As 2018 comes to a close, we have one more release for you in the form of PowerCLI 11.1.0! If you’re keeping track, that brings us to 6 official PowerCLI releases in the 2018 calendar year. To quickly summarize 2018: PowerCLI has gone multi-platform, added 2 new modules, added 25 new cmdlets, and supported new VMware product versions faster than ever! There were also quite a few other updates that involve PowerCLI, such as the Fling modules containing high-level cmdlets for NSX-T and VMware Cloud on AWS, the Code Capture addition to the HTML5 Web Client Fling, and the brand-new PowerShell DSC Resources for VMware!

PowerCLI 11.1.0 comes with the following updates:

• Added support to the SRM module for MacOS and Linux
• Added support for SRM 8.1
• Updated 2 Storage module cmdlets
• Updated DeployAutomation and ImageBuilder module dependencies

Let’s take a look at some of the updates.

Site Recovery Manager Module Updates

The VMware.VimAutomation.SRM module is the newest module to be converted to for multi-platform support. That means this module can now be used with PowerShell Core on MacOS and Linux! This module has also received updates to support Site Recovery Manager 8.1. More information on this new version of SRM can be found at the following: VMware Site Recovery Manager 8.1 Release Notes

Storage Module Updates

The VMware.VimAutomation.Storage module received a couple updates to fix some issues. The Get-VsanDisk cmdlet has been updated to now also list the vSAN disk where the Witness Component resides. An update has additionally been made to the Start-SpbmReplicationTestFailover cmdlet so that it no longer requires the VvolId parameter.

Summary

PowerCLI 11.1.0 has been released and completes the 6th release of the year! This new release includes support for Site Recovery Manager 8.1, as well as converting the SRM module over for multi-platform support. Two storage cmdlets have been updated to fix some reported issues. Lastly, some dependencies for the DeployAutomation and ImageBuilder modules have been updated.

For more information on changes made in VMware PowerCLI 11.1.0, including improvements, security enhancements, and deprecated features, see the VMware PowerCLI Change Log. For more information on specific product features, see the VMware PowerCLI 11.1.0 User’s Guide. For more information on specific cmdlets, see the VMware PowerCLI 11.1.0 Cmdlet Reference.

Remember, updating your PowerCLI modules is now as easy as: Update-Module VMware.PowerCLI

Let us know in the comments what you’re most excited about!

The post New Release: PowerCLI 11.1.0 appeared first on VMware PowerCLI Blog.

It’s a big week for PowerCLI! We’re closing out 2018 with several new releases. The new PowerShell DSC Resources for VMware came out last week. PowerCLI 11.1.0 was released earlier today. Now, we also have a brand-new Fling to help bridge the gap between the low-level cmdlets already available and the high-level cmdlets that are so easy to use. The PowerCLI Preview for VMware Cloud on AWS adds 14 new high-level cmdlets which are used in combination with the existing VMware.VimAutomation.VMC module.

What do I mean by ‘high-level’ cmdlets? There are generally two forms of cmdlets available through PowerCLI, high-level and low-level. High-level cmdlets abstract the underlying API calls and provide an easy to use and understand cmdlet, like Get-SDDC. Based on that, you can assume the output will be SDDCs within your VMware Cloud on AWS environment. However, every API call does not have a corresponding high-level cmdlet and that’s where the low-level cmdlets come into play. Low-level cmdlets interact directly with the API and therefore have complete coverage of the available API calls. An example of a low-level cmdlet would be Get-View, or in the case of the VMC module it would be Get-VmcService. More information about the low-level cmdlet usage of the VMC module is available in the following blog post: Getting Started with the VMware Cloud on AWS Module

Why is this being released as a fling? Much like the NSX-T preview module released earlier this year, we’re trying a new approach to creating cmdlets based on the APIs. Essentially, we take the VMC API swagger specification and programmatically create the entire module. It’s early in this new development process and we know there is the potential for issues and things that may or may-not make sense.

Another reason for it being a fling, we need your feedback! What cmdlets are you using the most? What should the output look like? What cmdlets aren’t working the way you think they should? What cmdlets are missing? As well as any other feedback you can come up with! The preference is to leave the feedback on the Fling’s comments page. However, if you post it as a comment here, I’ll make sure the right people receive it.

With that said, let’s get started using this new module!

Getting Started

Before we dive right in, the following section is going to be using a Windows environment. However, both the existing VMC module as well as the new VMC Preview module are multi-platform and can be used with PowerShell Core!

First, we’ll need to head out to the VMware Flings site, browse for the fling and download the zip file. Direct link: PowerCLI Preview for VMware Cloud on AWS

Next, extract the module and place it into one of your $PSModule directories. Better yet, do it with PowerShell:

Expand-Archive -Path $env:USERPROFILEDownloadsPowerCliPreviewForVmwareCloudOnAws-1.0.0-11171858.zip -DestinationPath $env:USERPROFILEDocumentsWindowsPowerShellModules

We can then verify the module was placed in the proper location and is available for us to use:

Get-Module -Name *VMC* -ListAvailable

Note: If you don’t see those two modules, you probably need to install the latest version of PowerCLI. Walkthroughs on how to do that are available:

• Online Walkthrough
• Offline Walkthrough

Now that we can see the module, I would suggest browsing through the new cmdlets available. We can do that with the following command:

Get-Command -Module VMware.VimAutomation.VmcPreview

One last step before starting to use the new cmdlets, we need to authenticate to the VMware Cloud on AWS service. This requires the Connect-VMC cmdlet, which is available as part of the VMware.VimAutomation.VMC module, and our Refresh Token from the Account section of the VMware Cloud on AWS Cloud Console. We can then authenticate with the following command:

Connect-Vmc -RefreshToken xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

We are now authenticated and ready to start pulling information from the environment. Following along with the prior blog post, let’s start by pulling information about our organization. We can do that with the Get-Organization cmdlet.

We can clean up the output through the use of the Select-Object cmdlet with the following command:

Get-Organization | Select-Object -Property Id, DisplayName

Another item we looked at in the last blog post, and the next logical step, SDDCs. The Get-Sddc cmdlet can be used, however it does require the addition of an Organization ID. I’ll store the Org ID from the prior step in a variable named orgId and then just jump to the cleaned-up view by using the following command to list the SDDC/s in the Org:

Get-Sddc -OrdId $orgId | Select-Object Id,Name,SddcType,SddcState

Last thing I want to cover, these cmdlets make use of objects just like standard PowerCLI cmdlets do. Specific to the SDDC, we can access additional information such as what AWS Region and Availability Zone/s are in use, NSX information like the Manager URL (which will be important in a later blog post), and what the vCenter URL is. All of that information happens to be available in the ResourceConfig property of an SDDC. We can retrieve that information with the following command:

$sddc.ResourceConfig | Select-Object -Property Region,NsxMgrUrl,VcUrl

Summary

There’s a great new fling available called the PowerCLI Preview for VMware Cloud on AWS. This fling adds an additional 14 high-level cmdlets for VMware Cloud on AWS, like Get-Organization and Get-Sddc, which means that automating VMware Cloud on AWS has never been easier!

As with all of our Flings, please leave feedback on the Comments section! We want to know what you think. What cmdlets are you using the most? What should the output look like? What cmdlets aren’t working the way you think they should? What cmdlets are missing? As well as any other feedback you can come up with!

The post New Release: PowerCLI Preview for VMware Cloud on AWS appeared first on VMware PowerCLI Blog.

Written in collaboration with Tony Karam, Sr Consultant, Product Marketing, RSA

In today’s digital era, data needs to flow freely across workforces, ecosystems and economies. However, this presents big challenges as organizations also need to secure access to data and resources, while protecting customer and user privacy. To complicate matters further, users now expect simple “click and go” experiences, from any device to any on-prem, mobile or cloud-based application – all with their own unique access workflows and policies. These “islands of identities” along with an evolving landscape of sophisticated cyber security attacks are causing organizations to rethink their approach to access and identity assurance.

Organizations need to bridge these islands and ensure they have maximum visibility and control over who has access to what, while also providing common access and user experience. Together, VMware and RSA can help organizations minimize their identity risk and simplify access to any app from any device to help keep corporate data safe and personally identifiable information private. Combining VMware Workspace ONE and RSA SecurID Access gives organizations unified application access and strong authentication solution that spans access to all applications, wherever they live. We’ve partnered together to help transform security across the digital workspace, helping provide employees with consistent application access across any device, that’s consumer-simple and enterprise secure.

Continuous Identity Monitoring, Device Context, Insights and Automation

Having visibility and insight across an organization can also help minimize your risk exposure. With RSA SecurID Access, organizations can leverage RSA machine learning technology to create a baseline of historical access behavior. Machine learning allows organizations to move authentication from being a static decision to one that is continuously assessed. Organizations can combine this machine learning with Workspace ONE to gather detailed information about the security posture of their Android, Chrome OS, iOS, macOS and Windows 10 devices. Device information, such as jailbroken or unpatched devices, can quickly identify which devices pose an increased security risk. Workspace ONE Intelligence can then provide insights through dashboards and reports, and automation with actions and notifications, to help increase security even further. The combination of RSA SecurID Access and the Workspace ONE platform gives organizations holistic visibility with more context, ensuring that only known users and trusted devices get access to applications and data, which ultimately minimizes their risk.

Consumer-Simple, Enterprise Secure

Organizations need to remain agile in order to compete effectively in today’s mobile-cloud era. They need digital workspaces that provide users consumer-simple access to any application from any device, without compromising security. Users can access their digital workspaces through the Workspace ONE Intelligent Hub or browser, giving them single sign-on and a common experience across all their applications. The seamless integration between RSA SecurID Access and Workspace ONE gives IT a broad set of modern multi-factor authentication options for end users to securely access their apps at their convenience. Organizations can use these options, including mobile push to approve or machine learning analytics, individually or in combination to ensure the level of access control is appropriate for the level of risk.

Two Companies, One Vision

VMware and RSA believe that information about users and their devices is critical to securing your enterprise. As organizations seek to harness rapid technology acceleration, transforming their IT environments and their workforces to better compete in their markets; they must transform their security strategies in parallel. Together, VMware and RSA are meeting these challenges head-on. With VMware Workspace ONE and RSA SecurID Access, organizations and their end users can enjoy the modern conveniences of access to their digital workspaces without needing to compromise on security.

For more information, please click here or visit us online at vmware.com and rsa.com.

The post Securing Access in the Digital Workspace with RSA SecurID® Access and VMware Workspace ONE appeared first on VMware End-User Computing Blog.

Those time-consuming IT requests and issues from yesteryear are still apparent today – particularly with a boom in the use of mobile devices in the workplace — but as IT itself has become much more important to business outcomes, the requirement to deal with these issues shouldn’t have to rely solely on the IT department.

Instead, many businesses are taking a fresh and modern approach towards managing their computing solutions; it’s about having the right devices and services, and ensuring you have support from anywhere in the world – with complete confidence that these devices can be managed and secured easily, regardless of operating system.

With VMware Workspace ONE and HP Device as a Service (DaaS), IT professionals can spend less time on managing hardware, and more time supporting users and on other priorities for their business.

So how do they work in tandem?

VMware Workspace ONE and HP Device as a Service (DaaS)

VMware Workspace ONE Unified Endpoint Management (UEM), powered by AirWatch technology is an integrated platform that securely enables IT to empower their workforce to adopt the technologies they need.

It provides a holistic and user-centric approach to managing all endpoints in an organization, ranging from mobile and desktop to the Internet of Things (IoT). The platform simplifies app access and management, modernize the way Windows 10 is managed, leverages a single platform to manage all devices regardless of ownership model and lowers the cost of delivering virtual desktops and apps.

HP DaaS provides a new service model for computing in which hardware, analytics, support, proactive management and lifecycle services are combined. HP Device as a Services includes the option for HP Service Experts to provide a unified endpoint management service for customers multi-OS devices. HP Service Experts use HP TechPulse and VMware Workspace ONE to secure and manage customer devices by utilizing Workspace ONE along with HP TechPulse, HP Service Experts will be able to provide comprehensive management to help customers increase efficiency, improve employee experience and optimize IT assets resources.

This means IT teams can be more efficient and IT budgets are more predictable, particularly with a one price per device contract that enables organizations to scale up or down as they need. HP DaaS provides unique analytics and actionable reports about device health. IT can identify, predict and address issues with HP TechPulse—analytics that use machine learning, preconfigured logic, and contextual data to deliver device, application, and usage insights that help optimize IT spending and resources. Those same old concerns from employees about batteries, hard drives and blue screen errors can be tackled before they affect end users. What’s more, the enterprise can even keep a check on CPU utilization, so you know which employees could use a more cost-efficient model while still being highly productive. For example, some employees may not require the use of CPU-intensive software that specialists use. Therefore, the company could save money by buying a device which doesn’t come with the fastest CPU, while investing more in devices for employees that require high-end processors and extended battery life.

With HP Device as a Service, customers can transform their device acquisition and unified endpoint management to a consumption-based service delivered through the cloud. Leave the worries of yesteryear to us and concentrate on the future of your business.

To learn more on HP DaaS visit: https://www8.hp.com/us/en/services/daas.html

The post Managing Devices To Ensure Focus Is On Tomorrow Rather Than Yesterday appeared first on VMware End-User Computing Blog.

Starting with the 4.0 release of Network Insight, VMware is providing support for VMware Cloud on AWS, including visibility into your configuration and flows for security planning.  Support for VMware Cloud on AWS is currently in Preview.  Additionally, Network Insight is expanding support for Cisco ASA, Cisco ACI, and BGP-EVPN.  Paths can now be traced between VMs running in VMware Cloud on AWS, on premises in vSphere, or with EC2 instances running in Amazon Web Services (AWS).  We’ve also added static and dynamic thresholds with the ability to trigger alarms when certain conditions occur.  Network Insight also offer expanded NSX day-2 events, sFlow support, and F5 router visibility.  All of these updates are on tap for the big 4.0 release!  I’ve picked a few of the new features for a deeper dive.

One of the cooler features in this release is preview support for VMware Cloud on AWS.  You’ll be able to see your configurations, network metrics from NSX and vCenter, and best of all IPFIX flows between VMware Cloud on AWS VMs and back to your on premises NSX and vSphere environments.  So if you want to keep an eye on a cloud-based application or hybrid application running between your public and private cloud, determine who they are talking to, understand your security posture, and other day-2 health monitoring options, network insight has you covered.  We show the configurations on both ends, overlay and underlay entities in the path, firewall rules, and where there might be problems.  In a nutshell, the features you’ve become accustomed to for on premises visibility and planning are now extended fully to external cloud environments such as VMware Cloud on AWS and Native AWS.

In the screenshot above, we see a path has been traced between a VMware Cloud on AWS VM and on premises vSphere VM.  For this path, you can view deep information from VMware Cloud on AWS, including VMs, Hosts, security, and network configs, your VPN connection, and on premises VMs, Hosts, security posture, plus network configs.  Notice the NSX T0/T1 routers along with applied firewall rules, specific to the path, are visible.  Each entity in the path can be clicked to show further information about configurations and associated problems.  Clicking the firewall icon beneath the VM in the orange section, the brick wall icon, displays the firewall rules applied to the VMware Cloud on AWS VM by the NSX distributed firewall.  This path view is great for seeing all the datasources stitched together to help understand and monitor environments.

VMware Cloud on AWS support is included within the Plan Security option in Network Insight, shown above.  Network Insight can view traffic patterns for VMware Cloud on AWS backed applications, these traffic patterns help rationalize apps from a networking point of view.  Once application rationalization is complete,  micro-segmentation planning and implementation can move forward in VMware Cloud on AWS using the recommended firewall rules Network Insight provides.  As with other datasources, this is a near-real time look at the traffic and configurations within and external to VMware Cloud on AWS.

A major focus for Network Insight is providing underlay network visibility and monitoring.  With this release, Network Insight now shows Cisco ACI entities.  Simply point Network Insight at an APIC controller and configuration details, including ACI fabric, EPGs, EPG mappings, Bridge Domains, L2 paths to leaf nodes and visibility as a VRF in the VM-to-VM path are available.  SNMP-based metrics are also supported for the APIC and switches.  In the VM-to-VM path above, notice the ACI spine and leaf fabric elements are visible.  Each part of the fabric can be clicked into for further configuration and status details.

Individual dashboards are available for Leaf and Spine fabric (shown above), switches, EPGs, and application profiles.  Finally, powerful searches can be built around each ACI entity to highlight specific configurations or scenarios.  You can then add the results to a pinboard and trigger alarms, if necessary.  We are working on a deeper dive on ACI in a separate blog article, stay tuned.

For Cisco ASA firewalls, our goal was to provide a similar level of visibility into your security posture that we provide with Palo Alto Networks and CheckPoint devices.  The ASA firewall support includes visibility into security context, access rules, access groups, network and service objects or groups, discovery and change events, and firewall rules in the VM-to-VM path.  The VRF view above shows a view of the ASA firewall and routing tables, with further details on the router interfaces and device configurations.  Only the firewall rules that are specific to the path appear in the window.  Network Insight also provides broader views of ASA rules and other configurations beyond what appears in the VM-to-VM path views.

Network Insight adds dynamic or static threshholds to collected metrics.  On the static side, you can trigger a notification if a metric value exceeds or decreases from a specific value.  For example, VMs in an application encounter packet drop > 100 in a certain interval or traffic rate for a cluster drops below 50 Mb over an hour.  Each of these conditions can trigger an alert.  For dynamic thresholds, if a value deviates from past behavior, an alert can be triggered.  In this scenario, an application could be monitored for changes in traffic patterns.  If a significant deviation occurs an alert could be triggered.

The updated NSX-T datasource adds support for a number of new health-related events and metrics, such as connectivity issues between NSX components, number of NSX API calls, packet drops, flow count, network rate, and byte count to name a few.  Metrics are provided for NSX-T logical switches, logical ports, router interfaces, and firewall rules.  NAT is also supported, including the ability to view all SNAT, DNAT, Reflexive (stateless) rules.  In the path screenshot, NAT details include the original and translated IPs, Service Router connection, plus in and out interfaces.

Also in this release, pinboards become a searchable entity, an example search could be: pinboard where name like ‘flows’, will return every pinboard with the name flows included.  Also, pinboards can be set as a homepage.  Setting a favorite or useful pinboard as a homepage makes sure your most critical applications and metrics are front and center when needed.

Direct upgrades are supported from 3.8 and 3.9 to 4.0.  The upgrade process has never been easier and faster.  There are a number of other new features in the release.  As I mentioned earlier, we’ll be posting additional blog articles to explore this release.  Keep an eye out for further blog articles and enjoy your Holidays.

The post What’s New For vRealize Network Insight 4.0/Network Insight Service appeared first on VMware Cloud Management.

Cybersecurity once again made news on a frequent basis in 2018, where we saw hardware vulnerabilities like Spectre and Meltdown, ransomware attacks like SamSam, and cyberattacks in social media, transportation, and communications industries. Exposed vulnerabilities and cyberattacks will likely continue to rise in 2019, which is why it’s crucial for IT and security operations to try and stay a step ahead when it comes to security, especially in the end-user computing space. We live in a world where employees expect flexibility in working anywhere, on any device, and getting access to apps on-demand. This is where Workspace ONE, the industry’s first intelligence-driven digital workspace platform, can help.

This year, we continued innovating across the Workspace ONE platform to improve employee productivity by enhancing user experience and simplifying IT administration by redefining modern management. In parallel, we were also laser-focused on helping our customers implement Zero Trust security for their digital workspace using Workspace ONE. As 2018 winds down, here’s a look at the top 10 Workspace ONE headlines that boosted security in the digital workspace this year:

1. Workspace ONE Intelligence – one of the biggest challenges in user, device and app management is lack of visibility and time spent on manual tasks. To help alleviate these pains, we introduced Workspace ONE Intelligence in the beginning of the year. Beyond improving user experience and optimizing resources, Workspace ONE Intelligence strengthens security and compliance across a digital workspace by providing visibility of security risks and patches, and then automation for security processes and policies.

Watch here to learn more about Workspace ONE Intelligence:

2. Workspace ONE Trust Network – The more data available for Workspace ONE Intelligence to aggregate and correlate, the greater the potential to improve security. This is one reason Workspace ONE Trust Network was announced earlier this year in tandem with Workspace ONE Intelligence. Through Workspace ONE Trust Network, customers will be able to leverage threat intelligence from an ecosystem of integrated partner solutions based on a framework of verification.

3. Workspace ONE partner integrations – In addition to the Workspace ONE Trust Network integrations currently underway, 2018 brought several Workspace ONE and partner integrated solutions to the market. To highlight a few:

• In April, we announced integration between Workspace ONE and F5 BIG-IP APM as a Gateway to help customers reduce risk of data loss with more access policies.
• In May, we launched a partnership with Okta to help customers accelerate their journey to the digital workspace, and have updated integrations throughout the year.
• In June, we integrated Workspace ONE with the Cisco Security Connector to provide greater compliance and protection for organizations with employees who work on iOS devices

4. Unified Endpoint Management (UEM) security enhancements – At the core of the Workspace ONE Platform sits Workspace ONE Unified Endpoint Management, powered by VMware AirWatch. There were several updates to Workspace ONE UEM, the most recent being Workspace ONE UEM 1810 and 1811. Some of the security updates in these releases include a SafetyNet Attestation API to assess the security and compatibility of Android environment, VMware Workspace ONE Tunnel support for both Android Enterprise and Legacy Android, and support for Role-Based Access Control (RBAC) and TLS for SCCM connections in AirLift 1.1.

5. Security updates to Workspace ONE Apps – Workspace ONE UEM 1811 also introduced security updates to VMware Workspace ONE Boxer, including PIV-D support, NIAP certification (the industry’s first for secure email!), and Google G Suite support. We also introduced Workspace ONE Send earlier this year, connecting Workspace ONE Apps like Boxer and Workspace ONE Content to apps like Microsoft Word, Excel and PowerPoint to quickly and securely pass files back and forth while respecting Intune DLP policies.

6. Privacy – Data protection was a hot topic this year with GDPR becoming enforceable in May. Workspace ONE has many management and security capabilities for users, devices, and apps that map to security and privacy use cases that can be relevant in GDPR context. One example of this is a new privacy consent flow that notifies users of what data is being collected by which app in Workspace ONE.

Watch here to learn more about the privacy consent flow module:

7. VMware Horizon – Providing end users access to virtual desktops and apps is another core fundamental piece of a digital workspace. This year, we saw security enhancements to Horizon, for example with Virtualization-based security (VBS) support on vSphere 6.7 and role-based access (RBAC) in App Volumes 2.14. Horizon Cloud saw security improvements by now supporting NSX Cloud with Horizon Cloud on Azure, helping secure virtual desktops using micro-segmentation and automated policies. Support for Horizon Cloud and Microsoft Azure Government, and security capabilities for Horizon Cloud, like disk encryption and support for RADIUS 2FA, round out additional security enhancements this year.

8. E8 acquisition – Leveraging user and entity behavior analytics is becoming critical in bolstering security for the digital workspace. To that effect, in March this year, we acquired the technology and team of E8 Security to help simplify management and security in the digital workspace. This an exciting technology that will help customers correlate data to accurately detect and respond to advanced threats using analytics, surfacing anomalies and suspicious behaviors.

9. Gartner Critical Capabilities for High Security Mobility Management Report – In September, Gartner published their Critical Capabilities for High Security Mobility Management report, comparing mobility vendors’ capabilities and use cases for high security. Workspace ONE was recognized by scoring the highest in 2 of the 6 use cases – high-security unified endpoint management and shared devices, while also scoring the 2^nd highest in 3 of the remaining 4 use cases. This achievement helps validate the investment in security we are making to the Workspace ONE platform.

10. 2018 SIIA CODiE award – Workspace ONE was recognized as the best endpoint security management solution by SIIA in June this year, again helping validate the innovation and impact security has had within the Workspace ONE platform. We are also excited to share that Workspace ONE is a finalist for best data leakage prevention (DLP) solution and best mobile security solution in the 2019 SC Awards!

In a year packed with headlines for Workspace ONE, our investment in security clearly stood out. As we head into 2019, we thank you and all of our great customers for using Workspace ONE for your journey into the secure digital workspace. For more information on Workspace ONE, visit our VMware Digital Workspace Tech Zone.

The post Top 10 Workspace ONE Security Headlines in 2018 appeared first on VMware End-User Computing Blog.

As we look ahead towards 2019 we’re celebrating the successes of the past year, and what a year it was! With so many new releases, features, updates and enhancements, we’re thrilled to continue to innovate and provide solutions that address our customers’ needs. As we wrap-up and highlight some of our most innovative steps towards the future, we know that our community has embarked on the journey to the digital workspace right along with us. Here’s to you, our customers and community, as we celebrate our top ten count-down for 2018!

10 – Support for Android enterprise on purpose-built devices

In February, we were thrilled to announce support for Android Enterprise, giving IT unparalleled security features and the ability to lock down devices, silently install apps and push updates. With this update, Android enterprise became the default deployment model for Android devices. Take a look at the Android Series to learn more.

9 – Take advantage of HOLs and Tech Zone Content

Hands-on Labs (HOL) are the fastest and easiest way to test-drive the full technical capabilities of VMware products. Best of all, these evaluations are FREE, up and running on your browser in minutes, and require no installation. This year we had hundreds of customers at VMworld and at home take advantage of the HOLs. Start off with the VMware Workspace ONE – Getting Started Hands-on Lab. Not enough for you? Head to the Tech Zone for the 23 videos, 24 guides, and 10 blogs we have published.

8 – Our community grows

This year we focused even more on our end-users and costumers. We asked you what you wanted to see and needed and took your feedback to heart. The result? A year of new updates and features that are the best in market. Our success this year and in the future is all thanks to our customers, partners, and community. Join the conversation with us on Twitter (Horizon and Workspace ONE), Facebook (Horizon and Workspace ONE) and LinkedIn (Horizon and Airwatch).

7 – Security takes center stage with new partnerships

One of the focal points in empowering a digital workspace is security, which is why it’s imperative to have a solid digital workspace security strategy in place. Because of the way employees work today, the security perimeter has dissolved, and threats have grown, evolved and adapted accordingly. At VMworld we announced an expansion of our ecosystem of partners supporting Workspace ONE Trust Network, which now includes four new partners: CheckPoint, Palo Alto Networks, TrendMicro and Zscaler. We’re also proud of our deep integrations between VMware Workspace ONE and the Okta Identity Cloud, as customers benefit from an enhanced user experience and greater security together in the digital workspace.

6 – EUC is recognized as an industry leader

Go team! Forrester recognized VMware’s intelligence-driven digital workspace platform, awarding us the highest possible score in the market presence category, product vision, commitment to innovation, and partner ecosystem criteria. Gartner scored VMware highest in the “Secure UEM” use case, highest in 4 out of 6 use cases in the 2018 Gartner Critical Capabilities for Unified Endpoint Management, and as leader in Gartner’s inaugural July 2018 Magic Quadrant for Unified Endpoint Management (UEM). It’s also the second year in a row where IDC named VMware a Leader.

• Two for Two! VMware Named a Leader in IDC MarketScape: Unified Endpoint Management Software 2018 Vendor Assessment
• VMware Named Leader in the IDC MarketScape: Worldwide Enterprise Mobility Management Software 2018 Vendor Assessment
• VMware Named a Leader in The Forrester Wave: Unified Endpoint Management, Q4 2018
• New Forrester TEI Study Shows Significant ROI and Benefits with Workspace ONE Modern Management for Windows 10
• VMware Receives High Score in “High-Security Unified Endpoint Management” Use Case in the New Gartner Report
• VMware Scored Highest in 4 out of 6 Use Cases in the 2018 Gartner Critical Capabilities for Unified Endpoint Management
• VMware Named a Leader in July 2018 Gartner Magic Quadrant for Unified Endpoint Management
• VMware Workspace ONE Again Named to Constellation ShortList for Cloud Identity Management
• Phoenix Children’s Hospital Wins Mobie Award for Workspace ONE UEM Deployment

5 – Productivity from anywhere on any device with Workspace ONE Intelligent Hub

Successful business outcomes come from employees who are empowered with technology that simplifies the experience, boosts productivity, and promotes engagement. At VMworld we announced the newest addition to the Workspace ONE platform, Workspace ONE Intelligent Hub! Workspace ONE Intelligent Hub is a single destination where employees can securely access, discover, and connect with teams and workflows wherever they are and from any device.

4 – Workspace ONE Intelligence give us the insights that matter

Workspace ONE Intelligence was launched earlier this year to provide insights, app analytics, and automation that help our customers improve security, optimize resources, and enhance user experience in their digital workspace. Want to learn more? Test drive Workspace ONE Intelligence today!

3 – EUC does VMworld!

In August and again in November the EUC team traveled to VMworld US and VMworld Europe, and what a conference! From our Digital Workspace Showcase Keynote to vGPU updates announced by Pat Gelsinger, storm troopers in the hallways, and Brian Maddens first ever EUC Community Tech Talk, the week was one to put on the books. Missed the activities? Watch on-demand. We can’t wait to see everyone next year!

2 – Burst to the cloud! Horizon kicks off the year with AWS and Azure

In 2018 Enterprises embraced the hybrid cloud in a big way – and Horizon didn’t disappoint. Horizon on VMware Cloud on AWS is the only hybrid cloud solution that allows you to modernize, protect and scale vSphere-based applications leveraging AWS, the world’s leading public cloud, and VMware Horizon Cloud Service on Microsoft Azure celebrated its first birthday this year.

Wrapping up the year, in mid-December, we released VMware Horizon 7 Version 7.7 and VMware Horizon Client 4.10, and NSX Cloud support for Horizon Cloud on Microsoft Azure with new features and enhancements. Continued innovation of new features and functionality to deploy and manage virtual desktops in the cloud made this the year of Horizon!

1 – Workspace ONE Raises the Bar for UEM

In March, VMware unveiled the industry’s first intelligence-driven digital workspace with Workspace ONE Intelligence and in September we announced the next step in Modern Management, Desktop Virtualization, and End User Services. The announcement that Workspace ONE AirLift is now generally available highlighted our continued innovation and integration – the AirLift connector for SCCM enables migration of SCCM Collections and PCLM workloads, including Win32 app packages, to Workspace ONE automatically, and accelerates the transition to Windows 10 modern management. Our mission to deliver and manage any app on any device with an integrated digital workspace platform was at the forefront this year.

From all of us on the EUC team, thank you for joining us on this digital workspace journey this year. We can’t wait to unveil what we have in store for 2019!

The post Top 10 Digital Workspace Moments of 2018 appeared first on VMware End-User Computing Blog.

It’s a proud moment to say that vRSLCM is now a well-known VMware’s product providing Life Cycle Management support for vRealize Suite of products including ‘vRealize Network Insight’ as of now.

vRSLCM currently provides support for below listed products:

• vRealize Automation
• vRealize Operations Managers
• vRealize Log Insight
• vRealize Business for Cloud
• vRealize Network Insight

Once a product gets imported/deployed in vRSLCM, then managing their lifecycle is just a piece of cake.

But wait, what if the product you want to manage is supported by vRSLCM, but the Product version you are looking for is not available to manage with vRSLCM.

vRSLCM knows your concerns about Version Support for vRealize Products, and so with vRSLCM 1.3 release onwards, you don’t have to worry about this.

Yes, you heard it correctly. With vRSLCM 1.3 release onwards, you can add support for newer versions of vRealize Products using Product Support Pack files.

Note: Once new Product Support Pack file get applied to vRSLCM, it can’t be rollback.

But that is not required either.

Prerequisite

All you need is to have a Product Support Pack file and of course a running vRSLCM instance. To make Product Support Pack file available in vRSLCM, it can be done either via Online (when vRSLCM is connected to internet) or Offline (without internet connectivity) options.

PSPAK to vRSLCM : Add me in the list and I am all yours

Download and Apply Product Support Pack File – Online

Whenever a new Product Support Pack file is available online, and vRSLCM is also connected online, you will soon get a notification for the same in vRSLCM UI.

(Thanks to one more fantastic feature of vRSLCM i.e. Its notification services.)

• The Notifications Icon is visible in the top right corner of vRSLCM UI. It shows the availability for new Product Support Pack file available online to download, along with other notifications.

Once you click the icon, it shows the list of notifications as shown below:

• Click on the notification for Product Support Pack file. It will take you to ‘Settings’ page -> ‘Update’ tab. You can manually also navigate to the same.
• You will see the list of supported current Product versions along with the list of Product versions which your vRSLCM will start supporting once you apply the new Product Support Pack file as shown below:

• Now for applying Product Support Pack file, just click on button 

And without taking much time, within seconds, the Product Support Pack file will get applied in vRSLCM.

Note: At any moment you can also follow below simple steps to check whether any Product Support Pack file is available online. Just follow below steps.

1. Login to LCM UI
2. Manually navigate to ‘Settings’ page -> ‘Update’ tab
3. Look for section ‘Support for Additional Product Versions’ and click on button
4. It won’t take much time and soon you will see the list of supported current product versions along with the list of Product versions which your vRSLCM will start supporting once you apply the new product support pack file.
5. Now for applying Product Support Pack file, just click on button 

Once Product Support Pack file gets applied, that’s all you need.

You are all set to use vRSLCM for the newly supported product version.

Download and Apply Product Support Pack File – Offline

You can also download the Product Support Pack file from VMware Marketplace and can upload the same to vRSLCM while it is in offline mode. Isn’t it cool?

Just follow below simple steps:

Download the Product Support Pack file for product ‘vRealize Suite Lifecycle Manager’ from VMware Marketplace portal.

Note: Click on below link to open VMware Marketplace portal:

https://marketplace.vmware.com

1. Login to your vRSLCM UI, and manually navigate to ‘Settings’ page -> ‘Update’ tab
2. Look for section ‘Support for Additional Product Versions’ as shown below:

1. Click on button
2. Select and upload the Product Support Pack file downloaded from VMware Marketplace.
3. You will see the list of supported current Product versions along with the list of Product versions which your vRSLCM will start supporting once you apply the new Product Support Pack file as shown below:

1. Now for applying Product Support Pack file, just click on button

And you did it again. The Product Support Pack file will get applied within seconds even when vRSLCM is in offline mode.

Troubleshooting

Question: I applied Product Support Pack file, but not able to see any request in ‘Request Page’.

» Answer: Request will not get created in ‘Request Page’ for applying Product Support Pack file. Once you select to apply Product Support Pack File, in seconds it will be ready to use.

Question: How can I confirm, whether Product Support Pack File gets applied successfully.

» Answer: Start deploy/import of Products in an environment and you will find that it already starts listing the new supported Product versions.

For reference see below images taken while creating an Environment in vRSLCM for one of the vRealize Product supported by vRSLCM (listing product versions):

vRealize Log Insight product version support (in vRSLCM 2.0 build) before applying Product Support Pack file:

vRealize Log Insight product version support after applying a Product Support Pack file:

Question: Is there any log file which I can refer, incase of any issue while applying Product Support Pack.

» Answer: You can refer to the Xenon logs if any issues occurs while applying Product Support Pack file.

Logs are present in the VA location ‘/var/log/vlcm/vrlcm-xserver.log’

The post PSPAK – Product Support Pack File (Way to add support for more Product Versions) appeared first on VMware Cloud Management.

While Blue Medora provides monitoring data integrations for traditional data center compute platforms from Cisco, Dell EMC, HPE, and Lenovo, we have been expanding our footprint into converged and hyper-converged infrastructures (HCI). Recently we added support for NetApp HCI & SolidFire, including a new management pack for the VMware vRealize Operations (vROps) monitoring platform. Despite the debate as to whether NetApp HCI is really hyper-converged infrastructure like other solutions, monitoring storage in the context of its dependencies to VMs and cloud resources improves service delivery and return on your storage investment. Let’s drill into how Blue Medora’s vROps management pack adds relational visibility into NetApp HCI & the SolidFire Element OS.

NetApp describes HCI as an enterprise-scale hyper-converged cloud infrastructure. NetApp HCI comes in a 2RU chassis with four node expansion slots. The minimum configuration for NetApp HCI is:

• Two 2RU four node chassis
• Four storage nodes
• Two compute nodes
• Two open bays for expansion nodes
• Once the minimum configuration is met, storage and compute nodes and sizes can be mixed and matched

Blue Medora’s management pack for NetApp HCI on SolidFire accesses the SolidFire Element OS API to import NetApp HCI/SolidFire storage-related resources, relationships, metrics, and alerts into vROps, enabling comprehensive monitoring and troubleshooting, while providing visibility into the virtual layer within vROps.

Compute resources and data are not available directly through the SolidFire Element OS API or NetApp API Services (data collection is limited to storage only). The management pack connects to ESXi hosts for compute node data. We make the following relationships:

Once connected, the user will be presented with several dashboards:

• NetApp HCI Cluster Overview
• NetApp HCI Health Investigation
• NetApp HCI Volume Overview
• NetApp HCI VVol Overview

The NetApp HCI Cluster Overview dashboard provides cluster-level visibility into the overall health and performance of your clusters and related storage and compute nodes. Click on a cluster to populate the Cluster Overview, Relationships, and IOPS, Throughput, and Latency widgets. You can then select a related storage node and host system (compute node) to view additional KPIs for each resource.

The NetApp HCI Health Investigation dashboard provides a dashboard for troubleshooting your NetApp HCI storage environment. Select a resource from the Environment widget to populate its alerts, KPIs, and object relationships.

The NetApp HCI Volume Overview dashboard provides an overview of volume capacity, utilization, performance, and relationships, as well as insight into volume related datastore(s). Click on a volume from the heatmap-based Volume Selector widget to populate the Volume Overview, Relationships, and IOPS, Throughput, and Latency widgets. Then select a related datastore to view additional KPIs for the selected resource.

The NetApp HCI VVOL Overview dashboard provides an overview of VVOL capacity, utilization, performance, and relationships, as well as insight into VVOL related virtual machine(s). Click on a VVOL from the heatmap-based VVOL Selector widget to populate the VVOL Overview, Relationships, IOPS, and Throughput widgets. Then select a related virtual machine to view additional KPIs for the selected resource.

Beyond dashboards, our management pack also provides two reports:

• • NetApp HCI KPIs
  • HCI Node Report

The management pack for NetApp HCI & SolidFire passes alerts into vROps from the SolidFire Element OS API based on the Minimum Event Severity Advanced Configuration setting. If the user leaves the default setting of INFO selected at configuration time, all events from the Element OS API will be brought into vROps.

Blue Medora supports more than 150 monitoring signal sources, including cloud resources like Kubernetes, AWS, and Azure. So even as NetApp data fabric resources extend to the public cloud, you can maintain visibility in vRealize.

Try it yourself. For teams using vRealize Operations to manage their hybrid environments, the NetApp HCI & SolidFire management pack is available on VMware Solution Exchange as part of the True Visibility Suite, or the new options of VMware vRealize® Suite Standard with Extensibility or vCloud Suite with Extensibility (available soon).

The post Full Stack Monitoring for Hybrid Clouds using NetApp HCI and SolidFire appeared first on VMware Cloud Management.

Part 3 of a 3-part series focused on application, network and device-level mobile threats. This blog focuses on device-level mobile threats.

By Vivien Raoul, Chief Technology Officer for Pradeo

In our previous articles about application and network-related mobile threats, we observed that cybercriminals always look for innovative ways to breach an organizations’ data. Recently, new threats such as leaky applications, smishing and zero-day malware have emerged and gained ground as popular attack methods. Enterprise mobility is facing these sophisticated threats and warding them off has become challenging for security leaders.

In this post, we focus on the techniques used to exploit mobile devices’ vulnerabilities and offer how organizations can potentially prevent these type of attacks.

Outdated OS exploit – the most widely-used attack at the device-level

Researchers discover vulnerabilities in operating systems on a regular basis. When that happens, mobile device operating system manufacturers such as Apple and Google quickly develop and release security patches to be deployed to users through OS updates. Once updated, vulnerabilities detected in previous versions of the operating system are typically publicly disclosed.

In October 2018, the Pradeo Lab observed that 90% of Android devices and 50% of iOS devices used in the workplace (BYOD and COPE) run outdated OS versions. Most mobile users don’t install updates as soon as they are available, potentially causing their mobile device to be more prone to a malicious attack and endangering the data that lives or is processed on the mobile device. Cybercriminals target outdated devices to exploit their disclosed vulnerabilities. This type of attack can lead to system takeover and major data breach as it provides perpetrators with extended rights into the mobile device, enabling them to steal and tamper with data, to perform denial of service, and more.

Setting modification – not as innocuous as we may think

Mobile devices are typically set up to ensure basic protection for users. By default, some functionality, such as the installation of untrusted certificates or the modification of host files, are disabled to ensure that malicious content isn’t accessed. However, in order to extend their rights, some users change their device default settings, thus exposing their data to the threats potentially featured by untrusted websites and applications. This ultimately increases their device’s exposure to Man-In-The-Middle attacks.

Root / Jailbreak exploit – found the most in IT staff

6% of IT employees use a rooted or jailbroken device, compared to only 0.1% in other services. By deeply modifying their smartphones’ OS in order to benefit from extra features, these users expose their devices to malicious and intrusive applications. 75.1% of mobile apps automatically check the root / jailbreak status of devices to execute specific commands. This practice weakens a device’s resistance to attacks and puts personal and corporate data at risk.

Pradeo Security and VMware Workspace ONE – help prevent app, network and device-level attacks

Pradeo Security leverages Artificial Intelligence principles such as machine learning and deep learning to enable its engine with the most precise mobile threat detection. Relying on these capabilities, Pradeo Security Mobile Threat Defense accurately identifies known, unknown and advanced mobile threats operating at the application, the network and the device-level, defending against threats before they do any harm. Once activated through, Pradeo Security provides fast, appropriate and proactive threat management directly from the VMware Unified Endpoint Management (UEM) console.

Interested in learning more about Pradeo Security integration with Workspace ONE?

• Download the datasheet
• Watch the Pradeo and Workspace ONE joint webinar

The post Exfiltrating User Data from Mobile Devices – What Cybercriminals Look For appeared first on VMware End-User Computing Blog.

Memory metrics for Virtual Machines have changed in recent releases of vRealize Operations to make managing your SDDC better. In this blog, I will explain these changes to help you understand how they help you. To start things off, let’s define a couple of important metrics.

Active Memory

By definition, Active Memory is the “amount of memory that is actively used, as estimated by VMkernel based on recently touched memory pages.” Since a virtual machine isn’t constantly touching every memory page, this metric essentially represents how aggressive the virtual machine is using the memory allocated to it. What this means is that memory utilization, as seen from within the guest OS via Task Manager or top, will almost always be greater than Active Memory. Refer to Understanding vSphere Active Memory if you want to read a more detailed explanation of Active Memory. In vRealize Operations, this metric is called Memory|Non Zero Active (KB).

Consumed Memory

By definition, Consumed Memory is the “amount of host physical memory consumed by a virtual machine, host, or cluster.” That article also states that “VM consumed memory = memory granted – memory saved due to memory sharing.“ What this means is Consumed Memory can include memory that the guest OS considers free. If you compare Task Manager or top to Consumed Memory, you will see that Consumed Memory is almost always larger. In vRealize Operations, this metric is called Memory|Consumed (KB).

Here is a screenshot comparing Task Manager with Memory|Non Zero Active (KB) and Memory|Consumed (KB).

History Lesson

Now that we know what Active and Consumed memory are and how they relate to what the guest OS shows, it’s time for a short history lesson of vRealize Operations (and you thought you were done with history after high school).

vRealize Operations 6.6.1 and Older

vRealize Operations 6.6.1 and earlier relied on Active Memory when calculating utilization and demand. This meant that memory utilization always appeared lower than what you see in the guest OS. Active Memory was used by the capacity engine, which meant that sizing recommendations were also based on Active Memory. What this meant was the recommendations were usually quite aggressive.

vRealize Operations 6.3

The release of vRealize Operations 6.3 brought support for collecting in-guest metrics via VMware Tools. These metrics weren’t used by any vRealize Operations content (yet), but they were available for you to use. This was an awesome addition because it gave additional visibility into the guest’s perspective without needing another agent. As you can see from the list of metrics below, this meant memory utilization was now available. Note that not all these metrics are collected by default, but you can enable the one you need using policies.

Guest metrics added in vRealize Operations 6.3:

• Guest|Active File Cache Memory (KB)
• Guest|Context Swap Rate per second
• Guest|Free Memory (KB)
• Guest|Huge Page Size (KB)
• Guest|Needed Memory (KB)
• Guest|Page In Rate per second
• Guest|Page Out Rate per second
• Guest|Page Size (KB)
• Guest|Physically Usable Memory (KB)
• Guest|Remaning Swap Space (KB)
• Guest|Total Huge Pages

vRealize Operations 6.7

The release of vRealize Operations 6.7 was a milestone release because it really helped improve usability and simplify how you use the product. There are a few critical changes related to memory monitoring, such as a brand-new capacity engine and the elimination of redundant and unnecessary metrics. The most important change, related to memory metrics, is it utilizes the Guest|Needed Memory (KB) metric, which is collected via VMware Tools that was added in vRealize Operations 6.3. This change was made to greatly improve the quality of projections from the capacity engine as well as rightsizing.

There are some situations where the guest memory metrics can’t make it to vRealize Operations such as VMware Tools not being installed, running an unsupported version, etc. Knowing that the data may not always be available, Consumed Memory is used for failback. Consumed Memory was selected as the failback metric because, as shown above, it’s more conservative than Active Memory. The primary metrics affected by these changes are Memory|Usage (%) and Memory|Utilization (KB).

Typically, you would see that Guest|Needed Memory (KB) and Memory|Utilization (KB) are nearly identical (unless there is an issue collecting the metric from VMware Tools). If there is an issue collecting Guest|Needed Memory (KB), you will see that it correlates with Memory|Consumed (KB) instead.

Memory|Utilization (KB) is the metric used by the capacity engine and therefore rightsizing recommendations. As you can see, it’s advantageous to ensure that Guest|Needed Memory (KB) is collecting from VMware Tools to get the best quality recommendations.

By now, I’m sure you’re wondering about the actual formula used. If guest metrics from VMware Tools are collecting, Memory|Utilization (KB) = Guest|Needed Memory (KB) + ( Guest|Page In Rate per second * Guest|Page Size (KB) ) + Memory|Total Capacity (KB) – Guest|Physically Usable Memory (KB).  If guest metrics from VMware Tools are not collecting, Memory|Utilization (KB) = Memory|Consumed (KB).

vRealize Operations 7.0

With the release of vRealize Operations 7.0, there was a tweak made to Memory|Usage (%) based on customer feedback. Memory|Usage (%) was changed to prefer Guest|Needed Memory (KB) from VMware Tools, but it now fails back to Memory|Non Zero Active (KB) if it’s not available. This change allows you to use Memory|Usage (%) to show an aggressive percentage and Memory|Workload (%) to show a conservative percentage in dashboards and reports.

Memory|Utilization (KB) remains unchanged from vRealize Operations 6.7. Memory|Utilization (KB) is still the metric used by the capacity engine and rightsizing recommendations. Again, it’s important to ensure that Guest|Needed Memory (KB) is collecting from VMware Tools to get the best quality recommendations from vRealize Operations.

Validation

Now that you know the history, I’m sure you’re wondering how to ensure it’s working optimally. As you can see, there are many components needed for the feature to work. It’s important to ensure each of these requirements are met.

• vCenter Server 6.0 Update 1 or newer
• ESXi 6.0 Update 1 or newer
• VMware Tools 10.3.2 Build 10338 or newer for Windows
• VMware Tools 9.10.5 Build 9541 or newer for 64-bit Linux
• VMware Tools 10.3.5 Build 10341 or newer for 32-bit Linux
• Disconnect/reconnect the host from vCenter as mentioned in KB 55675

I realize the list of requirements is long and it can be challenging to track in large environments. To help, I’ve created a dashboard to help you identify VMs that aren’t collecting memory from the guest OS. You can find the dashboard along with install instructions on the vRealize Operations Dashboard Sample Exchange site.

Here’s to better managing your memory and your capacity!

The post Enhancements to Virtual Machine Memory Metrics in vRealize Operations appeared first on VMware Cloud Management.

I struggle with concentration. I find it difficult to focus on more than one task at a time, and so in my case, Distraction = Low Productivity. One of the things I tend to struggle with is when there are multiple variables that need to be tracked at any one time. I feel very sorry for IT admins who need to keep track of potentially thousands of different devices used by thousands of different users. IT admins need a way to quickly understand what is happening with their devices, their applications and their users in real time in order to secure their environments and deliver great user experience, leading to higher productivity.

VMware’s Workspace ONE platform has been designed to allow management of all devices and applications from one place. It incorporates industry leading Unified Endpoint Management for everything from iPhones to Windows 10 devices, along with the ability to deliver virtualized Windows desktops and applications. Workspace ONE also bridges user experience across multiple device and app ecosystems by using an integrated Identity Management solution.

All of this means that Workspace ONE is in a unique position to give IT admins insights on employees enterprise application usage, their corporate-owned or BYO devices, device context and session information. Nowhere else in an enterprise is there such a single platform which touches all users and devices. This is why VMware created Workspace ONE Intelligence, to help IT admins make the most of this opportunity.

What is Workspace ONE Intelligence?

The Workspace ONE platform consists of three key components:

• Unified Endpoint Management (previously AirWatch). This component enables the enterprise to manage all deployed devices, and also grab key logs, metrics and real-time contextual values from these devices.
• Identity Management. A central authentication and authorization point which grants access to all authorized services, including SaaS apps.
• Virtual Windows Apps and Desktops (powered by VMware Horizon). Windows apps still make up the majority of applications in the enterprise, so the Workspace ONE platform offers industry-leading Windows apps and desktop delivery.

Now, imagine that these were three completely independent solutions, with various logs and data streams. Also imagine that you still had physical desktops and a legacy PCLM system to maintain. It would very quickly lead to an enormous amount of data to gather, store and analyze. The very idea of this makes me start to panic.

VMware has recognized the value of having a single access platform, and so Workspace ONE Intelligence now allows enterprises to put all access, device and applications information into a single data lake. This isn’t complex to set up or configure, as all of the information is readily available through the different components in the platform. From the Endpoint Management side, IT gets access to device information, including hardware and software version, software installed and Wi-Fi info. From the Identity Management perspective, we know when a user logged on, and also which applications they accessed. If we then add in virtual Windows apps and desktops, we have information capabilities that allow enterprises to know everything about user behavior as it related to virtual Windows apps and desktops.

What can Workspace ONE Intelligence do for you?

Let’s say, for instance, that you want a quick look at any security risks you may have across your devices. There is a report for that, listing such key principles as Compromised Devices, Encryption Status and Passcode:

VMware acquired Apteligent, and the innovative capabilities provided by that platform have been integrated into the Intelligence service. With Apteligent, enterprises have the ability to get detailed application-centric information including crash reports, user behavior and app performance. By adding the capabilities provided by Apteligent into Workspace ONE Intelligence, you can now get all of your user information in one location.

Another key report is application launch count. This is very useful for helping an application team understand which applications are being utilized, across which platforms. Think about this in the context of application rationalization. I’ve often spoken to organizations looking to reduce the number of applications they deploy to their end users. The ability to understand which applications are being used and how often is a very valuable metric for this exercise.

Another great example is the ability to quickly create a report to detect specific security risks or vulnerabilities. In the below example, a report has been created to list devices currently exposed to the Spectre vulnerability:

In this case, we’re simply looking at enrolled Android devices which have not been patched since May 2018:

The really cool stuff: Automation

Workspace ONE Intelligence already incorporates many different metrics gleaned from the various components of the platform. Great, but what can we actually do with all of this information? This is where automation comes in.

Let’s say that we have a number of older Dell laptops deployed around the enterprise, and that some of these are beginning to exhibit signs of an ageing battery. Battery age is determined by recharge cycles and general usage, so it’s not efficient to make sweeping generalizations about the general health of your laptop estate. With Workspace ONE Intelligence, you can actually gather data on battery health from your estate, and then use that information to trigger a service desk ticket to get the battery replaced. In this case then, the user could receive a replacement battery before they even realize that there is an issue with theirs. Kudos for the IT team!

The Future

VMware’s Workspace ONE Trust Network enables enterprises to open up even more security capabilities across their digital workspace environments, with integrations into Workspace ONE Intelligence underway with leading security vendors such as Carbon Black, Symantec, McAfee and more. I’ll cover that in the next blog post. Until then, be sure to take Workspace ONE Intelligence for a test drive in your environment, or experience a guided tour in the Workspace ONE Intelligence hands-on-lab.

The post Real-world Workspace ONE Intelligence Use Cases appeared first on VMware End-User Computing Blog.

VMware vRealize Operations (vROps) 7.0 uses Badges as a way to evaluate objects. The three major badges it uses are Health, Risk, and Efficiency. As I’ve written previously, every VMware administrator needs to understand what comprises these badges, and how they are applied to the objects discovered within your stack. Badges summarize a lot of information, and help you take efficient action to keep your customers happy. Knowing what action to take requires understanding Alerting in vROps.

Badge values are based on scores calculated from the Alerts against them. VMware documents the thresholds for each of the major badges. For the Health Badge, an overall score is between 1-100, where 100 is good/green and 0 is bad/red. If the Health Badge for a particular object is unknown it will be -1 and will show as unknown/grey. The score, based on a proprietary algorithm within vROps, is derived from the criticality of Alerts in the Health category. As a reminder, Alerts can be Critical, Immediate, Warning, or Info.

I generally think of the Health Badge as showing the current state of an object, the Risk Badge as showing “tomorrow’s state” of an object, and the Efficiency Badge as showing “next week’s” state of an object. Users want to take action on Health related items immediately, Risk related items “tomorrow”, and Efficiency related items “when you have time”.

The Risk Badge is the overall score for Risk, items that you will want to take care of “tomorrow”. The final score is between 1-100, where 100 is good/green and 0 is bad/red. If the Risk Badge for an object is not known it will be -1 and will present as unknown/grey. The score, is derived from the criticality of Alerts in the Risk category. Keep in mind, Alerts can be Critical, Immediate, Warning, and Info severities.

Finally, the Efficiency Badge is the score for Efficiency, items that you will want to address “when you have time”. The final score is between 1-100, where 100 is good/green and 0 is bad/red. If the Efficiency Badge for an object is not known, it will be -1 and will show as unknown/grey. The score, is based on the criticality of Alerts in the Efficiency category.

Here, I’ve created a dashboard allowing the user to select a VM and see that VM’s Health, Risk, Efficiency, and related Alerts (this dashboard is available at VMware {code}). This same dashboard can be created for any object you want—for example, a NetApp array, an EC2 instance or MS SQL Server database.

Badges
I think of Badges as buckets; Alerts go into the buckets, and as the buckets fill up, their Badge scores change. To empty the buckets, the administrator needs to remove Alerts. To remove Alerts, you need to fix the problem causing the Alert.

It’s important to note that VMware vROps has three important constructs: Alerts, Events, and Alarms. I polled Twitter and received some great feedback from VMWare’s own John Dias (@johnddias) on these. John indicates: Events are “things that happen” while Alerts are making you aware of “bad things that happen” which could be Events but don’t have to. Here is how I define each:

Alerts
An Alert is a vROps construct making the user aware that something is happening, i.e. CPU is being consumed, Memory usage is high, etc. There are four Alert severities: Critical, Immediate, Warning, and Info. Alerts are presented within vROps via the Alerts tab, the Alert List widget or the Top Alerts widget. Here is the Alerts tab from my vROps 7.0 instance:

Here are the Top Alerts and Alert List widgets as shown for a selected Datacenter:

Events
An Event is a vROps construct indicating something has happened. Events can trigger Alerts, but don’t have to. An example of an Event would be something like a disk filling up or a VM rebooting. Events can be found via the Events tab from the object detail listing within vROps. Here is the Events tab for a VMware Datacenter:

Alarms
Alarms are synonymous with Notifications, things like emails, text messages, instant messages, and other forms of notification. Alarms are how you are made aware of Alerts in your vROps environment.

My Twitter Poll also generated feedback regarding logs and their relationship to Alerts. Michael Ryom (@michaelryom) responded to my poll indicating: “…logs are things that are happening…”, meaning they precede Events and Alerts. Perhaps this is our next blog.

Use Badges to quickly assess the state of your environment and Alerts to guide your correction efforts. If you’d like to see how Blue Medora can help you see the entirety of your stack in vROps, ask us for a guided demo, or try it yourself.

The post What’s Your Issue? How to Use vRealize Operations Alerts appeared first on VMware Cloud Management.

Throughout this series, we’ve been putting focus on the different use cases that Android Enterprise supports with its various modes. So far, we’ve discussed the work profile and the fully dedicated device and how these deployment modes bring exceptional customer experiences from BYOD to rugged use cases. Now we are excited that through VMware Workspace ONE UEM, we are able to combine the best of both worlds and bring you corporate-owned personally-enabled (also known as COPE or work profile on a fully managed device).

Hello, COPE! Enabling Personal Use on a Corporate Device

Feedback we have heard in the past was that Android Enterprise needed middle ground. The work profile was great for BYOD while the fully managed device was a little too restrictive. Cue COPE. This brings together the work profile and the fully managed device to give IT the control that they need while giving end users the flexibility to install the apps of their choice. The end users still see the separation of work and personal with the work profile and IT admins get the ease of mind that corporate data on the device, even outside the work profile, is secure.

What Does COPE Look Like?

• For the end user – It looks similar to a device with just a work profile with the corporate apps badged with the work icon. However, to make sure the end user knows the device is fully managed, the lock screen has a message that reads, “This device is managed by your organization”. When it comes to apps, there will be two separate Google Play stores – one is managed Google Play with company-approved apps and the other is a public store where any app (like Facebook or Instagram) can be installed for personal use. Since the device is fully managed, it’s enrolled out of the box through one of the five methods (zero-touch enrollment, NFC bump, EMM identifier, QR code or Knox Mobile Enrollment).
• For the admin – There’s a simple toggle setting in the Workspace ONE UEM console so when enrolled, the device knows to enroll as COPE opposed to just fully managed. When configuring device policies, the admin has the ability to select if the policy or restriction applies to the work profile or the device side. For example, the admin can select to allow the user to screen capture when using the personal apps but prevent screen capture when using corporate apps in the work profile. Unlike a device with just the work profile, if the device is stolen or the user leaves the company it can be remotely factory reset to remove any data from the device or to be ready for the next user.

See what this looks like yourself in episode 6 of the Android Series:

COPE is available in Workspace ONE UEM 1810 and higher. For more information, visit My Workspace ONE for our product guides and announcements. If you haven’t seen our previous episodes, learn why it’s time to make the switch from device administrator to Android Enterprise in episode 1. As always, be sure to return to our blog for the latest on Android Enterprise and Workspace ONE!

The post Android Series: Corporate-Owned Personally-Enabled appeared first on VMware End-User Computing Blog.

Workspace ONE Intelligence Series: November 2018 Releases

As we moved into the start of the holiday season a couple months ago, we didn’t let our foot off the gas pedal when it came to updates to Workspace ONE Intelligence. The November 2018 release updates to the Workspace ONE Intelligence service brought several enhancements that continue to help our customers increase security, optimize resources and improve user experience across their digital workspace. We covered some of the major updates in the third episode of our Workspace ONE Intelligence Series, including:

• Application triggers for automation – IT can now set up actions that are automatically triggered based on behavior of apps.
• New status page – This webpage shows real-time updates on the Intelligence service, such as operational status on uptime and health of the service.
• Hands-on labs – We highlight this great resource available for anyone to take Workspace ONE Intelligence for a test drive. Explore the great features available in a sandboxed environment, for free!
• Cloud Security Alliance Questionnaire – This is another great resource that helps answer specific security questions around the Workspace ONE Intelligence service.

I encourage you to watch the third episode as we show demos of the updates mentioned above. If you haven’t had a chance to watch the first two episodes of the Workspace ONE Intelligence Series, you can view them here. In the first episode, we provide an overview of Workspace ONE Intelligence and in the second episode, we focus on release updates from our October 2018 releases.

Stay tuned for our next video on December 2018 release updates, which will wrap up the tremendous year we’ve had launching Workspace ONE Intelligence!

The post Workspace ONE Intelligence Series: November 2018 Releases appeared first on VMware End-User Computing Blog.

The recommendation is to always be on the latest and greatest version of PowerCLI. However, whether it be for testing and validation or to possibly workaround an issue, there are instances where you may need to use an older version.

The PowerShell Gallery has the potential to make this process incredibly easy when using the RequiredVersion parameter for both Install-Module and Save-Module. These cmdlets download and/or install the indicated module at the specified version. The issue, especially with PowerCLI, comes in how the dependent modules are handled. This is because, in most cases, the module dependencies are specified to be obtained at a particular level or newer.

Example PowerCLI Dependency Listing:

This means if you want to download PowerCLI 6.5.4 with either the Install-Module or Save-Module cmdlets, the end result will not actually give you the requested version of PowerCLI. You would only receive the top-level VMware.PowerCLI module at version 6.5.4. All of the module dependencies which make up the PowerCLI 6.5.4 release will be at the latest and greatest version.

So, how can we properly download prior versions of PowerCLI?

Introducing Save-PowerCLI

Dimitar Milov, a PowerCLI engineer, came up with a function to address the issue and shared it in the comments on the PowerShell Gallery page for the VMware.PowerCLI module. From that point, I added a couple new features and shared it in both the PowerCLI Community repository and the VMware Code Sample Exchange.

Save-PowerCLI In Action

Save-PowerCLI Code

Known Issues

There are a couple issues I’ve noticed when testing this against various versions of PowerShell.

• Older versions of PowerShellGet (Example: 1.0.0.1) will fail because it can’t handle the formatting of one specific PowerCLI version.
  • Workaround: Update PowerShellGet. Example: Install-Module -Name PowerShellGet -Force
• Newly released PowerCLI modules can be found downloaded, even if they did not exist at the time of the specific version release.

Summary

We always recommend how everyone should be on the latest and greatest version of PowerCLI. However, we also recognize that isn’t always possible. Whether it be for testing and validation, working around known issues, and so forth, there are reasons and needs to be able to obtain prior versions of PowerCLI from the PowerShell Gallery. The Save-PowerCLI function can streamline the download process of retrieving those specific versions of PowerCLI.

Let us know what you think of this function in the comments!

The post Obtaining Specific PowerCLI Versions from the PowerShell Gallery appeared first on VMware PowerCLI Blog.

vCloud Suite 2018 Platinum

VMware vCloud Suite 2018 Platinum is now available for download!

Cloud Management Platform with Intrinsic App Security

As announced at VMworld 2018 in Barcelona, VMware is introducing vCloud Suite Platinum, VMware’s latest cloud management platform that helps IT enable developers to deliver VM and container-based applications with intrinsic security and consistent operations across the hybrid cloud.

Why Platinum?

While enterprises continue to develop new methods to build applications faster, security struggles to keep pace and is often viewed as an obstacle to innovation. The new vCloud Suite Platinum enables enterprises to approach application security from an end-to-end process.

Once applications are developed and deployed via vRealize, the new vSphere Platinum further provides the datacenter endpoint security capabilities through AppDefense, embedding threat detection and response directly into the hypervisor layer where applications and data reside. The technology focuses on identifying deviations from the application’s intended state, rather than chasing potential threats, providing a differentiated approach to security.

AppDefense integrates with vRealize Automation via vRA plug-in to automatically update the “known good” state of an application by “reading” the application blueprints, which can include Ansible Play books and Puppet Manifests, and know how an application is supposed to behave prior to deploying it.

Security and agility are no longer an either-or choice.  VMware gives customers app agility along with intrinsic app security to enforce security posture in a single solution.  vCloud Suite Platinum empowers Cloud Admins with automated app security capabilities, enabling SecOps with real-time visibility into new and updated apps.

vCloud Suite Platinum Upgrade Promo

For a limited time, VMware is offering a promo that enables you to upgrade your vSphere Enterprise Plus to vCloud Suite Platinum, and you can save 50% off the upgrade from vSphere Enterprise Plus to vSphere Platinum for vCloud Suite Platinum.  Check out the promo page to learn more, including the terms & conditions and FAQs. Or speak with your VMware sales rep or channel partner to get started!

Learn More

• vCloud Suite Platinum Upgrade Promotion – 50% off vSphere Platinum Upgrade
• Introducing VMware vCloud Suite 2018 Platinum!
• Press Release:  VMware Extends Integrated Hybrid Cloud Offering to Deliver Greater Deployment Flexibility and Choice including New Kubernetes Support
• vCloud Suite
• vSphere: vSphere Platinum video | Solution Brief
• Blog:  Introducing vSphere Platinum and vSphere 6.7 Update 1!
• AppDefense
• Blog:  Introducing VMware AppDefense – Expanding beyond micro-segmentation to threat detection and response
• vRealize Suite
• Blog:  Introducing vRealize Suite 2018 – Helping IT Deliver Developer-friendly Infrastructure

The post Announcing General Availability of vCloud Suite 2018 Platinum appeared first on VMware Cloud Management.

As you upgrade your vSphere hosts we generally recommend that you also upgrade VMware Tools in your virtual machines. This can get tricky to manage, especially if you have hosts at different versions of ESXi. To help mitigate this we allow you to store the files on a centralised repository and point the hosts to the relevant location: this process is explained on KB2129825. A walkthrough of this feature is also located here.

The updateProductLockerPolicy tool which was introduced in vSphere 6.5 Update 1 has been deprecated in vSphere 6.7 Update 1. It has been replaced by a new vSphere API named updateProductLockerLocation, which allows this setting to be applied without requiring that the hosts be placed into maintenance mode or rebooted. This blog post explains how to use this API in order to setup a centralised repository for VMware Tools.

Why use a central repository for VMware Tools?

But first: I always like to start with the why. The latest build of VMware Tools is always available from https://www.vmware.com/go/tools. VMware Tools releases have been decoupled from vSphere release since version 10.0 – you can now standardise on a single release of VMware Tools by configuring a centralised repository. This also allows you to deploy the image of ESXi without VMware Tools integrated. Doing this saves disk space on ESXi hosts and speeds the deployment process.

How to configure the central repository

So that’s the why: now onto the how. First: create a new location to hold the VMware Tools images – in this example I’m creating a new directory on my vSAN Datastore at /vmfs/volumes/vsanDatastore/vmtools.

Next, download the latest VMware Tools bundle from https://www.vmware.com/go/tools and extract it into the newly provisioned location – we need both the “vmtools” and “floppies” directories from the bundle. Make a note of the path that you use to access this location, you’ll need this later!

Once you have extracted the VMware Tools files to the folder in question you need to update the ProductLocker pointer for each host: at present this is done through the Managed Object Browser on your vCenter Server Appliance, which is accessed at https://VCSA_FQDN/mob – be sure to login! When logged in you can browse the MOB by clicking the hyperlinks – follow the path Content > rootFolder > childEntity > hostFolder > host and click through to the host that you wish to update.

At the host level there are 2 API calls possible.

As you might expect, QueryProductLockerLocation shows the current location of the ProductLocker on the host.

This is a directory on a VMFS volume which happens to be local to the host in question. Update this to point it to the new, shared location which you noted  earlier. To do this we invoke the UpdateProductLockerLocation_Task method, specifying the path to the new location.

Call the QueryProductLockerLocation method in order to confirm that the change completed successfully.

The output confirms that the ProductLocker location has successfully moved to the new directory on the vSAN datastore. All hosts configured in this manner point to the same installers for guests when upgrading VMware Tools. When you need to push out a new version of VMware Tools you change the files in only one location.

The post Configuring a VMware Tools Repository in vSphere 6.7U1 appeared first on VMware vSphere Blog.

vRealize Suite of Products support different certificates for different products. Managing certificates for all products in dev, testing, staging and prod environment will be difficult. Wouldn’t it be good if the certificates for all the products can be managed from a single application? This is where vRSLCM 2.0 comes into the picture. vRSLCM-2.0 introduces certificate management which allows the user,

• Generate Certificate – For Product deployments.
• Replace Certificate – For vRealize Products managed by LCM whose certificates might expire in few days.
• Manage Certificates – Look for certificate details such as products and environments consuming a certificate, certificate expiration, issuer, etc.,

Add Certificate in vRSLCM-2.0

Certificates are managed in LCM under the Certificates Tab in the Settings Page.

Here user can,

• Generate new certificate.
• Import an existing certificate.
• Generate a CSR(Certificate Sign Request).

Generating a New Certificate

User can create a SSL certificate from LCM which he can use it for product deployment. The SSL Certificate created may be a wildcard or SAN Certificate.

• Browse to Certificate Tab under Settings Tab and Click the ADD CERTIFICATE Button

• Enter the details for the certificate
  • In the “Certificate Name” field, give a name which will be used to store the certificate in LCM.
  • In the “Server Domain/Host Names” field, add the domain name with wildcard like “*.testdomain.local” or give the hostname entries which is used for product deployments like “vra.testdomain.local”, ”vrb.testdomain.local”, ”vrli.testdomain.local”, ”vrops.testdomain.local”.
  • In the “IP Address” field, add the components IP Addresses that are part of the vRealize Suite with comma separated values like “10.12.13.150,10.123.124.150,10.150.156.196”.
  • It is not mandatory that both “Server Domain/Host Names” and “IP Address” fields should be given for generating a certificate. User can choose between these two, based on the product on which he is going to use this certificate.
• Click Generate button to create a new Certificate.

• Certificates added will be listed in the Certificate Tab under Settings page.

Importing an Existing Certificate into LCM

User can Import certificates into LCM and use it on the vRealize Products.

• Browse to Certificate Tab under Settings Tab and Click the ADD CERTIFICATE Button
• Select the Import Certificate Option in the Pop-up Block the appears

• LCM supports Base64 encoded X509 certificate, enclosed between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“, “—–BEGIN PRIVATE KEY—–” and “—–END PRIVATE KEY—–”.
  • User can import the certificate by giving the private key and certificate in above said format under the “Enter Private Key” and “Enter Certificate Chain” fields
  • Or User can import a .pem file (Privacy-Enhanced Mail (PEM) is a file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining “privacy-enhanced mail.”) by Clicking CHOOSE FILE button and selecting the certificate file that needs to be imported, the Private Key and Certificate Chain fields will get pre-populated .
  • Click on the IMPORT button to Add the Certificate.

• vRSLCM-2.0 supports only PEM file format.
• If a certificate is encrypted, then the user should provide the passphrase in the Passphrase field for importing it. Lcm supports keys in PKCS8 form.
• Once imported user can view the certificates in the Certificates Tab under Settings Page

Once the certificates are added to LCM user can view the certificate details by clicking on the Certificate Name.

Navigate to associated environment tab to view the environments and the products that are using this certificate. This Tab will populate details like the below image once a certificate is used for product deployment or for replacing a product’s certificate.

Generating CSR

vRSLCM-2.0 allows the user to generate a CSR which can be taken to get Signed from the Certificate Authority.

• Browse to Certificate Tab under Settings Tab and Click the GENERATE CSR Button

• Provide the required details as like in Generate Certificate.
• Once details are entered Click “GENERATE” Button.
• A .pem file will be downloaded automatically which has the certificate chain and the private key.
• Use the .pem file for getting signed from the Certificate Authority.
• Navigate back to the “Certificate” tab in the settings page and Click “ADD CERTIFICATE” button and import the certificate that got signed from the Certificate Authority.
• You can use the Signed Certificate for the product deployments, or for replacing any of the existing products in LCM.

Using Certificate in Product Deployment

Certificate added in the LCM can be used for product deployments. This can be either used at the environment level or at the Product level.

• Click the Create Environment Button in the Home page to go the Wizard.
• Fill up the Environment details in and Click Next.
• Select the Product and versions that are required and Click Next.
• Accept the EULA and Click Next.
• Enter the required License, Infrastructure and Network Details
• The Next step will be providing Certificate Details.

• Here user can choose to give the certificate either at environment or at product level.
• Select the certificate from the drop-down in the Certificate Step Wizard, if certificate needs to be provided at the environment level.

• User can also add a certificate from here by clicking the “+” icon. This will open the Add Certificate Pop-Up Block, where a new certificate can be added to LCM and can be used for deployment.
• Toggle on “Provide Product Specific Certificate” to give the certificates at the product level.

• Click NEXT to go to the Product Properties.
• User can select the certificate at the Product Properties Area.

Replacing Product Certificate in an Environment

vRLSM 2.0 allows the user to replace the certificate of the products. Certificate replacement for products from vRSLCM is supported from specific product versions.

Click on the Manage Environment button from the home page.

• Click the VIEW DETAILS button on the environment to land at the Product Page.
• Click the three dots on the product and click Replace Certificate button.

• A pop-up will appear for replacing the product certificate.

• The Current Certificate page provides the certificate details that is currently applied in the product.
• Click NEXT
• Select the new certificate from the drop down that needs to be applied in the Product.
• This dropdown will list all the certificates that are added in the Settings Page.

• The details of the selected certificate can be viewed in this page.

• Click NEXT
• Click the RUN PRECHECK button to run the precheck for the certificate against the selected product.
• The precheck will be mostly the hostname verification between the entries in the certificate and the product components.

• Click FINISH button to submit the request.
• The progress of the request can be monitored in the request page.
• User has to manually re-establish the trust between all products and endpoints that are configured after certificate replacement is done .
• The same steps are applicable for all the products.

Troubleshooting

• Certificate Replacement Precheck for vRNI giver error saying “The hosts in the certificate doesn’t match with the provided/product hosts” .
  • This alert occurs when a domain name or hostname based certificate is used.
  • Certificate Precheck for vRNI looks for IP entries in the Certificate. This is a warning. User can ignore the message and proceed with the precheck or User can use a IP based certificate for vRNI.
• Precheck for Scaling out of product components failing at “Certificate Validation to see if the new certificate matches with Master node”.
  • Scale out pre-check looks for the certificate at the master node is same as the certificate selected for component.
  • The recommendation is to use the master node certificate or replace the product certificate and perform the scale out with the replaced certificate.

The post Adopting vRSLCM-2.0’s Certificate Management for vRealize Products appeared first on VMware Cloud Management.

A fresh start to the new year

Here we are in 2019! A new year means new resolutions to improve ourselves. While we may be going to the gym or watching videos on organizing our homes, businesses also dust themselves off and make improvements as time goes on. This month we will be looking at VMware customers who have made “personal improvements’ to  their business with virtualization and cloud management.

A new private Cloud

The Centre National de la Recherche Scientifique (CNRS) is the largest governmental research organization in France, and the largest fundamental science research agency in Europe. Including their external laboratories, they have a combined staff of 115,000 people, and and IT staff of around 140 that provide 90+ apps and services. Because of recent head count caps and budget requirements, they have chosen to re-internalize their IT functions in a private cloud which reduced both physical hardware footprints, but also leveraged IT Automation and Operations Management. After this strategic environmental change, in spite of even heavier usage, deployments across the various labs that used to take weeks now can be done in only a few minutes.

We had an opportunity to talk to David Bercot, head of Infrastructures and Services for CNRS about their new private cloud using VMware Cloud Foundation, and a full stack of VMware products Including vRealize Automation, vRealize Operations, and vRealize Network Insight.. In the video below, David details how each helped in the management of their private cloud, and the positive impacts these changes have made for them.

For more customer success videos as well as the latest VMware Cloud Management videos, visit our YouTube channel.

The post CNRS renews their IT infrastructure with private cloud. appeared first on VMware Cloud Management.