Dez 022016
 

vSphere&#rsquo;s 6.5 release has brought about many new features and enhancements. One of the features which may have flown under the radar has to be the vSphere Command-Line Interface (vCLI) 6.5 release.

Overview

As a high-level overview, vCLI allows users to run commands from remote systems against vSphere environments. Examples of such commands would be ESXCLI, Datacenter CLI (DCLI), vifs, vicfg, and so forth. To put it another way, vCLI allows users to run all of the commands available within the vSphere Management Assistant (vMA) on a system with an operating system (OS) of their choosing. This is important because it allows users to maintain their own patching levels and apply their own security policies.

ESXCLI Improvements

ESXCLI features a plethora of new commands! ESXCLI now has the ability to work with FCOE adapters and NICs, managing NIC queuing and coalescence, configuring USB pass-through settings, handing all kinds of settings for NVMe devices, and also administering vSAN&#rsquo;s iSCSI configuration. Some examples:

  • esxcli device driver list
  • esxcli fcoe adapter remove
  • esxcli fcoe nic enable
  • esxcli graphics device stats list
  • esxcli graphics host get
  • esxcli hardware usb passthrough device enable
  • esxcli hardware usb passthrough device list
  • esxcli network multicast group list
  • esxcli network nic queue filterclass list
  • esxcli network nic queue loadbalancer list
  • esxcli nvme device list
  • esxcli nvme device firmware activate
  • esxcli nvme device firmware download
  • esxcli nvme device log error get
  • esxcli software vib signature verify
  • esxcli storage vmfs reclaim config get
  • esxcli system coredump vsan get
  • esxcli system wbem get
  • esxcli vsan iscsi homeobject get
  • esxcli vsan iscsi status get

DCLI Additions

DCLI features quite a few new commands as well. DCLI&#rsquo;s commands have been extended to include monitoring and management of the VCSA in many areas such as networking, appliance health and access, performing backup and restore actions, and viewing appliance based information like uptime and version. Another area of improvement involves areas within the vCenter system such as gathering additional information regarding datacenters, networks, folders, hosts, clusters and so forth. Lastly, VM management has also been greatly bolstered to help manage a VM&#rsquo;s lifecycle. Some examples:

  • appliance monitoring
  • appliance vmon service
  • appliance networking interfaces
  • appliance networking dns servers
  • appliance health load
  • appliance health system
  • appliance health storage
  • appliance health softwarepackages
  • appliance access ssh
  • appliance recovery backup
  • appliance recovery restore
  • appliance system uptime
  • appliance system version
  • vcenter datacenter
  • vcenter network
  • vcenter folder
  • vcenter vm hardware
  • vcenter vm power
  • vcenter vm hardware memory
  • vcenter vm hardware cpu

Keep an eye out for an upcoming post about how to get started using DCLI in your own environment!

Supported Operating System Enhancements

There has also been some additional OS support added for the following versions:

  • Ubuntu 15.10 (LTS) – 64-bit
  • Ubuntu 16.04 (LTS) – 64-bit
  • Windows 10 (64-bit)

Please note that if Windows is the chosen OS for installation, a new pre-requisite has been added in the form of needing to install either ActivePerl or Strawberry Perl version 5.14 or later.

More Information and Download

For more information on changes made in vSphere CLI 6.5, including improvements, security enhancements, and deprecated features, see the vSphere CLI 6.5 Release Notes. For more information on vSphere CLI 6.5 usage including concepts and examples, see the vSphere CLI 6.5 Concepts and Examples documentation. For more information on specific commands, see the vSphere CLI Reference.

You can find the vSphere CLI 6.5 download HERE. Get it today!

The post New Release: vSphere Command-Line Interface 6.5 appeared first on VMware vSphere Blog.

Dez 022016
 

Did you know Thursday, December 8th is Pretend to Be a Time Traveler Day? As the name suggests, it&#rsquo;s all about pretending to be a time traveler who has somehow ended up in the present day.

VMware is full of technology gurus who architect software-defined data centers and extend them to the cloud, using ideas and technologies that are so cutting edge, you&#rsquo;d think they were sent back from the future.

That&#rsquo;s right blog readers, with VMware vCloud® Air™, there is no need to wait for December 8th, and no need to pretend you&#rsquo;ve been transported to the future. The future is now, and it&#rsquo;s one where IT leaders like you can build on the core technologies of the VMware software-defined data center (SDDC) approach—virtualized compute, storage, and networking— to embrace public clouds while taking advantage of the tooling and processes that you use to manage your on-premises workloads.

With VMware vCloud Air, you can extend SDDC to the public cloud today. This purpose-built enterprise solution includes:

  • Hybrid Cloud Manager, which reduces downtime by seamlessly extending networking over long distances to the cloud via an optimized, software-defined WAN.
  • Hybrid DMZ reference designs that can help you replicate your data center designs into a fully virtualized cloud service that supports your security architecture
  • Advanced Networking Services, which deliver enterprise-grade networking and security capabilities powered by VMware NSX® technology, providing zero-trust security in the cloud
  • Support for Federated Identity to help integrate your existing identity provider solution and single sign-on capabilities into vCloud Air

Ready to make the future your reality today? Watch the webinar Extending Your Data Center to vCloud Air now.

The post Pretend to Be a Time Traveler Day is Coming Soon, but for IT Leaders the Future is Now appeared first on VMware vCloud Blog.

Dez 022016
 

VMware Identity Manager support integration with a wide range of third party Identity Providers such as ADFS, Ping Federate and many, many more. The integration is based on SAML.

This blog post will explain how to use Azure AD as a trusted Identity Provider (IdP) in VMware Identity Manager.

Step 1: Create SAML app in Azure AD

First you need to create a SAML integrated application in Azure AD. When creating the application, you must have access to your VMware Identity Manager&#rsquo;s sp.xml file.

You can access the sp.xml file and signing certificate in the administrator console – Catalog – Settings – SAML Metadata.

During the last step of creating the application in Azure AD you can download the AADIDPFederationMetadata.xml. This identifies Azure AD from an idP point of view and the information in this file needs to be imported into VMware Identity Manager in order to establish trust.

The problem is that we cannot simply reference this file directly within VMware Identity Manager. We need to build our own idp.xml file. That brings us to step 2..

Step 2: Generate idp.xml

We will use an excellent online tool found here: https://www.samltool.com/idp_metadata.php to build our idp.xml file.

The properties can easily be found within the AADIDPFederationMetadata.xml file.

Example:

entityID=”https://sts.windows.net/your_unique_identifier/“>

<SingleLogoutService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” Location=”https://login.windows.net/your_unique_identifier/saml2“/>

<SingleSignOnService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” Location=” https://login.windows.net/your_unique_identifier/saml2“/>

<X509Certificate>MIIFFjCCAv6gAwIBAgIGANF1rBL9MA0G……..</X509Certificate>

Step 3: Create Identity Provider in VMware Identity Manager

Once you have generated the idp.xml, copy the output generated. We can now go back into VMware Identity Manager&#rsquo;s admin console and add a third-party idP.

  1. Click on Identity & Access Management
  2. Click on Identity Providers
  3. Click on Add Identity Provider and then Create a Third Party IDP

  1. Give the Identity Provider a name
  2. Paste the idp.xml data from samltool.com and click on Process IdP Metadata
  3. Specify emails as the Name ID Value
  4. Enable the directory with which this Identity Provider will be able to provide authentication
  5. Chose for which networks this Identity Provider will be allowed

Scroll down to see more..

Now we come to the tricky part/secret sauce.. I will try to explain why I enter three different authentication (AuthN) methods here..

When using a SP-Init flow VMware Identity Managerwill pass a requested SAML context to Azure AD (AAD). If you want to support more than one AuthN on AAD you must add the unspecified. Why? Well if using SP-Init and vIDM would pass Kerberos (or Windows integrated) to AAD clients trying to use password would fail. They wouldn&#rsquo;t fulfill the requested AuthN method. So instead we´ll pass unspecified to AAD. This way either Kerberos or Password is allowed..

  1. Create the Authentication Methods:
    1. AAD-Unspecified: urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
    2. AAD-Password: urn:oasis:names:tc:SAML:2.0:ac:classes:Password
    3. AAD-Kerberos: urn:federation:authentication:windows
  2. Click Add

Now you should have your new Azure AD Identity Provider listed.

Step 4: Adjust your policies

Next we need to configure the access policies in VMware Identity Manager to make use of these newly created Identity Manager and it&#rsquo;s AuthN Methods..

You can use the authentication methods both as default_access_policy_set, i.e. in order to get acces to VMware Identity Manger.. or you can make use of it for a subset of applications only. In the second optionAzure AD authentication will only be forced when trying to access an application (step up authentication).

In this example, I&#rsquo;ll add the authentication methods to the default access policy.

  1. Click on Polices
  2. Click on default_access_policy_set

Now you have to specify for which Network range and for which clients this policy should apply. I&#rsquo;ve chosen All Network ranges but only for my Windows 10 clients.

And here comes the second part of the tricky part/secret sauce.. As your first authentication method, choose the AAD-Unspecified method. (This is only used for SP-Init flow to not limit the methods used on AAD side).

As the second authentication method pick AAD-Password and last add the AAD-Kerberos.

By default your newly created rule will end up in the end of the Policy Rules list. Therefore it might not get hit (evaluation of policies happen top down).

So grab on the right hand icon and drag your rule to the appropriate location in the list..

I put mine on top and then it should look something like this.. Now click Save.

Finally this is how my policies looks like.. Now it is time for you to give it a try.

The post VMware Identity Manager using Azure AD as 3rd party Identity Provider appeared first on Horizon Tech Blog.

Dez 022016
 
Zooming to a street sign near you… Apple is revving its robotics engine with plans for using drones to help update Apple Maps more quickly, Bloomberg reported this week. The increased focus on improving the quality of its navigation app is also signaled by its acquisition of start-up Indoor.io, leading speculators to believe the tech […]]> Zooming to a street sign near you…

Apple is revving its robotics engine with plans for using drones to help update Apple Maps more quickly, Bloomberg reported this week. The increased focus on improving the quality of its navigation app is also signaled by its acquisition of start-up Indoor.io, leading speculators to believe the tech giant is also trying to add nav insights inside buildings.

Shoppers spend record cash via mobile on Black Friday and Cyber Monday.

Major retailers like Walmart, Amazon and Target reported that the majority of their web shopping traffic came from mobile devices over the busy American shopping weekend. And while many retailers announced they were closing stores for Thanksgiving, they didn&#rsquo;t skip a beat thanks to a record $771 million spent on Thanksgiving Day. TechCrunch crunches the numbers here.

What does the New Year hold for mobile security threats?

A new flipbook from VMware this week showcases the top five enterprise security trends coming to a business near you in 2017. Get it here. Topping the list is the influx of new endpoints into the enterprise, including the mysterious world of the Internet of Things (IoT).

The real effect of Google&#rsquo;s new Pixel phone.

&#rsquo;The Pixel is ultimately a vessel for Google to bring its own mobile vision directly to mainstream users. That benefits Google as a company, and it benefits us as consumers who carry Android phones.&#rdquo;
—J.R. Raphael, ComputerWorld

[Related: Bring the Google Pixel to Work with VMware AirWatch]

What&#rsquo;s the diff? Good vs. great work apps.

The push toward bring consumer app experiences to the enterprise is doubling down in 2017. VMware vice president of applications research and development, Tony Kueh, sheds light on why some work apps are loved and adopted by workers, while others are collecting dust. Watch the video here.

Making secure access to Windows 10 a reality.

We announced this week that AirWatch Tunnel v1.0 for Windows 10 is generally available. The major benefits include unified endpoint management, streamlined access to all apps (Win32, SaaS, universal and remote) via a unified catalog and faster patching and updates on or off the corporate network. Read all the details here.

Did you miss the AirWatch 9.0 webinar?

With thousands in attendance, the AirWatch 9.0 webinar yesterday was kind of a big deal. If you couldn&#rsquo;t make it, we&#rsquo;ll have the replay up in a few days. Simply enter your email at the top of your screen, and we&#rsquo;ll send you a note when it&#rsquo;s posted on demand.

Get in on the mobile news action every Friday. Join the club at the top of this page. It&#rsquo;s just that easy.

Dez 022016
 

C’est le jour du Club des Mainframes Anonymes et Claude le DSI de notre #VMcartoon s’y joint pour la première fois suite à une grosse rechute.

Pour revoir le dernier VMcartoon “Copie Conforme” cliquez ici.

A dans 15 jours pour le prochain VMcartoon !

Dez 022016
 

 

Frank Rauch, VP of Americas Partner Organization recently interviewed Rajiv Ramaswami, COO Products and Cloud Services to talk about the executive viewpoint on Network Virtualization. Watch as Frank and Rajiv illustrate how partners can drive more revenue through their organizations with NSX. Key takeaways to note as you begin your 2017 business planning:

Extensive Market Opportunities

Network Virtualization is the single biggest transformation impacting the networking industry today. Including security, automation and application continuity, the opportunity is an estimated $10B.

As customers adopt more cloud and hybrid-cloud solutions, the need for networking increases, putting VMware partners at the front of the growth curve. The VMware installed compute space alone, has quickly grown to over a half-million customers and by the end of Q3, 1,900 had already adopted NSX, a reminder of the direction we&#rsquo;re headed with digital transformation.

Marketplace Differentiators

Security and Automation are the two major drivers for network virtualization. Partners that understand these customer concerns are uniquely positioned to help them modernize and streamline their business through digital transformation.

  1. Security: Once a data center perimeter has been compromised and attackers are inside, chaos begins. Consequently, data centers are a source of security concerns for many customers. Thankfully, micro segmentation is a game changer and once customers learn what it can do, it&#rsquo;s often the first trigger for network virtualization deployment. From there, other use cases across mobile users and virtual desktops become apparent and rapid expansion of VMware solutions follow.
  1. Automation: Every time a VM is turned up, customers also have to turn up related security. In a hardware-based environment that process is not automated but in an SDDC environment, it is. So, what previously took six-weeks to deploy can be accomplished in an hour with NSX. This speed in provisioning is a differentiator. Combine speed with micro segmentation&#rsquo;s ability to provide first line of defense for security issues and its routing capability to send deeper security alerts to other services automatically, and the automation story is truly compelling.

The Future of NSX

Customers are looking for ways to move data between clouds and NSX is the answer; network virtualization underpins VMware Cloud Foundation, Cross-Cloud Services and our container strategy. NSX is the foundational piece that opens doors for partners to secure, manage and deploy VMs in the public cloud and on VMware or native stacks. In 2017, NSX will also become critical in application development, micro service architectures with containers, and key in answering security concerns.

Prepare for growth and ensure your team is up to speed on NSX opportunities by completing these next steps:

  • Watch the full interview with Frank Rauch and Rajiv Ramaswami for more on network virtualization trends and use cases.
  • Ensure your technical staff is up to speed. Have them register for the December 7th vmLive at 8am PDT on Architecting NSX with Business Critical Applications for Security and More. The session will illustrate how customers can use the capabilities of NSX to make critical applications like SQL, Oracle and SAP more secure by dynamically enforcing security policies. The session will also cover how customers can streamline their deployment and test operations and how NSX can help with stretching Oracle RAC between remote sites to achieve HA and ensure workload mobility.
  • Remind your Marketing team to visit the Partner Demand Center to easily customize and deploy NSX campaigns.

 

The post Executive Forum: 2017 Trends Open New Doors for NSX appeared first on Power of Partnership.

Dez 022016
 

The modern data center is changing fast—and so is its architecture. Legacy infrastructure is unwieldy, cost-prohibitive, and time-consuming to operate and manage, making it an unsustainable solution for the future. As speed and performance become increasingly critical to success, organizations around the world are turning to something new: hyper-converged infrastructure (HCI). HCI is transforming data

The post Chart a Path to Career Success with Hyper-Converged Infrastructure appeared first on Virtual Blocks.

Dez 012016
 

There&#rsquo;s no better time than now to upgrade your data center to vCloud Director 8.10, the latest version of our management solution for multi-tenant cloud environments. Released in May 2016, Version 8.10 of vCloud Director offers an enhanced architecture and new features that provide a more flexible and comprehensive platform for delivering infrastructure-as-a-service (IaaS) solutions on the hybrid cloud.

This blog post – part one of a two part series – will make the case for why vCloud Director 8.10&#rsquo;s feature updates are critical to the next iteration of your data center. Below we&#rsquo;ve outlined three key reasons to upgrade to vCloud Director 8.10:

  • Increased UI Functionality
    Unlike versions 5.5 and 8.2, vCloud Director 8.10 allows users to access features directly through the UI, achieving full parity with the vCloud Director REST API. As a result of this update, Version 8.10 allows admins to limit the number of VDCs that can be created in an organization, engage tenant throttling and define VDC template characteristics directly from the UI.
  • VM Affinity and Advanced VM Settings for Enhanced Performance
    vCloud Director 8.10 leverages the VMware vSphere Distributed Resource Scheduler utility at the compute cluster level to distribute VMs in an organization&#rsquo;s data center in a way that complies with affinity or anti-affinity rules set between VMs. This enables multiple VMs to remain on the same VMware ESXi hosts, or to be split among ESXi hosts.
  • UI-supported VCD access controls
    When users are added at an organizational level, access to VDCs in the company&#rsquo;s profile is either all in or all out. vCloud Director 8.10 enables restricted user access to specific VDC within an organization&#rsquo;s data center through the brand-new VDC Permissions API feature. With this new functionality, a VDC can now be set to shared, meaning that even if a &#rsquo;control list&#rdquo; exists for a specific VDC, it can be overruled.

New online resources and VMware Education training makes it even easier to upgrade to vCloud Director 8.10. The vCloud Director Products Page offers a wealth of information for those new to the solution, including the vCloud Director 8.10 Technical White Paper, and a selection of case studies showcasing some of our latest success stories.

Now available on VMware&#rsquo;s Solution Exchange Portal, the vCloud Director Compatibility Guide lists products built by members of VMware&#rsquo;s Independent Software Vendor program that are compatible with the vCloud Director 8.10 update, streamlining the vendor selection process. We have also launched a new vCloud Director Fundamentals course focused on showcasing all version 8.10 has to offer through 3.5 hours of self-paced learning.

The post Why Upgrade to VMware vCloud Director 8.10, Part One appeared first on VMware Tech Alliances (TAP) Blog.

Dez 012016
 

vSphere 6.5 brings with it significant changes to the vCenter Server management clients including the vSphere Web Client and new HTML5 based vSphere Client. A detailed FAQ can be found here in this KB article; a summary of the changes are given below in this blog post.

vSphere Client (HTML5):

VMware agrees that Flash is not the solution for the long-term. Our long-term direction is to utilize HTML5. In vSphere 6.5, we havereleased a supported version of an HTML5 based web client which we call &#rsquo;vSphere Client&#rdquo;. The vSphere Client is part of the vCenter Server (both appliance and Windows) and is configured to work out of the box. You can access this client by this URL –https://<FQDN-or-IP-Address-of-VC>/ui. This HTML5 based client was originally released as a flingback in March 2016 and has been releasing a new version every week.

  • You can access the list of features/functionality not available in the vSphere Client released in 6.5 by the link in the vCenter Server&#rsquo;s landing page (https://<FQDN-or-IP-Address-of-VC>/), which links to this article
  • Another source to check if a feature is available in the vSphere Client is the changelog section of the Flings page. The vSphere Client released in version 6.5 is using fling bits as of v2.7.

Figure 1: HTML5 based vSphere Client

Updates to the supported version of the vSphere Client will probably be released on a quarterly cadence, but we will continue to release new features every week via the Fling. Note that Administrators may look to the vSphere Client Fling to get the latest features but the Fling remains UNSUPPORTED. It will take some time for the vSphere Client to achieve feature parity, but we are also continually working to make the vSphere Client a great user experience.Progress can be seen on the Fling site as it develops, and is the best measure available. We encourage you to try the Fling and give us feedback on any missing features you want to see sooner using the built-in feedback tool.


vSphere Web Client (Flash/Flex):

The vSphere Client (HTML5) released in vSphere 6.5 has a subset of features ofthe vSphere Web Client (Flash/Flex). Untilthe vSphere Client achieves feature parity, we might continue to enhance and/or add new features to vSphere Web Client.

In vSphere 6.5, we have made significant improvements to enhance the user experience of the vSphere Web Client. Some of the key changes to this client are:

  • Live Refresh improvements

Figure 2: Live refresh enabled sections of vSphere Web Client

One of the prior challenges for vSphere Administrators was that they were unable to see the real time status for their environment, causing them to continue using the Legacy C# Client or abuse the Refresh button – both of which can cause extreme load on vCenter Server. Live Refresh in the vSphere Web Client 6.5 allows vSphere Administrators to now see the current state of the inventory. For example, VM power states and tasks for all users now update in real time allowing the vSphere Web Client to act as a source of truth for the state of the environment. Most of the views (Inventory tree, Alarms, Summary, Lists and Tasks) reflect the near instantaneous updates.

  • Client Integration Plugin (CIP) removal

Figure 3: Deploy OVF Template wizard without CIP showing the warning sign for additional file selection.

In vSphere 6.5, the vSphere Web Client will have no dependency on CIP as it exists today. There is also no dependency on CIP to install and deploy the vCenter Server Appliance,which allows us to deliver a cross-platform installer that runs on macOS, Linux, and Windows. Not all CIP functionality could be replaced by native browser functions, however. The &#rsquo;Use Windows Session Authentication&#rdquo; functionality as well as SmartCard login require the new slimmed down Enhanced Authentication Plugin (EAP). All other functions (File upload/download, Deploy OVA/OVF, Content Library import/Export) are replicated without CIP and function natively in a web browser. It is important to note that OVF deploy functionality has slightly changed with the removal of CIP. A user has to select all the related files of the OVF (.ovf, .mf, .vmdk unlike just the .ovf file before) as shown in Figure 3 above. This change is due to technical limitations on accessing local files by the browser.

  • Navigation improvements

Figure 4: Navigation improvements in vSphere Web Client

The default view in the vSphere Web Client is now Hosts and Clusters instead of the Home page. We also stick with the Inventory Tree through other actions such as performing searches to provide a more intuitive and seamless experience.

The Related Objects sub tabs have been flattened and brought up as top level tabs, thus reducing the number of clicks required to go to the VMs or other objects.

Tab reorganization – the Manage tab is renamed to Configure and sub-tabs under the Manage tab are now flattened which also reduces number of clicks.

  • Custom attributes

Figure 5: Edit custom attributes dialog which can be invoked from the Summary page portlet

Based on popular demand, we have brought back the custom attributes to the vSphere Web Client. You can view and edit the custom attributes in the summary page portlets.

  • Performance enhancements –

vSphere Web Client performance has been enhanced to improve the overall experience. A few of the areas which we extensively optimized are Login time, VM Configuration (Edit Settings), VM Migration and VM Provisioning (New VM, Clone VM).


Legacy C# Client:

VMware announced in May 2016 that the Legacy C# Client (aka thick client, desktop client, etc) will no longer be available with the vSphere 6.5 release. The Legacy C# Client connection to vCenter Server 6.5 or ESXi 6.5 host is untested and is not supported. (Reference – Goodbye vSphere Client for Windows (C#) – Hello HTML5)

The Legacy C# Client will still be supported with all previous non-EOL&#rsquo;d vSphere versions. For example, the Legacy C# Client will still be available and continue to work with vSphere 5.5 and 6.0. Starting with vSphere 6.5 onwards, we will not ship a newer version of this client.

For more details about the benefits of vSphere Web Client over the Legacy C# Client, refer question #6 and #8 in this KB article.

Dennis Lu covered this topic on changes to vSphere clients in his roadmap presentation at the VMworld. You can watch the recording of that session here:


We still need your help:

Figure 6: vSphere Client’s built in feedback tool

We have made a lot of improvements to the vSphere Web Client and the new HTML5 based vSphere Client based on your feedback. The vSphere Client comes with a built in feedback tool (Smiley icon on the top right corner) you can use tosend us direct feedback.All of the UX, product and engineering teams monitor this feedback, and use this data to prioritize next set of features and make improvements. Hearing your voices through this tool and other channels has helped drive the vSphere Client in the right direction. Even if you don’t have vSphere 6.5 yet,you can use the Fling to manage vCenter 6.0 and provide us feedback.

The post What’s New in vSphere 6.5: vCenter management clients appeared first on VMware vSphere Blog.

Dez 012016
 
End users are increasingly detached from the confines of cubicles. Whether at home, on the road or working at the local coffee shop, they need to access corporate resources to do their jobs. Traditionally, IT required employees to use a VPN client and manually connect to the network each time a user moved off the […]]> End users are increasingly detached from the confines of cubicles. Whether at home, on the road or working at the local coffee shop, they need to access corporate resources to do their jobs. Traditionally, IT required employees to use a VPN client and manually connect to the network each time a user moved off the corporate premises. With the entire device connecting through the VPN, that approach offers a frustrating experience to users and increases the risk of data leakage by exposing company data to potentially malicious apps.

VMware AirWatch changed the experience for devices running Windows 10—like we did for iOS and Android before it. Today, we are pleased to announce the general availability of VMware AirWatch Tunnel v1.0 for Windows 10. Now, IT can further reduce the risk of company data loss, and users get a much better experience.

[Related: Secure Your Enterprise Perimeter with AirWatch Tunnel]

AirWatch Tunnel for Windows 10 enables users with per-app VPN access to corporate resources residing in a secure internal network. The connection is triggered automatically when a user launches an internal or public application, so they no longer have to connect to the VPN manually.

AirWatch Unified Endpoint Management (UEM) continues to redefine the Windows 10 experience for users and IT administrators throughout the entire lifecycle of the device.

  • Device set-up and configuration went from hours with traditional PC lifecycle management tools to minutes.
  • Users went from a disjointed experience with multiple logins to remember to a unified application catalog with single sign-on (SSO) for secure access any Win32, SaaS, Universal and remote applications.
  • From the same AirWatch console used to manage smartphones, tablets and rugged devices, IT now can apply patches and updates whether or not a user is joined to the network.
  • AirWatch Tunnel for Windows 10 makes it simpler for users to access corporate resources off of the network securely.

For more information about AirWatch Tunnel for Windows 10, read the announcement blog.

For more information about AirWatch UEM for secure Windows 10 migrations and management, please visit air-watch.com/solutions/windows-10-management.

Because you liked this blog:

  • Getting Familiar with Windows 10 Unified Endpoint Management
  • [SlideShare] 5 Significant Trends in Windows 10 Migrations
  • New! Free Windows 10 Migration Assessment Tool from VMware
Dez 012016
 

The new VMware Certified Professional 7 – Cloud Management and Automation (VCP7-CMA) certification validates your skills in installing, configuring, and optimizing public, private, and hybrid clouds using the VMware vRealize Suite v7.x. This exam (#2V0-731) is now available for registration at Pearson Vue.

Thank you to everyone who assisted in the exam development process, including everyone whotook the beta version of this exam. Those beta exam results should be released by the endof December.

Edited: 12/1/106 13:30

The post VCP7-CMA Exam Now Available appeared first on VMware Education and Certification Blog.

Dez 012016
 

This post is Part 2 of a 2-part blog series on how to best use and interpret the vCloud Availability for vCloud Director Business Calculator. Part 1 provides a broad overview of the market and VMware vCloud Availability for vCloud Director. Part 2 takes a deeper dive on how to utilize the Business Calculator.

To read part 1 of this series, click here.

By Guy Bartram, Director, Product Marketing, VMware vCloud Air Network

Using the Business Calculator

You can access the business calculator at the Partner Central link: &#rsquo;vCloud Air Network Services IP&#rdquo;.

Capital Expenditure Modeling

On the sheet called CapEx Modeling you can change any cell highlighted GREY and with Bold Red Text

  • Input your number of VM for Premium / Standard and Basic Tiers of Disaster Recovery Service.
  • Input the approximate number of virtual CPU (vCPU), virtual RAM (vRAM) and storage for each VM in each Tier
  • Input the contention ratio of compute (vCPU) for each tier, usually the lower the service, the higher it is contented with other resources.

The Calculator will then work out the total vCPU, vRAM and storage that would be required based on volume and contention. Other fields that are relevant are:

Column Name / Field IdentifierMeaning and Implication
Storage AcceleratorThis is to allow you to add a multiplier to the resulting required storage – this is for un-interrupted replication whilst offering DR testing.
Hosts in HA ClusterThe most common size for an HA cluster is a two-node cluster, since that is the minimum required to provide redundancy, but many clusters consist of many more, sometimes dozens of nodes. Please input the total HA hosts in this model – this will be used in the Premium tier offering only.
pCPUNumber of physical CPU a host server can support
CoreNumber of core per pCPU
GB RAMAmount of physical RAM in host server
Contract TermNumber of months the DR service will run (assumed contract term with customers)
Estimated Price Per UnitPrice per physical host loaded to the specification provided for pCPU, Core, GB RAM. (Storage assumed SAN)
Estimated Server MaintenanceMaintenance % over term for each machine

The output from the CapEx Modeling sheet is a simple monthly cost for each tier of service based upon the estimated CapEx costs divided by the term of contract.

Operational Expenditure Modelling

The next sheet that requires some date input is the OpEx Modeling. This sheet is focused on the operational costs such as licenses and Full Time Engineer (FTE) costs to build and manage the service. As with the previous sheet, you are able to change any cell highlighted GREY and with Bold Red Text to suit your specific environment. The following table details the specific fields that can be changed:

Column Name / Field IdentifierMeaning and Implication
Please Input Your vCAN Point Price Per vGB RAMThis is your per point buy price from your Aggregator.
Premium Cost / VMThe cost for your Premium Disaster Recovery Service; market prices vary considerably, please enter your average cost for premium DR replication.
Basic cost / VMThe cost for your Basic Disaster Recovery Service; market prices vary considerably, please enter your average cost for backup.
CommitmentSome vendors demand a minimum commitment for licenses in estates, in these cells please put in any minimum commitment for either the Premium or Basic Data Protection vendor solution
Estimated Daily Rate Operations FTEThis is an all-inclusive estimated daily cost to the business for an FTE (inclusive all holiday pay, insurances etc.). This is used to calculate the cost to setup the appliances, the ongoing management of the appliances, DR testing and any Add, Move, Change, Delete (AMCD) operations during the full term of the contract.

The output from this section is to get a monthly OpEx cost for each tier of service, note that this calculator has not included an OS (possibly used by appliances), nor data centre infrastructure costs.

Results

The sheet &#lsquo;DR Service Tier Comp Results&#rsquo; contains some additional cost input to finalize the calculations:

Column Name / Field IdentifierMeaning and Implication
Estimated Market Rate per VM / MonthThis is what you will charge your customers for the service, based on this input, measured against the known CapEx and OpEx previous inputs, the revenue can be projected.

Based on your input the following charts are output:

  • Naturally differing tiers will have differing levels of investment, differing price and cost points and hence differing profit margin over time.
  • This pie chart looks at the monthly profit difference and is a visual view of the most and least profitable tier of service.

  • Looking that the gross profit (month on month cumulative profit), it is interesting to see when the initial cost outlay is neutralized by profit and whether the service is profitable within the contract period. Faster time to profit is obviously more favourable to produce more revenue over the contract duration.

  • Understanding the return over the contract is key to revenue projection before interest and tax – this is operating profit and can be used to provide an EBITDA (Earnings Before Interest and Tax, depreciation and amortization) calculation. Depreciation and amortization has not been considered in this calculator.

More detail regarding these charts can be seen in the tables:

An alternative way of looking at the model is to view the proposition for a desired profit margin output perspective; which will dictate the sell value upfront. To use this please input your desired profit margins into the cells:

This will then work out your sell value price necessary to maintain the profit margin required – you can then plug these figures into the market rate column to see the resulting profit share, months to revenue and gross profit for each tier.

 

You can access the calculator at the Partner Central link: &#rsquo;vCloud Air Network Services IP&#rdquo;.

 

Learn more about the VMware vCloud Air Network Program.

 

For the latest updates around the vCloud Air Network, be sure to follow us on Twitter at @VMwareSP, and &#lsquo;like&#rsquo; us on Facebook at Facebook.com/VMwareSP.

The post How to Use and Interpret the vCloud Availability for vCloud Director Business Calculator – Part 2 appeared first on VMware vCloud Blog.

Dez 012016
 
One way the VMware AirWatch enterprise mobility management (EMM) platform sets itself apart: themobile ecosystem. At our annual enterprise mobility conference, Connect Atlanta, more than 60 mobile technology partners showed up at this year&#rsquo;s event. VMware TV got the scoop on the strategy behind the partnerships straight from Gregory Lehrer, VMware director of technology alliances. […]]> One way the VMware AirWatch enterprise mobility management (EMM) platform sets itself apart: themobile ecosystem. At our annual enterprise mobility conference, Connect Atlanta, more than 60 mobile technology partners showed up at this year&#rsquo;s event.

VMware TV got the scoop on the strategy behind the partnerships straight from Gregory Lehrer, VMware director of technology alliances. Watch the video and read the excerpt below from the interview to find out why it matters to your company&#rsquo;s business mobility strategy.

Q: What’s new with the VMware AirWatch partner ecosystem?

Gregory: There are a lot of new things, but even before I start, I just want to take a moment to thank our partners. We have more than 60 partners on the show floor at the expo. We have more than 200 people from our partner ecosystem in attendance this weekend. It’s pretty amazing.

You probably saw Samsung, our platinum sponsor. We&#rsquo;re really thankful for them, for their collaboration and partnership over the years. They’ve been working with us for quite some time, but beyond Samsung, there are other famous brands, such as Google, LG, HP. We even have Zebra from the rugged ecosystem that is here sponsoring the event. We’re very excited about this.

[Bring the Google Pixel to Work with VMware AirWatch]

Beyond the original equipment manufactures (OEMs) and very large brands, we have, as well, a large set of independent software vendors (ISVs), and a lot of them are here today. It would take me too long to name all of them, but for example, we have Skycure, Zimperium, Lookout and PowWow Mobile. There are a lot of partners here that are working with us closely, and all these partners, I really want to take a moment to thank them because it’s really important for us to have them here with our customers.

Q: It speaks volumes to the ecosystem that VMware has curated. It’s all about relationships and partnerships, and it speaks for itself, right?

Gregory: Yes, and our ecosystem strategy is very simple. You heard Sanjay Poonen yesterday saying it’s about any app on any device. If we want to reach that vision, we need to be able to articulate a strategy that is going to be based on integrations and multiple technology partnerships.

[Watch Connect Atlanta 2016 Keynote Presentations on Demand]

We want to make sure that we integrate well whether it’s Google, Samsung or with specific ISVs such as Skycure. That’s why we have developed these partnerships. We just don’t want them to show up at Connect. Each of these partners, we have a strong and technological integration with them, and this is very important because eventually, if you want to manage millions and hundreds of millions of devices in the future, we want to be able to give our customers full success in their deployment.

You heard the Boeing story yesterday. If we want them to be successful, we need to integrate with for our set of partners to make it successful. If you put yourself into the shoes of a customer today, it can be almost frightening because you’ve got all this hardware, all this software, and you want to make sure that your deployment, your production, is going to work well. So you need to make sure that your software vendors are going to be working tightly and close together. You don’t want to assume that there is an integration between them. You want to make sure that it works from Day One.

[Watch How Mobile Tech Helps Aviation Giant Boeing Go Faster]

Q: When it comes to security, innovation and productivity, you want to be working with the best of the best, and that’s what we’ve seen here today.

Gregory: It’s the strength of AirWatch. I’m not going to sell a database to the customers here. I’m not going to sell hardware. My strength is that I can manage and secure their deployment, whether it’s mobile or desktop. To do so, I need to integrate with everyone. I don’t have a choice. So that’s why our ecosystem is so important for us. That’s why you will always see a lot of partners at Connect because this is critical to our strategy.

Watch the entire interview to hear from Gregory more about the newest partner announcements from AirWatch and what&#rsquo;s new in the AppConfig Community.

Watch the newest video interviews from Connect:

  • Good Apps vs. Great Mobile Apps: What&#rsquo;s the Difference?
  • Are We Finally Getting Better at Mobile Security?
  • Behind the Scenes of the VMware AirWatch EMM Console
Dez 012016
 

The modern workforce relies on fundamental business apps like Salesforce to get work done. Whether you use Salesforce to service customers, close deals, analyze data and nurture leads, or you rely on apps within the Salesforce App Exchange, Salesforce is a vital component across many teams within an organization.

The rise of mobile apps in the workplace allows employees to access pertinent information and complete tasks from any device—work or personal. While this level of access maximizes user productivity on the go, the risk of security threats and data loss greatly increases. For instance, a lost or stolen device, malicious app or unsecure browser can access an unsecured Salesforce application. Once compromised, sensitive company data could be accessed by an authorized party. As IT tightens security around apps and business data, users often perform initial account set up, create and try to remember complex passwords, enter domains and more, greatly reducing the adoption rate of IT investments. How can IT simplify user access of business apps and data, while maintaining the highest level of security to prevent data loss?

VMware Workspace ONE makes it easy for organizations to give employees the best possible user experience for apps like Salesforce across devices, while upholding security and DLP requirements. Not only does Workspace ONE provide seamless app delivery across web, native, hybrid and mobile apps, it also provides single sign-on and automatic configuration of apps for hassle-free end-user access. This ensures you get the most out of your investments with Workspace ONE Salesforce enablement.

Benefits of Using Workspace ONE with Salesforce

  • Secure apps and data with enterprise-grade security and granular data loss prevention controls.
  • Increase user adoption with a seamless, personalized experience for employees across any device, work or personal.
  • Eliminate the need for complex passwords with powerful single sign-on capabilities.
  • Manage, monitor and support Salesforce apps on all desktops and devices in a single, secure solution.

To learn more about Workspace ONE, visit vmware.com/products/workspace-one.html.

Because you liked this blog:

  • Enable Consumer Simple, Secure Access to Office 365 with New VMware Workspace ONE Enhancements
  • New eBook: The 5 Next Big Things in Mobile Security
  • Video: Unified Endpoint Management & Windows 10 Explained

The post [Video] Work Productivity Reimagined: VMware Workspace ONE + Salesforce appeared first on VMware End-User Computing Blog.

Dez 012016
 

Guest blog post from Tom Vallons, Partner Development Specialist Business Mobility, VMware Benelux

In 2018 the General Data Protection Regulation (GDPR) will come into effect in Europe, making data protection much more of a business consideration than a risk management issue. Actually, for some organizations, ensuring customers&#rsquo; data privacy will become a unique selling proposition. For CIOs, the challenge will be to match the obligations enforced by the GDPR with trends such as mobility, increasing the risk of data proliferation and loss.

So, the question that arises is: are business mobility and data security doomed to be opposites that can&#rsquo;t be aligned without costly trade-offs? Does the act of accessing applications and data across devices and locations automatically put confidential data at risk? No, it doesn&#rsquo;t. However, according to recent research by Vanson Bourne for VMWare, 47% of IT leaders are under so much pressure to deliver on business mobility that they are willing to take calculated risks on the security of organizational data. As many as 66% say that employees push them to offer mobility, and 22% of all employees admit frequently overriding corporate mobile policies to be more productive at work.

The key to tackling this challenge lies in micro-segmentation.
To better grasp the opportunities it offers, let&#rsquo;s first take a look at the desktop side of the story. Virtualizing desktops enables operating systems, applications and data to be run centrally in the data center, already creating security benefits such as secure access, centralized patching against vulnerabilities and reduced risk of data loss on devices, as the data is located in the datacenter. But there is a downside too: the more desktops that are virtualized, the more traffic that is generated – both north-south and east-west within the data center – leading to an ever-larger attack surface for malicious persons. Furthermore, 80% of investment in security is spent on protecting the data center perimeter (north-south traffic), yet at least 80% of traffic is east-west, i.e. lateral traffic between virtual machines and servers. Hence, in many companies, while it is hard to break into the data center, once inside there is little to no defense.

Securing through software
So what are the options? One might consider building a firewall around every single component in the data center, but that is an expensive and operationally very infeasible solution. Enter network virtualization technology! Moving network and security intelligence into software (a network hypervisor, if you will) suddenly opens up all benefits associated with software. Security can now be inherently tied into every individual workload, it can be automated and it will therefore follow the workload even if it moves outside of the datacenter it was born in.

Because we are now able to tie a relevant security policy to every single component in the data center, even if malware were to find its way into the data center, it would only affect one virtual machine and couldn&#rsquo;t expand laterally to other components. You can also create multiple security zones in the data center, grouping for example all sales or finance-related servers and data together. Only authorized users – based on their credentials – can access these pre-defined security zones. Aside from internal users, this micro-segmentation approach also allows third parties, such as contractors, to access specific data needed to run their projects in a secure way, without them having access to unauthorized company data.

But what happens if disaster strikes and, despite all your investment in malware detection tools, your company is hit by a cyberattack? Let me illustrate this with an example. Imagine a doctor&#rsquo;s desktop is hacked and malware starts to penetrate the data center, looking for confidential patient data. The benefit of combining desktop virtualization with both network virtualization and third-party intrusion detection and prevention tools is that an affected virtual machine – the doctor&#rsquo;s desktop – can immediately (and automatically) be put in quarantine and then remediated by an antivirus tool. So there&#rsquo;s no need for the user to log a ticket with IT reporting a possible threat and then wait for IT to pick it up and handle it…by which time the damage will be done.

The mobile connection
Obviously, there are other scenarios too. What if the doctor had accessed the data center via his iPad or smartphone and the hospital had fully embraced the concept of a digital workspace (+ link to previous blog)? In that case, the doctor would have enrolled his iPad with a mobile device management tool to gain remote access – again based on his credentials – to a limited set of data and applications. To do so, he would probably have had to establish a VPN connection first in order to safely approach the data center. On the security side, an enterprise mobility management tool will cover the creation of per-application VPN tunnels, without user intervention, instead of connecting the entire device. By adding network virtualization to that, the benefits of an application-specific VPN tunnel – from an authenticated user&#rsquo;s enrolled device – are extended by those of micro-segmentation, providing a comprehensive solution that perfectly aligns business mobility and security!

So, in summary, end user computing technologies enable your users to access all their applications and confidential data from the devices of their choice, in a secure way. The combination with network virtualization and micro-segmentation allows you to bring security to a next level, by setting security policies just once, to secure individual workloads – independent of how they move around – and to protect the data center from attacks, including from within: a guaranteed zero-trust approach.