Over the years as a VCDX panellist, I began seeing a pattern of regular mistakes that candidates make either in the VCDX Application process or in the actual VCDX Defense. So I have decided to write some short posts highlighting different mistakes. As usual, these are my own thoughts, and may not be shared by other VCDX panellists. If you are interested in my thoughts, you can either subscribe to my blog or follow me on Twitter to keep an eye out for new posts.

For those of you whole aren’t familiar with the VCDX program, you can read more about it here: VMware Certified Design Expert .

Today I want to kick off with the following:

R01: Customer Requires N+1

Read the rest of this entry »

<rant>Within our VCDX design documentation, why do we all have the habit of making assumptions? Examples:

Design Assumptions

AS01: Network Bandwidth between Datacenters is adequate for storage replication
AS02: Load-Balancers will be used to load-balance Horizon Connection Servers
AS03: There are enough DHCP IP Addresses available
AS04: AD / DNS / NTP is configured through the environment

Why are we assuming things like these? If your design relies on these ‘Assumptions’ to meet SLA’s then would it not be a good idea to actually find out if these ‘Assumptions’ are actually correct? Documenting assumptions is not a waiver that implies ‘this is the customers problem’. As an Architect it is your responsibility to assist your customers to by identifying areas of their existing environment that may or may not be able to support your design.

Don’t assume there are enough DHCP IP Address for your virtual desktops. Figure out how many you need, document it and talk to your customer about the requirement and understand if this is something that can support. If it’s not, you might actually have to change your design because of this constraint.

If your assumptions are incorrect, your design might not be worth the paper it is written on.</rant>

This is a subject that has been posted regularly on my Facebook over the past few days. There is a post going around which shows how Apple iOS users can use the Health application (included in iOS8) to add personal information that in the event of an emergency can be shown on your Cell phone, without having to unlock the phone. To me this make so much sense. If for whatever reason you are found unconscious the only way for the emergency services to find out more about you would be from a driving license or maybe a credit card? Assuming you have these on you at that time. The majority of us don’t usually go too far without having your phone with you.

So I just wanted to document somewhere how an ICE contact can be setup and accessed on your mobile phones without someone having to know the unlock pin or pattern. Both Apple iOS and Android

Apple iOS

(This information is taken from: https://support.apple.com/en-us/HT203037)

With iPhone, you can personalize your Medical ID to keep your important health information in case of emergency. Tap Medical ID. Then tap Edit to add information such as birthday, height, weight, and blood type. You can also add emergency contacts.

Turn on Show When Locked to make your Medical ID available from the Lock screen. This lets people helping you in an emergency get important information about you. They’ll also be able to contact people you’ve entered as emergency contacts.

Here’s how to access Medical ID when your device is locked:

• Swipe to unlock.
• Tap Emergency.

• Tap Medical ID, on the emergency dial screen.

Android

I’ve not actually seen an official application that can offer the same functionality, but I’ve found another way that’ll serve the same purpose.

• On your Android device navigate to Settings > Security > Owner Info.
• Tick the Show owner info on lock screen box
• Here you can type in something similar to this example: Emergency Contact – Jane Doe (555)-504-304

This will then add you Emergency Contact to your phones Lock Screen

Please comment if you know of a better way of doing this on Android devices.

If you use VMware vRealize Log Insight for log management in your environment and want to capture App Volume logs, read on.

1. Install the Log Insight Agent onto each App Volumes Manager that you have in your environment
2. Edit the following file in Notepad (Or any other text editor): %ProgramData%\VMware\Log Insight Agent\liagent.ini
3. Add the following lines to the bottom of the liagent.ini

[filelog|AppVol]
directory=C:\Program Files (x86)\CloudVolumes\Manager\log
exclude=svmanager_server.log

4. Save and restart the server (not 100% sure if a restart is required)

Once the App Volume Manager has been restarted you should start to see logs appear in Log Insight, as shown in the example below.

For more information on custom log collection with Log Insight, check out the following page: Log Insight – Collect Events from a Log File

Lately I’ve been working on a Horizon (View) design which includes the use of Writeable App Volumes. If you are unsure of Writeable App Volumes are, you can read more here: http://blogs.vmware.com/consulting/2014/12/app-volumes-appstacks-vs-writable-volumes.html

I wanted to share a really cool tip that my colleague Dale Carter shared with me, which can help increase the availability of App Volumes (AppVol Mgrs) within your environment when using multiple App Volume Managers (AppVol Mgrs).

In my design [as always] I have endeavored to increase the overall availability of the various components. To achieve this with App Volumes I’ve added an additional AppVol Mgr which shares the same SQL Database as the primary AppVol Mgr. In front of both AppVol Mgrs I have placed redundant F5 BIG-IP Load-Balancers which will be used to evenly distribute the load between theAppVol Mgrs and redirect connections should one AppVol Mgr become unavailable. (See Below)

Although the F5 BIG-IP’s greatly increase the availability of my AppVol Mgrs there is still the small chance that F5 Cluster may fail. This would result in the App Volume Agent’s inside the virtual desktops being unable to communicate with the App Vol Mgrs. This is where Dales little tip comes in.

Within the Golden Master images of the virtual desktops, we can edit the Registry to add additional AppVol Mgr addresses. Within the Registry browse to: HKLM\System\CurrentControlSet\services\svservice\parameters 

Manager1 is the default AppVol Mgr URL which was entered during the Agent installation process. The default URL in my example is the vIP on the F5 BIG-IP Load-Balancers. Manager2 and Manager3 are addresses I manually added. These are the URL’s of the App Volume Managers. So if for whatever reason we lost the F5’s, the Agent’s would then attempt to access the App Vol Mgrs directly. (See Below)

For other great App Volume information, visit Dale Carters website here: http://vdelboysview.com/

VMworld San Francisco is almost here again folks and it’s time for another vBeers Tweetup!  The last vBeers Tweetup from VMworld SF 2013 was a great time with a great turnout so I couldn’t let this opportunity go by without arranging another one.  The official vBeers tweetup goes from strength to strength and increases in popularity every year that passes, though still has the same great earthy community feel that it did during it’s first one back in 2009.

The VMworld San Francisco vBeers Tweetup will be held on Saturday 23rd August, kicking off from 6:00pm.

The vBeers Tweetup is intended as a way to relax, chill-out and catch up with friends, new and old.  If you don’t know anyone attending then that doesn’t matter as your fellow vGeeks are a friendly welcoming bunch who also like to network, talk tech and share vStories.

In true Tweetup tradition this vBeers Tweetup is not sponsored, it is a case of turning up, enjoying yourself and covering the cost of your own drinks and any food.  Vendor sponsored parties start the following day (Sunday).

Where is this VMworld San Francisco 2014 vBeers Tweetup going to be held?

The venue for this VMworld vBeers Tweetup is back for a third time at “The Chieftain” Irish pub and restaurant, which has a great relaxed informal atmosphere with good food and drink.  Good news as they have free Wi-Fi, which will save all of you from overseas from clocking-up massive data bills on your Smart Phones.

RSVP

As for registering, no need – all you need to do is turn up, though if you’d like to RSVP to give me an idea of numbers and to let others know you are attending then please click here.  First come, first served with seating

Hope to see you there!

The Details

Venue: The Chieftain

Address: 198 5th Street @ Howard, San Francisco, CA 94103

Date: Saturday 23rd August 2014

Time: 6:00PM

Twitter Hashtag:  #vBeers

Map:  Click the map below for more map details

When it comes to online security, I can safely say this is something I have been quite lax with. I’m sure many of you are in the same boat. But after reading a few different articles lately about what information is actually out there on the internet, I decided to change my stance somewhat. I’m starting to look a little closer at what I can do to try and protect myself as much as possible.

The Problem With Online Information

The problem we have is that once something is put onto the internet, it’s VERY difficult to remove it. Although the website that originally had the information my not exist anymore, there is a good chance that services such as Google Cached Pages have archived this information so it will continue to be available for years to come. For some data, page caching is great! For your personal data, not so great.

“My Password Is Strong, I’m Happy”

Lets assume we have a lot of personal information available on the internet. “So what?” you may ask. I used to ask the same question. No one knows my passwords, my Pin numbers or have access to my email account so what can they do?

We use passwords to access pretty much our online accounts, ranging from Facebook to online shopping to online banking. I can probably guarantee you that most of you re-use the same password across many of these websites. It’s got to the point where you have so many accounts it would be almost impossible not to. Whilst this is by no means ideal and very insecure, especially if one of the sites you frequent is compromised by hackers, it might just be secure enough for most of us as a good password isn’t easy to hack. However, regardless of the strength of your password, a major the security weakness is the processes that are put in place to check that you are who you say you are when you have ‘forgotten’ your password.

There are many good, secure password managers available that you can use to avoid using the same password over and over. LastPass and KeePass are a couple of good examples.

You’ll Never Forget Your First Pet

The type of checks I am referring to are the ‘Secret answers’ to generic security questions that we often have to fill in when we are signing up for online accounts. For example:

• What is the name of your first pet?
• What was your first car?
• What was the name of your first school?
• What year were you born in?

I’m sure you all recognise these questions. It’s the continued reliance by many websites on these types of questions that is the weakest link to our online security. Knowing the answers to these ‘simple’ questions will usually get you access to your online account. Someone else knowing the answers to these questions will get them access to your online account.

Social Engineering

Online security has come on leaps and bounds in the last 5 years. There have been a lot of new technologies introduced to help keep our personal information secure and for the most part they seem to be doing a good job of it. One of the most popular ways to add another layer of security when online is the use of Two-Factor Authentication. If you use a small device that generates numbers to access your online bank accounts, you are already using two-factor authentication. You don’t always need to have a physical device for Two-Factor Authentication, your smartphone can also work in a similar way. Checkout Google 2-step Verification as a good example.

Regardless of technology advances the biggest problem we have around online security,  is You. And the main issue both we and our employers face is Social Engineering.

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.

Putting It All Together

Armed with your personal data found publicly on the internet an attacker can often easily answer many of those simple ‘Security’ questions without even speaking to you. Many answers can be found via peoples Facebook profiles. I recently posted a simple article with tips on Increasing your Facebook Privacy that will help reduce the amount of personal data members of the pubic can view from your Facebook profile.

If there isn’t specific information available online that an attacker might need, it can be quite easy for them to Social Engineer a conversation with you to find out the extra information. Quite often these conversation will not take place in person as we are taught from a young age ‘not to talk to strangers’. However, do we follow this advice online? How many of us have had conversations on a Facebook group page with a complete stranger? I would imagine, most of us. This is when it becomes easy for someone who we don’t even know to engage us in a conversation about something as mundane as their dog. As the conversation progesses at some point they may ask if you’ve had pets – before you know it they know the name of your first pet. It’s that easy. Such an innocent conversation about dogs can give them enough information to access one of your online accounts. And many of use wouldn’t even notice what we’d even told them.

So How Can We Protect Ourselves?

To project ourselves, we should lie on our security questions, DO NOT USE REAL ANSWERS. It’s as simple as that and it’s a system I have been using for some time now. Make up a pet’s name that you will only use for online accounts. Websites do not know the name of your first pet. They will not know if you’re lying. Brittany Spears could have been the name of your first pet, the website is not to know that and quite frankly doesn’t care. It’s just a simple word match process.

Do this for every question, even your date of birth. Personally I use something like 01/01/91 as it’s easy to remember, but feel free to chose your own date. Your first car, put in your favourite car that you’ll never be able to afford. That way if someone was to have access to your Facebook photos and find out what your first car was from some old photos, they would always get that security question.

NOTE: For some online account such as bank accounts, the security questions such as ‘date of birth’ will need to actually be your official DOB as it’s legally part of the Banks process.

It’s a simple concept, but one that could help you be just that little bit more secure as more and more of ours life goes online.

The other day after I had spent some time tightening down my Facebook privacy, I posted a little Status update informing everyone of my little accomplishment. Since then, I have been sent quite a few message from friends asking how they can do the same. So instead of repeating myself, I decided to crank out a quick post that can help.

Decide what you want to be available to EVERYONE

The first thing you need to decide is; how much of your Facebook profile can be seen by people who you don’t know. (I class ‘Friend’s of Friend’s’ as people I don’t know). Whilst you may know all of your friends quite well, you have no idea who they decided to brush shoulders with in the past. And I am sure many of us are guilty of adding people as friends who we only met once on drunken night out…

How to check  what can be seen by the EVERYONE

Second thing you’ll need is either a second Facebook account (I have two; one for friends, one for work colleagues). OR a friend who you can sit with whilst you do this. They’ll need to ‘un-friend’ you to be able to see how much of your profile you can see from someone who is not a friend.  Read the rest of this entry »

It’s true, I actually wrote that in a blog post back in March 2010 called Is It A Bird? Is It A Plane? No, It’s….The Cloud! Until now I’ve not really given it to much thought. Obviously, working at VMware I needed to understand vCloud Director, but that was only really from a functionality/design perspective. However since starting my new role at Canopy I’ve begun to take more notice of “The Cloud” and what it has to offer to both consumers and also to businesses. Whilst working for a Canopy I’ve found it very easy to get immersed into a bubble and end up only paying attention to what the company offers as products/solutions. So much so, I began to lose the bigger picture and stopped thinking about what other cloud products/solutions there were out there, not just for businesses but also to us, as consumers.

It wasn’t until a few days ago when I was sipping cocktails on Sentosa Island when I realised, without really noticing it, I was already a heavy consumer of “The Cloud”. However my consumption wasn’t of solutions like SaaS,PaaS, IaaS etc which I used to class as “typical” cloud offerings. My consumption was, in my eyes more subtle. This maybe because there wasn’t a large initial cost on purchase which I personally associate with the “typical” cloud services. There also wasn’t a massive operational change, which is another invisible cost that I also associate with “Moving to the cloud”.

“New Phone, DM me your numbers!”

Let’s look at my mobile (cell) phone (Android). If I want to make a call on my phone, I can search my contacts for the person I want to call. All of the contacts on my phone are automatically sync’ed to my Google account. If I loose my phone, I still have all of my contacts. How many times do you see Facebook posts which read something like “New Phone, DM me your numbers!” ? This is no longer an issue for me. All of my contacts are sync’ed to “The Cloud”.

Another good example; My friend accidentally drops his phone in his beer (it happens!). The phone is now dead. He turns to me and says, “I’ve just lost all the photo’s of my son’s birthday”. – This something that happens far to often. It doesn’t have to. I have setup a FREE Dropbox account and installed the Dropbox app onto my phone and configured every photo to be sent to my Dropbox account after it is taken. If I lose my phone, my photo’s are still available to me via the Dropbox website.

I’m not going to keep throwing examples at you as I am sure you get the point. But I will give you a quick list of some of the “Cloud” services that I use as a consumer on a regular basis (I have purposely not included Cloud services I use for my job at Canopy).

• Google Apps (Chrome, Calendar, Contacts, GMail) – Used hourly
• Spotify (Pro) – Used maybe 12 hours a day
• Evernote (Pro) – Used this on a hourly basis
• Dropbox – Used daily
• Flickr (Pro) – Used daily
• Netflix – Used daily
• Feedly – Used daily
• Sticher – Used weekly
• Tripit – Used weekly

I am very surprised at the amount of “Cloud” based services I already use without really noticing. I was also surprised that I actually pay for some of these services. In the past I’ve always been reluctant to pay for these services, I’d always make do with the free offerings. However it’s got to the point where I use them so much day-to-day, it is actually beneficial for me to pay for these premium services.

I think my use of Cloud services has stemmed from my use of mobile devices. I have a phone, a couple of tablets, laptops etc. I want my data to be accessible to me regardless of where I am or what device I am on, so I look for services that can allow me to do that. In an ideal world I would like to be able to do my day-to-day work tasks from any device – anywhere, however I don’t really want to use a VDI to allow me to do this.

I think I am nearly there!

Step Back

I invite you all to take  a step back, flick through the app’s you have on your mobile devices, TV’s, computers and take a look at how many Cloud services you are actually using. Did it surprise you as much as it did me?

Cloud computing is clearly not a fad, I actually think it is the future. We will continue to see more and more of our data move off of our devices and be stored in cloud services allowing us to access it whenever and where ever we are in the world. This future excites me.

I’d love to hear your thoughts.

VMworld 2013 San Francisco is now less than two weeks away!! But there is still plenty of time to make sure you schedule in all of your “must see” sessions. To help with the scheduling, VMware has just release their VMworld 2013 app for both iOS and Android. This is a cool app that you can use to create your own schedule, or access a schedule you’ve create via the vmworld.com website. I all also have many other features such as a Venue Map, Hands on Lab information, details of all of the sponsors/exhibitors and much more.

Here is a list of my session, a couple of which are being repeated.

Demystifying VMware Mirage: Tips and Tricks for Success (EUC4815)

Wondering what Mirage really does, how it works, and how to successfully design and implement Mirage for your company or organization? VMware’s Global Professional Services team will present a technical walk-though of a real-world end-to-end design & implementation of VMware Mirage. Hear first-hand how VMware Architects address technical and operational challenges, such as server and storage sizing, networking, and other critical VMware Mirage design elements. The team will show real-world architecture examples and share their lessons learned and best practices enabling you to be successful in deploying VMware Mirage.

Session Times

• Wednesday 16:00
  
• Thursday 12:30 (Repeat)

PCoIP: Sizing For Success (EUC5249)

Baffled by the PCoIP sizing minefield that accompanies an Horizon View deployment? No idea where to start? Join Chuck and Simon as they give an introduction to PCoIP, helping you understand important characteristics of the protocol that need to be considered when sizing for PCoIP. The session will then guide you through the critical steps required to optimize, measure and calculate PCoIP bandwidth requirements tailored to your environment.

Session Times

• Wednesday 10:00
• Thursday 14:00 (Repeat)

EUC Experts Panel – Successful Implementations (EUC6045)

Performance issues with virtual desktops? Experiencing issues with virtualized apps? Unsure how to scale your virtual desktop environment? What about Horizon Workspace and Mirage? Where do they fit into your desktop strategy? Come meet EUC Architects from Global Services Engineering as they answer your questions and explain their experience with designing and implementing some of the largest and most complex EUC environments to date. This helps customers realize the full potential of their EUC investment and is responsible for solving some of the thorniest problems and toughest design challenges. The panel includes experts in all of the Horizon Suite products, as well as critical infrastructure support elements for EUC such as Active Directory and anti-virus, storage solutions, networking, load balancing and many others. Come and ask the experts for help with some of the challenges you are facing and let them share their field experience and lessons learned to help you in all your EUC endeavors.

Session Times

• Tuesday 16:00