’ll call them

  1. VMCA Default
  2. VMCA Enterprise
  3. Custom

VMCA Default: VMCA uses a self-signed root certificate. It issues certificates to vCenter, ESXi, etc and manages these certificates. These certificates have a chain of trust that stops at the VMCA root certificate. VMCA is not a general purpose CA and its use is limited to VMware components.

VMCA Enterprise: VMCA is used as a subordinate CA and is issued subordinate CA signing certificate. It can now issue certificates that trust up to the enterprise CA’s root certificate. If you have already issued certs using VMCA Default and replace VMCA’s root cert with a CA signing cert then all certificates issued will be regenerated and pushed out to the components.

Custom: In this scenario VMCA is completely bypassed. This scenario is for those customers that want to issue and/or install their own certificates. You will need to issue a cert for every component, not unlike you do today for 5.5 when using 3rd party certs. And all of those certs (except for host certs) need to be installed into VECS.

In Default and Enterprise modes VMCA certificates can be easily regenerated on demand. In Default and Enterprise modes VMCA certificates can be easily regenerated on demand.

Important: For vSphere 6.0 the procedure for installing these certificates has changed from vSphere 5.x. In order to make this procedure less painful a new Certificate Manager tool is shipped as part of vCenter for Windows and VCSA. It will be located here:

Windows: C:\Program Files\VMware\vCenter Server\vmcad certificate-manager
Linux: /usr/lib/vmware-vmca/bin/certificate-manager

The procedure will be fully documented and will be the topic of a future blog article.

Downloading VMCA’s Root Certificate

Today when you connect to VCSA you get a web page like this:

or this

Ugly, “feels” insecure, gets the security guys all wound up. (and we can’t have that happen!) Let’s get the root certificate from the VCSA and VMCA and install it in the browser so we don’t see these pages anymore.

Get the root certificate

Open up your web browser and go to the VCSA home page. I’ve outlined in red the link you’ll want to click on.

What you’ll get now is a folder in your Downloads folder called “certs”. In that folder are two files.

The file ending in .r0 is the Certificate Revocation List in DER format. You can view the CRL by running

openssl crl –in <filename>.r0 –text –noout

The file ending in .0 is the root CA certificate in PEM format. You can view the CA cert by running

openssl x509 –in <filename>.r0 –text –noout

Installing the Root Certificate in the Firefox browser

The root CA is the one we’ll install in our browser. By doing this, the certificate presented by VCSA will chain its root of trust to the imported VMCA root CA certificate.

In Firefox I opened up the certificate list in Advanced settings, selected “Authorities”

I then clicked on Import, selected the .0 file and was presented with this option.

Select “Trust this CA to identify websites” and click OK. Your root CA is now imported and if you open the VCSA web page you’ll find you are no longer presented with the option to verify the certificate. You may need to close and reopen the browser.

The process is similar for other browsers and is well documented for adding the root CA to Windows, Linux and Mac key stores if you prefer to do it that way.

Note: You’ll need to access the VCSA by its FQDN and not its IP address (like I normally do in a lab environment!). Otherwise you’ll get an error like this:

Note that any resource that presents a web page that has its certificate issued by VMCA will now show up as trusted.

For example, host certificates will be valid as well!

Recap

So, to summarize what we’ve learned:

  1. VCSA now has its own certificate authority called VMCA
  2. You can install the root certificate of VMCA in your system or browser
  3. All vSphere components like vCenter, ESXi, solution users, etc can be issued certificates from VMCA if running in Default or Enterprise mode
  4. VMCA can be bypassed if you don’t want to use it, however you’ll need to do more steps to manage your certificates
  5. Regardless of which method, all certificates need to be installed into VECS with the exception of ESXi hosts.
  6. A Certificate Manager tool is provided to help you manage your 3rd party certificate installations

I hope this was helpful. Give it a try in your lab environments and introduce your security people to these new concepts and options. I’ll be curious to hear what they say so send me an email at mfoley at vmware dot com with their feedback!

Thanks for reading,

mike

Mrz 012015
 
  With vSphere 6.0 the vCenter Virtual Server Appliance (VCSA) ships with its own certificate authority called VMware Certificate Authority (VMCA). In this blog post we’ll quickly go over some of the modes of VMCA operation and how to download and install the VMCA root certificate into your browser. VMCA overview VMCA issues certificates for […]]>  

With vSphere 6.0 the vCenter Virtual Server Appliance (VCSA) ships with its own certificate authority called VMware Certificate Authority (VMCA). In this blog post we’ll quickly go over some of the modes of VMCA operation and how to download and install the VMCA root certificate into your browser.

VMCA overview

VMCA issues certificates for VMware solution users, machine certificates for machines on which services are running, and ESXi host certificates. Host provisioning happens when the ESXi host is added to vCenter Server explicitly or as part of the ESXi host installation.

VMware Endpoint Certificate Store (VECS) serves as a local (client-side) repository for certificates, private keys, and other certificate information that can be stored in a keystore. You can decide not to use VMCA as your certificate authority and certificate signer, but you must use VECS to store all vCenter certificates, keys, and so on. ESXi certificates are stored locally on each host and not in VECS. VECS runs on every embedded deployment, Platform Services Controller node, and management node and holds the keystores that contain the certificates and keys.

With VMCA you can deal with certificates in three different ways. For the purposes of discussion we’ll call them

  1. VMCA Default
  2. VMCA Enterprise
  3. Custom

VMCA Default: VMCA uses a self-signed root certificate. It issues certificates to vCenter, ESXi, etc and manages these certificates. These certificates have a chain of trust that stops at the VMCA root certificate. VMCA is not a general purpose CA and its use is limited to VMware components.

VMCA Enterprise: VMCA is used as a subordinate CA and is issued subordinate CA signing certificate. It can now issue certificates that trust up to the enterprise CA’s root certificate. If you have already issued certs using VMCA Default and replace VMCA’s root cert with a CA signing cert then all certificates issued will be regenerated and pushed out to the components.

Custom: In this scenario VMCA is completely bypassed. This scenario is for those customers that want to issue and/or install their own certificates. You will need to issue a cert for every component, not unlike you do today for 5.5 when using 3rd party certs. And all of those certs (except for host certs) need to be installed into VECS.

In Default and Enterprise modes VMCA certificates can be easily regenerated on demand. In Default and Enterprise modes VMCA certificates can be easily regenerated on demand.

Important: For vSphere 6.0 the procedure for installing these certificates has changed from vSphere 5.x. In order to make this procedure less painful a new Certificate Manager tool is shipped as part of vCenter for Windows and VCSA. It will be located here:

Windows: C:\Program Files\VMware\vCenter Server\vmcad certificate-manager
Linux: /usr/lib/vmware-vmca/bin/certificate-manager

The procedure will be fully documented and will be the topic of a future blog article.

Downloading VMCA’s Root Certificate

Today when you connect to VCSA you get a web page like this:

or this

Ugly, “feels” insecure, gets the security guys all wound up. (and we can’t have that happen!) Let’s get the root certificate from the VCSA and VMCA and install it in the browser so we don’t see these pages anymore.

Get the root certificate

Open up your web browser and go to the VCSA home page. I’ve outlined in red the link you’ll want to click on.

What you’ll get now is a folder in your Downloads folder called “certs”. In that folder are two files.

The file ending in .r0 is the Certificate Revocation List in DER format. You can view the CRL by running

openssl crl –in <filename>.r0 –text –noout

The file ending in .0 is the root CA certificate in PEM format. You can view the CA cert by running

openssl x509 –in <filename>.r0 –text –noout

Installing the Root Certificate in the Firefox browser

The root CA is the one we’ll install in our browser. By doing this, the certificate presented by VCSA will chain its root of trust to the imported VMCA root CA certificate.

In Firefox I opened up the certificate list in Advanced settings, selected “Authorities”

I then clicked on Import, selected the .0 file and was presented with this option.

Select “Trust this CA to identify websites” and click OK. Your root CA is now imported and if you open the VCSA web page you’ll find you are no longer presented with the option to verify the certificate. You may need to close and reopen the browser.

The process is similar for other browsers and is well documented for adding the root CA to Windows, Linux and Mac key stores if you prefer to do it that way.

Note: You’ll need to access the VCSA by its FQDN and not its IP address (like I normally do in a lab environment!). Otherwise you’ll get an error like this:

Note that any resource that presents a web page that has its certificate issued by VMCA will now show up as trusted.

For example, host certificates will be valid as well!

Recap

So, to summarize what we’ve learned:

  1. VCSA now has its own certificate authority called VMCA
  2. You can install the root certificate of VMCA in your system or browser
  3. All vSphere components like vCenter, ESXi, solution users, etc can be issued certificates from VMCA if running in Default or Enterprise mode
  4. VMCA can be bypassed if you don’t want to use it, however you’ll need to do more steps to manage your certificates
  5. Regardless of which method, all certificates need to be installed into VECS with the exception of ESXi hosts.
  6. A Certificate Manager tool is provided to help you manage your 3rd party certificate installations

I hope this was helpful. Give it a try in your lab environments and introduce your security people to these new concepts and options. I’ll be curious to hear what they say so send me an email at mfoley at vmware dot com with their feedback!

Thanks for reading,

mike

Mrz 012015
 
Today at Samsung Unpacked in Barcelona, Samsung Electronics CEO JK Shin shared details about the latest version of the company’s mobile enterprise security platform, Samsung KNOX. The new, enterprise-ready Samsung Galaxy S6, also unveiled today, will ship with KNOX 2.4. AirWatch will support the following new features in Samsung KNOX 2.4: Authentication using the Samsung […]]> http://blogs.air-watch.com/2015/03/airwatch-will-support-samsungs-new-flagship-galaxy-s6-device-knox-2-4/feed/ 0 Enterprise mobility news recap: Feb 23 – 27 http://blogs.air-watch.com/2015/02/enterprise-mobility-news-recap-feb-23-27/ http://blogs.air-watch.com/2015/02/enterprise-mobility-news-recap-feb-23-27/#comments Fri, 27 Feb 2015 19:28:15 +0000
Mrz 012015
 
The original vCenter Server 5.5 Availability Guide was published in December 2014. With the End of Availability of vCenter Server Heartbeat guidance was provided on how to monitor and protect vCenter. Due to the need for additional protection, we have internally validated using Windows Server Failover Clustering for protection of vCenter services. Improved SLAs can […]]> The original vCenter Server 5.5 Availability Guide was published in December 2014.

With the End of Availability of vCenter Server Heartbeat guidance was provided on how to monitor and protect vCenter. Due to the need for additional protection, we have internally validated using Windows Server Failover Clustering for protection of vCenter services. Improved SLAs can be attained with this clustering solution. The update provides step-by-step guidance to deploy this solution to protect vCenter 5.5

You can download the updated paper here:https://www.vmware.com/resources/techresources/10444