Čítačka správ

Methods for Installing AppDefense Guest Modules

VMware Documents - Št, 01/16/2020 - 14:44
Introduction

In VMware AppDefense, there are a few different methods in which we can roll out the Guest OS modules for the VMs. You might have heard VMware speaking about AppDefense being agentless which is a really cool feature of this security product. But, what do we exactly mean by agentless? Are there other methods of installing the module in the Guest OS without having use VMtools? Thankfully, yes! There are two distinct methods of installing the AppDefense Guest Module that we will cover today.

 

Method 1 - VMtools

VMtools is a package of system level drivers and tools that make navigating and working within a VM much easier. Many of our customers have implemented VMtools across their entire infrastructure and thus it made sense to just add in this new VMware Security functionality into it. When you enable AppDefense within VMtools it does NOT show AppDefense as a stand-alone program within the operating system but still provides all the security functionality. This is pretty cool but there are some downsides. Versions of the AppDefense module correlate directly to the version of VMtools you are running. For example, if you have VMtools 11 you’ll get AppDefense Module version 2.2 But if you have VMtools version 10.0.10 you would get AppDefense Module version 2.1. Now, to be fair, you do have the ability to upgrade the module once it’s already been enabled in VMtools but this workflow does tend to require a little bit more effort to deploy across workloads. Unless you're willing to upgrade all of your VMtools installs to the latest available version and then enable AppDefense, the best method is method 2.

 

Method 2 - Standalone Module

Rather than just offer AppDefense via VMtools we also chose to make the AppDefense Guest Module available as it's own standalone install package. We offer a very light weight MSI that installs the AppDefense Module onto supported Windows OS's. The great thing about this option is that with the latest module (version 2.3) this is a completely non-impactful install. This means that there's no reboot required to get the process and network attestation info reported to AppDefense. Also, because it's a standalone package, this can easily be pushed out to Windows machines via readily available package managers such as SCCM. The downside to this method is that AppDefense appears as its own program within the operating system and has a program listed under Programs and Features. Other than that, the module does the exact same thing, with less work and impact than done within VMtools.

 

Conclusion

In our opinion as implementation experts, we've seen more success utilizing the standalone module for AppDefense. There are, however, benefits and drawbacks to each use case and I hope I've clearly laid out those in this short post and you can determine the best rollout method for your implementation!

 

Happy AppDefending!

Kategórie: VMware

Edge Chromium.ini.zip

VMware Documents - Št, 01/16/2020 - 10:18
Kategórie: VMware

The difference between alerts and events in AppDefense

VMware Documents - St, 01/15/2020 - 16:26

When we move Scopes within AppDefense to "Protected" mode from "Discovery" mode we are locking down the manifest of learned behaviors and telling AppDefense to alert us on any new behaviors or deviations from the known good behaviors. When a new behavior or deviated behavior shows up within in a protected scope, AppDefense triggers an event. Using AppDefense's App Verification Cloud we have the ability to look at that event and classify it with different severities based on a number of factors.

 

The criticality of an event can be one of four severity levels: Critical, Serious, Minor or Info. The corresponding indicator for the different severities are represented by different colored symbols shown below.

 

The difference between "Events" and "Alerts" within AppDefense is quite simple. All events that are classified as critical are what we call "Alerts" and anything classified lower than a critical (Serious, Minor or Info) we continue to call an "Event".

 

Currently you can get to your Alerts (Critical Events) by clicking the "Alerts" button in the top left hand corner of the AppDefense home page.

 

 

To get to events you click the gear icon next to your email address in the bottom left hand corner and select "Events" at the top of the menu.

 

We hope that this has helped you understand a little bit better how to use AppDefense and it's categorization of events.

 

Happy AppDefending!

Kategórie: VMware

Script to create vCenter clusters, switches, portgroups & VLANs

VMware Documents - St, 01/15/2020 - 13:40
When setting up a new environment it is always good practice to plan out and document everything to avoid errors. From hostnames, cluster names, vDS names, portgroup names & VLANs etc. I was recently asked to help script the creation of the above from a csv to avoid fat fingers and to save time through automation. Enter PowerCli! Here is the script i created. Disclaimer: Its version 1…no error checking and can be made more efficient but it works and may be helpful to others! I’ve also posted it to GitHub with an example csv here https://github.com/LifeOfBrianOC/vmware_scripts1

 

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

 

# Script to create vCenter Clusters, Distributed Switches & portgroups from CSV

 

# Edit the CSV location variable and the vCenter FQDN and run the script

# Tested with PowerCli 6.3.0

# This is version 1.0 There is no error checking in place so if an item

# already exists or cannot be found the script will error but should continue

 

#

$CSVPath = "C:\Scripts\Example.csv"

$vCenter = "vc01.domain.local"

 

#####################################

# DO NOT EDIT ANYTHING BELOW THIS LINE

#####################################

 

# Load VMware PowerCli Snapins

add-psSnapin VMWare* | out-null

 

# Connect to vCenter

Connect-VIserver $vCenter

 

# Get vCenter Datacenter Name

$datacenter = Get-Datacenter

 

@"

====================================

Creating Clusters

====================================

"@

 

# Import CSV and only read lines that have an entry in clusterName column

$csv = @()

$csv = Import-Csv -Path $CSVPath |

Where-Object -FilterScript {

$_.clusterName

}

 

# Loop through all _s in the CSV

ForEach ($_ in $csv)

{

New-Cluster -Location $datacenter -Name $_.clusterName -HAEnabled | out-null

}

 

@"

====================================

Creating Distributed Switches

====================================

"@

 

# Import CSV and only read lines that have an entry in switchName column

$csv = @()

$csv = Import-Csv -Path $CSVPath |

Where-Object -FilterScript {

$_.switchName

}

 

# Loop through all _s in the CSV

ForEach ($_ in $csv)

{

Import-Module VMware.VimAutomation.Vds

New-VDSwitch -Location $datacenter -Name $_.switchName -Mtu 1600 | out-null

}

 

@"

==========================================

Creating Distributed Switch Portgroups & Assigning VLANs

==========================================

"@

 

# Import CSV and only read lines that have an entry in portgroupName column

$csv = @()

$csv = Import-Csv -Path $CSVPath |

Where-Object -FilterScript {

$_.portgroupName

}

 

# Loop through all _s in the CSV

ForEach ($_ in $csv)

{

Import-Module VMware.VimAutomation.Vds

New-VDPortgroup -Name $_.portgroupName -VDSwitch $_.addToSwitch -VlanId $_.vlan | out-null

}

@"

==========================================

Setting Trunk Ports

==========================================

"@

 

# Import CSV and only read lines that have an entry in trunkPortgroup column

$csv = @()

$csv = Import-Csv -Path $CSVPath |

Where-Object -FilterScript {

$_.trunkPortgroup

}

 

# Loop through all _s in the CSV

ForEach ($_ in $csv)

{

Import-Module VMware.VimAutomation.Vds

Set-VDPortgroup $_.trunkPortgroup -VlanTrunkRange $_.trunkRange | out-null

}

 

@"

============================================

Disconnecting from vCenter....Done!

============================================

"@

# Disconnect vCenter

Disconnect-VIServer $vCenter

Kategórie: VMware

Verify NTP Configuration on a VMware Photon Appliance

VMware Documents - St, 01/15/2020 - 12:55
Verify NTP Configuration on a VMware Photon Appliance

Quick post with the commands required to verify NTP configuration on a VMware Photon OS Appliance

ssh to the appliance as root

To check if the NTP service is up and running you can run this command

systemctl status systemd-timesyncd

If its stopped run this command

systemctl start systemd-timesyncd

To configure NTP servers run the following

vi /etc/systemd/timesyncd.conf

Add timeservers under [Time]

Kategórie: VMware

VMWare NSX – DMZ

VMware Documents - St, 01/15/2020 - 12:37
VMWare NSX – DMZ Anywhere Detailed Design Guide

 

DMZ Anywhere takes DMZ security principles and decouples them from a traditional physical network and compute infrastructure to maximize security and visibility in a manner that is more scalable and efficient. With traditional design customers are forced to host separate hardware for DMZ due to dependency on physical security and hardware. With NSX this dependency is removed as routing, switching and firewalling can be done at kernel level or virtual machine vNIC level.

This post is made to address a common DMZ anywhere design of  hosting  production and DMZ workloads on same underlying hardware while making use of all SDDC features which NSX would offer.  This post is made to get a complete view of an SDDC and its requirements with detailed physical and connectivity designs. Please note to make things simple i am talking about one site only in this design. This design can be used as a Low level design for SDDC to save your time and efforts.

Contents of the Post

 

Network Virtualization ArchitectureThis is the high level network logical design with one cluster hosting shared production workload, NSX components and  DMZ workload. Don’t be scared by looking at this. Have a look at all the design diagrams and decisions to get the complete view. NSX Data Plane: The data plane handles the workload data only. The data is carried over designated transport networks in the physical network. NSX logical switch, distributed routing, and distributed firewall are also implemented in the data plane.NSX control plane: The control plane handles network virtualization control messages. Control messages are used to set up networking attributes on NSX logical switch instances, and to configure and manage disaster recovery and distributed firewall components on each ESXi host. Carry over control plane communication on secure physical networks (VLANs) that are isolated from the transport networks used for the data plane.NSX management plane: The network virtualization orchestration occurs in the management plane. In this layer, cloud management platforms such as vRealize Automation can request, consume, and destroy networking resources for virtual workloads. The cloud management platform directs requests to vCenter Server to create and manage virtual machines, and to NSX Manager to consume networking resources.NSX for vSphere RequirementsBelow are the components and its compute requirements.Server ComponentQuantityLocationCPURAMStoragePlatform service Controllers2Production-Mgmt Cluster412290vCenter server with Update manager1Production-Mgmt Cluster416290NSX Manager1Production-Mgmt Cluster41660Controllers3Production-Mgmt Cluster4420EDGE Gateway for Production4Production-Mgmt Cluster22512 MBProduction DLR Control VM (A/S)2Production-Mgmt Cluster1512 MB512 MBEDGE Gateway for DMZ2DMZ Cluster22512 MBDMZ DLR Control VM (A/S)2DMZ Cluster1512 MB512 MB IP Subnets RequirementsBelow vLans for Management and VTEPS will be created on the physical L3 Device in Data Center.10.20.10.0/24 – vCenter, NSX and Controllers
10.20.20.0/24 – Production & DMZ ESXi Mgmt
10.20.30.0/24 – Production & DMZ vMotion
10.20.40.0/24 – Production VTEP vLanBelow VXLANs subnets will be created on NSX and NSX DLR will act as gateway.172.16.0.0/16 – Production VXLAN’s for Logical Switches
172.17.0.0/16 – DMZ VXLAN’s for Logical SwitchesESXi Host Requirements:
  • Hardware is compatible with targeted vSphere version. ( check with vmware compatibility guide here)
  • Hardware to have min 2 CPU with 12 or more cores. ( even 8 core also works, but now 22 cores are available in market)
  • Minimum 4 x 10 GB NIC Cards, if vSAN is also part of Design min 6 x 10GB NIC cards. ( if possible use 25 G or 40 G links)
  • Minimum 128 GB RAM in each host. ( now a days each host is coming with 2.5 TB RAM).
Physical DesignBelow is the Physical ESXi host design. Its not mandatory to keep all Prod and DMZ in separate racks. It depends on requirements and network connectivity.A minimum of 7 Hosts to support shared management, edge,  DMZ and production workloads in single Cluster .Some of the major Physical Design Considerations are below:
  • Configure redundant physical switches to enhance availability.
  • Configure the ToR switches to provide all necessary VLANs via an 802.1Q trunk.
  • NSX ECMP Edge devices establish Layer 3 routing adjacency with the first upstream Layer 3 device to provide equal cost routing for management and workload traffic.
  • The upstream Layer 3 devices end each VLAN and provide default gateway functionality.
  • NSX doesn’t need any fancy stuff at Network level basic L2 or L3 functionalities from any hardware vendor will do.
  • Configure jumbo frames on all switch ports with 9000 MTU although 1600 is enough for NSX.
  • The management vDS uplinks for both Production and DMZ cluster can be connected to same TOR switches, but use separate vLans as shown in requirements. Only edge uplinks needs to be separate for Production and DMZ as that is what will decide the packet flow.
vCenter Design & Cluster DesignIt is recommended to have One vCenter single signon domain with 2 PSC’s load balanced with NSX or external load balancer and a vCenter server will use the Load balanced VIP of PSC.vCenter Design Considerations:
  • For this design only one vCenter server license is enough, but it is recommended to have separate vCenter for mgmt and NSX workload clusters if you have separate clusters.
  • One single sign on domain with 2 PSC’s load balanced with NSX load balancer or external load balancer. NSX load balancer config guide is here.
  • A one-to-one mapping between NSX Manager instances and vCenter Server instances exists.
If you are looking for vCenter design and implementation steps please click here for that post.One cluster for management, edge and compute ,DMZ workload and DMZ edges.
  • Collapsed Cluster  host vCenter Server, vSphere Update Manager, NSX Manager and NSX Controllers.
  • This  cluster also runs the required NSX services to enable North-South routing between the SDDC tenant virtual machines and the external network, and east-west routing inside the SDDC.
  • This Cluster also hosts Compute Workload will be hosted in the same cluster for the SDDC tenant workloads.
  • This Cluster will host DMZ workload along with DMZ edges and DLR Control VM.
VXLAN VTEP DesignThe VXLAN network is used for Layer 2 logical switching across hosts, spanning multiple underlying Layer 3 domains. You configure VXLAN on a per-cluster basis, where you map each cluster that is to participate in NSX to a vSphere distributed switch (VDS). When you map a cluster to a distributed switch, each host in that cluster is enabled for logical switches. The settings chosen here will be used in creating the VMkernel interface.
If you need logical routing and switching, all clusters that have NSX VIBs installed on the hosts should also have VXLAN transport parameters configured. If you plan to deploy distributed firewall only, you do not need to configure VXLAN transport parameters.
When you configure VXLAN networking, you must provide a vSphere Distributed Switch, a VLAN ID, an MTU size, an IP addressing mechanism (DHCP or IP pool), and a NIC teaming policy.
The MTU for each switch must be set to 1550 or higher. By default, it is set to 1600. If the vSphere distributed switch MTU size is larger than the VXLAN MTU, the vSphere Distributed Switch MTU will not be adjusted down. If it is set to a lower value, it will be adjusted to match the VXLAN MTU.Design Decisions for VTEP:
  • Configure Jumbo frames on network switches (9000 MTU) and on VXLAN Network also.
  • Use two VTEPS per servers at minimum which will balance the VTEP load. Some VM’s traffic will go from one , other VM’s from another one.
  • Separate vLans will be used for Production VTEP IP pool and DMZ VTEP IP pool.
  • Unicast replication model is sufficient for small and medium deployments. For large scale deployments with multiple POD’s hybrid is recommended.
  • No IGMP or other needs to be configured on physical world for Unicast replication model.
  • Select Load balancing mechanism as Load based on Source ID which will create two or more vTEPS based on the no of physical uplinks on the vDS.
Production Cluster VTEP DesignAs shown above each host will have two VTEP’s configured. this will be automatically configured based on the policy which is selected while configuring VTEP’s.Transport Zone DesignA transport zone is used to define the scope of a VXLAN overlay network and can span one or more clusters within one vCenter Server domain. One or more transport zones can be configured in an NSX for vSphere solution. A transport zone is not meant to delineate a security boundary.One Transport Zones will be used one for Production workload and for DMZ workload. This will help if you are planning for DR or secondary site as only One universal Transport Zone is supported, so when moved to secondary site we can have one Universal TZ and two universal DLR , one for production and one for DR.Logical Switch DesignNSX logical switches create logically abstracted segments to which tenant virtual machines can connect. A single logical switch is mapped to a unique VXLAN segment ID and is distributed across the ESXi hypervisors within a transport zone. This logical switch configuration provides support for line-rate switching in the hypervisor without creating constraints of VLAN sprawl or spanning tree issues.Logical Switch NamesDLR Transport Zone
  1. WEB Tier Logical Switch.
  2. APP Tier Logical Switch.
  3. DB Tier Logical Switch
  4. Services Tier Logical Switch
  5. Transit Logical Switch
Production DLRLocal Transport Zone
  1. DMZ WEB Logical Switch.
  2. DMZ Services Logical Switch
  3. DMZ Transit Logical Switch
DMZ DLRLocal Transport Zone Distributed Switch DesignvSphere Distributed Switch supports several NIC teaming options. Load-based NIC teaming supports optimal use of available bandwidth and redundancy in case of a link failure. Use two 10-GbE connections for each server in combination with a pair of top of rack switches. 802.1Q network trunks can support a small number of VLANs. For example, management, storage, VXLAN, vSphere Replication, and vSphere vMotion traffic.Configure the MTU size to at least 9000 bytes (jumbo frames) on the physical switch ports and distributed switch port groups that support the following traffic types.
  • vSAN
  • vMotion
  • VXLAN
  • vSphere Replication
  • NFS
Two types of QoS configuration are supported in the physical switching infrastructure.
  • Layer 2 QoS, also called class of service (CoS) marking.
  • Layer 3 QoS, also called Differentiated Services Code Point (DSCP) marking.
A vSphere Distributed Switch supports both CoS and DSCP marking. Users can mark the traffic based on the traffic type or packet classification.
When the virtual machines are connected to the VXLAN-based logical switches or networks, the QoS values from the internal packet headers are copied to the VXLAN-encapsulated header. This enables the external physical network to prioritize the traffic based on the tags on the external header.Physical Production vDS DesignProduction Cluster will have 3 vDS. Detailed Port group information will be given below.
  1. vDS-MGMT-PROD : to host management vLan traffic, VTEP traffic and vMotion Traffic.
  2. vDS-PROD-EDGE : will be used for EDGE Uplinks for North South Traffic for production traffic.
  3. vDS-DMZ-EDGE : will be used for DMZ EDGE Uplinks for North South Traffic. ( if you don’t have extra 10GB NIC’s you can use 1GB for edge port groups also, but there will be performance impact)
Port Group Design Decisions:vDS-MGMT-PRODPort Group NameLB PolicyUplinksMTUESXi MgmtRoute based on physical NIC loadvmnic0, vmnic11500 (default)ManagementRoute based on physical NIC loadvmnic0, vmnic11500 (default)vMotionRoute based on physical NIC loadvmnic0, vmnic19000VTEPRoute based on SRC-IDvmnic0, vmnic19000vDS-PROD-EDGEPort Group NameLB PolicyUplinksRemarksESG-Uplink-1-vlan-xxRoute based on originating virtual portvmnic21500 (default)ESG-Uplink-2-vlan-yyRoute based on originating virtual portvmnic31500 (default)vDS-DMZ-EDGEThe No of port groups in DMZ depends on the next hop L3 device. If we have a firewall we can use only one port group as firewalls always work as active passive which is the case we find most of the time. If you have separate L3 device than firewall for DMZ. you will have two uplinks as in Production.Port Group NameLB PolicyUplinksRemarksESG-Uplink-1-vlan-xxRoute based on originating virtual portvmnic41500 (default) Control Pane and Routing DesignThe control plane decouples NSX for vSphere from the physical network and handles the broadcast, unknown unicast, and multicast (BUM) traffic within the logical switches. The control plane is on top of the transport zone and is inherited by all logical switches that are created within it.Distributed Logical Router:
distributed logical router (DLR) in NSX for vSphere performs routing operations in the virtualized space (between VMs, on VXLAN backed port groups).
  • DLRs are limited to 1,000 logical interfaces. If that limit is reached, you must deploy a new DLR.
Designated Instance:
The designated instance is responsible for resolving ARP on a VLAN LIF. There is one designated instance per VLAN LIF. The selection of an ESXi host as a designated instance is performed automatically by the NSX Controller cluster and that information is pushed to all other ESXi hosts. Any ARP requests sent by the distributed logical router on the same subnet are handled by the same ESXi host. In case of an ESXi host failure, the controller selects a new ESXi host as the designated instance and makes that information available to the other ESXi hosts. User World Agent:
User World Agent (UWA) is a TCP and SSL client that enables communication between the ESXi hosts and NSX Controller nodes, and the retrieval of information from NSX Manager through interaction with the message bus agent. Edge Services Gateway :
While the DLR provides VM-to-VM or east-west routing, the NSX Edge services gateway provides north-south connectivity, by peering with upstream top of rack switches, thereby enabling tenants toaccess public networks.Some Important Design Considerations for EDGE and DLR.
  • ESGs that provide ECMP services, which require the firewall to be disabled.
  • Deploy a minimum of two NSX Edge services gateways (ESGs) in an ECMP configuration for North-South routing
  • Create one or more static routes on ECMP enabled edges for subnets behind the UDLR and DLR with a higher admin cost than the dynamically learned routes.
    • Hint: If any new subnets are added behind the UDLR or DLR the routes must be updated on the ECMP edges.
  • Graceful Restart maintains the forwarding table which in turn will forward packets to a down neighbor even after the BGP/OSPF timers have expired causing loss of traffic.
    • FIX: Disable Graceful Restart on all ECMP Edges.
    • Note: Graceful restart should be selected on DLR Control VM as it will help maintain data path even control VM is down. please note DLR control VM is not in Data Path, But EDGE will sit in Data path.
  • If the active Logical Router control virtual machine and an ECMP edge reside on the same host and that host fails, a dead path in the routing table appears until the standby Logical Router control virtual machine starts its routing process and updates the routing tables.
    • FIX: To avoid this situation create anti-affinity rules and make sure you have enough Hosts to tolerate failures for active / passivce control VM.
DMZ Anywhere Routing DesignBelow are the Production design details.
  • DLR will act as gateway for Production web, app and DB tier VXLAN’s.
  • DLR will peer with EDGE gateways with OSPF , normal area ID 10.
  • IP 2 will use as packet forwarding address and protocol address 3 will be in use for route peering with edge in the DLR.
  • All 4 edges will be configured with ECMP so that they all will pass the traffic to upstream router and downstream DLR.
  • Two SVI’s will be configured on TOR / Nearest L3 device as in my case both are acting as active with VPC and HSRP configured across both the switches.
  • EDGE gateways will have two uplinks each towards each SVI from each vLan.
  • Static route will be created on EDGE for subnets hosted on DLR with  higher admin distance. This will save if any issues with control VM.
Below are the DMZ design details.
  • DLR will act as gateway for DMZ web and services tier VXLAN’s.
  • DLR will peer with EDGE gateways with OSPF , normal area ID 20. ( note all areas in OSPF should connect to area 0)
  • IP 2 will use as packet forwarding address and protocol address 3 will be in use for route peering with edge in the DLR.
  • All 2 edges will be configured with ECMP so that they all will pass the traffic to upstream firewall and downstream DLR.
  • As firewalls can act as active passive only one virtual IP will be configured so only one vLan will be used.
  • EDGE gateways will have one uplinks connecting to firewall.
Packet Walk ThroughEven though Production and DMZ are in same transport zone, packet has to exit from DMZ and route over the physical network to reach production VM’s as the DLR and EDGES are different for both Production and DMZ.Step 1: Outside users will try to access DMZ VM through the perimeter firewall and load balancer.Step 2: That packet will be sent from DMZ VM to DMZ DLR.Step 3: Then it will be sent to EDGEStep 4: EDGE will pass it to firewall as it is its next hop.Step 5: DMZ firewall will forward it to the datacenter core then to TOR switchStep 6: L3 device pairing with EDGE will forward to EDGE, which will forward to DLRStep 7: DLR acting as gateway for production VM, will forward the packet to VM.Step 8: Internal VM will receive the packet from DMZ server.Edge Uplink Design Below are the design details:
  • Each edge will have two uplinks one from each port group.
  • each uplink port group will have only one physical uplink configured. No passive uplinks.
  • Each uplink port group will be tagged with separate vLan.

Note: DMZ will have similar use case but only one port group.

Micro Segmentation Design

The NSX Distributed Firewall is used to protect all management applications attached to application virtual networks. To secure the SDDC, only other solutions in the SDDC and approved administration IPs can directly communicate with individual components.

NSX micro segmentation will help manage all the firewall policies from single pane.

 

Deployment Flow and Implementation Guides

NSX deployment flow is given below. If you are looking for detailed vmware NSX installation and configuration guide please follow this post of mine.

Kategórie: VMware

Horizon Connection Server: Log Assist Requirements

VMware Documents - Po, 01/13/2020 - 19:01

Hello,

 

We have recently made updates to the Horizon Connection Server requirements for adding it to the Skyline Collector, for proper Skyline Log Assist functionality. If you are interested in using Skyline Log Assist to upload log bundles from Horizon Connection Servers, please ensure that you implemented the following requirements.

 

First, Horizon version 7.10 or above is required for Log Assist functionality. This version of Horizon (and above) supports the capability for remote log bundle collection. If you're using a Horizon version previous to 7.10, you can still add Horizon Connection Servers to a Skyline Collector, and receive proactive findings and recommendations for your Horizon environment.

 

Once you're ready to add your Horizon Connection Server to your Skyline Collector, be sure to follow these guidelines.

 

Skyline requires the following privileges for product usage data collection: Horizon 7 Administrator (read-only). And, for Log Assist capabilities in Horizon v.7.10, in addition to Horizon 7 Administrator (read-only), Collect Operation Logs is required. I recommend the following for creating a new role for the purposes of adding the Horizon Connection Server to Skyline.

 

  1. Open the Horizon 7 Administration Console.
  2. Navigate to View Configuration > Administrators.
  3. Click the Roles tab.
  4. Click on Add Role.
  5. Enter the name "LogCollector" and description for the new role. The Skyline Collector explicitly looks for the role name "LogCollector" when a log transfer request is initiated from Skyline to a Horizon Connection Server.
  6. Select the Collect Operations Log from the privilege list.
  7. Save the role.
  8. Click on the Administrators and Groups tab, then click Add User or Group.
  9. For the new user, click on Add Permission. Select the Administrators (read-only).
  10. Click Save.

 

It's important to note that the Role name MUST be named "LogCollector". Today, Skyline is looking specifically for this role. If you name the role something other than "LogCollector", Skyline Advisor will display Insufficient Privileges. Within the Horizon Administration Console, you should see something similar to this:

 

Within Skyline, we'll check to ensure that the proper privileges have been applied. If applied properly, we let you know with a green check-mark. If you have not applied the proper privileges for Log Assist, we'll show a Red X, indicating Insufficient Privileges to collect a log bundle.

 

 

You can view additional details regarding the permissions, and privileges required for Log Assist, within VMware KB article 59661.

 

If you have any questions, or experience any issues with adding Horizon, or any products to Skyline, please let us know and we'll be more than happy to assist you.

 

This document was generated from the following discussion: Horizon Connection Server: Log Assist Requirements

Kategórie: VMware

Horizon Connection Server - Log Assist Requirements

VMware Documents - Pi, 01/10/2020 - 20:43

Hello,

 

We have recently made updates to the Horizon Connection Server requirements for adding it to the Skyline Collector, for proper Skyline Log Assist functionality. If you are interested in using Skyline Log Assist to upload log bundles from Horizon Connection Servers, please ensure that you implemented the following requirements.

 

First, Horizon version 7.10 or above is required for Log Assist functionality. This version of Horizon (and above) supports the capability for remote log bundle collection. If you're using a Horizon version previous to 7.10, you can still add Horizon Connection Servers to a Skyline Collector, and receive proactive findings and recommendations for your Horizon environment.

 

Once you're ready to add your Horizon Connection Server to your Skyline Collector, be sure to follow these guidelines.

 

Skyline requires the following privileges for product usage data collection: Horizon 7 Administrator (read-only). And, for Log Assist capabilities in Horizon v.7.10, in addition to Horizon 7 Administrator (read-only), Collect Operation Logs is required. I recommend the following for creating a new role for the purposes of adding the Horizon Connection Server to Skyline.

 

  1. Open the Horizon 7 Administration Console.
  2. Navigate to View Configuration > Administrators.
  3. Click the Roles tab.
  4. Click on Add Role.
  5. Enter the name "LogCollector" and description for the new role. The Skyline Collector explicitly looks for the role name "LogCollector" when a log transfer request is initiated from Skyline to a Horizon Connection Server.
  6. Select the Collect Operations Log from the privilege list.
  7. Save the role.
  8. Click on the Administrators and Groups tab, then click Add User or Group.
  9. For the new user, click on Add Permission. Select the Administrators (read-only).
  10. Click Save.

 

It's important to note that the Role name MUST be named "LogCollector". Today, Skyline is looking specifically for this role. If you name the role something other than "LogCollector", Skyline Advisor will display Insufficient Privileges. Within the Horizon Administration Console, you should see something similar to this:

 

Within Skyline, we'll check to ensure that the proper privileges have been applied. If applied properly, we let you know with a green check-mark. If you have not applied the proper privileges for Log Assist, we'll show a Red X, indicating Insufficient Privileges to collect a log bundle.

 

 

You can view additional details regarding the permissions, and privileges required for Log Assist, within VMware KB article 59661.

 

If you have any questions, or experience any issues with adding Horizon, or any products to Skyline, please let us know and we'll be more than happy to assist you.

 

This document was generated from the following discussion: Horizon Connection Server: Log Assist Requirements

Kategórie: VMware

大神揭秘幸运飞艇冠亚和出11的概率!

VMware Documents - Št, 01/09/2020 - 11:56

幸运飞艇冠亚和出11的概率+【Q:3957785】【稳】【定】!【专】【业】【团】【队】【计】【划】【精】【通】【各】【种】【游】【戏】【琓】【法】!【助】【你】【提】【升】【胜】【率】!【一】【对】【一】【专】【业】【指】【导】【稳】【定】【盈】【利】【欢】【迎】【添】【加】【沟】【通】【交】【流】! shop and ask him an alternativ!

Kategórie: VMware

大神揭秘幸运飞艇冠亚和值什么是小!

VMware Documents - Št, 01/09/2020 - 11:55

幸运飞艇冠亚和值什么是小+Q,Q,【3957785】【专】【业】【团】【队】!【朋】【友】【推】【荐】【先】【要】【平】【稳】【的】【心】【态】,【不】【要】【一】【盘】【的】【失】【误】【影】【响】【心】【情】。【自】【己】【有】【规】【划】【性】【和】【目】【标】【性】。【做】【到】【这】【两】【点】,【过】【来】【免】【费】【帮】【你】!The games I play are the ones where 1 person is always winning 3 round but everyone else is 3 also 5 rounds gives a chance for others to catch up and compete as well.

Kategórie: VMware

大神揭秘幸运飞艇冠亚和走势!

VMware Documents - Št, 01/09/2020 - 11:54

幸运飞艇冠亚和走势+【Q:3957785】【稳】【定】!【专】【业】【团】【队】【计】【划】【精】【通】【各】【种】【游】【戏】【琓】【法】!【助】【你】【提】【升】【胜】【率】!【一】【对】【一】【专】【业】【指】【导】【稳】【定】【盈】【利】【欢】【迎】【添】【加】【沟】【通】【交】【流】! shop and ask him an alternativ!

Kategórie: VMware

大神揭秘幸运飞艇冠亚和公式图!

VMware Documents - Št, 01/09/2020 - 11:53

幸运飞艇冠亚和公式图+Q,Q,【3957785】【专】【业】【团】【队】!【朋】【友】【推】【荐】【先】【要】【平】【稳】【的】【心】【态】,【不】【要】【一】【盘】【的】【失】【误】【影】【响】【心】【情】。【自】【己】【有】【规】【划】【性】【和】【目】【标】【性】。【做】【到】【这】【两】【点】,【过】【来】【免】【费】【帮】【你】!The games I play are the ones where 1 person is always winning 3 round but everyone else is 3 also 5 rounds gives a chance for others to catch up and compete as well.

QQ在→【6○4○9○5○7○9○6】专 业 【 讠十 】【戈刂】,精 通 各 种 遊 戯 琓 珐 伎 窍!精 准 一 对 一 指 导,助 你 提 暠(月生)率 到 99 稳 定 盈 莉!想帮Q助Q更多的人我是认Q真的,也是希望Q让更多的朋友们知道不要在误入歧Q途了,我见过很多输的很Q惨的人了,我也是在困Q难的时候得到过别的帮助 !

Kategórie: VMware

大神揭秘幸运飞艇怎么分析冠亚和!

VMware Documents - Št, 01/09/2020 - 11:51

幸运飞艇怎么分析冠亚和+【Q:3957785】【稳】【定】!【专】【业】【团】【队】【计】【划】【精】【通】【各】【种】【游】【戏】【琓】【法】!【助】【你】【提】【升】【胜】【率】!【一】【对】【一】【专】【业】【指】【导】【稳】【定】【盈】【利】【欢】【迎】【添】【加】【沟】【通】【交】【流】! shop and ask him an alternativ!

Kategórie: VMware

Subscribing to VMware Learning Platform Status service

VMware Documents - Št, 01/09/2020 - 11:28

Subscribe to VMware Cloud Services status updates for VMware Learning Platform to receive email notifications about incidents such as scheduled maintenance or outages.

 

Procedure :

  1. Open https://status.vmware-services.io/ in a browser.
  2. Click "Subscribe to update" and enter your email address.
  3. Click Subscribe.
  4. From the subscription page, select VMware Learning Platform and save the preferences.
  5. Check your email inbox and confirm your subscription.
Kategórie: VMware

VMware released Update 1 for vSphere 6 and much much more

VMGuru - Ne, 09/13/2015 - 14:30

Last week VMware released Update 1 for vSphere 6. But that was not the only update that was released. There was a real wave of updates for a whole range of products. Here’s recap of the updates that were published. Sit tight because it’s a long list: End User Computing VMware Horizon View v5.3.5 VMware Horizon View v6.2 VMware Horizon for Linux v6.2 VMware Horizon Clients for Windows/Linux/Mac OSX/iOS/Android v3.5 User Environment Manager v8.7 VMware Identity Manager v2.4 VMware Horizon FLEX v1.6 Datacenter [ … ]

The post VMware released Update 1 for vSphere 6 and much much more appeared first on VMGuru.

Kategórie: VMGuru

VMworld 2015: VMware announces VMware Identity Manager Advanced

VMGuru - Ut, 09/01/2015 - 18:54

In June, VMware introduced VMware Identity Manager, an Identity as a Service (IDaaS) offering that we began including in premium versions of AirWatch Enterprise Mobility Management. At day two of VMworld 2015, VMware announced VMware Identity Manager Advanced, a new standalone package of Identity Manager focused on broad-based deployment across all employees on any of their devices, laptops or desktops across any network for SaaS, Mobile, and Windows apps. VMware Identity Manager is identity management for the mobile/cloud era that delivers on consumer-grade expectations like one-touch access to nearly any app, from any device, optimized [ … ]

The post VMworld 2015: VMware announces VMware Identity Manager Advanced appeared first on VMGuru.

Kategórie: VMGuru

VMworld 2015: HyTrust Announces CloudControl for VMware NSX

VMGuru - Ut, 09/01/2015 - 09:57

VMware NSX software-defined networking offers unprecedented flexibility to support rapid infrastructure deployment and scaling with micro-segmentation to segment the network. HyTrust has partnered with VMware to deliver enterprise-class administrator controls for NSX that allow an organization to provide very segmented controls for administrators. HyTrust announced at VMworld 2015 the general availability of CloudControl for VMware NSX. Adoption of the Software-Defined Data Center architecture has gained traction in the marketplace because it enables greater agility, scalability and workload security. As organizations have increasingly virtualized their infrastructure, often as much as 95 percent of compute, the server-to-server traffic has grown [ … ]

The post VMworld 2015: HyTrust Announces CloudControl for VMware NSX appeared first on VMGuru.

Kategórie: VMGuru

VMworld 2015: Site Recovery Manager 6.1 introduction

VMGuru - Ut, 09/01/2015 - 08:35

Yesterday at VMworld version 6.1 of VMware Site Recovey Manager was announced. This latest version makes use of some of the improvements made in other products to strengthen itself.   Enhanced VMware NSX Integration VMware NSX 6.2 makes it possible to extend your virtual network across multiple vcenter servers and lets you work with a seconday NSX manager. This will give you much more fexibility when implementing SRM into your enviroment.   Storage Policy-based Protection Groups Datastores that are protected by SRM will have a tag and this tag can be assigned to a virtual machine. If a virtual machine receives [ … ]

The post VMworld 2015: Site Recovery Manager 6.1 introduction appeared first on VMGuru.

Kategórie: VMGuru

VMworld 2015: Nexenta offers free File Services for current VMware VSAN customers

VMGuru - Po, 08/31/2015 - 22:00

Current VMware Virtual SAN customers can now get File Services free of charge!, courtesy of VMware & Nexenta. When you are using VMware VSAN and you want to put your ISO images on VSAN you can’t at the moment. With NexentaConnect for VSAN you will add enterprise grade file services on top of your VMware VSAN deployment. Also if you would like to connect your other ESXi servers without VSAN and the VMs running on top of that cluster on your VSAN cluster, you now will have that possibility. NexentaConnect for VMware Virtual SAN is a software only [ … ]

The post VMworld 2015: Nexenta offers free File Services for current VMware VSAN customers appeared first on VMGuru.

Kategórie: VMGuru

VMworld 2015: vCloud Air enhancements

VMGuru - Po, 08/31/2015 - 21:49

Today at the start of VMworld 2015, VMware announced several enhancements to vCloud Air. These updates and others from VMware this week show how the company is looking to become a formidable contender in the cloud infrastructure market. Companies are depending on public clouds to a greater and greater extent and VMware is taking steps to provide the basic components that other cloud providers offer. Cross-Cloud vMotion One of the coolest enhancements is probably cross-cloud vMotion. With the release of vSphere 6 we already saw a lot of vMotion enhancements but now VMware raised the bar even [ … ]

The post VMworld 2015: vCloud Air enhancements appeared first on VMGuru.

Kategórie: VMGuru
Syndikovať obsah