XXX esx.problem.hyperthreading.unmitigated.formatonhost not found XXX Warning on ESXi 6.x

I have recently applied the latest patches on vSphere 6.0 version and after applying patches hosts was showing  with warning message

" XXX esx.problem.hyperthreading.unmitigated.formatonhost not found XXX "  . This messages come after applying latest patches available in VMSA-2018-0020 to mitigate CVE-2018-3646 introduced a new notification to indicate the remediation status of the 'L1 Terminal Fault' (L1TF - VMM) vulnerability.

There are multiple option to resolve this using CLI ,  if you are not experienced with CLI part no worries it is very easy to perform form vSphere or WebClinet , using below steps

  1. Connect to the vCenter Server using either the vSphere Web or vSphere Client.
  2. Select an ESXi host in the inventory.
  3. Click the Manage Tab from vSphere 6.x Host
  4. Click the Settings sub-tab.
  5. Under the System heading, click Advanced System Settings.
  6. Click in the Filter box and search VMkernel.Boot.hyperthreadingMitigation
  7. Select the setting by name and click the Edit pencil icon.
  8. Change the configuration option to true (default: false).
  9. Click OK.
  10. Reboot the ESXi host for the configuration change to go into effect.

Using ESXCLI to Perform this Operation

  1. SSH to an ESXi host or open a console where the remote ESXCLI is installed.
  2. Check the current runtime value of the HTAware Mitigation Setting by running below comand

#esxcli system settings kernel list -o hyperthreadingMitigation

  1. Enable HT Aware Mitigation by running below command
          #esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
  1. Reboot the ESXi host for the configuration change to go into effect.

This is Applicable for Below vSphere versions

  • VMware vSphere ESXi 5.5
  • VMware vSphere ESXi 6.0
  • VMware vSphere ESXi 6.5
  • VMware ESXi 6.7

 

Reference - VMware KB

Reference - VMware KB

Reference - VMware Security Advisory

Reference - VMware KB


Virtualization Based Security (VBS) in vSphere 6.7

As we all know VMware has released their latest version vSphere 6.7 recently and there are many enhancements and new features .Now a days security is very import in all the platform and VMware has fantastic improvements  in the security side. There are really big security features with vSphere 6.7 and one of the really cool security features is the support for Microsoft Virtualization Based Security (VBS).

 

In this post I will sharing information about Microsoft Virtualization Based Security (VBS) and to enable this on  Windows 2016 Hyper-V in vSphere 6.7  virtual machine.

Virtualization-based security  ( VBS ) is a feature of the Windows 10 and Windows Server 2016 operating systems. It uses hardware and software virtualization to enhance Windows system security by creating an isolated, hypervisor-restricted, specialized subsystem. Microsoft Virtualization Based Security  (VBS)  uses hardware virtualization features to create and isolate a secure region of memory from the normal operating system. VBS uses the underlying hypervisor to create this virtual secure mode, and to enforce restrictions which protect vital system and operating system resources, or to protect security assets such as authenticated user credentials. Microsoft is using the hypervisor as a restricted memory space where sensitive information like credentials can be stored instead of  on the operating system itself. With the increased protections offered by VBS, even if malware gains access to the OS kernel the possible exploits can be greatly limited and contained, because the hypervisor can prevent the malware from executing code or accessing platform secrets.

Prerequisites
VBS reinforces the security of Microsoft Hyper-V  and you have to configure below setting on your virtual machine 
Option Required Setting
Firmware type UEFI
Enable UEFI Secure Boot Enabled
Enable hypervisor applications in this virtual machine Enabled
Enable IOMMU in this virtual machine Enabled
  • Create a virtual machine that uses hardware version 14 or later and one of the following supported guest operating systems.

    • Windows 10 Enterprise, 64-bit

    • Windows Server 2016

  • To use Windows 2016 as the guest operating system, apply all Microsoft updates to the guest.

Note:- VBS might not function in a Windows 2016 guest without the most current updates.

Enabling Virtualization Based Security in Windows 2016 with vSphere 6.7

I am  creating a  2016 virtual machine in a nested ESXi 6.7 vSphere environment  for configure VBS , you have two options to enable VBS  and VM compatibility Level should be ESXi 6.7

  • While creating the Virtual machine

  • After Creating the Virtual Machine

After booting the Windows 2016 Server  VM  follow below steps to enable Virtualization Based Security .

  • Enable the group policy setting first for VBS
  • Enable Hyper-V in Windows 2016 Server

Navigate to  Group Policy setting where VBS has to be  enabled

Open up the local group policy editor by typing gpedit.msc  using RUN menu or Search  Local Security  Policy from Start Menu

Navigate to Computer Configuration > Administrative Templates > System > Device Guard > Turn On Virtualization Based Security  

 

Set the policy to Enabled  and below options  from drop down menu and click OK   - > Reboot the Server

  • Select Platform Security level                                    :   Secure Boot and DMA Protection
  • Virtualization Based Protection of Code Integrity:   Enabled with UEFI lock
  • Credential Guard Configuration                               :   Enabled with UEFI lock

Note:- Enabled without UEFI lock option will allow you enable or disable this setting remotely

 

Enable Hyper-v on Windows 2016 Server

Navigate to Server Manager - > Add roles and features 

 

Click Next with default options and from Server Roles Select Hyper-V  & Include Management tools  and Click OK 

 

 

Continue with default options and Click Finish

After enabling the Hyper-V feature Restart Windows.

 

How to Verify VBS Enabled 

Run  the msinfo32.exe command from run menu  and under the System Summary  You can find the entries  related device guard

More about VBS can found here 

Check more vSphere 6.7 Posts 

Thank you for reading this post  , Share the knowledge if you feel worth sharing it.

Follow VMarena on FaceBook , Twitter , Youtube


Replace vCenter External PSC 6.7 VMCA Certificate by an ADCS Signed Certificate

In my previous post i have explained  on how to replace VMCA SSL certificate on on vCSA 6.7 with embedded PSC   , this post I will be sharing the information on replacing self-signed certificate by a Certificate Authority (CA) signed SSL certificates in a vCenter External PSC 6.7 environment.

The vSphere Certificate Manager utility provides all workflows to replace or regenerate the Machine SSL Certificate, Solution User Certificates and the VMCA Root Signing Certificate on the vCenter Server and Platform Services Controller.

Requirements

  • Working PKI based on Active directory Certificate Server.
  • Certificate Server should have a valid Template for vSphere environment

Note :- If you don’t have a template Refer this Post  for creating a new Template

  • vCenter Server Appliance with root Access

Generate a certificate request from PSC 6.7

Login to vCSA by using SSH or Console

Run /usr/lib/vmware-vmca/bin/certificate-manager and select the operation option 1

Note:-This console is already in bash shell so it didn't asked type shell to access console , in you case it may asked you type shell to access

Enter administrator credentials and enter option number 1.

Specify the following options:

  • Output directory path :-             path where will be generated the private key and the request
  • Country                          :-             your country in two letters
  • Name                              :-             The FQDN of your PSC
  • Organization                 :-             an organization name
  • OrgUnit                          :-             type the name of your unit
  • State                                :-             country name
  • Locality                           :-             your city
  • IPAddess                        :-             provide the PSC IP address
  • Email                              :-             provide your E-mail address
  • Hostname                      :-             the FQDN of your PSC
  • VMCA Name                 :-             the FQDN where is located your VMCA , here we use PSC (vCSA  or PSC FQDN  based on your setup)

Once the private key and the request is generated select Option 2 to exit

Next we have to export the Request and key from the location , we will user win scp for this  operation .

To perform export we need additional permission on PSC , type the following command for same

Note :- To perform export we need additional permission on PSC , type the following command for same

#chsh -s /bin/bash root

Once connected to PSC  from winscp tool navigate the path you have mentioned on the request and download the  vmca_issued_csr.csr  file

Open the Certificate Server URL using  this format  http://FQDN or IP /CertSrv/ from browser and select Request a certificate  option

Select Advanced certificate request 

Open the exported vmca_issued_csr.csr file in a notepad and copy the contents and paste ob the Column Based-64-encoded certificate Request , Select the appropriate Certificate template , here I choose vSphere 6.7 and Click  on Submit

From Next Page Select the Base 64 encoded option and Download the Certificate and Certificate Chain

Note :- You have to export the Chain certificate to .cer extension , by default it will be PKCS#7

Open Chain file by right click or double click navigate the certificate -> right click -> All Tasks  -> export and save it as filename.cer

Also you have to export the Certificate Server certificate .

Next you have export the newly downloaded certificates to PSC Appliance ( PSC , Chain , CA root certificates )

Login to PSC appliance using winscp and copy to location .

Note:- Remember path where you copied the new certificates , it is required for replacing menu .

Login to vCenter Server Appliance Console or using putty

Go to the path where you copied the certificates change the new PSC certificate to root-ca.cer  ( Not mandatory , you can eep the same same )

Rename  #  mv  /tmp/certnew.cer  /tmp/root-ca.cer

Now you add the CA server certificate data to your new renamed PSC certificate

Now will replace the certificate

Run /usr/lib/vmware-vmca/bin/certificate-manager and select the operation option 1

Enter administrator credentials and enter option number 2

Add the exported certificate and generated key path from previous steps and Press Y to confirm the change

  • Custom certificate for machine SSL                             :-   Path to the chain of certificate (srv.cer here)
  • Valid custom key for machine SSL                                :-   Path to the .key file generated earlier.
  • Signing certificate of the machine SSL certificate :-  Path to the certificate of the Root CA (root-ca.cer , generated base64 encoded PSC certificate).

It will take little time to complete and you can see message

Status : 100 % Completed [All tasks completed successfully]

Note:-  If you are providing different certificate instead of chain certificate  in Custom certificate for machine SSL option you will get error  with "depth lookup:certificate" 

Also if CA server certificate data is not added to PSC root certificate and available locally on same path you may face below error

 

 

 

Now Connect to the vCenter using Web Client and you can see the new custom certificate

Thank you for reading this post  , Share the knowledge if you feel worth sharing it.

Check more vSphere 6.7 Posts 

Follow VMarena on FaceBook , Twitter , Youtube


Join the vCSA 6.7 to an Active Directory Domain From HTML Client

VMware vSphere 6.7  is the latest version released by VMware and there are many enhancement and new features are available with this release. The major change for the vCenter Server Appliance is simplified  architecture and all  vCenter Server services are running on a single instance with all the function .With vSphere 6.7 new HTML5 client is available with may enhancements  , VMware is working on to reach 100 %  for all the functions are fully supported by HTML5 client .

In this post I am sharing  configure  vCSA6.7 to an Active Directory Domain From HTML Client and other options available  there  ,additionally command to join , dis-join and verify domain status .

Join AD Domain

  • Open vSphere HTML Client
  • Login as Single Sign-On Administrator or a user with global permissions.
  • Navigate to Administration >Configuration

From Identify Sources Tab you can verify available domain and by default Only SSO  and Localos will be available

  • Navigate to Tab Active Directory Domain and Click on Join AD
  • Add the Domain Name and Username and Password has permission to join to Active Directory and Click Join

Note:-  You have to reboot the Appliance to apply the changes

When the appliance is back online it will be part of Active Directory domain but you have to the domain to identity sources

  • Login to vCenter with SSO Admin account Navigate to Administration >Configuration->Identity Sources

  • Select ADD IDENTITY SOURCE and  Select Use machine account and click OK

And you can view your domain is listed on the identity Source tab

Additionally you can do below  configuration form same window

  • Remove  the Joined Domain
  • Create Login Message
  • Smart Card Authentication
  • Policies - Password Policy , Lockout Policy and Token Policy

Next add a Permission from Active Directory

Navigate to the Object , here I choose vCenter - > Permission -> Select the "+" symbol to add permission

From User Option Select the Domain Name

Search the Desired Username

Select the desired Role  and select the Propagate to Children Option and Click OK

Join to AD Domain using CLI

Also you can perform joining to active directory from command line

  • Connect to the vCenter Server Appliance with SSH
  • Activate the bash shell

#Command> shell

  • Use the domainjoin-cli tool to join , dis-join and verify status of domain

Join to AD using CLI

# /opt/likewise/bin/domainjoin-cli join [domain] [user name] [password]

Note:-As a security reason you have to add only username and it will prompt for password and it won't be visible

Verify the Domain status form CLI

Dis-join from a Domain From CLI 


Replace VCSA 6.7 Certificate (VMCA) by an ADCS Signed Certificate

In this post I will be sharing the information on replacing self-signed certificate by a Certificate Authority (CA) signed SSL certificates in a vSphere 6.7 environment. VMware has pre-packaged the vSphere Certificate Manager utility to automate the replacement process.

The vSphere Certificate Manager utility provides all workflows to replace or regenerate the Machine SSL Certificate, Solution User Certificates and the VMCA Root Signing Certificate on the vCenter Server and Platform Services Controller.

Before starting the procedure just a quick intro for managing vSphere Certificates, vSphere Certificates can manage in two different modes

  • VMCA Default Certificates

VMCA provides all the certificates for vCenter Server and ESXi hosts on the Virtual Infrastructure and it can manage the certificate lifecycle for vCenter Server and ESXi hosts. Using VMCA default the certificates is the simplest method and less overhead.

  • VMCA Default Certificates with External SSL Certificates (Hybrid Mode)

This method will replace the Platform Services Controller and vCenter Server Appliance SSL certificates, and allow VMCA to manage certificates for solution users and ESXi hosts. Also for high-security conscious deployments, you can replace the ESXi host SSL certificates as well. This method is Simple, VMCA manages the internal certificates and by using the method, you get the benefit of using your corporate-approved SSL certificates and these certificates trusted by your browsers.

Here we are discussing about the Hybrid mode, this the VMware’s recommended deployment model for certificates as it procures a good level of security. In this model only the Machine SSL certificate signed by the CA and replaced on the vCenter server and the solution user and ESXi host certificates are distributed by the VMCA.

Requirements

  • Working PKI based on Active directory Certificate Server.
  • Certificate Server should have a valid Template for vSphere environment

Note :- If you don't have a template Refer this Post for creating a new Template

  • vCenter Server Appliance with root Access

Generate a certificate request from VCSA 6.7

Login to vCSA by using SSH or Console and launch the bash by typing Shell.

Run /usr/lib/vmware-vmca/bin/certificate-manager and select the operation option 1

Enter administrator credentials and enter option number 1.

Specify the following options:

  • Output directory path :-             path where will be generated the private key and the request
  • Country                          :-             your country in two letters
  • Name                              :-             The FQDN of your vCSA
  • Organization                 :-             an organization name
  • OrgUnit                          :-             type the name of your unit
  • State                                :-             country name
  • Locality                           :-             your city
  • IPAddess                        :-             provide the vCSA IP address
  • Email                              :-             provide your E-mail address
  • Hostname                      :-             the FQDN of your vCSA
  • VMCA Name                 :-             the FQDN where is located your VMCA. Usually the vCSA FQDN

Once the private key and the request is generated select Option 2 to exit

Next we have to export the Request and key from the location , we will user win scp for this  operation .

To perform export we need additional permission on VCSA , type the following command for same

#chsh -s /bin/bash root

Once connected to vCSA from winscp tool navigate the path you have mentioned on the request and download the  vmca_issued_csr.csr  file .

Open the Certificate Server URL using  this format  http://FQDN or IP /CertSrv/ from browser and select Request a certificate  option

Select Advanced certificate request 

Open the exported vmca_issued_csr.csr file in a notepad and copy the contents and paste ob the Column Based-64-encoded certificate Request , Select the appropriate Certificate template , here I choose vSphere 6.7 and Click  on Submit

From Next Page Select the Base 64 encoded option and Download the Certificate and Certificate Chain

Note :- You have to export the Chain certificate to .cer extension , by default it will be PKCS#7

Open Chain file by right click or double click navigate the certificate -> right click -> All Tasks  -> export and save it as filename.cer

Navigate  to Certificate Authority  Option and verify the status of request from Issued Certificate 

Next you have export the newly downloaded certificates to vCenter Appliance

Login to vCenter appliance using winscp and copy to location .

Note:- Remember path where you copied the new certificates , it is required for replacing menu .

Login to vCenter Server Appliance Console or using putty

Run /usr/lib/vmware-vmca/bin/certificate-manager and select the operation option 1

Enter administrator credentials and enter option number 2

Add the exported certificate and generated key path from previous steps and Press Y to confirm the change

  • Custom certificate for machine SSL                             :-   Path to the chain of certificate (srv.cer here)
  • Valid custom key for machine SSL                                :-   Path to the .key file generated earlier.
  • Signing certificate of the machine SSL certificate :-  Path to the certificate of the Root CA (root.cer , generated base64 encoded certificate).

Note:-  If you are providing different certificate instead of chain certificate  in Custom certificate for machine SSL option you will get error  with "depth lookup:certificate"

It will take little time to complete and you can see message

Status : 100 % Completed [All tasks completed successfully]

Now Connect to the vCenter using Web Client and you can see the new custom certificate

Referees VMware KB


Microsoft Certificate Authority Template Creation for SSL certificate in vSphere 6.7

In this post I will share the steps to create the Microsoft Certificate Authority Template to support  for custom SSL certificate creation in VMware vSphere 6.7 .

Before jumping to the steps i will just give a intro to Certificate templates .Certificate templates are used to define the enrollment policy on the CA. First, an Enterprise CA can only issue certificates based upon the templates it is configure to use.  Second, permissions set on the certificate template’s Active Directory object determine whether or not a user or computer is permitted to request a certificate based on that template. If a user does not have Enroll permissions on a particular template, the CA will deny any request submitted by the user for a certificate based on that template.

Certificate templates contain properties that would be common to all certificates issued by the CA based on that template. Windows includes several predefined templates, but Administrators also have the ability to create their own templates specific for their enterprise. When requesting a certificate, a client can just specify the template name in the request and the CA will build the certificate based upon the requestor’s information in Active Directory and the properties defined in the template.

Currently, there are three versions of templates:

Version 1 templates were introduced in Windows 2000, and can be used by Windows 2000, Windows Server 2003 (R2), and Windows Server 2008 (R2) Enterprise CAs. Version 1 templates Active Directory objects are created the first time an Enterprise CA is created in the forest. These templates were designed to reflect the most common scenarios for digital certificates in the Enterprise. Unfortunately, if you don’t like the settings we selected you’re pretty much out of luck. Creating new v1 templates, or editing the existing templates, is not supported. The only customization supported is to the permissions on the template.

Version 2 templates were introduced in Windows Server 2003 and are a vast improvement over v1 templates. First and foremost, v2 templates can be modified by an Enterprise Admin. In addition, the Admin can duplicate an existing v1 or v2 template to create a new v2 template, and then customize the result. Finally, v2 templates expose a larger number of properties that can be configured, and also expose some controls to take advantage of some other new features introduced in Windows Server 2003. One of these features, for example, is key archival. Version 2 templates can be used by Windows Server 2003 and Windows Server 2008 Enterprise or Datacenter Editions. On Windows Server 2008 R2, v2 templates can be used by a CA installed on Standard, Enterprise, Datacenter, Foundation and Server Core Editions.

Version 3 templates were introduced in Windows Server 2008. Version 3 templates have all the features of a version 2 template with two major additions. First, v3 templates support the use of Crypto Next Generation (CNG) providers, which means that the certificates support Suite B algorithms based on Elliptical Curve Cryptography (ECC). Second, v3 templates have a setting that instructs Windows to grant the Network Service account access to the private key created on the requesting computer. This is great for those certificates that will be used by applications or services that run as Network Service rather than Local System. Version 3 templates are supported by CAs installed on Windows Server 2008 Enterprise and Datacenter Editions. They are also supported by CAs installed on Windows Server 2008 R2 Standard, Enterprise, Datacenter, Foundation and Server Core Editions.

To create a template for vSphere environment  we will  use the default Web Server template on the CA server . We will perform a clone of the webserver template with some modification and  a version 2 template will be created .

Creating a template for vSphere 6.x to use for Machine SSL and Solution User certificates

Log into your Windows Certificate Authority Server

Navigate to click Start > Run and type certtmpl.msc and click OK.

From the Certificates Templates Console you will see a list of different certificate templates , we will be creating a new template for use by the Machine SSL and Solution Users certificates by cloning  Web Server Template.

Navigate to Web Server Template -> Right-click -> Select Duplicate Template.

Select Windows Server 2003 for backward compatibility.

Notes: If you have an encryption level higher than SHA1, you may select Windows Server 2008 / 2008 R2

Click the General tab  and enter vSphere 6.7 as the name of the template  in the Template display name field

Click the Extensions tab. Select Application Policies and click Edit and remove Server Authentication and click OK.

Select Key Usage and click Edit. Select the Signature is proof of origin (nonrepudiation) option. Leave all other options as default.

Click the Subject Name tab. Ensure that the Supply in the request option is selected and  Click OK to save the template.

Adding a new template to certificate templates

Now that we have created the certificate template for vSphere 6.7 to use for Machine SSL and Solution User certificates . Next you have to add them to the list of template that we can select when submitting certificate request

Click Start > Run, type certsrv.msc, and click OK.

Right-click Certificate Templates and click New > Certificate Template to Issue.

Locate vSphere 6.7 from the list and Click OK.

Now we have created a new vSphere 6.7 Certificate Template and  it can be used while creating and replacing the Machine SSL certificate for VCSA .

Reference - VMware KB

 


How to Create Bootable vSphere 6.7 Installer USB Flash Drive

VMware released their latest version vSphere 6.7 on April 2018 and I have shared the details on one of my Blog post. As we know there are multiple options like remote management console (KVM, ILO, iDRAC), CD Drive to install the ESXi to Physical Server. However, some cases due to firmware issue, limited number of ports on switch remote console license unavailability or CD ROM unavailability we will have challenges to install ESXi, in that case bootable USB with ESXi installer will help to install the hypervisor.

In this post, I will explain how to create a bootable ESXi 6.7 Installer USB Drive using a free tool called Rufus . Following this method, you can create a bootable USB with vSphere 6.7 installer in less than two minutes.

Before starting installation, you have to verify that all the prerequisites are met to install vSphere 6.7 , you can validate those requirement from below checklist

vSphere 6.7 Installation Checklist

  • Hardware Compatibility with vSphere 6.7 from VMware HCL website
  • Virtualization Technology Intel VT or AMD-V available and enabled
  • Hardware Firmware and Driver version from VMware and Vendor Website
  • Vendor specified Custom ISO availability

Note :- You may create a Custom ISO by referring  VMware Docs

Prerequisite

  • vSphere 6.7 standard or Custom ISO image download from VMware or Vendor Website

For Free vSphere 6.7 License refer How to Obtain Free Version Of vSphere (ESXi) 6.7

  • Free Software – A free software capable to make USB bootable, we are using Rufus free tool and you can download that from here
  • USB Drive– A USB Drive with minimum capacity 4 GB or USB devices with 8 / 16 GB.

 Create Bootable USB Installer

Navigate to the Rufus and vSphere 6.7 ISO Location and you can identify them  as like below

  

Start Rufus Application

Verify the UDB Drive , here we are using  " VMARENA-USB " with Capacity of 4 GB and Browse and map the downloaded ESXi ISO " VMware-VMvisor-Installer-6.7.0-8169922.x86_64.iso "  and Click on Start 

Note :- Leave the partition Scheme as default "MBR" or if it is shown as GPT please change to MBR  and If required you  may modify the Volume Label or leave it as default one

You will get a Popup message asking to replace menu.c32  , Select Yes to continue

A warning message will Popup  All Data on the Device will be Destroyed to continue Click OK 

Note:-you can notice the device shows ready state ob this window

USB drive will be formatted and copying of installation files to USB device will start and it will be take less than 2 Minute .

Once it is completed in application window you can see status hows READY and  vSphere 6.7 UBN installer media is ready

Next Connect the USB drive to the server , power on and select the first boot device as USB and server will booted to Installation of vSphere 6.7

Note :- Boot order  has to be configured in the server BIOS .

Refer vSphere 6.7 Installation and Setup Guide for more features like image builder

More vSphere 6.7 Posts

Feel free to share it on social media  

Follow VMarena on Facebook , Twitter


Why You Should Attend VMworld

VMworld 2018, VMware’s premier digital infrastructure event where you can only find what you need to launch the digital transformation that relies on you. No matter which domain you are working, you discover the technology, learn the trends, and meet the people that are shaping the future of digital business and taking IT to the next level.

VMworld offers incredible opportunities for education, training, and insights into current and future trends related to digital infrastructure technology and transformation.

You will have the opportunity to network with your old colleagues and make new connections, get direct experience and training with hands-on labs, and discover new product breakthroughs. VMware executives and experts will also be there to meet with attendees, lead workshops, and give keynotes and answer to your queries.

In this post, I want to share you some ideas why you have to attend VMworld especially if you are attending VMworld first time.

  • Learn from top VMware and industry experts about growing today’s technology in IT and what’s coming next.
  • Build and expand your skills and expertise to solve tomorrow’s challenges VMware certifications.
  • Relax and let loose with games, recreation events, sponsored get-togethers and VMworld Fest

Register for VMworld 2018 Here

You will have great option to register with Early-bird rates  , effect until June 15 , don't miss this opportunity .

Your registration fee for a full conference pass at VMworld US entitles you to the following

  • Welcome reception
  • General sessions
  • VMware Hands-on Labs
  • VMworld Fest, the official conference party
  • Solutions Exchange
  • Breakfast, lunch, and refreshments
  • Breakout sessions (Note: Some sessions are restricted to VMware partners or other select groups of attendees)

Labs and Training

The VMware Hands-on Labs demonstrate the real value of VMware solutions in real time. As a VMworld attendee, you will gain special access to the latest VMware technologies without being required to purchase equipment, software or licenses. You will have the option to attend Self-Paced Labs, Expert-Led Workshops and Hands-on Labs Tours

  • Be the first to try new lab content before it is available online.
  • Ask your tough technical questions and test the answers in a live lab environment.
  • Gain rapid product learning without the hassles of licensing and installation.

Training & Certification

VMworld training and certification program enables you to realize the full value from your VMware investments by helping you build the skills and experience to design, deploy and operate your VMware platform , evolving your organization and your career.  You have the option to Sign up during registration for special training and certification offers at VMworld, including discount.

Gatherings , Meetup's & Parties

Not only the Sessions and networking you will have great fun on VMworld with many cool gatherings and events, which ones are not to be missed.

From VMworld Fest—our fabulous event party—to sponsored get-togethers to unofficial meetups and outings organized by the VMworld community, you’ll find plenty of options for spending time with friends or making new ones.

Social Media

During VMworld use below social channel links for your posts

 Hashtags to use on Twitter and Instagram:

  • #vmworld - VMworld conference
  • #vmworldHOL - VMware Hands-On Labs at VMworld
  • #vmworld3word - 3-word creative tweets
  • #vmworldselfie - selfie or group photos

Social and Community resources:

Attendee Information

VMworld 2018 US returns to Las Vegas with five days packed with excitement, learning, and innovation.

Venue

VMworld 2018 US will be held at Mandalay Bay, located on the south side of the Las Vegas Strip and offering an unparalleled conference experience. In addition to its world-class event facilities, Mandalay Bay offers fine dining, shopping, and the world-famous Mandalay Bay Beach aquatic playground.

Address:

3950 S Las Vegas Blvd.

Las Vegas, NV 89119

Here is the venue map

First Time to VMworld 

If you're a first-timer to VMworld don't worry  VMware has great arrangements for you to make things simple Let's see what VMware arranged for you .

NewV Welcome Session 

VMware will connect you with other new attendees, give you details to help you plan and navigate your way through VMworld, and teach you tips and tricks to make your visit more successful. We'll also throw in some fun and games. It's a great way to kick off your VMworld experience

In Addition VM ware povides you tips about travel , stay and how to  get more details easily

Hotel Information

VMworld offers exclusive discounts at several hotels conveniently located at or near Mandalay Bay. VMware made it very simple by booking the hotel at the time of online registration with discounts.

Please vmwold hotel page for more information

Travel

Getting to VMworld 2018 US is easy. Las Vegas is served by McCarran International Airport, which hosts 28 domestic and international airlines and is open 24/7.  It’s a quick 15-minute ride from your terminal to Mandalay Bay by taxi, limo, or ride share such as Lyft and Uber.

How to get More information about Events

The free VMworld 2018 iOS and Android mobile app option , which gives you fingertip access to event and personal information. You will be able to create and view personalized breakout session schedules; add sponsors, exhibitors, and speakers to your favorites list.You can  find your way with the interactive and searchable map and much more form this app and it will be released Soon.

More Details Can be found on VMworld

Here is the Agenda for VMworld 2018

 


How to Obtain Free Version Of vSphere (ESXi) 6.7

VMware vSphere 6.7 has been announced by VMware recently and there are many enhancement and new features are available with this release. Question is how we can obtain a free version of vSphere 6.7 for our non-production or testing environment.

As earlier how we used to get free license for older versions same method we have the options to generate vSphere 6.7 license. License key with no expiration date can created free at VMware's website. You can use the "Free Hypervisor" as identical to the paid version but with some software limitations.

Also Free version has some technical  Spec and limitations , find the below .

  • Free ESXi cannot be added to a vCenter Server
  • No commercial support
  • Some API functionality is missing
  • Number of logical CPUs per host: 480
  • No physical CPU limitation
  • Maximum vCPUs per virtual machine: 8
  • If you have already a free key for ESXi 6.0 or 6.5, you can use the old key for vSphere 6.7 also.

How to Obtain Free vSphere License

  1. Browse to VMware vSphere Hypervisor (ESXi) 6.7 Download Page

  1. You can Login with existing account or create an account
  1. To Register for ESXi you have to enter your personal information .After registration, you will receive a unique license key and access to the vSphere 6.7 binaries.

  1. Now Download VMware vSphere Hypervisor 6.7 - Binaries

  1. You can install ESXi to your Hardware and ass the License to the ESXI host from web Client
  2. Login as root with the Embedded Host Client (https://<ESX IP / FQDN>/ui/)

5.Navigate to Manage -> Licensing

6. Click Assign license and enter your license key and start using the free vSphere  6.7


Whats New With vSphere 6.5 Update 2

VMware vSphere 6.7 has been announced by VMware recently and there are many enhancement and new features are available with this release.And now VMware released vSphere 6.5 Update 2 with some features of vSphere 6.7 .

vCenter Server 6.5 Update 2

  • A Windows vCenter Server that has custom HTTP & HTTPS ports are supported during migration to the vCenter Server Appliance.
  • You can use the TLS Configuration utility to configure SSL tunnels on port 8089.
  • you can configure SSL settings for the lightweight CIM daemon, SFCB, with the TLS Configuration utility
  • Backup and restore to Embedded Linked Mode with replication deployment topology API.
  • vMotion and cold migration of virtual machines across vCenter Server versions 6.0 Update 3 and later, also includes VMware Cloud on AWS.
  • During the GUI or CLI deployment process of the vCenter Server Appliance, you can customize the default network ports for the HTTP Reverse Proxy service. The default ports are 80 for HTTP and 443 for HTTPS.
  • Supporting Enhanced Linked Mode (ELM) with embedded PSC .

With vCenter Server 6.5 Update 2 you can use Enhanced Linked Mode (ELM) with an Embedded Platform Service Controller (PSC). This features really helps reduces the number of virtual machines to manage and removes the need for a load balancer for high availability and the maximum number of supported ELM configuration is  "10". This feature will support only on new installations , we cannot use for upgrade or additions.

vSphere 6.5

  • Customization of default network ports for the HTTP Reverse Proxy service via the GUI or CLI during the deployment of the vCenter Server Appliance.
  • IPv6 support for the Key Management Server (KMS) of VMware vSphere Virtual Machine Encryption (VM Encryption).
  • Additional alarms for expiration of KMS certificates, missing hosts, and virtual machine keys.
  • Management of multiple namespaces compatible with the Non-Volatile Memory Express (NVMe) 1.2 specification and enhanced diagnostic log.
  • Adding tags to the Trusted Platform Module (TPM) hardware version 1.2 on ESXi using ESXCLI commands.
  • New native driver to support the Broadcom SAS 3.5 IT/IR controllers with devices including the combination of NVMe, SAS, and SATA drives.
  • LightPulse and OneConnect adapters are supported by separate default drivers. The brcmfcoe driver supports OneConnect adapters and the lpfc driver supports only LightPulse adapters. Previously, the lpfc driver supported both OneConnect and LightPulse adapters.
  • Updates to time zones in the Linux guest operating system customization: vCenter Server Linux guest operating system customization supports latest time zones.
  • Disk serviceability plug-in of the ESXi native driver for HPE Smart Array controllers, nhpsa, now works with an extended list of expander devices to enable compatibility with HPE Gen9 configurations.

Limitations

  • Cloning of virtual machines between vCenter Server 6.0 and vCenter Server 6.5 is not supported.
  • Configuration of TLS protocols on clusters with mixed ESXi 6.0 and ESXi 6.5 hosts is not supported.
  • Upgrade from vSphere 6.5 U2 to vSphere 6.7 GA is not supported yet.
  • ELM with embedded PSC will support only on new installations .

vSphere 6.5 Update 2 Download Links

VMware vSphere Hypervisor (ESXi) 6.5 U2 - Download    Release Notes

VMware vCenter Server 6.5 U2                       -  Download    Release Notes

Reference Blog